| eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720 | 92.205.15.237 | 200 OK | 7.8 kB |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
File typeHTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (457), with CRLF line terminators Hash72fc02383ae21dfa42866b0b1cba2004 54936a8753510dd126d0d35fb3f55b2d492d53a3 7e0d59771ed5000496b354fd08a2df93f4c557ac20ca154b08cdca0f9cc8297f
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 09:37:45 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be; path=/
X-Content-Type-Options: nosniff
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7755
Keep-Alive: timeout=5
Content-Type: text/html; charset=UTF-8
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash507011ccb9124dcd57e84a90a0965cc4 1a6575d0ac979c7184490cc9836ac4812ad2afd1 01626c18e1e68507aa33ef7448dbc3311901ab6f29adc2f51d449409b0680dce
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "01626C18E1E68507AA33EF7448DBC3311901AB6F29ADC2F51D449409B0680DCE"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7199
Expires: Mon, 06 Feb 2023 11:37:44 GMT
Date: Mon, 06 Feb 2023 09:37:45 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashc21ba65e44ac95470c314e068e49a9eb 17a13b13738993d889d4afa3d848dc63bf6eba64 9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10700
Expires: Mon, 06 Feb 2023 12:36:05 GMT
Date: Mon, 06 Feb 2023 09:37:45 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashfb7b6b46e708ad73eaaa3c21e74569ae 950663c025acad81556af5aa3022ecc9d55097fe 763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8587
Expires: Mon, 06 Feb 2023 12:00:52 GMT
Date: Mon, 06 Feb 2023 09:37:45 GMT
Connection: keep-alive
|
|
| firefox.settings.services.mozilla.com/v1/ | 35.241.9.150 | 200 OK | 939 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/ IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (939), with no line terminators Hash30db107dcf4380cef05efea409c2e6a3 96e6a306fbc07299aba64e5c14e2bfca35872fa9 b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 06 Feb 2023 09:34:04 GMT
content-type: application/json
age: 221
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain | 34.160.144.191 | 200 OK | 5.3 kB |
URL HTTP/2content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain IP34.160.144.191:0
File typePEM certificate\012- , ASCII text Hash7b922915ebf1fa3639b333f994c74f24 144a3f80b98fd0652d4614f24cf6cbbee40f8938 adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: iuKvK7TI1fEjZ00Kz9ELnLkwDb9aKF3kA4LtD9R1bqnZnYiqIFEhAnMTWXRs8OA7gEOPIZT4BW8=
x-amz-request-id: 0J2FNS0KCNJT56KD
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 06 Feb 2023 09:24:53 GMT
age: 773
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| eha.a37.mywebsitetransfer.com/ig/files/w/r/VKm5bDmxSHbPLiQLrfgP3bo9xcwevgvkDAmyD5uB4JAtfY4I3KY4XRR5_lSiJ6RiPxRE_SxnAtyVppSR0aYsPbglAJZngvyeMyEcIqpEI7o/resource/BusyIndicator-ver-B7F2943258D5A2E62FFE465B6AD641A2.css | 92.205.15.237 | 200 OK | 467 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/files/w/r/VKm5bDmxSHbPLiQLrfgP3bo9xcwevgvkDAmyD5uB4JAtfY4I3KY4XRR5_lSiJ6RiPxRE_SxnAtyVppSR0aYsPbglAJZngvyeMyEcIqpEI7o/resource/BusyIndicator-ver-B7F2943258D5A2E62FFE465B6AD641A2.css IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashba3e07908b0b05bbb3357a6a6e0aef79 3efdbf2b58e815cd7583197f416a2bae3cd4f669 9bb57b230d013ece0e0dffddbd0a73b5d370fcb7e9eac5dc9529100fd2f76cb0
GET /ig/files/w/r/VKm5bDmxSHbPLiQLrfgP3bo9xcwevgvkDAmyD5uB4JAtfY4I3KY4XRR5_lSiJ6RiPxRE_SxnAtyVppSR0aYsPbglAJZngvyeMyEcIqpEI7o/resource/BusyIndicator-ver-B7F2943258D5A2E62FFE465B6AD641A2.css HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 09:37:46 GMT
Server: Apache
X-Content-Type-Options: nosniff
Last-Modified: Thu, 02 Dec 2021 00:19:36 GMT
ETag: "c9b76-43c-5d21ebed47600-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 467
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/css
|
|
| contile.services.mozilla.com/v1/tiles | 34.117.237.239 | 200 OK | 12 B |
URL HTTP/2contile.services.mozilla.com/v1/tiles IP34.117.237.239:0
File typeJSON data\012- , ASCII text, with no line terminators Hash23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 09:37:46 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJC/webjars/uilib/6.1.3/stylesheets/bundle.ibbr-ver-815AF0B58A0356260EBCEC54EB03F117.css | 92.205.15.237 | 200 OK | 119 kB |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJC/webjars/uilib/6.1.3/stylesheets/bundle.ibbr-ver-815AF0B58A0356260EBCEC54EB03F117.css IP92.205.15.237:0 ASN#21499 Host Europe GmbH
File typeASCII text, with very long lines (65480) Size119 kB (118883 bytes) Hashff0114961b0fe9b4f594681551555911 dc8e2a6bc4cfa2af73b1a4df51a5eebb76082dae 5a88d370a79554fc9bd45bc123c8bbfab71caeb7c8f3fa8839a93cf455c423aa
GET /ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJC/webjars/uilib/6.1.3/stylesheets/bundle.ibbr-ver-815AF0B58A0356260EBCEC54EB03F117.css HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 09:37:46 GMT
Server: Apache
X-Content-Type-Options: nosniff
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Mon, 17 Jan 2022 08:04:30 GMT
ETag: "c9bc4-dbc3d-5d5c29a245f80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5
Transfer-Encoding: chunked
Content-Type: text/css
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/icon-16x16-ver-14mTFtNTXYag5vhAcgqhwm8jfHYPCEawPA.png | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/icon-16x16-ver-14mTFtNTXYag5vhAcgqhwm8jfHYPCEawPA.png IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ig/static/resource/icon-16x16-ver-14mTFtNTXYag5vhAcgqhwm8jfHYPCEawPA.png HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:46 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=f706628fa14cc85a0d0b57caf7b942aff706628fa14cc85a0d0b57caf7b942af&session=f706628fa14cc85a0d0b57caf7b942aff706628fa14cc85a0d0b57caf7b942af
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJCiufnK_jN4Y2U02Zk9momlk0s4J6JlZjTwgA42my3nAAsxfVCta4F0LAjmoQI/webjars/uilib/6.1.3/stylesheets/webfonts/INGMeWeb-Regular.html | 92.205.15.237 | 200 OK | 30 kB |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJCiufnK_jN4Y2U02Zk9momlk0s4J6JlZjTwgA42my3nAAsxfVCta4F0LAjmoQI/webjars/uilib/6.1.3/stylesheets/webfonts/INGMeWeb-Regular.html IP92.205.15.237:0 ASN#21499 Host Europe GmbH
File typeWeb Open Font Format (Version 2), TrueType, length 29616, version 1.0\012- data Hash97205b19383b6a85ef38eb0997c23c35 f7e0af7cfde57e454dde3a2a0c878cc37de5841e f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155
Analyzer | Verdict | Alert | fortinet | Phishing | |
GET /ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJCiufnK_jN4Y2U02Zk9momlk0s4J6JlZjTwgA42my3nAAsxfVCta4F0LAjmoQI/webjars/uilib/6.1.3/stylesheets/webfonts/INGMeWeb-Regular.html HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJC/webjars/uilib/6.1.3/stylesheets/bundle.ibbr-ver-815AF0B58A0356260EBCEC54EB03F117.css
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 09:37:46 GMT
Server: Apache
X-Content-Type-Options: nosniff
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Mon, 17 Jan 2022 08:04:54 GMT
ETag: "c9b78-73b0-5d5c29b929580"
Accept-Ranges: bytes
Content-Length: 29616
Vary: Accept-Encoding
Keep-Alive: timeout=5
Content-Type: text/html
|
|
| eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJCiufnK_jN4Y2U02Zk9momlk0s4J6JlZjTwgA42my3nAAsxfVCta4F0LAjmoQI/webjars/uilib/6.1.3/stylesheets/webfonts/INGMeWeb-Bold.html | 92.205.15.237 | 200 OK | 30 kB |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJCiufnK_jN4Y2U02Zk9momlk0s4J6JlZjTwgA42my3nAAsxfVCta4F0LAjmoQI/webjars/uilib/6.1.3/stylesheets/webfonts/INGMeWeb-Bold.html IP92.205.15.237:0 ASN#21499 Host Europe GmbH
File typeWeb Open Font Format (Version 2), TrueType, length 30456, version 1.0\012- data Hash126c1fdeee5cc17fef5f5909ebb5c86f e2676a4a0c0f88ad2f33fe8acefc038073785de3 3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e
Analyzer | Verdict | Alert | fortinet | Phishing | |
GET /ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJCiufnK_jN4Y2U02Zk9momlk0s4J6JlZjTwgA42my3nAAsxfVCta4F0LAjmoQI/webjars/uilib/6.1.3/stylesheets/webfonts/INGMeWeb-Bold.html HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJC/webjars/uilib/6.1.3/stylesheets/bundle.ibbr-ver-815AF0B58A0356260EBCEC54EB03F117.css
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 09:37:46 GMT
Server: Apache
X-Content-Type-Options: nosniff
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Mon, 17 Jan 2022 08:04:54 GMT
ETag: "c9b79-76f8-5d5c29b929580"
Accept-Ranges: bytes
Content-Length: 30456
Vary: Accept-Encoding
Keep-Alive: timeout=5
Content-Type: text/html
|
|
| eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJCiufnK_jN4Y2U02Zk9momlk0s4J6JlZjTwgA42my3nAAsxfVCta4F0LAjmoQI/webjars/uilib/6.1.3/images/ING_Deutschland_NoClaim.svg | 92.205.15.237 | 200 OK | 16 kB |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJCiufnK_jN4Y2U02Zk9momlk0s4J6JlZjTwgA42my3nAAsxfVCta4F0LAjmoQI/webjars/uilib/6.1.3/images/ING_Deutschland_NoClaim.svg IP92.205.15.237:0 ASN#21499 Host Europe GmbH
File typeSVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text Hash3fadbc12d733ab01b8a1ef432d57201e e3b63b70496e1132993e3195b98cce517eb6be7a 9a214e9df938fbc09d96e47ae4dbe031d7a581647a87c38ec371bc2a2d4dc7cf
Analyzer | Verdict | Alert | fortinet | Phishing | |
GET /ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJCiufnK_jN4Y2U02Zk9momlk0s4J6JlZjTwgA42my3nAAsxfVCta4F0LAjmoQI/webjars/uilib/6.1.3/images/ING_Deutschland_NoClaim.svg HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJC/webjars/uilib/6.1.3/stylesheets/bundle.ibbr-ver-815AF0B58A0356260EBCEC54EB03F117.css
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 09:37:46 GMT
Server: Apache
X-Content-Type-Options: nosniff
Content-Security-Policy: script-src 'none'
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Mon, 17 Jan 2022 08:04:38 GMT
ETag: "c9bab-3f1d-5d5c29a9e7180"
Accept-Ranges: bytes
Content-Length: 16157
Vary: Accept-Encoding
Keep-Alive: timeout=5
Content-Type: image/svg+xml
|
|
| eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJCiufnK_jN4Y2U02Zk9momlk0s4J6JlZjTwgA42my3nAAsxfVCta4F0LAjmoQI/webjars/uilib/6.1.3/stylesheets/webfonts/icons.woff | 92.205.15.237 | 200 OK | 49 kB |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJCiufnK_jN4Y2U02Zk9momlk0s4J6JlZjTwgA42my3nAAsxfVCta4F0LAjmoQI/webjars/uilib/6.1.3/stylesheets/webfonts/icons.woff IP92.205.15.237:0 ASN#21499 Host Europe GmbH
File typeWeb Open Font Format, TrueType, length 48600, version 1.0\012- data Hashf3bed81a19a4b15ce515be55ca2ec30b ae3b9a4faf5fba0777e0d7bf4558227548db3093 f4d5693a0d7cd4b54adc6825d954388484f67d0467d3ac64db19ef49e35acb4f
Analyzer | Verdict | Alert | fortinet | Phishing | |
GET /ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJCiufnK_jN4Y2U02Zk9momlk0s4J6JlZjTwgA42my3nAAsxfVCta4F0LAjmoQI/webjars/uilib/6.1.3/stylesheets/webfonts/icons.woff HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJC/webjars/uilib/6.1.3/stylesheets/bundle.ibbr-ver-815AF0B58A0356260EBCEC54EB03F117.css
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 09:37:46 GMT
Server: Apache
X-Content-Type-Options: nosniff
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Mon, 17 Jan 2022 08:04:38 GMT
ETag: "c9b80-bdd8-5d5c29a9e7180"
Accept-Ranges: bytes
Content-Length: 48600
Vary: Accept-Encoding
Keep-Alive: timeout=5
Content-Type: font/woff
|
|
| firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US | 35.241.9.150 | 200 OK | 329 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (329), with no line terminators Hash0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 06 Feb 2023 09:07:20 GMT
age: 1826
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/icon-512x512-ver-F89530A5EAD037F63979954F143D2DD3.png | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/icon-512x512-ver-F89530A5EAD037F63979954F143D2DD3.png IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ig/static/resource/icon-512x512-ver-F89530A5EAD037F63979954F143D2DD3.png HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:46 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=efb75eee7d35bfadb820e21a14998f56efb75eee7d35bfadb820e21a14998f56&session=efb75eee7d35bfadb820e21a14998f56efb75eee7d35bfadb820e21a14998f56
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashdedf9c519ac38c4bece9c5bc895787d7 4911175c3f8a435978c5301c33c7a99a5e00a1d5 bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12410
Expires: Mon, 06 Feb 2023 13:04:36 GMT
Date: Mon, 06 Feb 2023 09:37:46 GMT
Connection: keep-alive
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=f706628fa14cc85a0d0b57caf7b942aff706628fa14cc85a0d0b57caf7b942af&session=f706628fa14cc85a0d0b57caf7b942aff706628fa14cc85a0d0b57caf7b942af | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=f706628fa14cc85a0d0b57caf7b942aff706628fa14cc85a0d0b57caf7b942af&session=f706628fa14cc85a0d0b57caf7b942aff706628fa14cc85a0d0b57caf7b942af IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=f706628fa14cc85a0d0b57caf7b942aff706628fa14cc85a0d0b57caf7b942af&session=f706628fa14cc85a0d0b57caf7b942aff706628fa14cc85a0d0b57caf7b942af HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:46 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=a4efc6a48a08edf93bf89e8513df0887a4efc6a48a08edf93bf89e8513df0887&session=a4efc6a48a08edf93bf89e8513df0887a4efc6a48a08edf93bf89e8513df0887
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=efb75eee7d35bfadb820e21a14998f56efb75eee7d35bfadb820e21a14998f56&session=efb75eee7d35bfadb820e21a14998f56efb75eee7d35bfadb820e21a14998f56 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=efb75eee7d35bfadb820e21a14998f56efb75eee7d35bfadb820e21a14998f56&session=efb75eee7d35bfadb820e21a14998f56efb75eee7d35bfadb820e21a14998f56 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=efb75eee7d35bfadb820e21a14998f56efb75eee7d35bfadb820e21a14998f56&session=efb75eee7d35bfadb820e21a14998f56efb75eee7d35bfadb820e21a14998f56 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:46 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=3b2ff16f0a15b01a7c937b5e6ed9f44b3b2ff16f0a15b01a7c937b5e6ed9f44b&session=3b2ff16f0a15b01a7c937b5e6ed9f44b3b2ff16f0a15b01a7c937b5e6ed9f44b
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=a4efc6a48a08edf93bf89e8513df0887a4efc6a48a08edf93bf89e8513df0887&session=a4efc6a48a08edf93bf89e8513df0887a4efc6a48a08edf93bf89e8513df0887 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=a4efc6a48a08edf93bf89e8513df0887a4efc6a48a08edf93bf89e8513df0887&session=a4efc6a48a08edf93bf89e8513df0887a4efc6a48a08edf93bf89e8513df0887 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=a4efc6a48a08edf93bf89e8513df0887a4efc6a48a08edf93bf89e8513df0887&session=a4efc6a48a08edf93bf89e8513df0887a4efc6a48a08edf93bf89e8513df0887 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:46 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=0dcd879d1b573d84e1b87ddfc6a807010dcd879d1b573d84e1b87ddfc6a80701&session=0dcd879d1b573d84e1b87ddfc6a807010dcd879d1b573d84e1b87ddfc6a80701
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| push.services.mozilla.com/ | 100.20.3.157 | 101 Switching Protocols | 0 B |
URL HTTP/1.1push.services.mozilla.com/ IP100.20.3.157:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: DMaRsmWMwid9bqTpF3wHUA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: JnW1AKJd26B2CKPNHcCB8NuQ0FQ=
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=3b2ff16f0a15b01a7c937b5e6ed9f44b3b2ff16f0a15b01a7c937b5e6ed9f44b&session=3b2ff16f0a15b01a7c937b5e6ed9f44b3b2ff16f0a15b01a7c937b5e6ed9f44b | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=3b2ff16f0a15b01a7c937b5e6ed9f44b3b2ff16f0a15b01a7c937b5e6ed9f44b&session=3b2ff16f0a15b01a7c937b5e6ed9f44b3b2ff16f0a15b01a7c937b5e6ed9f44b IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=3b2ff16f0a15b01a7c937b5e6ed9f44b3b2ff16f0a15b01a7c937b5e6ed9f44b&session=3b2ff16f0a15b01a7c937b5e6ed9f44b3b2ff16f0a15b01a7c937b5e6ed9f44b HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:46 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=3f623887719cf9ac18cb0a394c4537fe3f623887719cf9ac18cb0a394c4537fe&session=3f623887719cf9ac18cb0a394c4537fe3f623887719cf9ac18cb0a394c4537fe
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=0dcd879d1b573d84e1b87ddfc6a807010dcd879d1b573d84e1b87ddfc6a80701&session=0dcd879d1b573d84e1b87ddfc6a807010dcd879d1b573d84e1b87ddfc6a80701 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=0dcd879d1b573d84e1b87ddfc6a807010dcd879d1b573d84e1b87ddfc6a80701&session=0dcd879d1b573d84e1b87ddfc6a807010dcd879d1b573d84e1b87ddfc6a80701 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=0dcd879d1b573d84e1b87ddfc6a807010dcd879d1b573d84e1b87ddfc6a80701&session=0dcd879d1b573d84e1b87ddfc6a807010dcd879d1b573d84e1b87ddfc6a80701 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:47 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=a588f9e62aa7d2a4bf0a2ee62a550946a588f9e62aa7d2a4bf0a2ee62a550946&session=a588f9e62aa7d2a4bf0a2ee62a550946a588f9e62aa7d2a4bf0a2ee62a550946
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=3f623887719cf9ac18cb0a394c4537fe3f623887719cf9ac18cb0a394c4537fe&session=3f623887719cf9ac18cb0a394c4537fe3f623887719cf9ac18cb0a394c4537fe | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=3f623887719cf9ac18cb0a394c4537fe3f623887719cf9ac18cb0a394c4537fe&session=3f623887719cf9ac18cb0a394c4537fe3f623887719cf9ac18cb0a394c4537fe IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=3f623887719cf9ac18cb0a394c4537fe3f623887719cf9ac18cb0a394c4537fe&session=3f623887719cf9ac18cb0a394c4537fe3f623887719cf9ac18cb0a394c4537fe HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:47 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=d064ce432d3421f362b976924938f650d064ce432d3421f362b976924938f650&session=d064ce432d3421f362b976924938f650d064ce432d3421f362b976924938f650
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=a588f9e62aa7d2a4bf0a2ee62a550946a588f9e62aa7d2a4bf0a2ee62a550946&session=a588f9e62aa7d2a4bf0a2ee62a550946a588f9e62aa7d2a4bf0a2ee62a550946 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=a588f9e62aa7d2a4bf0a2ee62a550946a588f9e62aa7d2a4bf0a2ee62a550946&session=a588f9e62aa7d2a4bf0a2ee62a550946a588f9e62aa7d2a4bf0a2ee62a550946 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=a588f9e62aa7d2a4bf0a2ee62a550946a588f9e62aa7d2a4bf0a2ee62a550946&session=a588f9e62aa7d2a4bf0a2ee62a550946a588f9e62aa7d2a4bf0a2ee62a550946 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:47 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=d091019549483e65016ddb05990fa417d091019549483e65016ddb05990fa417&session=d091019549483e65016ddb05990fa417d091019549483e65016ddb05990fa417
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=d064ce432d3421f362b976924938f650d064ce432d3421f362b976924938f650&session=d064ce432d3421f362b976924938f650d064ce432d3421f362b976924938f650 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=d064ce432d3421f362b976924938f650d064ce432d3421f362b976924938f650&session=d064ce432d3421f362b976924938f650d064ce432d3421f362b976924938f650 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=d064ce432d3421f362b976924938f650d064ce432d3421f362b976924938f650&session=d064ce432d3421f362b976924938f650d064ce432d3421f362b976924938f650 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:47 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=172d1139da3a102ef84249b4073ccdb4172d1139da3a102ef84249b4073ccdb4&session=172d1139da3a102ef84249b4073ccdb4172d1139da3a102ef84249b4073ccdb4
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=d091019549483e65016ddb05990fa417d091019549483e65016ddb05990fa417&session=d091019549483e65016ddb05990fa417d091019549483e65016ddb05990fa417 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=d091019549483e65016ddb05990fa417d091019549483e65016ddb05990fa417&session=d091019549483e65016ddb05990fa417d091019549483e65016ddb05990fa417 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=d091019549483e65016ddb05990fa417d091019549483e65016ddb05990fa417&session=d091019549483e65016ddb05990fa417d091019549483e65016ddb05990fa417 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:47 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=24712091529eec302aab76301bdb22ed24712091529eec302aab76301bdb22ed&session=24712091529eec302aab76301bdb22ed24712091529eec302aab76301bdb22ed
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=172d1139da3a102ef84249b4073ccdb4172d1139da3a102ef84249b4073ccdb4&session=172d1139da3a102ef84249b4073ccdb4172d1139da3a102ef84249b4073ccdb4 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=172d1139da3a102ef84249b4073ccdb4172d1139da3a102ef84249b4073ccdb4&session=172d1139da3a102ef84249b4073ccdb4172d1139da3a102ef84249b4073ccdb4 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=172d1139da3a102ef84249b4073ccdb4172d1139da3a102ef84249b4073ccdb4&session=172d1139da3a102ef84249b4073ccdb4172d1139da3a102ef84249b4073ccdb4 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:47 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=8b712bb723bf0299e0535689fd6e964e8b712bb723bf0299e0535689fd6e964e&session=8b712bb723bf0299e0535689fd6e964e8b712bb723bf0299e0535689fd6e964e
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=24712091529eec302aab76301bdb22ed24712091529eec302aab76301bdb22ed&session=24712091529eec302aab76301bdb22ed24712091529eec302aab76301bdb22ed | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=24712091529eec302aab76301bdb22ed24712091529eec302aab76301bdb22ed&session=24712091529eec302aab76301bdb22ed24712091529eec302aab76301bdb22ed IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=24712091529eec302aab76301bdb22ed24712091529eec302aab76301bdb22ed&session=24712091529eec302aab76301bdb22ed24712091529eec302aab76301bdb22ed HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:47 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=814b807895cb421df590a6cece2def76814b807895cb421df590a6cece2def76&session=814b807895cb421df590a6cece2def76814b807895cb421df590a6cece2def76
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash3b4ea902c3e097daaa31810cb66d585a 97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049 0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2220
Expires: Mon, 06 Feb 2023 10:14:48 GMT
Date: Mon, 06 Feb 2023 09:37:48 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash3b4ea902c3e097daaa31810cb66d585a 97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049 0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2220
Expires: Mon, 06 Feb 2023 10:14:48 GMT
Date: Mon, 06 Feb 2023 09:37:48 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash3b4ea902c3e097daaa31810cb66d585a 97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049 0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2220
Expires: Mon, 06 Feb 2023 10:14:48 GMT
Date: Mon, 06 Feb 2023 09:37:48 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash3b4ea902c3e097daaa31810cb66d585a 97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049 0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2220
Expires: Mon, 06 Feb 2023 10:14:48 GMT
Date: Mon, 06 Feb 2023 09:37:48 GMT
Connection: keep-alive
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3694634-2f5a-47ff-b75c-9cb394881acc.jpeg | 34.120.237.76 | 200 OK | 9.8 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3694634-2f5a-47ff-b75c-9cb394881acc.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashccc8078cc937b7de0b299bcee1496f1b 395f04af71767acc9516387c8b07bde08968fdfe cf959fc4a72d80dcab20c235bec6d21eadaab87efa7a8969744cd228628ba050
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3694634-2f5a-47ff-b75c-9cb394881acc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9808
x-amzn-requestid: 75cc8041-19f5-4994-96b6-b14d3c90ec6e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiSFZAIAMF65g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-355d272c345c8c37595b4bb2;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: T7YlRZ936VEDkBvo2YKrS3GbyEh1xzC8W-50KiODzFjTnQb-hvkKpw==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:50:03 GMT
age: 42465
etag: "395f04af71767acc9516387c8b07bde08968fdfe"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24980299-b46f-4879-99f8-3d6a5bcd2153.png | 34.120.237.76 | 200 OK | 12 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24980299-b46f-4879-99f8-3d6a5bcd2153.png IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashb2e321721a636309ac45c6722f71a5d5 8f4224824571577109bf32b1fa7646dbfb88e818 a52611068a9694594dec4dddb1bd29afdbba897a2e1f61dcf3ceb81e262912e8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24980299-b46f-4879-99f8-3d6a5bcd2153.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12459
x-amzn-requestid: 5dd251ba-30e6-47aa-846a-9cefa9aa4928
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiPHlWIAMFnZw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-402585d71ebd0ebf75af210d;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dMwyfVFayhAjpMMOiE96N2N5TwdvJ52UvscJ6miuz4W3qNKXVS9jaA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:50:11 GMT
age: 42457
etag: "8f4224824571577109bf32b1fa7646dbfb88e818"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7a9b5f68-fd45-4868-ba31-8118d000f7d9.jpeg | 34.120.237.76 | 200 OK | 9.0 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7a9b5f68-fd45-4868-ba31-8118d000f7d9.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashea463f7a06fe1403c18c8ce8781244a1 fbbe4b97e4b39983b36340030f6b40adc69cd485 93a12a85886512e3336d027c889a2276087976b1c9106356cc81596b88087042
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7a9b5f68-fd45-4868-ba31-8118d000f7d9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8971
x-amzn-requestid: b1baa973-5b7c-4daa-af2e-e9f0b3c6a604
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzViwFG1IAMF4qg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63de02de-4a0c9cf45c1a20083bb838dc;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 07:01:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: sAiUWR0kcs2yN_7IIHwlSl1eNIRMEaSJ8QD_Uti1CU6IFIGh0kSmSw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 08:03:07 GMT
age: 5681
etag: "fbbe4b97e4b39983b36340030f6b40adc69cd485"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9070541c-6707-464e-b141-b6c767d8a58a.jpeg | 34.120.237.76 | 200 OK | 12 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9070541c-6707-464e-b141-b6c767d8a58a.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash062e186a259eda97173695240a492c63 9b476a4ec219667f560b88199a3a4e4b0a93b579 d18570d3c4ada689b5c2a99b0783ce41c629bd125e6683cf225e01b7032f14a4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9070541c-6707-464e-b141-b6c767d8a58a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12256
x-amzn-requestid: 1b959eb9-cf69-414c-b57b-4a63277d709c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fvgx-EhgoAMF2wA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc7b3f-2c58e8ac2aee8a8f409a93a0;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 03:10:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Q5tAmSUsPHlKjkJSksZpvVrOAsduYKg0uuTlc03yvuhtO1BUKlHyuA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 07:54:29 GMT
age: 6199
etag: "9b476a4ec219667f560b88199a3a4e4b0a93b579"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f78f981-25b3-46b1-a96b-baa8e001cc8e.jpeg | 34.120.237.76 | 200 OK | 8.6 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f78f981-25b3-46b1-a96b-baa8e001cc8e.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashad2298793399bf73c51c7d60952065c1 816bd4c36ceea2c46489ae72fde0b4a94c7c4bef dc540d64e5e0835c7007e89ca3b5dd620b43a87e13309f323f3843a5f908a199
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f78f981-25b3-46b1-a96b-baa8e001cc8e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8649
x-amzn-requestid: f85f3c9d-95c1-4db6-af5f-595070fe46c3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiRHzboAMFQCA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-6eed72bf20887cac6dc1a56a;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tNp3KhwtaSjchn-VAo1VellQ63I1W9uIbkQ_84Y7z_4z--vGfz8PGA==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:53:56 GMT
age: 42232
etag: "816bd4c36ceea2c46489ae72fde0b4a94c7c4bef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6941fb6-e957-4628-8403-b30032e53952.jpeg | 34.120.237.76 | 200 OK | 9.5 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6941fb6-e957-4628-8403-b30032e53952.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashd97807096c24402f2938faa7bef0bb1f 5dcc91fcfb218579f9bb8d74949c62b42a0ee0f5 61d5e5e14348dcd17a2d65ed50bf4870cfa0869b2027bd9e02e5656b71ae7b07
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6941fb6-e957-4628-8403-b30032e53952.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9504
x-amzn-requestid: 5ed1526b-636a-4aac-9900-3438fe44bc68
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4o9ZF4fIAMFuhQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e021ef-6925f9fa343504e94459aa70;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:38:55 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: U81u29w8Kam-xsluWwUqh-4J1bS-8viBRP4f6ERFJcGUpsDLcB-feg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:51:09 GMT
age: 42399
etag: "5dcc91fcfb218579f9bb8d74949c62b42a0ee0f5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=8b712bb723bf0299e0535689fd6e964e8b712bb723bf0299e0535689fd6e964e&session=8b712bb723bf0299e0535689fd6e964e8b712bb723bf0299e0535689fd6e964e | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=8b712bb723bf0299e0535689fd6e964e8b712bb723bf0299e0535689fd6e964e&session=8b712bb723bf0299e0535689fd6e964e8b712bb723bf0299e0535689fd6e964e IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=8b712bb723bf0299e0535689fd6e964e8b712bb723bf0299e0535689fd6e964e&session=8b712bb723bf0299e0535689fd6e964e8b712bb723bf0299e0535689fd6e964e HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:48 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=5640d20f6f8aadbae684eebec27857605640d20f6f8aadbae684eebec2785760&session=5640d20f6f8aadbae684eebec27857605640d20f6f8aadbae684eebec2785760
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=814b807895cb421df590a6cece2def76814b807895cb421df590a6cece2def76&session=814b807895cb421df590a6cece2def76814b807895cb421df590a6cece2def76 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=814b807895cb421df590a6cece2def76814b807895cb421df590a6cece2def76&session=814b807895cb421df590a6cece2def76814b807895cb421df590a6cece2def76 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=814b807895cb421df590a6cece2def76814b807895cb421df590a6cece2def76&session=814b807895cb421df590a6cece2def76814b807895cb421df590a6cece2def76 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:48 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=a9d61daacd0131202fcca6d1e994943ca9d61daacd0131202fcca6d1e994943c&session=a9d61daacd0131202fcca6d1e994943ca9d61daacd0131202fcca6d1e994943c
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=5640d20f6f8aadbae684eebec27857605640d20f6f8aadbae684eebec2785760&session=5640d20f6f8aadbae684eebec27857605640d20f6f8aadbae684eebec2785760 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=5640d20f6f8aadbae684eebec27857605640d20f6f8aadbae684eebec2785760&session=5640d20f6f8aadbae684eebec27857605640d20f6f8aadbae684eebec2785760 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=5640d20f6f8aadbae684eebec27857605640d20f6f8aadbae684eebec2785760&session=5640d20f6f8aadbae684eebec27857605640d20f6f8aadbae684eebec2785760 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:48 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=9bc4278552a5217f66dd40ad32caa48a9bc4278552a5217f66dd40ad32caa48a&session=9bc4278552a5217f66dd40ad32caa48a9bc4278552a5217f66dd40ad32caa48a
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=a9d61daacd0131202fcca6d1e994943ca9d61daacd0131202fcca6d1e994943c&session=a9d61daacd0131202fcca6d1e994943ca9d61daacd0131202fcca6d1e994943c | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=a9d61daacd0131202fcca6d1e994943ca9d61daacd0131202fcca6d1e994943c&session=a9d61daacd0131202fcca6d1e994943ca9d61daacd0131202fcca6d1e994943c IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=a9d61daacd0131202fcca6d1e994943ca9d61daacd0131202fcca6d1e994943c&session=a9d61daacd0131202fcca6d1e994943ca9d61daacd0131202fcca6d1e994943c HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:48 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=6aa0fe812c055160b21196593b06e9e66aa0fe812c055160b21196593b06e9e6&session=6aa0fe812c055160b21196593b06e9e66aa0fe812c055160b21196593b06e9e6
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=9bc4278552a5217f66dd40ad32caa48a9bc4278552a5217f66dd40ad32caa48a&session=9bc4278552a5217f66dd40ad32caa48a9bc4278552a5217f66dd40ad32caa48a | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=9bc4278552a5217f66dd40ad32caa48a9bc4278552a5217f66dd40ad32caa48a&session=9bc4278552a5217f66dd40ad32caa48a9bc4278552a5217f66dd40ad32caa48a IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=9bc4278552a5217f66dd40ad32caa48a9bc4278552a5217f66dd40ad32caa48a&session=9bc4278552a5217f66dd40ad32caa48a9bc4278552a5217f66dd40ad32caa48a HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:48 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=80e51cd383d06b388fb354743557ebc680e51cd383d06b388fb354743557ebc6&session=80e51cd383d06b388fb354743557ebc680e51cd383d06b388fb354743557ebc6
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=6aa0fe812c055160b21196593b06e9e66aa0fe812c055160b21196593b06e9e6&session=6aa0fe812c055160b21196593b06e9e66aa0fe812c055160b21196593b06e9e6 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=6aa0fe812c055160b21196593b06e9e66aa0fe812c055160b21196593b06e9e6&session=6aa0fe812c055160b21196593b06e9e66aa0fe812c055160b21196593b06e9e6 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=6aa0fe812c055160b21196593b06e9e66aa0fe812c055160b21196593b06e9e6&session=6aa0fe812c055160b21196593b06e9e66aa0fe812c055160b21196593b06e9e6 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:48 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=643d2e5a4ff62db3b48ace72cca071df643d2e5a4ff62db3b48ace72cca071df&session=643d2e5a4ff62db3b48ace72cca071df643d2e5a4ff62db3b48ace72cca071df
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=80e51cd383d06b388fb354743557ebc680e51cd383d06b388fb354743557ebc6&session=80e51cd383d06b388fb354743557ebc680e51cd383d06b388fb354743557ebc6 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=80e51cd383d06b388fb354743557ebc680e51cd383d06b388fb354743557ebc6&session=80e51cd383d06b388fb354743557ebc680e51cd383d06b388fb354743557ebc6 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=80e51cd383d06b388fb354743557ebc680e51cd383d06b388fb354743557ebc6&session=80e51cd383d06b388fb354743557ebc680e51cd383d06b388fb354743557ebc6 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:48 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=6f03ba47739621d9b691d11addf23e476f03ba47739621d9b691d11addf23e47&session=6f03ba47739621d9b691d11addf23e476f03ba47739621d9b691d11addf23e47
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=643d2e5a4ff62db3b48ace72cca071df643d2e5a4ff62db3b48ace72cca071df&session=643d2e5a4ff62db3b48ace72cca071df643d2e5a4ff62db3b48ace72cca071df | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=643d2e5a4ff62db3b48ace72cca071df643d2e5a4ff62db3b48ace72cca071df&session=643d2e5a4ff62db3b48ace72cca071df643d2e5a4ff62db3b48ace72cca071df IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=643d2e5a4ff62db3b48ace72cca071df643d2e5a4ff62db3b48ace72cca071df&session=643d2e5a4ff62db3b48ace72cca071df643d2e5a4ff62db3b48ace72cca071df HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:49 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=d5d5996cdb5605533b2cfb54535cd642d5d5996cdb5605533b2cfb54535cd642&session=d5d5996cdb5605533b2cfb54535cd642d5d5996cdb5605533b2cfb54535cd642
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=6f03ba47739621d9b691d11addf23e476f03ba47739621d9b691d11addf23e47&session=6f03ba47739621d9b691d11addf23e476f03ba47739621d9b691d11addf23e47 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=6f03ba47739621d9b691d11addf23e476f03ba47739621d9b691d11addf23e47&session=6f03ba47739621d9b691d11addf23e476f03ba47739621d9b691d11addf23e47 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=6f03ba47739621d9b691d11addf23e476f03ba47739621d9b691d11addf23e47&session=6f03ba47739621d9b691d11addf23e476f03ba47739621d9b691d11addf23e47 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:49 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=b5d3c411f240b71a61247a04981cce29b5d3c411f240b71a61247a04981cce29&session=b5d3c411f240b71a61247a04981cce29b5d3c411f240b71a61247a04981cce29
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=d5d5996cdb5605533b2cfb54535cd642d5d5996cdb5605533b2cfb54535cd642&session=d5d5996cdb5605533b2cfb54535cd642d5d5996cdb5605533b2cfb54535cd642 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=d5d5996cdb5605533b2cfb54535cd642d5d5996cdb5605533b2cfb54535cd642&session=d5d5996cdb5605533b2cfb54535cd642d5d5996cdb5605533b2cfb54535cd642 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=d5d5996cdb5605533b2cfb54535cd642d5d5996cdb5605533b2cfb54535cd642&session=d5d5996cdb5605533b2cfb54535cd642d5d5996cdb5605533b2cfb54535cd642 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:49 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=2d833b1c4a7ef0cf93adb9b8ee3ce5bb2d833b1c4a7ef0cf93adb9b8ee3ce5bb&session=2d833b1c4a7ef0cf93adb9b8ee3ce5bb2d833b1c4a7ef0cf93adb9b8ee3ce5bb
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=b5d3c411f240b71a61247a04981cce29b5d3c411f240b71a61247a04981cce29&session=b5d3c411f240b71a61247a04981cce29b5d3c411f240b71a61247a04981cce29 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=b5d3c411f240b71a61247a04981cce29b5d3c411f240b71a61247a04981cce29&session=b5d3c411f240b71a61247a04981cce29b5d3c411f240b71a61247a04981cce29 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=b5d3c411f240b71a61247a04981cce29b5d3c411f240b71a61247a04981cce29&session=b5d3c411f240b71a61247a04981cce29b5d3c411f240b71a61247a04981cce29 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:49 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=8769d3744e3f1c04b6b4a14a1b1fd3408769d3744e3f1c04b6b4a14a1b1fd340&session=8769d3744e3f1c04b6b4a14a1b1fd3408769d3744e3f1c04b6b4a14a1b1fd340
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=2d833b1c4a7ef0cf93adb9b8ee3ce5bb2d833b1c4a7ef0cf93adb9b8ee3ce5bb&session=2d833b1c4a7ef0cf93adb9b8ee3ce5bb2d833b1c4a7ef0cf93adb9b8ee3ce5bb | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=2d833b1c4a7ef0cf93adb9b8ee3ce5bb2d833b1c4a7ef0cf93adb9b8ee3ce5bb&session=2d833b1c4a7ef0cf93adb9b8ee3ce5bb2d833b1c4a7ef0cf93adb9b8ee3ce5bb IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=2d833b1c4a7ef0cf93adb9b8ee3ce5bb2d833b1c4a7ef0cf93adb9b8ee3ce5bb&session=2d833b1c4a7ef0cf93adb9b8ee3ce5bb2d833b1c4a7ef0cf93adb9b8ee3ce5bb HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:49 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=89c59de8c4515e2534a27110823c098e89c59de8c4515e2534a27110823c098e&session=89c59de8c4515e2534a27110823c098e89c59de8c4515e2534a27110823c098e
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=8769d3744e3f1c04b6b4a14a1b1fd3408769d3744e3f1c04b6b4a14a1b1fd340&session=8769d3744e3f1c04b6b4a14a1b1fd3408769d3744e3f1c04b6b4a14a1b1fd340 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=8769d3744e3f1c04b6b4a14a1b1fd3408769d3744e3f1c04b6b4a14a1b1fd340&session=8769d3744e3f1c04b6b4a14a1b1fd3408769d3744e3f1c04b6b4a14a1b1fd340 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=8769d3744e3f1c04b6b4a14a1b1fd3408769d3744e3f1c04b6b4a14a1b1fd340&session=8769d3744e3f1c04b6b4a14a1b1fd3408769d3744e3f1c04b6b4a14a1b1fd340 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:49 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=a425887957a49c1bce4c9ef36c0dca42a425887957a49c1bce4c9ef36c0dca42&session=a425887957a49c1bce4c9ef36c0dca42a425887957a49c1bce4c9ef36c0dca42
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=89c59de8c4515e2534a27110823c098e89c59de8c4515e2534a27110823c098e&session=89c59de8c4515e2534a27110823c098e89c59de8c4515e2534a27110823c098e | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=89c59de8c4515e2534a27110823c098e89c59de8c4515e2534a27110823c098e&session=89c59de8c4515e2534a27110823c098e89c59de8c4515e2534a27110823c098e IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=89c59de8c4515e2534a27110823c098e89c59de8c4515e2534a27110823c098e&session=89c59de8c4515e2534a27110823c098e89c59de8c4515e2534a27110823c098e HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:50 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=13c170b74f0ab7872a5104d7e9658f6c13c170b74f0ab7872a5104d7e9658f6c&session=13c170b74f0ab7872a5104d7e9658f6c13c170b74f0ab7872a5104d7e9658f6c
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=a425887957a49c1bce4c9ef36c0dca42a425887957a49c1bce4c9ef36c0dca42&session=a425887957a49c1bce4c9ef36c0dca42a425887957a49c1bce4c9ef36c0dca42 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=a425887957a49c1bce4c9ef36c0dca42a425887957a49c1bce4c9ef36c0dca42&session=a425887957a49c1bce4c9ef36c0dca42a425887957a49c1bce4c9ef36c0dca42 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=a425887957a49c1bce4c9ef36c0dca42a425887957a49c1bce4c9ef36c0dca42&session=a425887957a49c1bce4c9ef36c0dca42a425887957a49c1bce4c9ef36c0dca42 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:50 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=da6cb94647ee5eadf315465ddb7de4efda6cb94647ee5eadf315465ddb7de4ef&session=da6cb94647ee5eadf315465ddb7de4efda6cb94647ee5eadf315465ddb7de4ef
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=13c170b74f0ab7872a5104d7e9658f6c13c170b74f0ab7872a5104d7e9658f6c&session=13c170b74f0ab7872a5104d7e9658f6c13c170b74f0ab7872a5104d7e9658f6c | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=13c170b74f0ab7872a5104d7e9658f6c13c170b74f0ab7872a5104d7e9658f6c&session=13c170b74f0ab7872a5104d7e9658f6c13c170b74f0ab7872a5104d7e9658f6c IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=13c170b74f0ab7872a5104d7e9658f6c13c170b74f0ab7872a5104d7e9658f6c&session=13c170b74f0ab7872a5104d7e9658f6c13c170b74f0ab7872a5104d7e9658f6c HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:50 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=1645bebbb59ac2ff071a186c3129dc961645bebbb59ac2ff071a186c3129dc96&session=1645bebbb59ac2ff071a186c3129dc961645bebbb59ac2ff071a186c3129dc96
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=da6cb94647ee5eadf315465ddb7de4efda6cb94647ee5eadf315465ddb7de4ef&session=da6cb94647ee5eadf315465ddb7de4efda6cb94647ee5eadf315465ddb7de4ef | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=da6cb94647ee5eadf315465ddb7de4efda6cb94647ee5eadf315465ddb7de4ef&session=da6cb94647ee5eadf315465ddb7de4efda6cb94647ee5eadf315465ddb7de4ef IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=da6cb94647ee5eadf315465ddb7de4efda6cb94647ee5eadf315465ddb7de4ef&session=da6cb94647ee5eadf315465ddb7de4efda6cb94647ee5eadf315465ddb7de4ef HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:50 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=a1f05e8a8d49fdce8ba2aec30cbfd05ea1f05e8a8d49fdce8ba2aec30cbfd05e&session=a1f05e8a8d49fdce8ba2aec30cbfd05ea1f05e8a8d49fdce8ba2aec30cbfd05e
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=1645bebbb59ac2ff071a186c3129dc961645bebbb59ac2ff071a186c3129dc96&session=1645bebbb59ac2ff071a186c3129dc961645bebbb59ac2ff071a186c3129dc96 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=1645bebbb59ac2ff071a186c3129dc961645bebbb59ac2ff071a186c3129dc96&session=1645bebbb59ac2ff071a186c3129dc961645bebbb59ac2ff071a186c3129dc96 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=1645bebbb59ac2ff071a186c3129dc961645bebbb59ac2ff071a186c3129dc96&session=1645bebbb59ac2ff071a186c3129dc961645bebbb59ac2ff071a186c3129dc96 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:50 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=4c20f7b56f8cc986acb6b27bb5f5a4e64c20f7b56f8cc986acb6b27bb5f5a4e6&session=4c20f7b56f8cc986acb6b27bb5f5a4e64c20f7b56f8cc986acb6b27bb5f5a4e6
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=a1f05e8a8d49fdce8ba2aec30cbfd05ea1f05e8a8d49fdce8ba2aec30cbfd05e&session=a1f05e8a8d49fdce8ba2aec30cbfd05ea1f05e8a8d49fdce8ba2aec30cbfd05e | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=a1f05e8a8d49fdce8ba2aec30cbfd05ea1f05e8a8d49fdce8ba2aec30cbfd05e&session=a1f05e8a8d49fdce8ba2aec30cbfd05ea1f05e8a8d49fdce8ba2aec30cbfd05e IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=a1f05e8a8d49fdce8ba2aec30cbfd05ea1f05e8a8d49fdce8ba2aec30cbfd05e&session=a1f05e8a8d49fdce8ba2aec30cbfd05ea1f05e8a8d49fdce8ba2aec30cbfd05e HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:50 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=05bd83de7fbb0cb61e283243bbfd068a05bd83de7fbb0cb61e283243bbfd068a&session=05bd83de7fbb0cb61e283243bbfd068a05bd83de7fbb0cb61e283243bbfd068a
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=4c20f7b56f8cc986acb6b27bb5f5a4e64c20f7b56f8cc986acb6b27bb5f5a4e6&session=4c20f7b56f8cc986acb6b27bb5f5a4e64c20f7b56f8cc986acb6b27bb5f5a4e6 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=4c20f7b56f8cc986acb6b27bb5f5a4e64c20f7b56f8cc986acb6b27bb5f5a4e6&session=4c20f7b56f8cc986acb6b27bb5f5a4e64c20f7b56f8cc986acb6b27bb5f5a4e6 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=4c20f7b56f8cc986acb6b27bb5f5a4e64c20f7b56f8cc986acb6b27bb5f5a4e6&session=4c20f7b56f8cc986acb6b27bb5f5a4e64c20f7b56f8cc986acb6b27bb5f5a4e6 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:50 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=d11242a5891456d4abe762d094a21388d11242a5891456d4abe762d094a21388&session=d11242a5891456d4abe762d094a21388d11242a5891456d4abe762d094a21388
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=05bd83de7fbb0cb61e283243bbfd068a05bd83de7fbb0cb61e283243bbfd068a&session=05bd83de7fbb0cb61e283243bbfd068a05bd83de7fbb0cb61e283243bbfd068a | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=05bd83de7fbb0cb61e283243bbfd068a05bd83de7fbb0cb61e283243bbfd068a&session=05bd83de7fbb0cb61e283243bbfd068a05bd83de7fbb0cb61e283243bbfd068a IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=05bd83de7fbb0cb61e283243bbfd068a05bd83de7fbb0cb61e283243bbfd068a&session=05bd83de7fbb0cb61e283243bbfd068a05bd83de7fbb0cb61e283243bbfd068a HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:51 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=e243195246ba4064c0c64a63823895c8e243195246ba4064c0c64a63823895c8&session=e243195246ba4064c0c64a63823895c8e243195246ba4064c0c64a63823895c8
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=d11242a5891456d4abe762d094a21388d11242a5891456d4abe762d094a21388&session=d11242a5891456d4abe762d094a21388d11242a5891456d4abe762d094a21388 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=d11242a5891456d4abe762d094a21388d11242a5891456d4abe762d094a21388&session=d11242a5891456d4abe762d094a21388d11242a5891456d4abe762d094a21388 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=d11242a5891456d4abe762d094a21388d11242a5891456d4abe762d094a21388&session=d11242a5891456d4abe762d094a21388d11242a5891456d4abe762d094a21388 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:51 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=19af99fda14e73396bbccbfedc90240319af99fda14e73396bbccbfedc902403&session=19af99fda14e73396bbccbfedc90240319af99fda14e73396bbccbfedc902403
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=e243195246ba4064c0c64a63823895c8e243195246ba4064c0c64a63823895c8&session=e243195246ba4064c0c64a63823895c8e243195246ba4064c0c64a63823895c8 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=e243195246ba4064c0c64a63823895c8e243195246ba4064c0c64a63823895c8&session=e243195246ba4064c0c64a63823895c8e243195246ba4064c0c64a63823895c8 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=e243195246ba4064c0c64a63823895c8e243195246ba4064c0c64a63823895c8&session=e243195246ba4064c0c64a63823895c8e243195246ba4064c0c64a63823895c8 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:51 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=675c683c04c2f0ca5ac084e4e3b1f1c7675c683c04c2f0ca5ac084e4e3b1f1c7&session=675c683c04c2f0ca5ac084e4e3b1f1c7675c683c04c2f0ca5ac084e4e3b1f1c7
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=19af99fda14e73396bbccbfedc90240319af99fda14e73396bbccbfedc902403&session=19af99fda14e73396bbccbfedc90240319af99fda14e73396bbccbfedc902403 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=19af99fda14e73396bbccbfedc90240319af99fda14e73396bbccbfedc902403&session=19af99fda14e73396bbccbfedc90240319af99fda14e73396bbccbfedc902403 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=19af99fda14e73396bbccbfedc90240319af99fda14e73396bbccbfedc902403&session=19af99fda14e73396bbccbfedc90240319af99fda14e73396bbccbfedc902403 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:51 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=71c37a1e5f1cdf7e6d7346bf88fa73c071c37a1e5f1cdf7e6d7346bf88fa73c0&session=71c37a1e5f1cdf7e6d7346bf88fa73c071c37a1e5f1cdf7e6d7346bf88fa73c0
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=675c683c04c2f0ca5ac084e4e3b1f1c7675c683c04c2f0ca5ac084e4e3b1f1c7&session=675c683c04c2f0ca5ac084e4e3b1f1c7675c683c04c2f0ca5ac084e4e3b1f1c7 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=675c683c04c2f0ca5ac084e4e3b1f1c7675c683c04c2f0ca5ac084e4e3b1f1c7&session=675c683c04c2f0ca5ac084e4e3b1f1c7675c683c04c2f0ca5ac084e4e3b1f1c7 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=675c683c04c2f0ca5ac084e4e3b1f1c7675c683c04c2f0ca5ac084e4e3b1f1c7&session=675c683c04c2f0ca5ac084e4e3b1f1c7675c683c04c2f0ca5ac084e4e3b1f1c7 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:51 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=f7ce5fca3251437bd06b50eff3b33fa2f7ce5fca3251437bd06b50eff3b33fa2&session=f7ce5fca3251437bd06b50eff3b33fa2f7ce5fca3251437bd06b50eff3b33fa2
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=71c37a1e5f1cdf7e6d7346bf88fa73c071c37a1e5f1cdf7e6d7346bf88fa73c0&session=71c37a1e5f1cdf7e6d7346bf88fa73c071c37a1e5f1cdf7e6d7346bf88fa73c0 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=71c37a1e5f1cdf7e6d7346bf88fa73c071c37a1e5f1cdf7e6d7346bf88fa73c0&session=71c37a1e5f1cdf7e6d7346bf88fa73c071c37a1e5f1cdf7e6d7346bf88fa73c0 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=71c37a1e5f1cdf7e6d7346bf88fa73c071c37a1e5f1cdf7e6d7346bf88fa73c0&session=71c37a1e5f1cdf7e6d7346bf88fa73c071c37a1e5f1cdf7e6d7346bf88fa73c0 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:51 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=c504f5e08c95645bfaece69dfa9c09fcc504f5e08c95645bfaece69dfa9c09fc&session=c504f5e08c95645bfaece69dfa9c09fcc504f5e08c95645bfaece69dfa9c09fc
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=f7ce5fca3251437bd06b50eff3b33fa2f7ce5fca3251437bd06b50eff3b33fa2&session=f7ce5fca3251437bd06b50eff3b33fa2f7ce5fca3251437bd06b50eff3b33fa2 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=f7ce5fca3251437bd06b50eff3b33fa2f7ce5fca3251437bd06b50eff3b33fa2&session=f7ce5fca3251437bd06b50eff3b33fa2f7ce5fca3251437bd06b50eff3b33fa2 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=f7ce5fca3251437bd06b50eff3b33fa2f7ce5fca3251437bd06b50eff3b33fa2&session=f7ce5fca3251437bd06b50eff3b33fa2f7ce5fca3251437bd06b50eff3b33fa2 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:51 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=edb7f9ac16d62330cf95e958d9413a54edb7f9ac16d62330cf95e958d9413a54&session=edb7f9ac16d62330cf95e958d9413a54edb7f9ac16d62330cf95e958d9413a54
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=c504f5e08c95645bfaece69dfa9c09fcc504f5e08c95645bfaece69dfa9c09fc&session=c504f5e08c95645bfaece69dfa9c09fcc504f5e08c95645bfaece69dfa9c09fc | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=c504f5e08c95645bfaece69dfa9c09fcc504f5e08c95645bfaece69dfa9c09fc&session=c504f5e08c95645bfaece69dfa9c09fcc504f5e08c95645bfaece69dfa9c09fc IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=c504f5e08c95645bfaece69dfa9c09fcc504f5e08c95645bfaece69dfa9c09fc&session=c504f5e08c95645bfaece69dfa9c09fcc504f5e08c95645bfaece69dfa9c09fc HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:52 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=006fe354d2c4db9ab27475c3c70bfac5006fe354d2c4db9ab27475c3c70bfac5&session=006fe354d2c4db9ab27475c3c70bfac5006fe354d2c4db9ab27475c3c70bfac5
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=edb7f9ac16d62330cf95e958d9413a54edb7f9ac16d62330cf95e958d9413a54&session=edb7f9ac16d62330cf95e958d9413a54edb7f9ac16d62330cf95e958d9413a54 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=edb7f9ac16d62330cf95e958d9413a54edb7f9ac16d62330cf95e958d9413a54&session=edb7f9ac16d62330cf95e958d9413a54edb7f9ac16d62330cf95e958d9413a54 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=edb7f9ac16d62330cf95e958d9413a54edb7f9ac16d62330cf95e958d9413a54&session=edb7f9ac16d62330cf95e958d9413a54edb7f9ac16d62330cf95e958d9413a54 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:52 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=7f0d07d39f575378a98e4b339b3ca2bf7f0d07d39f575378a98e4b339b3ca2bf&session=7f0d07d39f575378a98e4b339b3ca2bf7f0d07d39f575378a98e4b339b3ca2bf
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|