Report - abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/?cont=qerldmlsbwfzaza5&token=b44d1ae27337f7834d3e44db23aeea10

Report Overview

Submitted URL
abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/?cont=qerldmlsbwfzaza5&token=b44d1ae27337f7834d3e44db23aeea10
IP
142.4.20.37
ASN
#46606 UNIFIEDLAYER-AS-1
Submitted
2023-01-21 05:10:17
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
40

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	35.160.122.190
ocsp.godaddy.com	698	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	11 kB	192.124.249.24
t.me	6552	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	462 B	4.7 kB	149.154.167.99
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.33.119.27
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	680 B	1.9 kB	104.18.32.68
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	341 B	736 B	93.184.220.29
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	407 B	746 B	142.250.74.106
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
devilsms.live	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	710 B	70 kB	199.188.200.254
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
cdn5.telegram-cdn.org	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	732 B	28 kB	34.111.108.175
telegram.org	5408	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.6 kB	64 kB	149.154.167.99
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.2 kB	37 kB	34.120.237.76
abahugop7.ga	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	16 kB	694 kB	142.4.20.37
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	4.9 kB	216.58.211.3
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	958 B	34 kB	216.58.207.227

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-21	medium	abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/styles2.0.css?v=H3Lw5kriPY31Nvjt9E2Kh_yuQvgb8fMXG_Cnp_nyoRw	Phishing
2023-01-21	medium	abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/popup.css?v=0-SiwNAv1h9KPE4igYTkeN2sUNd84p6fcQJsaIh0ey8	Phishing
2023-01-21	medium	abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/rebrand.css?v=dayiagRHt8GMqiMnzzRWy9Kt_BZhyDWJahHtK0OrS94	Phishing
2023-01-21	medium	abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/images/investments.svg	Phishing
2023-01-21	medium	abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/images/loans-and-lines-of-credit.svg	Phishing
2023-01-21	medium	abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/images/home-loans.svg	Phishing
2023-01-21	medium	abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/images/baq-logo-rebrand.svg	Phishing
2023-01-21	medium	abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/images/personal-checking.svg	Phishing
2023-01-21	medium	abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/images/bokf-meatball-rebrand.svg	Phishing
2023-01-21	medium	abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-Black.ttf	Phishing
2023-01-21	medium	abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-BlackItalic.ttf	Phishing
2023-01-21	medium	abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-MediumItalic.ttf	Phishing
2023-01-21	medium	abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-Regular.ttf	Phishing
2023-01-21	medium	abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-Thin.ttf	Phishing
2023-01-21	medium	abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-ThinItalic.ttf	Phishing
2023-01-21	medium	abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-Bold.ttf	Phishing
2023-01-21	medium	abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-BoldItalic.ttf	Phishing
2023-01-21	medium	abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-Italic.ttf	Phishing
2023-01-21	medium	abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-Light.ttf	Phishing
2023-01-21	medium	abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-LightItalic.ttf	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	t.me/Devilmask09	193 B	2023-03-07	2024-04-24
Pretty URL t.me/Devilmask09 IP 149.154.167.99 ASN #62041 Telegram Messenger Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31:07 Last Seen2024-04-24 10:40:28 Times Seen3289 Hash 9c629a0c52a2afad699d260f673481fd a4fd0ed3e5daa31480eb6de0faa5d442f015cbf6 ea0d804370930ee958af535ce56cddf1dda419bdc676315ae8af0fbb4c733471 Loading...

	t.me/Devilmask09	1.3 kB	2023-03-08	2023-03-13
Pretty URL t.me/Devilmask09 IP 149.154.167.99 ASN #62041 Telegram Messenger Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:28:29 Last Seen2023-03-13 04:31:35 Times Seen1 Hash e7e40c84862ebc5642038190aacd8557 3bf86807278bf5e73a2a8765d5e5e76030e289c2 7a0b67d1bf946b6fed92dc5cd6f72a46760f3b9d91559bda8134b33eefb9a3a3 Loading...

	devilsms.live/cleave.js	94 kB	2023-03-07	2023-12-17
Pretty URL devilsms.live/cleave.js IP 199.188.200.254 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:56:13 Last Seen2023-12-17 14:10:58 Times Seen29 Hash ead7731c4b02b3e134ec2d390e7fccd0 3491430271d8a9f15548ca5a00e90b5d4e10b437 f97d8e2f7cc9b436d478f1168d22b9ae3c292d97d2d5285c4ccd01f3bbef47f5 Loading...

	devilsms.live/clve-min.js	151 kB	2023-03-07	2023-04-30
Pretty URL devilsms.live/clve-min.js IP 199.188.200.254 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 22:38:47 Last Seen2023-04-30 22:10:37 Times Seen11 Hash a0af62af3a5f980137ece52d9604b17e 47803e4451aaae4f38c40d154f915e89155edc0d 28899904b99b7dc185a3ee4ef8a53a522ae488db692a9ee4d45ddfc07dc04a24 Loading...

	t.me/Devilmask09	206 B	2023-03-08	2023-03-13
Pretty URL t.me/Devilmask09 IP 149.154.167.99 ASN #62041 Telegram Messenger Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:28:29 Last Seen2023-03-13 04:31:35 Times Seen1 Hash 1a275332c763d92663571f8086336d94 2773374f3cabe9daedd65eee6572865b204bb76a 4cf9d865038b8d9a2130213f433042bdec42b3f2b3d49d838366d7e5b5ff675b Loading...

	telegram.org/js/tgwallpaper.min.js?3	3.0 kB	2023-03-07	2024-04-25
Pretty URL telegram.org/js/tgwallpaper.min.js?3 IP 149.154.167.99 ASN #62041 Telegram Messenger Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31:07 Last Seen2024-04-25 10:54:09 Times Seen5032 Hash 2b89d34702716a8ad2cc3977718f53a3 04406ebd6a9e2ce79dbac5e5048cfe1384e4574a 2031e418ee10af8110729b3f327b968462fc0a9d8d1da095387bb472ccd0dee6 Loading...

HTTP Transactions (76)

URL IP Response Size

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
20d267853e48ef7d476459ed67da5d97
06d1bd08efd69c0e93486d3c423fa2640f372d29
24323cd45ca2ed01c63f908233d9b2ad5bb6f63394884c45bf6abb0221d0edd6

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "24323CD45CA2ED01C63F908233D9B2AD5BB6F63394884C45BF6ABB0221D0EDD6"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11043
Expires: Sat, 21 Jan 2023 08:14:08 GMT
Date: Sat, 21 Jan 2023 05:10:05 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b36ef73c20dffb6bc10194bbd2d0dcfa
a67a4023dc8b4944debaeb92f3ba0f1402c079a6
05a7a4d832cf9e593ca44efea309edcbd80734583bada15fda3e740612eff991

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "05A7A4D832CF9E593CA44EFEA309EDCBD80734583BADA15FDA3E740612EFF991"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6787
Expires: Sat, 21 Jan 2023 07:03:12 GMT
Date: Sat, 21 Jan 2023 05:10:05 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 21 Jan 2023 04:34:41 GMT
content-type: application/json
age: 2124
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7afaa97fbfa9baa1485c892eac8e114d
8c17c707c218e28ac14197ce8e5eef873207a732
59db16baacb452453dbf44fc2a24f25ab09c4dbaec3a9271fda84230d8f11925

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "59DB16BAACB452453DBF44FC2A24F25AB09C4DBAEC3A9271FDA84230D8F11925"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2364
Expires: Sat, 21 Jan 2023 05:49:29 GMT
Date: Sat, 21 Jan 2023 05:10:05 GMT
Connection: keep-alive

abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/?cont=qerldmlsbwfzaza5&token=b44d1ae27337f7834d3e44db23aeea10

142.4.20.37

200 OK

17 kB

URL HTTP/1.1
abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/?cont=qerldmlsbwfzaza5&token=b44d1ae27337f7834d3e44db23aeea10
IP
142.4.20.37:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ISO-8859 text, with very long lines (496), with CRLF line terminators
Size
17 kB (17214 bytes)
Hash
2ba6903929e4e5d9370c4db6d6c48c1b
1bc807721110f07968d0597a16c0ab57e97f1b81
5659a72dce8e25e51cf2403ea1547c4078cab6cce4713b821a0d1a2914b45f74

HTTP Headers

GET /b/8eef852698063b196d0214350eb72bdb/?cont=qerldmlsbwfzaza5&token=b44d1ae27337f7834d3e44db23aeea10 HTTP/1.1
Host: abahugop7.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sat, 21 Jan 2023 05:10:05 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=c2c31e7f20c8920ad0b5d4df8e42030d; path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: TYIghA6t1WayPIuhHNxy+EufUrU0JYeEXoy1imGlblk+J3nrOPV5qP1vlXdBZN39Lpf3GxnqCWc=
x-amz-request-id: A2MFGFEY3Y7G78SZ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 21 Jan 2023 04:46:40 GMT
age: 1405
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 21 Jan 2023 05:10:05 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
5422c49666fc195ae94aa0f5cf837bfc
e0f1dd926cd9328ccf9cc99389337056c62f1043
f639aad2dc85708fa922b793660f13ae597f275a8ebf61e7e72fb2bce257cc76

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 05:10:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
5422c49666fc195ae94aa0f5cf837bfc
e0f1dd926cd9328ccf9cc99389337056c62f1043
f639aad2dc85708fa922b793660f13ae597f275a8ebf61e7e72fb2bce257cc76

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 05:10:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/styles2.0.css?v=H3Lw5kriPY31Nvjt9E2Kh_yuQvgb8fMXG_Cnp_nyoRw

142.4.20.37

200 OK

42 kB

URL HTTP/1.1
abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/styles2.0.css?v=H3Lw5kriPY31Nvjt9E2Kh_yuQvgb8fMXG_Cnp_nyoRw
IP
142.4.20.37:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (4096), with CRLF line terminators
Size
42 kB (42094 bytes)
Hash
0758e56c49e1236ce5b286e3550f9fa4
5e0d1cce81e6982a3ae9c51739b35bced4ba8d02
23d0d26087fd61f5c5ba501da4ec098b661eb064792bb86705108c6350a0421f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /b/8eef852698063b196d0214350eb72bdb/css/2.0/styles2.0.css?v=H3Lw5kriPY31Nvjt9E2Kh_yuQvgb8fMXG_Cnp_nyoRw HTTP/1.1
Host: abahugop7.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/?cont=qerldmlsbwfzaza5&token=b44d1ae27337f7834d3e44db23aeea10
Cookie: PHPSESSID=c2c31e7f20c8920ad0b5d4df8e42030d

HTTP/1.1 200 OK
Date: Sat, 21 Jan 2023 05:10:05 GMT
Server: Apache
Last-Modified: Sat, 21 Jan 2023 03:34:11 GMT
Accept-Ranges: bytes
Content-Length: 42094
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/popup.css?v=0-SiwNAv1h9KPE4igYTkeN2sUNd84p6fcQJsaIh0ey8

142.4.20.37

200 OK

1.1 kB

URL HTTP/1.1
abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/popup.css?v=0-SiwNAv1h9KPE4igYTkeN2sUNd84p6fcQJsaIh0ey8
IP
142.4.20.37:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with CRLF line terminators
Size
1.1 kB (1076 bytes)
Hash
add90199969b95fcc4a3053bd18c34e3
e4d12559320b7dfc21206d26824781c407eaf0d8
bd28dc73255af1466b63a96efd392ff3153f51124e6c85a1f9dbc6b4a88bca09

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /b/8eef852698063b196d0214350eb72bdb/css/popup.css?v=0-SiwNAv1h9KPE4igYTkeN2sUNd84p6fcQJsaIh0ey8 HTTP/1.1
Host: abahugop7.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/?cont=qerldmlsbwfzaza5&token=b44d1ae27337f7834d3e44db23aeea10
Cookie: PHPSESSID=c2c31e7f20c8920ad0b5d4df8e42030d

HTTP/1.1 200 OK
Date: Sat, 21 Jan 2023 05:10:06 GMT
Server: Apache
Last-Modified: Sat, 21 Jan 2023 03:34:11 GMT
Accept-Ranges: bytes
Content-Length: 1076
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/rebrand.css?v=dayiagRHt8GMqiMnzzRWy9Kt_BZhyDWJahHtK0OrS94

142.4.20.37

200 OK

2.1 kB

URL HTTP/1.1
abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/rebrand.css?v=dayiagRHt8GMqiMnzzRWy9Kt_BZhyDWJahHtK0OrS94
IP
142.4.20.37:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with CRLF line terminators
Size
2.1 kB (2084 bytes)
Hash
a6ea22b50638d33a13b3ee8d606ff41f
ac6a06c5e7583e795a9a4c007dcb3d05675830c5
94ee3a65d909d89df1dd2cc195e0ab6bb8bd148ae60b75cf6e50d94f44a8bce1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /b/8eef852698063b196d0214350eb72bdb/css/2.0/rebrand.css?v=dayiagRHt8GMqiMnzzRWy9Kt_BZhyDWJahHtK0OrS94 HTTP/1.1
Host: abahugop7.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/?cont=qerldmlsbwfzaza5&token=b44d1ae27337f7834d3e44db23aeea10
Cookie: PHPSESSID=c2c31e7f20c8920ad0b5d4df8e42030d

HTTP/1.1 200 OK
Date: Sat, 21 Jan 2023 05:10:06 GMT
Server: Apache
Last-Modified: Sat, 21 Jan 2023 03:34:11 GMT
Accept-Ranges: bytes
Content-Length: 2084
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/login2.0.css?v=sc58_G_S1YBpR84IHkfX7XFHfbluxntzC70ZNABNIvc

142.4.20.37

200 OK

12 kB

URL HTTP/1.1
abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/login2.0.css?v=sc58_G_S1YBpR84IHkfX7XFHfbluxntzC70ZNABNIvc
IP
142.4.20.37:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (723), with CRLF line terminators
Size
12 kB (12199 bytes)
Hash
f0e022c47f9a75badf81d79c3f9dcd3a
d0a988a0384a33e5c7b4a4ca5ac645c3fa9a3f25
6d463c48f2603f2e105773a1d6f8f439d7a371dc11218433bd14b36971cef158

HTTP Headers

GET /b/8eef852698063b196d0214350eb72bdb/css/2.0/login2.0.css?v=sc58_G_S1YBpR84IHkfX7XFHfbluxntzC70ZNABNIvc HTTP/1.1
Host: abahugop7.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/?cont=qerldmlsbwfzaza5&token=b44d1ae27337f7834d3e44db23aeea10
Cookie: PHPSESSID=c2c31e7f20c8920ad0b5d4df8e42030d

HTTP/1.1 200 OK
Date: Sat, 21 Jan 2023 05:10:06 GMT
Server: Apache
Last-Modified: Sat, 21 Jan 2023 03:34:11 GMT
Accept-Ranges: bytes
Content-Length: 12199
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
2a329a772f8f780d0d73e0e1888e2158
e4ceb9be18ceeb88f4d4f92e631ea86d61e51c4e
76f21fc47caca80766c73d3f2b4fc684e83d9904512d7f3fcfe767d31c835920

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 21 Jan 2023 05:10:06 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 18 Jan 2023 05:40:04 GMT
Expires: Wed, 25 Jan 2023 05:40:03 GMT
Etag: "e4ceb9be18ceeb88f4d4f92e631ea86d61e51c4e"
Cache-Control: max-age=346796,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78cd8aa0aa91b518-OSL

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
2a329a772f8f780d0d73e0e1888e2158
e4ceb9be18ceeb88f4d4f92e631ea86d61e51c4e
76f21fc47caca80766c73d3f2b4fc684e83d9904512d7f3fcfe767d31c835920

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 21 Jan 2023 05:10:06 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 18 Jan 2023 05:40:04 GMT
Expires: Wed, 25 Jan 2023 05:40:03 GMT
Etag: "e4ceb9be18ceeb88f4d4f92e631ea86d61e51c4e"
Cache-Control: max-age=346796,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78cd8aa0bab51c0e-OSL

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Expires, Pragma, Content-Type, Backoff, Last-Modified, Cache-Control, ETag
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 21 Jan 2023 04:48:58 GMT
age: 1268
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
bdb8a13dfce39d6e151a9ef185a772a1
037a680510f9dbce3c7cc3c0f9115fd587dbcd1d
98c8b7f269b9aad73b73fd946788ebfd7a4d7afbdd5347b56c67f73b947f5ff6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 921
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 05:10:06 GMT
Last-Modified: Sat, 21 Jan 2023 04:54:45 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471

abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/styles.css?v=S4g1Kfhssc0S-xkdqgMIfNgyhM_sZcHFA4KVFTi2BAA

142.4.20.37

200 OK

496 kB

URL HTTP/1.1
abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/styles.css?v=S4g1Kfhssc0S-xkdqgMIfNgyhM_sZcHFA4KVFTi2BAA
IP
142.4.20.37:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with CRLF line terminators
Size
496 kB (496007 bytes)
Hash
50a69acd4785afe6fedc896ddd514e81
3fc430155e261847d0d04b7ec95a5b39920deaef
c9047c9a838e30d1321674bd4e14f0e08071c5407b35aae14554cdb2cc8935fb

HTTP Headers

GET /b/8eef852698063b196d0214350eb72bdb/css/styles.css?v=S4g1Kfhssc0S-xkdqgMIfNgyhM_sZcHFA4KVFTi2BAA HTTP/1.1
Host: abahugop7.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/?cont=qerldmlsbwfzaza5&token=b44d1ae27337f7834d3e44db23aeea10
Cookie: PHPSESSID=c2c31e7f20c8920ad0b5d4df8e42030d

HTTP/1.1 200 OK
Date: Sat, 21 Jan 2023 05:10:05 GMT
Server: Apache
Last-Modified: Sat, 21 Jan 2023 03:34:11 GMT
Accept-Ranges: bytes
Content-Length: 496007
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

devilsms.live/cleave.js

199.188.200.254

200 OK

18 kB

URL HTTP/2
devilsms.live/cleave.js
IP
199.188.200.254:0
ASN
#22612 NAMECHEAP-NET

File type
Unicode text, UTF-8 text, with very long lines (1712)
Size
18 kB (18428 bytes)
Hash
fe9f66e28ad0fde897ddcb9571324491
e5ab8ed2bad2578458397898778be698dff70917
ece3c9456921c261029e7ae1b7eddd2265e8afdf1aeb78f9eafad2ea55d5e92f

HTTP Headers

GET /cleave.js HTTP/1.1
Host: devilsms.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://abahugop7.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 28 Jan 2023 05:10:06 GMT
content-type: application/javascript
last-modified: Sun, 30 Jan 2022 13:07:42 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 18428
date: Sat, 21 Jan 2023 05:10:06 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/images/investments.svg

142.4.20.37

200 OK

10 kB

URL HTTP/1.1
abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/images/investments.svg
IP
142.4.20.37:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (1571), with CRLF line terminators
Size
10 kB (10534 bytes)
Hash
165ee3b54e4f3b60a30cd7269d8acd1d
20ff9d6a574f0dad119f48dbf7bb9c1be76b178c
1192ffbd6853381f93e6142a1fa015f72bd04e3b9e36f7228a6a7b3302a7902f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /b/8eef852698063b196d0214350eb72bdb/css/2.0/images/investments.svg HTTP/1.1
Host: abahugop7.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/?cont=qerldmlsbwfzaza5&token=b44d1ae27337f7834d3e44db23aeea10
Cookie: PHPSESSID=c2c31e7f20c8920ad0b5d4df8e42030d

HTTP/1.1 200 OK
Date: Sat, 21 Jan 2023 05:10:06 GMT
Server: Apache
Last-Modified: Sat, 21 Jan 2023 03:34:11 GMT
Accept-Ranges: bytes
Content-Length: 10534
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/svg+xml

abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/images/FDIC_Home.png

142.4.20.37

200 OK

288 B

URL HTTP/1.1
abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/images/FDIC_Home.png
IP
142.4.20.37:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 30 x 23, 4-bit colormap, non-interlaced\012- data
Size
288 B (288 bytes)
Hash
af617607118aab4279da1062eab7f6c8
6c0e20c0b5551f9aa69fc4b91a8d08d6149fa4b7
f29a3d8a3f8645757813d6f77e7091038d411af014b5b6c6d7b054b6b271b411

HTTP Headers

GET /b/8eef852698063b196d0214350eb72bdb/images/FDIC_Home.png HTTP/1.1
Host: abahugop7.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/?cont=qerldmlsbwfzaza5&token=b44d1ae27337f7834d3e44db23aeea10
Cookie: PHPSESSID=c2c31e7f20c8920ad0b5d4df8e42030d

HTTP/1.1 200 OK
Date: Sat, 21 Jan 2023 05:10:06 GMT
Server: Apache
Last-Modified: Sat, 21 Jan 2023 03:34:11 GMT
Accept-Ranges: bytes
Content-Length: 288
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/images/loans-and-lines-of-credit.svg

142.4.20.37

200 OK

8.7 kB

URL HTTP/1.1
abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/images/loans-and-lines-of-credit.svg
IP
142.4.20.37:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (4009), with CRLF line terminators
Size
8.7 kB (8699 bytes)
Hash
8d17912a5e6a1fe46d9f3bd470f2176f
b621886ae57a147a463e6a230d0f6e1427bd9880
690a3dcef91d0d61cc34bd2ecc918fa19ff62fd77063859957e31045a79a1772

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /b/8eef852698063b196d0214350eb72bdb/css/2.0/images/loans-and-lines-of-credit.svg HTTP/1.1
Host: abahugop7.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/?cont=qerldmlsbwfzaza5&token=b44d1ae27337f7834d3e44db23aeea10
Cookie: PHPSESSID=c2c31e7f20c8920ad0b5d4df8e42030d

HTTP/1.1 200 OK
Date: Sat, 21 Jan 2023 05:10:06 GMT
Server: Apache
Last-Modified: Sat, 21 Jan 2023 03:34:11 GMT
Accept-Ranges: bytes
Content-Length: 8699
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml

abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/images/home-loans.svg

142.4.20.37

200 OK

7.9 kB

URL HTTP/1.1
abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/images/home-loans.svg
IP
142.4.20.37:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (926), with CRLF line terminators
Size
7.9 kB (7862 bytes)
Hash
b88f46ad6831697cd4bb75425dc9cef0
151583333f8e8e2752c443a889b6810d48ae3072
9fc1f9fc044488be897def6c3cdd7717031349673af114c75eb10a3f37c86668

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /b/8eef852698063b196d0214350eb72bdb/css/2.0/images/home-loans.svg HTTP/1.1
Host: abahugop7.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/?cont=qerldmlsbwfzaza5&token=b44d1ae27337f7834d3e44db23aeea10
Cookie: PHPSESSID=c2c31e7f20c8920ad0b5d4df8e42030d

HTTP/1.1 200 OK
Date: Sat, 21 Jan 2023 05:10:06 GMT
Server: Apache
Last-Modified: Sat, 21 Jan 2023 03:34:11 GMT
Accept-Ranges: bytes
Content-Length: 7862
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml

abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/images/baq-logo-rebrand.svg

142.4.20.37

200 OK

13 kB

URL HTTP/1.1
abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/images/baq-logo-rebrand.svg
IP
142.4.20.37:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
13 kB (13156 bytes)
Hash
831fc05dba536ca0c5c33255f8d269d9
903b299ca3fd48fae8233e574fe5dd1152b6e3da
f126ce3cbaa0a1fe7271e14ea0d855310ec5fa13555cb565cb5b0106cb0cb126

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /b/8eef852698063b196d0214350eb72bdb/images/baq-logo-rebrand.svg HTTP/1.1
Host: abahugop7.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/?cont=qerldmlsbwfzaza5&token=b44d1ae27337f7834d3e44db23aeea10
Cookie: PHPSESSID=c2c31e7f20c8920ad0b5d4df8e42030d

HTTP/1.1 200 OK
Date: Sat, 21 Jan 2023 05:10:06 GMT
Server: Apache
Last-Modified: Sat, 21 Jan 2023 03:34:11 GMT
Accept-Ranges: bytes
Content-Length: 13156
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/svg+xml

push.services.mozilla.com/

35.160.122.190

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.160.122.190:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: j3sI2jrfvNFfdLBo3ShtbA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: BKbosGIGOfsV8TlfupiJ0/ZbbYM=

devilsms.live/clve-min.js

199.188.200.254

200 OK

51 kB

URL HTTP/2
devilsms.live/clve-min.js
IP
199.188.200.254:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
51 kB (51069 bytes)
Hash
724ad5d75674097f5d14e70982a3bc6e
87146103e33be6cdf8d828351685c70f2a6cb7e3
d1a51f6f6c798129732b8ae1c654d6a68af918bb63e05b45c75cf4c614c27260

HTTP Headers

GET /clve-min.js HTTP/1.1
Host: devilsms.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://abahugop7.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 28 Jan 2023 05:10:06 GMT
content-type: application/javascript
last-modified: Mon, 07 Feb 2022 11:17:03 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 51069
date: Sat, 21 Jan 2023 05:10:06 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/normalize.css

142.4.20.37

200 OK

7.3 kB

URL HTTP/1.1
abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/normalize.css
IP
142.4.20.37:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with CRLF line terminators
Size
7.3 kB (7347 bytes)
Hash
c0dc4d973ad9220560d9327282de69ed
f48117bf1e8f91d8eed8c827496eda0105133a6f
550b1b35068994ca7369a1fe5a8491f00fd2c501059a97b0cb81fbaa9f7cd821

HTTP Headers

GET /b/8eef852698063b196d0214350eb72bdb/css/normalize.css HTTP/1.1
Host: abahugop7.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/styles.css?v=S4g1Kfhssc0S-xkdqgMIfNgyhM_sZcHFA4KVFTi2BAA
Cookie: PHPSESSID=c2c31e7f20c8920ad0b5d4df8e42030d

HTTP/1.1 200 OK
Date: Sat, 21 Jan 2023 05:10:06 GMT
Server: Apache
Last-Modified: Sat, 21 Jan 2023 03:34:11 GMT
Accept-Ranges: bytes
Content-Length: 7347
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css

abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/images/personal-checking.svg

142.4.20.37

200 OK

18 kB

URL HTTP/1.1
abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/images/personal-checking.svg
IP
142.4.20.37:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (4040), with CRLF line terminators
Size
18 kB (18374 bytes)
Hash
d7aedf5ffc8bc93b7a713dacdc13bab9
e54236e57d575a2b0e18921b2b66df49507c62b8
b4df0249525026238f81f98572e08ca002661b781a0f58860a20597dfa1a708e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /b/8eef852698063b196d0214350eb72bdb/css/2.0/images/personal-checking.svg HTTP/1.1
Host: abahugop7.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/?cont=qerldmlsbwfzaza5&token=b44d1ae27337f7834d3e44db23aeea10
Cookie: PHPSESSID=c2c31e7f20c8920ad0b5d4df8e42030d

HTTP/1.1 200 OK
Date: Sat, 21 Jan 2023 05:10:06 GMT
Server: Apache
Last-Modified: Sat, 21 Jan 2023 03:34:11 GMT
Accept-Ranges: bytes
Content-Length: 18374
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml

abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/main.css

142.4.20.37

200 OK

5.1 kB

URL HTTP/1.1
abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/main.css
IP
142.4.20.37:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with CRLF line terminators
Size
5.1 kB (5082 bytes)
Hash
8ddfcd40b6404564c6b99ba5dc6c4ecd
302164953314c1bcd7f9afd10ff729f124a05c6b
2119c970a668f4812086e64c49fefa8f3d83b4f8aa6c0507a3fd035bcd8d63d2

HTTP Headers

GET /b/8eef852698063b196d0214350eb72bdb/css/main.css HTTP/1.1
Host: abahugop7.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/styles.css?v=S4g1Kfhssc0S-xkdqgMIfNgyhM_sZcHFA4KVFTi2BAA
Cookie: PHPSESSID=c2c31e7f20c8920ad0b5d4df8e42030d

HTTP/1.1 200 OK
Date: Sat, 21 Jan 2023 05:10:06 GMT
Server: Apache
Last-Modified: Sat, 21 Jan 2023 03:34:11 GMT
Accept-Ranges: bytes
Content-Length: 5082
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css

abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/magnific-popup.css

142.4.20.37

200 OK

8.8 kB

URL HTTP/1.1
abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/magnific-popup.css
IP
142.4.20.37:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with CRLF line terminators
Size
8.8 kB (8848 bytes)
Hash
b75220c295b95a1de6b9c947ecf4c5a7
80769fb0b15758658d400863328671feac03ff64
07242c6b4616cfa8fdbccfb88db69f9bce8f80212c10d9fea7317481f5704768

HTTP Headers

GET /b/8eef852698063b196d0214350eb72bdb/css/magnific-popup.css HTTP/1.1
Host: abahugop7.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/styles.css?v=S4g1Kfhssc0S-xkdqgMIfNgyhM_sZcHFA4KVFTi2BAA
Cookie: PHPSESSID=c2c31e7f20c8920ad0b5d4df8e42030d

HTTP/1.1 200 OK
Date: Sat, 21 Jan 2023 05:10:06 GMT
Server: Apache
Last-Modified: Sat, 21 Jan 2023 03:34:11 GMT
Accept-Ranges: bytes
Content-Length: 8848
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css

abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/tipso.css

142.4.20.37

200 OK

1.6 kB

URL HTTP/1.1
abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/tipso.css
IP
142.4.20.37:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with CRLF line terminators
Size
1.6 kB (1641 bytes)
Hash
c870d2d9c350ad3b581142281baeb556
e97f2a47f85c96ecf0e3477ad4df7757eda73111
ba72a6f6582264008cfc525799deaf7005d14df0fcebec16401d62af278c19ec

HTTP Headers

GET /b/8eef852698063b196d0214350eb72bdb/css/tipso.css HTTP/1.1
Host: abahugop7.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/styles.css?v=S4g1Kfhssc0S-xkdqgMIfNgyhM_sZcHFA4KVFTi2BAA
Cookie: PHPSESSID=c2c31e7f20c8920ad0b5d4df8e42030d

HTTP/1.1 200 OK
Date: Sat, 21 Jan 2023 05:10:06 GMT
Server: Apache
Last-Modified: Sat, 21 Jan 2023 03:34:11 GMT
Accept-Ranges: bytes
Content-Length: 1641
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/pushy.css

142.4.20.37

200 OK

2.8 kB

URL HTTP/1.1
abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/pushy.css
IP
142.4.20.37:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
2.8 kB (2784 bytes)
Hash
da830e961839f97207d4568daa19167d
f13d3e3b37ed2aecd40935ae4032a07174c13330
dbc1718dab894bed7371a4a0cf446a7c9d8b5d11516921d77389cc79df8db1de

HTTP Headers

GET /b/8eef852698063b196d0214350eb72bdb/css/pushy.css HTTP/1.1
Host: abahugop7.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/styles.css?v=S4g1Kfhssc0S-xkdqgMIfNgyhM_sZcHFA4KVFTi2BAA
Cookie: PHPSESSID=c2c31e7f20c8920ad0b5d4df8e42030d

HTTP/1.1 200 OK
Date: Sat, 21 Jan 2023 05:10:07 GMT
Server: Apache
Last-Modified: Sat, 21 Jan 2023 03:34:11 GMT
Accept-Ranges: bytes
Content-Length: 2784
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/css

abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/jquery-ui.css

142.4.20.37

200 OK

25 kB

URL HTTP/1.1
abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/jquery-ui.css
IP
142.4.20.37:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (1404), with CRLF line terminators
Size
25 kB (24819 bytes)
Hash
b62bc00eceb93512e890b0897aa9e691
46d5c2f2d4b22b221d4a9281b40c002ac50b3a10
bbb1d4c6fe98baebde3f39cb305672146719b787a5187f7c1eb86234096a09df

HTTP Headers

GET /b/8eef852698063b196d0214350eb72bdb/css/jquery-ui.css HTTP/1.1
Host: abahugop7.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/styles.css?v=S4g1Kfhssc0S-xkdqgMIfNgyhM_sZcHFA4KVFTi2BAA
Cookie: PHPSESSID=c2c31e7f20c8920ad0b5d4df8e42030d

HTTP/1.1 200 OK
Date: Sat, 21 Jan 2023 05:10:06 GMT
Server: Apache
Last-Modified: Sat, 21 Jan 2023 03:34:11 GMT
Accept-Ranges: bytes
Content-Length: 24819
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e6d21eff1927f7a74984663b16cfe21a
b747f7d42cdf7cfea6900348cd257066b2634222
a4343acb5bda29aa0d6d64bbefd6bc07a1c5e0166646171be74f4a1d266e3c92

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 05:10:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Size
16 kB (15920 bytes)
Hash
3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://abahugop7.ga
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 18 Jan 2023 07:51:59 GMT
expires: Thu, 18 Jan 2024 07:51:59 GMT
cache-control: public, max-age=31536000
age: 249488
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e6d21eff1927f7a74984663b16cfe21a
b747f7d42cdf7cfea6900348cd257066b2634222
a4343acb5bda29aa0d6d64bbefd6bc07a1c5e0166646171be74f4a1d266e3c92

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 05:10:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e6d21eff1927f7a74984663b16cfe21a
b747f7d42cdf7cfea6900348cd257066b2634222
a4343acb5bda29aa0d6d64bbefd6bc07a1c5e0166646171be74f4a1d266e3c92

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 05:10:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Size
16 kB (15740 bytes)
Hash
b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://abahugop7.ga
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 14 Jan 2023 10:26:49 GMT
expires: Sun, 14 Jan 2024 10:26:49 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
age: 585798
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/images/bokf-meatball-rebrand.svg

142.4.20.37

200 OK

3.4 kB

URL HTTP/1.1
abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/images/bokf-meatball-rebrand.svg
IP
142.4.20.37:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (2950), with CRLF line terminators
Size
3.4 kB (3392 bytes)
Hash
44f56f752822aed54a1794fff9b18f33
65c1189f805191f60a569f3026a77658b0a47a24
acac69dfa6fbdcc029b68560784f4c6f5f1baa0d9f9a635ed363673abdd51972

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /b/8eef852698063b196d0214350eb72bdb/css/2.0/images/bokf-meatball-rebrand.svg HTTP/1.1
Host: abahugop7.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/?cont=qerldmlsbwfzaza5&token=b44d1ae27337f7834d3e44db23aeea10
Cookie: PHPSESSID=c2c31e7f20c8920ad0b5d4df8e42030d

HTTP/1.1 200 OK
Date: Sat, 21 Jan 2023 05:10:07 GMT
Server: Apache
Last-Modified: Sat, 21 Jan 2023 03:34:11 GMT
Accept-Ranges: bytes
Content-Length: 3392
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/svg+xml

ocsp.godaddy.com/

192.124.249.24

200 OK

1.8 kB

URL HTTP/1.1
ocsp.godaddy.com/
IP
192.124.249.24:0
ASN
#30148 SUCURI-SEC

File type
data
Size
1.8 kB (1778 bytes)
Hash
980cb6cc814b8b5281ed0b1141fdcd34
f36777f32ee6fbbe037814676e0f142be816a001
55b2b596afe7cfd39d07149d604eba2f983160daa96f2e1f369027bf59642e13

HTTP Headers

POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 21 Jan 2023 05:10:07 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 20 Jan 2023 21:20:14 GMT
Expires: Sat, 21 Jan 2023 21:20:14 GMT
ETag: "f36777f32ee6fbbe037814676e0f142be816a001"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-Black.ttf

142.4.20.37

404 Not Found

315 B

URL HTTP/1.1
abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-Black.ttf
IP
142.4.20.37:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-Black.ttf HTTP/1.1
Host: abahugop7.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/login2.0.css?v=sc58_G_S1YBpR84IHkfX7XFHfbluxntzC70ZNABNIvc
Cookie: PHPSESSID=c2c31e7f20c8920ad0b5d4df8e42030d

HTTP/1.1 404 Not Found
Date: Sat, 21 Jan 2023 05:10:07 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

t.me/Devilmask09

149.154.167.99

200 OK

4.1 kB

URL HTTP/2
t.me/Devilmask09
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3560)
Size
4.1 kB (4136 bytes)
Hash
4c8350c1fadc6bc4d60a4c089ec5369a
7002bda3bfab9871e7412845fffdd9910e384b8d
09fd7503f574d88dd33d577e25a950522c8b3a5d75536eaaab14835b04c71352

HTTP Headers

GET /Devilmask09 HTTP/1.1
Host: t.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://abahugop7.ga/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 21 Jan 2023 05:10:07 GMT
content-type: text/html; charset=utf-8
content-length: 4136
set-cookie: stel_ssid=44a2b4f790774965bd_4896528268009435375; expires=Sun, 22 Jan 2023 05:10:07 GMT; path=/; samesite=None; secure; HttpOnly
pragma: no-cache
cache-control: no-store
x-frame-options: ALLOW-FROM https://web.telegram.org
content-security-policy: frame-ancestors https://web.telegram.org
content-encoding: gzip
strict-transport-security: max-age=35768000
X-Firefox-Spdy: h2

abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-BlackItalic.ttf

142.4.20.37

404 Not Found

315 B

URL HTTP/1.1
abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-BlackItalic.ttf
IP
142.4.20.37:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-BlackItalic.ttf HTTP/1.1
Host: abahugop7.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/login2.0.css?v=sc58_G_S1YBpR84IHkfX7XFHfbluxntzC70ZNABNIvc
Cookie: PHPSESSID=c2c31e7f20c8920ad0b5d4df8e42030d

HTTP/1.1 404 Not Found
Date: Sat, 21 Jan 2023 05:10:07 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

ocsp.pki.goog/s/gts1d4/xXjSKeIczEo

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1d4/xXjSKeIczEo
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
21de49a353315422d5982a9f8527c7ae
94e308ced8f348fc0d3003c9df331dc7b91c2a1b
63816839f8f8beb7f0732cb08c0a00351620044485625ea7ec2bfd1843cbd077

HTTP Headers

POST /s/gts1d4/xXjSKeIczEo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 05:10:07 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.godaddy.com/

192.124.249.24

200 OK

1.8 kB

URL HTTP/1.1
ocsp.godaddy.com/
IP
192.124.249.24:0
ASN
#30148 SUCURI-SEC

File type
data
Size
1.8 kB (1777 bytes)
Hash
a26d56e826412905250bb5edc59e97fd
da58ebc76b43705dc80b3a6f5f4a6844b43b21f3
73544ef0428327e7d765ebdd62ec13c0fcacdbc7115ad3cb630576f16589a0f8

HTTP Headers

POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 21 Jan 2023 05:10:07 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 20 Jan 2023 20:02:04 GMT
Expires: Sat, 21 Jan 2023 20:02:04 GMT
ETag: "da58ebc76b43705dc80b3a6f5f4a6844b43b21f3"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

ocsp.godaddy.com/

192.124.249.24

200 OK

1.8 kB

URL HTTP/1.1
ocsp.godaddy.com/
IP
192.124.249.24:0
ASN
#30148 SUCURI-SEC

File type
data
Size
1.8 kB (1777 bytes)
Hash
a26d56e826412905250bb5edc59e97fd
da58ebc76b43705dc80b3a6f5f4a6844b43b21f3
73544ef0428327e7d765ebdd62ec13c0fcacdbc7115ad3cb630576f16589a0f8

HTTP Headers

POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 21 Jan 2023 05:10:07 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 20 Jan 2023 20:02:04 GMT
Expires: Sat, 21 Jan 2023 20:02:04 GMT
ETag: "da58ebc76b43705dc80b3a6f5f4a6844b43b21f3"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

ocsp.godaddy.com/

192.124.249.24

200 OK

1.8 kB

URL HTTP/1.1
ocsp.godaddy.com/
IP
192.124.249.24:0
ASN
#30148 SUCURI-SEC

File type
data
Size
1.8 kB (1777 bytes)
Hash
a26d56e826412905250bb5edc59e97fd
da58ebc76b43705dc80b3a6f5f4a6844b43b21f3
73544ef0428327e7d765ebdd62ec13c0fcacdbc7115ad3cb630576f16589a0f8

HTTP Headers

POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 21 Jan 2023 05:10:07 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 20 Jan 2023 20:02:04 GMT
Expires: Sat, 21 Jan 2023 20:02:04 GMT
ETag: "da58ebc76b43705dc80b3a6f5f4a6844b43b21f3"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

ocsp.godaddy.com/

192.124.249.24

200 OK

1.8 kB

URL HTTP/1.1
ocsp.godaddy.com/
IP
192.124.249.24:0
ASN
#30148 SUCURI-SEC

File type
data
Size
1.8 kB (1777 bytes)
Hash
a26d56e826412905250bb5edc59e97fd
da58ebc76b43705dc80b3a6f5f4a6844b43b21f3
73544ef0428327e7d765ebdd62ec13c0fcacdbc7115ad3cb630576f16589a0f8

HTTP Headers

POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 21 Jan 2023 05:10:07 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 20 Jan 2023 20:02:04 GMT
Expires: Sat, 21 Jan 2023 20:02:04 GMT
ETag: "da58ebc76b43705dc80b3a6f5f4a6844b43b21f3"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

149.154.167.99

200 OK

11 kB

URL HTTP/2
telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type
Web Open Font Format (Version 2), TrueType, length 11028, version 1.0\012- data
Size
11 kB (11028 bytes)
Hash
1f6d3cf6d38f25d83d95f5a800b8cac3
279f300ca2cbbdf9f5036ef2f438607fbf377daa
796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f

HTTP Headers

GET /fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://t.me
Connection: keep-alive
Referer: https://telegram.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 21 Jan 2023 05:10:07 GMT
content-type: application/octet-stream
content-length: 11028
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
etag: "63512b7d-2b14"
expires: Wed, 25 Jan 2023 05:10:07 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

149.154.167.99

200 OK

11 kB

URL HTTP/2
telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type
Web Open Font Format (Version 2), TrueType, length 11040, version 1.0\012- data
Size
11 kB (11040 bytes)
Hash
5e22a46c04d947a36ea0cad07afcc9e1
6091d981c2a4ee975c7f6b56186ee698040bb804
0f53e8b0a717ca4ce313eec62b90d41db62c2f4946259a65c93bf8e84c5b0c44

HTTP Headers

GET /fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://t.me
Connection: keep-alive
Referer: https://telegram.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 21 Jan 2023 05:10:07 GMT
content-type: application/octet-stream
content-length: 11040
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
etag: "63512b7d-2b20"
expires: Wed, 25 Jan 2023 05:10:07 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-MediumItalic.ttf

142.4.20.37

404 Not Found

315 B

URL HTTP/1.1
abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-MediumItalic.ttf
IP
142.4.20.37:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-MediumItalic.ttf HTTP/1.1
Host: abahugop7.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/login2.0.css?v=sc58_G_S1YBpR84IHkfX7XFHfbluxntzC70ZNABNIvc
Cookie: PHPSESSID=c2c31e7f20c8920ad0b5d4df8e42030d

HTTP/1.1 404 Not Found
Date: Sat, 21 Jan 2023 05:10:07 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6033dad399355478c264e1c7c27e7f62
7d5546258015b8a834ee87b5a679be0545723e9d
5126b70d194535387e80aab563a02db1ade53c682b9db45eb533ff4001e6ed1c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5126B70D194535387E80AAB563A02DB1ADE53C682B9DB45EB533FF4001E6ED1C"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11126
Expires: Sat, 21 Jan 2023 08:15:34 GMT
Date: Sat, 21 Jan 2023 05:10:08 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6033dad399355478c264e1c7c27e7f62
7d5546258015b8a834ee87b5a679be0545723e9d
5126b70d194535387e80aab563a02db1ade53c682b9db45eb533ff4001e6ed1c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5126B70D194535387E80AAB563A02DB1ADE53C682B9DB45EB533FF4001E6ED1C"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11126
Expires: Sat, 21 Jan 2023 08:15:34 GMT
Date: Sat, 21 Jan 2023 05:10:08 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6033dad399355478c264e1c7c27e7f62
7d5546258015b8a834ee87b5a679be0545723e9d
5126b70d194535387e80aab563a02db1ade53c682b9db45eb533ff4001e6ed1c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5126B70D194535387E80AAB563A02DB1ADE53C682B9DB45EB533FF4001E6ED1C"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11126
Expires: Sat, 21 Jan 2023 08:15:34 GMT
Date: Sat, 21 Jan 2023 05:10:08 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f6a1d61-a7ee-49c8-aab0-599a2d3c477a.jpeg

34.120.237.76

200 OK

7.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f6a1d61-a7ee-49c8-aab0-599a2d3c477a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.1 kB (7099 bytes)
Hash
275deddf778d4ae137272c3f7e5a1bdd
13846d5390a3a901da8bf704de5710483e8dcd12
bebb3f3c248eec96cb4b478ffc62f949d321f029748478029f44b41ef5cf615e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f6a1d61-a7ee-49c8-aab0-599a2d3c477a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7099
x-amzn-requestid: ef54c115-69f5-4f59-b7cc-3f0b7bcea6d3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fBUtXHUyIAMFVcw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ca0188-6daf15f2599f28a621f328ba;Sampled=0
x-amzn-remapped-date: Fri, 20 Jan 2023 02:50:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: l4LUP3u4BYSzaBG6KaKf74QDQ2e0MtiGfqZdN5cZl-GnkqecXB6XZw==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Fri, 20 Jan 2023 10:39:54 GMT
age: 66614
etag: "13846d5390a3a901da8bf704de5710483e8dcd12"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F211cdfa7-5827-4072-8e65-1a9ec62f1aad.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.7 kB (7667 bytes)
Hash
dbfbede51b13a9e9a8d6bc85fbdb7220
633ce5043afb94e6e1bbc007f2d3d5aa24977dc0
87a0e8692e0cd05f52302daf07df84d30070e237ab7dbfafd1f308d6a5c8bb71

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F211cdfa7-5827-4072-8e65-1a9ec62f1aad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7667
x-amzn-requestid: 178d79d6-b04c-4be0-9f7b-695bd67f9ff9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e0vQKFYAIAMFy0g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c4f8cd-7d8782c32dca588e7b08e2cc;Sampled=0
x-amzn-remapped-date: Mon, 16 Jan 2023 07:12:13 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: JvUCL7KVtGPUqHa9C-KX8iGNOpTVg09pRI1SrmRNMvaycQlVzwRZLw==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 20 Jan 2023 11:40:54 GMT
age: 62954
etag: "633ce5043afb94e6e1bbc007f2d3d5aa24977dc0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8cd49e5e-faeb-493d-836c-cc9113b8b9b0.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10921 bytes)
Hash
6ee8a3f0217d169adf3c115d9d86e3da
933229226281a0284ffa0d069a64241fc0efacf4
2a7945dd444dfaef88f2c6d86ff57ab39e921b3fe83cc8df17369285c28b0fa6

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8cd49e5e-faeb-493d-836c-cc9113b8b9b0.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10921
x-amzn-requestid: b85aa52c-1dd3-43a5-9f04-90186bbde581
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e-W6kHFfIAMFukg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c8d1dd-5c9dcaf26e66e0764c708c31;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 05:15:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8muHyow7Iv7xQKCkbRJLBsCtDaEc3LefkQypsnaEoid1_gsOTefoGg==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 20 Jan 2023 21:40:03 GMT
age: 27005
etag: "933229226281a0284ffa0d069a64241fc0efacf4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

telegram.org/css/font-roboto.css?1

149.154.167.99

200 OK

18 kB

URL HTTP/2
telegram.org/css/font-roboto.css?1
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type
data
Size
18 kB (18111 bytes)
Hash
bae5c18e2a26cd2138476c100402e870
b50e52d0daac60e83359be04a91b08de1874cddc
b96740085005f3abb08dcfbc4e92066fe8459b09eb88f2aec47b43edb5de8d54

HTTP Headers

GET /css/font-roboto.css?1 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 21 Jan 2023 05:10:07 GMT
content-type: text/css
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
etag: W/"63512b7d-1816"
expires: Wed, 25 Jan 2023 05:10:07 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2

telegram.org/css/bootstrap.min.css?3

149.154.167.99

200 OK

15 kB

URL HTTP/2
telegram.org/css/bootstrap.min.css?3
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type
data
Size
15 kB (14789 bytes)
Hash
85fd3ffd6038966042edd83230a6ca92
8b2285563ce276cb65769478b83ba2e30b71534b
f33c9f6ed660e0345dbeebc421f86542ad627f15fc52652956a7f4260d61255c

HTTP Headers

GET /css/bootstrap.min.css?3 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 21 Jan 2023 05:10:07 GMT
content-type: text/css
last-modified: Fri, 10 Nov 2017 17:54:14 GMT
etag: W/"5a05e7c6-a61b"
expires: Wed, 25 Jan 2023 05:10:07 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd53f06d1-60cf-4ced-8bcd-877162b44d2d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.0 kB (7014 bytes)
Hash
d59b0db3cc1f31f9154d32804a8e3940
498c310e0f4a84c1350bae55aec0d2a0192f8dda
14a2b4e9763a62478015d8f61bf9e44eb67dfe08a58cc94dc836dc8ff3f1b6cf

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd53f06d1-60cf-4ced-8bcd-877162b44d2d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7014
x-amzn-requestid: 689ad8b2-4ec8-4f61-a31e-7813c9143f9b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e-EyFHmEIAMFsHQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c8b4d9-7ce5fef1456ecc73690eff07;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 03:11:21 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lVC3DrO-Bce6RI2oNTZLaI0n9f8OxeryVME2InWadZ_P67jstzXEPw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 03:37:06 GMT
age: 5582
etag: "498c310e0f4a84c1350bae55aec0d2a0192f8dda"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-Regular.ttf

142.4.20.37

404 Not Found

315 B

URL HTTP/1.1
abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-Regular.ttf
IP
142.4.20.37:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-Regular.ttf HTTP/1.1
Host: abahugop7.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/login2.0.css?v=sc58_G_S1YBpR84IHkfX7XFHfbluxntzC70ZNABNIvc
Cookie: PHPSESSID=c2c31e7f20c8920ad0b5d4df8e42030d

HTTP/1.1 404 Not Found
Date: Sat, 21 Jan 2023 05:10:08 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-Thin.ttf

142.4.20.37

404 Not Found

315 B

URL HTTP/1.1
abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-Thin.ttf
IP
142.4.20.37:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-Thin.ttf HTTP/1.1
Host: abahugop7.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/login2.0.css?v=sc58_G_S1YBpR84IHkfX7XFHfbluxntzC70ZNABNIvc
Cookie: PHPSESSID=c2c31e7f20c8920ad0b5d4df8e42030d

HTTP/1.1 404 Not Found
Date: Sat, 21 Jan 2023 05:10:08 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-ThinItalic.ttf

142.4.20.37

404 Not Found

315 B

URL HTTP/1.1
abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-ThinItalic.ttf
IP
142.4.20.37:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-ThinItalic.ttf HTTP/1.1
Host: abahugop7.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/login2.0.css?v=sc58_G_S1YBpR84IHkfX7XFHfbluxntzC70ZNABNIvc
Cookie: PHPSESSID=c2c31e7f20c8920ad0b5d4df8e42030d

HTTP/1.1 404 Not Found
Date: Sat, 21 Jan 2023 05:10:08 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-Bold.ttf

142.4.20.37

404 Not Found

315 B

URL HTTP/1.1
abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-Bold.ttf
IP
142.4.20.37:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-Bold.ttf HTTP/1.1
Host: abahugop7.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/login2.0.css?v=sc58_G_S1YBpR84IHkfX7XFHfbluxntzC70ZNABNIvc
Cookie: PHPSESSID=c2c31e7f20c8920ad0b5d4df8e42030d

HTTP/1.1 404 Not Found
Date: Sat, 21 Jan 2023 05:10:08 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-BoldItalic.ttf

142.4.20.37

404 Not Found

315 B

URL HTTP/1.1
abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-BoldItalic.ttf
IP
142.4.20.37:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-BoldItalic.ttf HTTP/1.1
Host: abahugop7.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/login2.0.css?v=sc58_G_S1YBpR84IHkfX7XFHfbluxntzC70ZNABNIvc
Cookie: PHPSESSID=c2c31e7f20c8920ad0b5d4df8e42030d

HTTP/1.1 404 Not Found
Date: Sat, 21 Jan 2023 05:10:08 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

cdn5.telegram-cdn.org/file/JfhhTwa1uYrXcDSK9WlsibiTGb903Ffh6PkQAAOeTwewZT3UHGY54rp_nQIh0x6xsQwfLumKpXTMVe8mbTHP9qkW31_F3XIZg27etY57KtX3xDmGunfDiY3YzbfeDjE8--8BftGcF03j3uBtsuj_he8kb74S_AdM1n2eAanRSJXDunuLDoC1om8xOTIrvCgEdRnVJzE_2D0xnT3jlf5QpsVFbVw9KTe7SnmJIYiDF6akDqsendLIojJ4Ar44hTMqDITYcam4qrmWQjpij8w20ggF9r1L-3AP70jqP7PE4MmfGBAUHy-I9MWuNk6PsH8LxUnj-o_zHiUByT3z7Oo-ng.jpg

34.111.108.175

200 OK

27 kB

URL HTTP/2
cdn5.telegram-cdn.org/file/JfhhTwa1uYrXcDSK9WlsibiTGb903Ffh6PkQAAOeTwewZT3UHGY54rp_nQIh0x6xsQwfLumKpXTMVe8mbTHP9qkW31_F3XIZg27etY57KtX3xDmGunfDiY3YzbfeDjE8--8BftGcF03j3uBtsuj_he8kb74S_AdM1n2eAanRSJXDunuLDoC1om8xOTIrvCgEdRnVJzE_2D0xnT3jlf5QpsVFbVw9KTe7SnmJIYiDF6akDqsendLIojJ4Ar44hTMqDITYcam4qrmWQjpij8w20ggF9r1L-3AP70jqP7PE4MmfGBAUHy-I9MWuNk6PsH8LxUnj-o_zHiUByT3z7Oo-ng.jpg
IP
34.111.108.175:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 320x320, components 3\012- data
Size
27 kB (26980 bytes)
Hash
69b20729de01363e27cc0195f812a8d2
cb7a541b896eb07079e7112e75e457ebdef43390
faa8fa4df953a7d1a7c1e60a14ac6c80617d27625d31dac141386a66109f4e11

HTTP Headers

GET /file/JfhhTwa1uYrXcDSK9WlsibiTGb903Ffh6PkQAAOeTwewZT3UHGY54rp_nQIh0x6xsQwfLumKpXTMVe8mbTHP9qkW31_F3XIZg27etY57KtX3xDmGunfDiY3YzbfeDjE8--8BftGcF03j3uBtsuj_he8kb74S_AdM1n2eAanRSJXDunuLDoC1om8xOTIrvCgEdRnVJzE_2D0xnT3jlf5QpsVFbVw9KTe7SnmJIYiDF6akDqsendLIojJ4Ar44hTMqDITYcam4qrmWQjpij8w20ggF9r1L-3AP70jqP7PE4MmfGBAUHy-I9MWuNk6PsH8LxUnj-o_zHiUByT3z7Oo-ng.jpg HTTP/1.1
Host: cdn5.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 21 Jan 2023 05:10:08 GMT
content-type: image/jpeg
content-length: 26980
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
etag: "f63c2b0d1feee7c6fe74398c71b2492f19b946aa"
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
cache-control: max-age=3600,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1d4/xXjSKeIczEo

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1d4/xXjSKeIczEo
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
21de49a353315422d5982a9f8527c7ae
94e308ced8f348fc0d3003c9df331dc7b91c2a1b
63816839f8f8beb7f0732cb08c0a00351620044485625ea7ec2bfd1843cbd077

HTTP Headers

POST /s/gts1d4/xXjSKeIczEo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 05:10:09 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-Italic.ttf

142.4.20.37

404 Not Found

315 B

URL HTTP/1.1
abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-Italic.ttf
IP
142.4.20.37:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-Italic.ttf HTTP/1.1
Host: abahugop7.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/login2.0.css?v=sc58_G_S1YBpR84IHkfX7XFHfbluxntzC70ZNABNIvc
Cookie: PHPSESSID=c2c31e7f20c8920ad0b5d4df8e42030d

HTTP/1.1 404 Not Found
Date: Sat, 21 Jan 2023 05:10:09 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

telegram.org/img/apple-touch-icon.png

149.154.167.99

200 OK

5.6 kB

URL HTTP/2
telegram.org/img/apple-touch-icon.png
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type
PNG image data, 180 x 180, 8-bit/color RGB, non-interlaced\012- data
Size
5.6 kB (5644 bytes)
Hash
295ccdb03006b8dfef45090dafbd46ac
491ab660270e47cbac6a5731c51cca71c1c1b2b1
a51d667d4262047c23e3a2a8aac3b46dc8a58c686cc013f2354011c07bf22cf3

HTTP Headers

GET /img/apple-touch-icon.png HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 21 Jan 2023 05:10:09 GMT
content-type: image/png
content-length: 5644
last-modified: Thu, 21 Apr 2022 13:47:47 GMT
etag: "62616083-160c"
expires: Wed, 25 Jan 2023 05:10:09 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-Light.ttf

142.4.20.37

404 Not Found

315 B

URL HTTP/1.1
abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-Light.ttf
IP
142.4.20.37:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-Light.ttf HTTP/1.1
Host: abahugop7.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/login2.0.css?v=sc58_G_S1YBpR84IHkfX7XFHfbluxntzC70ZNABNIvc
Cookie: PHPSESSID=c2c31e7f20c8920ad0b5d4df8e42030d

HTTP/1.1 404 Not Found
Date: Sat, 21 Jan 2023 05:10:09 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-LightItalic.ttf

142.4.20.37

404 Not Found

315 B

URL HTTP/1.1
abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-LightItalic.ttf
IP
142.4.20.37:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /b/8eef852698063b196d0214350eb72bdb/css/2.0/fonts/Roboto/Roboto-LightItalic.ttf HTTP/1.1
Host: abahugop7.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abahugop7.ga/b/8eef852698063b196d0214350eb72bdb/css/2.0/login2.0.css?v=sc58_G_S1YBpR84IHkfX7XFHfbluxntzC70ZNABNIvc
Cookie: PHPSESSID=c2c31e7f20c8920ad0b5d4df8e42030d

HTTP/1.1 404 Not Found
Date: Sat, 21 Jan 2023 05:10:09 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

telegram.org/js/tgwallpaper.min.js?3

149.154.167.99

200 OK

0 B

URL HTTP/2
telegram.org/js/tgwallpaper.min.js?3
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/tgwallpaper.min.js?3 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 21 Jan 2023 05:10:07 GMT
content-type: application/javascript
last-modified: Thu, 03 Mar 2022 19:57:25 GMT
etag: W/"62211da5-ba3"
expires: Wed, 25 Jan 2023 05:10:07 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2

telegram.org/img/tgme/pattern.svg?1

149.154.167.99

200 OK

0 B

URL HTTP/2
telegram.org/img/tgme/pattern.svg?1
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /img/tgme/pattern.svg?1 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://telegram.org/css/telegram.css?234
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 21 Jan 2023 05:10:07 GMT
content-type: image/svg+xml
last-modified: Thu, 05 Jan 2023 17:52:04 GMT
etag: W/"63b70e44-3891a"
expires: Wed, 25 Jan 2023 05:10:07 GMT
cache-control: max-age=345600
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:100,300,400,500,700,900

142.250.74.106

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Roboto:100,300,400,500,700,900
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Roboto:100,300,400,500,700,900 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://abahugop7.ga/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 21 Jan 2023 05:10:05 GMT
date: Sat, 21 Jan 2023 05:10:05 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

telegram.org/img/website_icon.svg?4

149.154.167.99

200 OK

0 B

URL HTTP/2
telegram.org/img/website_icon.svg?4
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /img/website_icon.svg?4 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 21 Jan 2023 05:10:09 GMT
content-type: image/svg+xml
last-modified: Mon, 20 Jul 2020 20:41:37 GMT
etag: W/"5f160181-768"
expires: Wed, 25 Jan 2023 05:10:09 GMT
cache-control: max-age=345600
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

telegram.org/css/telegram.css?234

149.154.167.99

200 OK

0 B

URL HTTP/2
telegram.org/css/telegram.css?234
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css/telegram.css?234 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 21 Jan 2023 05:10:07 GMT
content-type: text/css
last-modified: Thu, 05 Jan 2023 17:52:04 GMT
etag: W/"63b70e44-1c090"
expires: Wed, 25 Jan 2023 05:10:07 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (76)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type