r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e4bdd77c0369662aa71ce2d01fd3edab
0ab1c5857e200e7e7946424c2c844537bfbb9775
a163c19fcc8fcf985e8df6ad4bd7ce73912b3df892d8236c70f9bc80820b26da
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A163C19FCC8FCF985E8DF6AD4BD7CE73912B3DF892D8236C70F9BC80820B26DA"
Last-Modified: Fri, 06 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12315
Expires: Sun, 08 Jan 2023 16:25:56 GMT
Date: Sun, 08 Jan 2023 13:00:41 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b782882bdabaf3b08e64120922b4a4b7
2035ed7fc9fb5b6ee9715601ba43de5f94d0c0e9
3fe7d1a9a55b86ec25d02634749ccfae11f3477033ba8cd7ac4131b7948ba619
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3FE7D1A9A55B86EC25D02634749CCFAE11F3477033BA8CD7AC4131B7948BA619"
Last-Modified: Sat, 07 Jan 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9374
Expires: Sun, 08 Jan 2023 15:36:55 GMT
Date: Sun, 08 Jan 2023 13:00:41 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 08 Jan 2023 12:48:17 GMT
content-type: application/json
age: 744
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 75f0037a1d53a9a5321a796206ec3e24
70d42c9bf1334f20e1cea4ce3c8212e0e780ee77
80ec1e61f9563e799c9f44ea31e616c37daea1b9670091fbbc6efc39ebafe3d3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "80EC1E61F9563E799C9F44EA31E616C37DAEA1B9670091FBBC6EFC39EBAFE3D3"
Last-Modified: Fri, 06 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3450
Expires: Sun, 08 Jan 2023 13:58:11 GMT
Date: Sun, 08 Jan 2023 13:00:41 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: eYGFjvMD0TdGEQdYN1bBMhf4g5c4cKC7x7LtQBbpHBHZnOmNWiYwqp7C6AmTBzEasAp6O3UWkRhAkpqZWU0FgA==
x-amz-request-id: KKSCXQQXK8EZ5TTR
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 08 Jan 2023 12:15:46 GMT
age: 2695
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 08 Jan 2023 13:00:41 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-MNTK4YVF83
142.250.74.40302 Found 253 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=G-MNTK4YVF83
IP 142.250.74.40:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 68bdd82de0620e0f2ae5f2728b4a3ac6
8e6426bc586031e43cb0a17a917e3d225d3aee1e
4e913112163e1abb8c2a9e485ae0acf4456e36c598e52f8d53bc63aeb2d6e7a9
GET /gtag/js?id=G-MNTK4YVF83 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.saha-banks.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=G-MNTK4YVF83
Cross-Origin-Resource-Policy: cross-origin
Date: Sun, 08 Jan 2023 13:00:41 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 253
X-XSS-Protection: 0
www.saha-banks.com/issuing-al-ahly-atm-card-instead-of-a-lost-self-service-card/
104.21.77.237200 OK 25 kB URL HTTP/1.1 www.saha-banks.com/issuing-al-ahly-atm-card-instead-of-a-lost-self-service-card/
IP 104.21.77.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (10246)
Hash 664277077ba4f623c0880435554afafb
a30c76f9fc86bace0a582af6b6a9d42ba2a8bc0f
b2b00a37232226be5adbe2fea89a1edf5c256a7dacdc2639923ec09d8778e6a3
Analyzer Verdict Alert fortinet Phishing
GET /issuing-al-ahly-atm-card-instead-of-a-lost-self-service-card/ HTTP/1.1
Host: www.saha-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 13:00:41 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Pingback: http://www.saha-banks.com/xmlrpc.php
Link: <https://www.saha-banks.com/wp-json/>; rel="https://api.w.org/", <https://www.saha-banks.com/wp-json/wp/v2/posts/1444>; rel="alternate"; type="application/json", <https://www.saha-banks.com/?p=1444>; rel=shortlink
Cache-Control: max-age=7200
Expires: Sun, 08 Jan 2023 15:00:41 GMT
Vary: Accept-Encoding
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BAa5JZ8Q3C0r5cXAPx564Dc8FaXclKMZe6s1ZvyqNVF9MS9Y40oZ5GmvdiLdUUEqDgusfnPAEodbT2qGC%2F%2FZvsITVtZ0WplURte%2BYPD4KdMrsIHKdfTeAqYbB%2B1xjGqPOiS1bTQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78651e141e19fac8-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 315edeafe1715f46de7d38be371473a8
25e357166d0ddfff3e60f9042d56f37c1ab7163a
9869582721de4f610dca5030b9a703863d2eae2667061b2f722aebdaf60468e4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 08 Jan 2023 13:00:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=G-MNTK4YVF83
142.250.74.40200 OK 79 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-MNTK4YVF83
IP 142.250.74.40:0
File type ASCII text, with very long lines (22462)
Hash 45cbfcb3468dbe23764caa8444e9442f
e58e40890aa77487d8e66044a711458a8dff8293
b6ae9b00bf00de12891b3a2a3896248f3e44db56451e23f2cefd65437114ac06
GET /gtag/js?id=G-MNTK4YVF83 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.saha-banks.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 08 Jan 2023 13:00:41 GMT
expires: Sun, 08 Jan 2023 13:00:41 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 78776
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 315edeafe1715f46de7d38be371473a8
25e357166d0ddfff3e60f9042d56f37c1ab7163a
9869582721de4f610dca5030b9a703863d2eae2667061b2f722aebdaf60468e4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 08 Jan 2023 13:00:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Expires, Pragma, Content-Type, Backoff, Last-Modified, Cache-Control, ETag
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 08 Jan 2023 12:33:43 GMT
age: 1618
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 790c7880f94940ab24a5eeb9c36af00a
60d5f1b867ba31ee367c5723821db3616676c367
6e8ec17af9d81e1ab63464f223dde8e0f0dd506295f7e852130e3d5800b0f4c2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 08 Jan 2023 13:00:41 GMT
Server: ECS (amb/6B85)
Content-Length: 280
www.saha-banks.com/wp-content/plugins/table-of-contents-plus/screen.min.css?ver=2212
104.21.77.237200 OK 458 B URL HTTP/1.1 www.saha-banks.com/wp-content/plugins/table-of-contents-plus/screen.min.css?ver=2212
IP 104.21.77.237:0
File type ASCII text, with very long lines (1156), with no line terminators
Hash 0700905b705f44f6bef08b2726874c21
99ad11afd1a04122f39a2a05aea5b60ff9dbb812
af2c2830705f77b6784a2635b3cadb5772c025de8f878ad14abab0feb1e81925
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/table-of-contents-plus/screen.min.css?ver=2212 HTTP/1.1
Host: www.saha-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.saha-banks.com/issuing-al-ahly-atm-card-instead-of-a-lost-self-service-card/
HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 13:00:42 GMT
Content-Type: text/css
Content-Length: 458
Connection: keep-alive
Last-Modified: Sat, 31 Dec 2022 20:26:49 GMT
Cache-Control: max-age=86400
Expires: Mon, 09 Jan 2023 13:00:41 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4lnxEEBpxF8XAaCYvO74763u0bnJWoysXr4tMDhya4zILvx%2BYvlU3mXqN%2FMRvnM5%2BtVfRqwj2Ro%2F2OJkk8W9i7v1sOthYgqvr2esj2FV%2By5gLBTMPhKOSw%2F2fY%2FhNEPsztMxUM0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78651e187ee5b50f-OSL
alt-svc: h2=":443"; ma=60
www.saha-banks.com/wp-includes/css/classic-themes.min.css?ver=1
104.21.77.237200 OK 189 B URL HTTP/1.1 www.saha-banks.com/wp-includes/css/classic-themes.min.css?ver=1
IP 104.21.77.237:0
Hash 5a18e16eb01cbaa862eb32e6b77bedb2
3abf9b913cc9f558f02cba7c9b822f8d1812cb96
d2b5af913332941d5ae7786d1fa70e0d009315c4ede6ad5b80d0f663bb54521f
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: www.saha-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.saha-banks.com/issuing-al-ahly-atm-card-instead-of-a-lost-self-service-card/
HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 13:00:42 GMT
Content-Type: text/css
Content-Length: 189
Connection: keep-alive
Last-Modified: Wed, 02 Nov 2022 08:34:13 GMT
Cache-Control: max-age=86400
Expires: Mon, 09 Jan 2023 13:00:41 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JAKwv9mHzjFb9tt2Ny6P00FTPe35nY905ukLvrK2Px9EYxQ4IF55gF3supEWU2B5YIHF6ATKjAQdYIHE6frZBbRjIhOAspEqJyHnV6nX1pVX4B%2FRpbe6EMvC5KsuTzPvSYsbvXc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78651e186c9c0b65-OSL
alt-svc: h2=":443"; ma=60
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 54ac41a005cad66e958c904071ea1d4f
66932889be57eb15ab99237a69d292b12090c68d
52545e144a7ca5c37c5369d5f5b566b4e5e820b1920ab7fe8e413e7fe022e21b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1597
Cache-Control: max-age=160365
Content-Type: application/ocsp-response
Date: Sun, 08 Jan 2023 13:00:42 GMT
Etag: "63ba87aa-1d7"
Expires: Tue, 10 Jan 2023 09:33:27 GMT
Last-Modified: Sun, 08 Jan 2023 09:06:50 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
www.saha-banks.com/wp-content/themes/jannah/assets/css/base.min.css?ver=6.0.1
104.21.77.237200 OK 12 kB URL HTTP/1.1 www.saha-banks.com/wp-content/themes/jannah/assets/css/base.min.css?ver=6.0.1
IP 104.21.77.237:0
File type ASCII text, with very long lines (42000)
Hash 5c15986a7f6f7c940ea94de8a0b79fae
32a30e717b4aaba9d4d0325d00c0cad154cb8639
20a931a1c53300760bc2cacfcaea3b877b08053a72998b45f216061c27617e40
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/jannah/assets/css/base.min.css?ver=6.0.1 HTTP/1.1
Host: www.saha-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.saha-banks.com/issuing-al-ahly-atm-card-instead-of-a-lost-self-service-card/
HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 13:00:42 GMT
Content-Type: text/css
Content-Length: 12209
Connection: keep-alive
Last-Modified: Sat, 31 Dec 2022 20:27:08 GMT
Cache-Control: max-age=86400
Expires: Mon, 09 Jan 2023 13:00:41 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pxms8ScGvyUnR7vmiSyMne%2FsW5FOzNLtV1rAPB9IbrIMUvVzGtExX4AJEZVf7f01A%2FLq7CjpE%2F45HyC6AYD0Bnk%2BN8TTQSwaQQ%2BnYaXY2byoTaxOuZNXSawXIMduRGnvqAUx8aE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78651e18db39fac8-OSL
alt-svc: h2=":443"; ma=60
www.saha-banks.com/wp-content/plugins/contact-form-7/includes/css/styles-rtl.css?ver=5.7.2
104.21.77.237409 Conflict 276 B URL HTTP/1.1 www.saha-banks.com/wp-content/plugins/contact-form-7/includes/css/styles-rtl.css?ver=5.7.2
IP 104.21.77.237:0
File type HTML document, ASCII text, with no line terminators
Hash eb87734026c78562c46ffe59d817268a
6a2acea1da3edd46651b244845606cbefec11e72
d7b3507dfa4761ba2a4286b64296a614ede5529a557a56f3919411422431e574
GET /wp-content/plugins/contact-form-7/includes/css/styles-rtl.css?ver=5.7.2 HTTP/1.1
Host: www.saha-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.saha-banks.com/issuing-al-ahly-atm-card-instead-of-a-lost-self-service-card/
HTTP/1.1 409 Conflict
Date: Sun, 08 Jan 2023 13:00:42 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ln2zm6SgWFMQsdjT5u%2FMxtIh6xxnzT54%2F4tZ%2BCi0ZHeMJ69jsMWmM2BZLJyt5mp8Kh28h0rBIjD9Ryr9fkzzKK656GqeETockwPOwh6C%2BRRsOfyOI2U6yWz4DEsaPHXFumWBNks%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78651e187d81b512-OSL
alt-svc: h2=":443"; ma=60
www.saha-banks.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.2
104.21.77.237409 Conflict 276 B URL HTTP/1.1 www.saha-banks.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.2
IP 104.21.77.237:0
File type HTML document, ASCII text, with no line terminators
Hash 4d28ebf56850e07bed2081114aa1e069
501cd3747e8b40a189a78b888a5abf2fbf89d415
ccde6673139c30aa0204f9afbdb2c7415fcb35a35fc011e49fefbac050b07783
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.2 HTTP/1.1
Host: www.saha-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.saha-banks.com/issuing-al-ahly-atm-card-instead-of-a-lost-self-service-card/
HTTP/1.1 409 Conflict
Date: Sun, 08 Jan 2023 13:00:42 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MLtq2%2FDHH8akw%2FS4RIYb0%2BNNfTO9utT340%2F5WxbPeIIhhejW%2F1qeJPLDHnxx0QFHc%2Fiwy2kmycrPCGqPxNVuLgGQIOx%2FaL9shjVJhy0gCSb%2Fpd41xG56xgHWFKjvsPWcZ%2FkdBJc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78651e187eab0b49-OSL
alt-svc: h2=":443"; ma=60
www.saha-banks.com/wp-includes/css/dist/block-library/style-rtl.min.css?ver=6.1.1
104.21.77.237200 OK 18 kB URL HTTP/1.1 www.saha-banks.com/wp-includes/css/dist/block-library/style-rtl.min.css?ver=6.1.1
IP 104.21.77.237:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 28f05939dea4edca059c244cc702bfda
7e40e0235f2f7bc4d9f95dfa3f1773de320c3b28
369b0dca347d53e862ff6a7971f1a7d175648b13027e56c1d397d5e8266481a6
GET /wp-includes/css/dist/block-library/style-rtl.min.css?ver=6.1.1 HTTP/1.1
Host: www.saha-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.saha-banks.com/issuing-al-ahly-atm-card-instead-of-a-lost-self-service-card/
HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 13:00:42 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 15 Nov 2022 20:34:09 GMT
Cache-Control: max-age=86400
Expires: Mon, 09 Jan 2023 13:00:41 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HaKJjJsizzP8e20wFmvPpExS0W0g7%2F%2B3n5Z6aBeSzS%2Bx6zJoBiJkyXuCIB%2BmzTnCIUaaQxi7pgbwShQR2x3rkCHifh%2BRliWzOda%2BtMGy%2BpFznCXzLVB8KEFPW8I1qE%2BMPFXZcrg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78651e186bbdb515-OSL
alt-svc: h2=":443"; ma=60
push.services.mozilla.com/
52.34.49.10101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.34.49.10:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: R6ktAgyoAVyChPvjsGj2pg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: /Dz8w1/qqNoNb6GsB3QNpWg0WtQ=
www.saha-banks.com/wp-content/themes/jannah/assets/css/widgets.min.css?ver=6.0.1
104.21.77.237200 OK 12 kB URL HTTP/1.1 www.saha-banks.com/wp-content/themes/jannah/assets/css/widgets.min.css?ver=6.0.1
IP 104.21.77.237:0
File type ASCII text, with very long lines (47525)
Hash 1a49f64a9824ac7858e559a933e9eccf
caa8b49e61974a81da01a9032393216a05995810
175a7a8805e51048305f212a6f54319606a725044a229190262511468e569a81
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/jannah/assets/css/widgets.min.css?ver=6.0.1 HTTP/1.1
Host: www.saha-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.saha-banks.com/issuing-al-ahly-atm-card-instead-of-a-lost-self-service-card/
HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 13:00:42 GMT
Content-Type: text/css
Content-Length: 12354
Connection: keep-alive
Last-Modified: Sat, 31 Dec 2022 20:27:08 GMT
Cache-Control: max-age=86400
Expires: Mon, 09 Jan 2023 13:00:42 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GGrmJXrbliQWn17JL1PIgJ7QNNAwcf92RZaCbILKeyCzz7iFBLFAHwSMNUoJTZxU4wlXWrhihfx4jUWfK6Z8oCkLQLp5R17e9fxBuk1HbsHCTG45HMimc%2F3O3OP60PSZp70cz8A%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78651e1acf880b65-OSL
alt-svc: h2=":443"; ma=60
www.saha-banks.com/wp-content/themes/jannah/assets/css/helpers.min.css?ver=6.0.1
104.21.77.237200 OK 10 kB URL HTTP/1.1 www.saha-banks.com/wp-content/themes/jannah/assets/css/helpers.min.css?ver=6.0.1
IP 104.21.77.237:0
File type ASCII text, with very long lines (40185)
Hash 638ef4cc88b27674ebd9a1355c29c61f
8f532be7574576baa2c56ad1c6c2652296bf0c42
993f335862fede763c118e404999ce60f88e9b870ee07de9e6e1579f7e556df5
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/jannah/assets/css/helpers.min.css?ver=6.0.1 HTTP/1.1
Host: www.saha-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.saha-banks.com/issuing-al-ahly-atm-card-instead-of-a-lost-self-service-card/
HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 13:00:42 GMT
Content-Type: text/css
Content-Length: 10255
Connection: keep-alive
Last-Modified: Sat, 31 Dec 2022 20:27:08 GMT
Cache-Control: max-age=86400
Expires: Mon, 09 Jan 2023 13:00:42 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tXDIpJVtv1VqWfg2PY0F1VEH2%2B%2BjvCcI0tg8T26zt2u1NTlM15mlPTWcJRHRkflpjCx4ZeQmOjPuKL5Cx8X2GhDbvbv6VWmuCtYVIq1h4pnTfw48wU7bPuwjaiaj1rMLGvKmCpk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78651e1b1db5fac8-OSL
alt-svc: h2=":443"; ma=60
www.saha-banks.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
104.21.77.237200 OK 655 B URL HTTP/1.1 www.saha-banks.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP 104.21.77.237:0
File type HTML document, ASCII text, with very long lines (1238)
Hash bc3ba461c8a309acf61b6d9c41cb6236
88482306ecc9258d5e9cbb9ba5314dab223a5db4
31331f1b1519882d2f2fb60367708fd56a7a1ec0bddd0554c635547179c7dc8f
Analyzer Verdict Alert fortinet Phishing
GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: www.saha-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.saha-banks.com/issuing-al-ahly-atm-card-instead-of-a-lost-self-service-card/
HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 13:00:42 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 05 Jan 2023 11:26:13 GMT
ETag: W/"63b6b3d5-4d7"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P5FGvBggQNEjJudXWOeJyzzMX6VQqYT3hYBZXGsEyG5hyzr86a%2Fat36A%2FHqh8dffck%2BmaFGZ4v%2F0wijWp9RoX7MQTosbRhccl0C3gJBu9Tk5JCCka3BBgblSOyTxzNkJNXOQx%2Fw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78651e1d5f46fac8-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Expires: Tue, 10 Jan 2023 13:00:42 GMT
Cache-Control: max-age=172800, public
Content-Encoding: gzip
www.saha-banks.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
104.21.77.237200 OK 3.9 kB URL HTTP/1.1 www.saha-banks.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
IP 104.21.77.237:0
File type ASCII text, with very long lines (12331)
Hash 54c87b7a9007d256c837e382cab4170d
6c8f44204021f68596af9ae5a742c3ad1b76a6ec
3a09f98b09786cd8fbe71cc17d07660e767fc1c8d2ea467f912bc328766a54a1
Analyzer Verdict Alert fortinet Phishing
GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: www.saha-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.saha-banks.com/issuing-al-ahly-atm-card-instead-of-a-lost-self-service-card/
HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 13:00:42 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 05 Jan 2023 11:26:13 GMT
ETag: W/"63b6b3d5-302c"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kTqPdnM%2FC7eHE1gLlxJ%2FuYMdM1rqodRq0AzegsA%2FkNLcyG%2FBcN5cbTVSuBYgWJFkwSoSrU0v0GHWUhRwWwZbUtzMzYRJMKeD8jlf1tSbnFoRzs3SFbZCBwkKO6st0LXlhhUpixY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78651e1d5f48fac8-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Expires: Tue, 10 Jan 2023 13:00:42 GMT
Cache-Control: max-age=172800, public
Content-Encoding: gzip
www.saha-banks.com/wp-content/themes/jannah/assets/ilightbox/dark-skin/skin.css?ver=6.0.1
104.21.77.237200 OK 2.9 kB URL HTTP/1.1 www.saha-banks.com/wp-content/themes/jannah/assets/ilightbox/dark-skin/skin.css?ver=6.0.1
IP 104.21.77.237:0
File type ASCII text, with very long lines (4936), with CRLF line terminators
Hash 11ef5282e4e1793227bcc1aff992219e
11990fef6eb1dcffffc40fb12f770a7aee21251c
c419b80ac34071cc030d0e26427de827a30f1d58b03e51f72d13126a7c11bb4c
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/jannah/assets/ilightbox/dark-skin/skin.css?ver=6.0.1 HTTP/1.1
Host: www.saha-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.saha-banks.com/issuing-al-ahly-atm-card-instead-of-a-lost-self-service-card/
HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 13:00:42 GMT
Content-Type: text/css
Content-Length: 2928
Connection: keep-alive
Last-Modified: Sat, 31 Dec 2022 20:27:08 GMT
Cache-Control: max-age=86400
Expires: Mon, 09 Jan 2023 13:00:42 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iMSjxVHztYuICUQ4BbjA%2FPTq9se6cOQNCkARYl0FZaW%2BrrtQoW4Ow0mW6cUPxMeAL807GLjwRJZnX%2BC2BD4ob4tphNA9qt0CDV9EYaVQEMeVmV7fyCPFJ8g14TNWKG%2Fsz9iZ85k%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78651e1b99890b49-OSL
alt-svc: h2=":443"; ma=60
www.saha-banks.com/wp-content/themes/jannah/assets/css/fontawesome.css?ver=6.0.1
104.21.77.237200 OK 12 kB URL HTTP/1.1 www.saha-banks.com/wp-content/themes/jannah/assets/css/fontawesome.css?ver=6.0.1
IP 104.21.77.237:0
File type ASCII text, with very long lines (58661)
Hash 0913411c20bb983546f234d4685b40be
52b1104571de6fe046f0b76fece038bb06f7dcd4
1342814f0b2a66024a055e2037caab0bac8bdefe26a194d4a2605f13ab4cdc5f
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/jannah/assets/css/fontawesome.css?ver=6.0.1 HTTP/1.1
Host: www.saha-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.saha-banks.com/issuing-al-ahly-atm-card-instead-of-a-lost-self-service-card/
HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 13:00:42 GMT
Content-Type: text/css
Content-Length: 12516
Connection: keep-alive
Last-Modified: Sat, 31 Dec 2022 20:27:08 GMT
Cache-Control: max-age=86400
Expires: Mon, 09 Jan 2023 13:00:42 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XJeeJHDBJuiu4otW07j6yHmGWdU%2B4iwCLFcsyblBxCyNA9MtbSNK8EZCHzTw%2BTrg8KQC9i1Srt1h8IlXYwbZ8vqQKAfjqs%2Ba59%2FzghoiIc%2BFz2Ui44xWzS2zC4G8ETOw3Lp8V0M%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78651e1b99e1b512-OSL
alt-svc: h2=":443"; ma=60
www.saha-banks.com/wp-content/themes/jannah/assets/css/style.min.css?ver=6.0.1
104.21.77.237200 OK 40 kB URL HTTP/1.1 www.saha-banks.com/wp-content/themes/jannah/assets/css/style.min.css?ver=6.0.1
IP 104.21.77.237:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash fd0cfb25ff8ba12d3d717f5a1cdd0b75
9f0509a79961728b5554633b4ead59392919002e
3720e4aa3059e4a23d21ab677d701392fdff1cb43ad037521daa8a1be5bccdc6
GET /wp-content/themes/jannah/assets/css/style.min.css?ver=6.0.1 HTTP/1.1
Host: www.saha-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.saha-banks.com/issuing-al-ahly-atm-card-instead-of-a-lost-self-service-card/
HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 13:00:42 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 31 Dec 2022 20:27:08 GMT
Cache-Control: max-age=86400
Expires: Mon, 09 Jan 2023 13:00:42 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UII2q9CcJBv0dOMXAvs5WO%2FMpxYkcj3UkkQRyZAxfv7vzU0OzJfWtZDiUQfbqj2IBn3fFqbccT1nWA2flWg8XOdWElwOsAOhu64JuXnyo3TDjLPNOPzSJRXFueOpXyn0GUKZjsk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78651e1aca10b50f-OSL
alt-svc: h2=":443"; ma=60
www.saha-banks.com/wp-content/themes/jannah/assets/css/single.min.css?ver=6.0.1
104.21.77.237200 OK 13 kB URL HTTP/1.1 www.saha-banks.com/wp-content/themes/jannah/assets/css/single.min.css?ver=6.0.1
IP 104.21.77.237:0
File type ASCII text, with very long lines (46574)
Hash 54c898701c208d545bcba86cda4f31f6
bce6775632f3f76fbefa139b20ca6a563c242e03
24a761a2ec326cd6ac52be7e2b9fc11618a4db76eb28ad132cc331f1e9c58e6b
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/jannah/assets/css/single.min.css?ver=6.0.1 HTTP/1.1
Host: www.saha-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.saha-banks.com/issuing-al-ahly-atm-card-instead-of-a-lost-self-service-card/
HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 13:00:42 GMT
Content-Type: text/css
Content-Length: 13233
Connection: keep-alive
Last-Modified: Sat, 31 Dec 2022 20:27:08 GMT
Cache-Control: max-age=86400
Expires: Mon, 09 Jan 2023 13:00:42 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g3RrsfB7okcNzpEv5Z4TK6KWZ8vh89WIB3uTH8nEbIRMTvgomwQ8%2FCnr4Prg%2BWsLDCdp58%2B%2BADU8MGU0eqllkEES8NOkHGCrmZd7FaxHPDUJnx6DzPFaKgkDzdR8wuhi9dT1EMw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78651e1bd8a3b515-OSL
alt-svc: h2=":443"; ma=60
region1.google-analytics.com/g/collect?v=2&tid=G-MNTK4YVF83>m=2oe120&_p=1298793366&gdid=dZGIzZG&cid=1103795036.1673182830&ul=en-us&sr=1280x1024&_s=1&sid=1673182829&sct=1&seg=0&dl=http%3A%2F%2Fwww.saha-banks.com%2Fissuing-al-ahly-atm-card-instead-of-a-lost-self-service-card%2F&dt=%D8%A7%D8%B3%D8%AA%D8%AE%D8%B1%D8%A7%D8%AC%20%D8%A8%D8%B7%D8%A7%D9%82%D8%A9%20%D8%B5%D8%B1%D8%A7%D9%81%20%D8%A7%D9%84%D8%A3%D9%87%D9%84%D9%8A%20%D8%A8%D8%AF%D9%84%20%D9%81%D8%A7%D9%82%D8%AF%20%D9%85%D9%86%20%D8%A7%D9%84%D8%AE%D8%AF%D9%85%D8%A9%20%D8%A7%D9%84%D8%B0%D8%A7%D8%AA%D9%8A%D8%A9%20-%20%D8%B3%D8%A7%D8%AD%D8%A9%20%D8%A7%D9%84%D8%A8%D9%86%D9%88%D9%83&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.forceSSL=true&ep.link_attribution=true
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-MNTK4YVF83>m=2oe120&_p=1298793366&gdid=dZGIzZG&cid=1103795036.1673182830&ul=en-us&sr=1280x1024&_s=1&sid=1673182829&sct=1&seg=0&dl=http%3A%2F%2Fwww.saha-banks.com%2Fissuing-al-ahly-atm-card-instead-of-a-lost-self-service-card%2F&dt=%D8%A7%D8%B3%D8%AA%D8%AE%D8%B1%D8%A7%D8%AC%20%D8%A8%D8%B7%D8%A7%D9%82%D8%A9%20%D8%B5%D8%B1%D8%A7%D9%81%20%D8%A7%D9%84%D8%A3%D9%87%D9%84%D9%8A%20%D8%A8%D8%AF%D9%84%20%D9%81%D8%A7%D9%82%D8%AF%20%D9%85%D9%86%20%D8%A7%D9%84%D8%AE%D8%AF%D9%85%D8%A9%20%D8%A7%D9%84%D8%B0%D8%A7%D8%AA%D9%8A%D8%A9%20-%20%D8%B3%D8%A7%D8%AD%D8%A9%20%D8%A7%D9%84%D8%A8%D9%86%D9%88%D9%83&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.forceSSL=true&ep.link_attribution=true
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-MNTK4YVF83>m=2oe120&_p=1298793366&gdid=dZGIzZG&cid=1103795036.1673182830&ul=en-us&sr=1280x1024&_s=1&sid=1673182829&sct=1&seg=0&dl=http%3A%2F%2Fwww.saha-banks.com%2Fissuing-al-ahly-atm-card-instead-of-a-lost-self-service-card%2F&dt=%D8%A7%D8%B3%D8%AA%D8%AE%D8%B1%D8%A7%D8%AC%20%D8%A8%D8%B7%D8%A7%D9%82%D8%A9%20%D8%B5%D8%B1%D8%A7%D9%81%20%D8%A7%D9%84%D8%A3%D9%87%D9%84%D9%8A%20%D8%A8%D8%AF%D9%84%20%D9%81%D8%A7%D9%82%D8%AF%20%D9%85%D9%86%20%D8%A7%D9%84%D8%AE%D8%AF%D9%85%D8%A9%20%D8%A7%D9%84%D8%B0%D8%A7%D8%AA%D9%8A%D8%A9%20-%20%D8%B3%D8%A7%D8%AD%D8%A9%20%D8%A7%D9%84%D8%A8%D9%86%D9%88%D9%83&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.forceSSL=true&ep.link_attribution=true HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.saha-banks.com
Connection: keep-alive
Referer: http://www.saha-banks.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: http://www.saha-banks.com
date: Sun, 08 Jan 2023 13:00:42 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.saha-banks.com/wp-content/uploads/2023/01/%D8%AA%D9%86%D8%B4%D9%8A%D8%B7-%D8%AD%D8%B3%D8%A7%D8%A8-%D9%85%D8%B3%D8%AA%D9%81%D9%8A%D8%AF-%D8%A7%D9%84%D8%A3%D9%87%D9%84%D9%8A-%D8%B9%D9%86-%D8%B7%D8%B1%D9%8A%D9%82-%D8%A7%D9%84%D9%87%D8%A7%D8%AA%D9%81-390x220.jpg
104.21.77.237200 OK 21 kB URL HTTP/2 www.saha-banks.com/wp-content/uploads/2023/01/%D8%AA%D9%86%D8%B4%D9%8A%D8%B7-%D8%AD%D8%B3%D8%A7%D8%A8-%D9%85%D8%B3%D8%AA%D9%81%D9%8A%D8%AF-%D8%A7%D9%84%D8%A3%D9%87%D9%84%D9%8A-%D8%B9%D9%86-%D8%B7%D8%B1%D9%8A%D9%82-%D8%A7%D9%84%D9%87%D8%A7%D8%AA%D9%81-390x220.jpg
IP 104.21.77.237:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 390x220, components 3\012- data
Hash 0aed5cdead16b93d08728bc0d4935a5f
b2f2a15e4660ecfad35de075ce232e54df30f74d
1b92ea94a5c3122c1d377fb74365b59ba3fb2c6065003d02f6ddabf6263e982c
GET /wp-content/uploads/2023/01/%D8%AA%D9%86%D8%B4%D9%8A%D8%B7-%D8%AD%D8%B3%D8%A7%D8%A8-%D9%85%D8%B3%D8%AA%D9%81%D9%8A%D8%AF-%D8%A7%D9%84%D8%A3%D9%87%D9%84%D9%8A-%D8%B9%D9%86-%D8%B7%D8%B1%D9%8A%D9%82-%D8%A7%D9%84%D9%87%D8%A7%D8%AA%D9%81-390x220.jpg HTTP/1.1
Host: www.saha-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.saha-banks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 08 Jan 2023 13:00:42 GMT
content-type: image/jpeg
content-length: 21234
last-modified: Sun, 01 Jan 2023 21:06:06 GMT
cache-control: max-age=86400
expires: Mon, 09 Jan 2023 13:00:42 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
x-nginx-cache: WordPress
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h3UtqLDyf07kOvwnKD1P1yUnSHbFilxTKHQuzIMuvRboFyK64GiqrbEWKibrlq4bhD2jQlB6auEJgoFtnS3u2irjhCAXpWTKoMJtMleeXc5xwE0qKVCw3mIBv%2FFAbQEplNmiZwE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78651e1a7e1ab50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 790c7880f94940ab24a5eeb9c36af00a
60d5f1b867ba31ee367c5723821db3616676c367
6e8ec17af9d81e1ab63464f223dde8e0f0dd506295f7e852130e3d5800b0f4c2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 08 Jan 2023 13:00:42 GMT
Last-Modified: Sun, 08 Jan 2023 13:00:41 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 280
www.saha-banks.com/wp-content/themes/jannah/rtl.css
104.21.77.237200 OK 10 kB URL HTTP/1.1 www.saha-banks.com/wp-content/themes/jannah/rtl.css
IP 104.21.77.237:0
Hash c8916d805e401072c3e814c0b4893f9e
7245a0f7dcfdaca731de648bb9ebbf34942a3177
1ab7417c5db7f6730a2633765151f158893ac8c134a08d796a8930c5781a30bf
GET /wp-content/themes/jannah/rtl.css HTTP/1.1
Host: www.saha-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.saha-banks.com/issuing-al-ahly-atm-card-instead-of-a-lost-self-service-card/
HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 13:00:42 GMT
Content-Type: text/css
Content-Length: 10111
Connection: keep-alive
Last-Modified: Sat, 31 Dec 2022 20:27:08 GMT
Cache-Control: max-age=86400
Expires: Mon, 09 Jan 2023 13:00:42 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sj812ZHaQ0diZugHEiM70JP8dPgmxXsKmhEXCc0PmCFzcD1WNkfLHK%2FpfrzOxjTltNfS3TWAcqu%2BnfU5RiANr1%2BYtkGeb4LwtJyHcn4SeRgL2XLNkJ4hszJqu0HsIT80S0VS5Ns%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78651e1d19ea0b65-OSL
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash bca7f62d320a595159ceae1b30ef4c65
0e0c7a42f0d017f617b40aea757cf0a0a4d71d9a
e30f2266b5b10dd868954bba127f6a8e85ba6f8422b565ca17aee0e9074b9d99
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 08 Jan 2023 13:00:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash bca7f62d320a595159ceae1b30ef4c65
0e0c7a42f0d017f617b40aea757cf0a0a4d71d9a
e30f2266b5b10dd868954bba127f6a8e85ba6f8422b565ca17aee0e9074b9d99
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 08 Jan 2023 13:00:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3222560371730474
142.250.74.66200 OK 49 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3222560371730474
IP 142.250.74.66:0
File type ASCII text, with very long lines (4885)
Hash efcfb56d6a9f44ca8caf8a328e6cd435
8f720b70b831cb94790d8ec42201515fe7854122
621bfc9c78dcd5247911dd5e2391d72b259a829468f0da2ab95d9da2335e9bea
GET /pagead/js/adsbygoogle.js?client=ca-pub-3222560371730474 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.saha-banks.com
Connection: keep-alive
Referer: http://www.saha-banks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 08 Jan 2023 13:00:42 GMT
expires: Sun, 08 Jan 2023 13:00:42 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 11808788649621943094
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 49343
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4557499569195415
142.250.74.66200 OK 50 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4557499569195415
IP 142.250.74.66:0
File type ASCII text, with very long lines (4885)
Hash 9b527ecb5223f11859285c5ba92f1d99
bc77ae2a332b50b8afa4f3b14df83efbc9ac4ec8
9b3fffffa14365999af17c4a1f5adedcb585f7a62c49187673330585ef762b17
GET /pagead/js/adsbygoogle.js?client=ca-pub-4557499569195415 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.saha-banks.com
Connection: keep-alive
Referer: http://www.saha-banks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 08 Jan 2023 13:00:42 GMT
expires: Sun, 08 Jan 2023 13:00:42 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 7300947849932655872
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 49729
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash bca7f62d320a595159ceae1b30ef4c65
0e0c7a42f0d017f617b40aea757cf0a0a4d71d9a
e30f2266b5b10dd868954bba127f6a8e85ba6f8422b565ca17aee0e9074b9d99
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 08 Jan 2023 13:00:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.saha-banks.com/wp-includes/js/comment-reply.min.js?ver=6.1.1
104.21.77.237200 OK 1.5 kB URL HTTP/1.1 www.saha-banks.com/wp-includes/js/comment-reply.min.js?ver=6.1.1
IP 104.21.77.237:0
File type ASCII text, with very long lines (2946)
Hash 92712acce6ce836d0a929b1800b4f9d6
8157d1380bb1d6dadfd85565dd464bb5b0ed06bd
2f82d181a2cadadf7d898d7f5ea2eb527106fb6413044b55fbfa4fb0081a2e09
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/comment-reply.min.js?ver=6.1.1 HTTP/1.1
Host: www.saha-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.saha-banks.com/issuing-al-ahly-atm-card-instead-of-a-lost-self-service-card/
Cookie: _ga_MNTK4YVF83=GS1.1.1673182829.1.0.1673182829.0.0.0; _ga=GA1.1.1103795036.1673182830
HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 13:00:43 GMT
Content-Type: application/javascript
Content-Length: 1477
Connection: keep-alive
Last-Modified: Sat, 09 Apr 2022 07:37:18 GMT
Cache-Control: max-age=86400
Expires: Mon, 09 Jan 2023 13:00:42 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tJsHlwFwG1%2FmzaXDMSQL90QOFQlnyUwHFiD53Of5UznVIOis9tHvTfZIg%2FH3pcLGdCs8PFrMnR77iH8QokUWJwtfP3knPGgVyfAtitN7Fgxef79eu8PDJ9074Tu06cb71OkRT3g%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78651e1fcf8ab512-OSL
alt-svc: h2=":443"; ma=60
www.saha-banks.com/wp-content/themes/jannah/assets/js/desktop.min.js?ver=6.0.1
104.21.77.237200 OK 6.8 kB URL HTTP/1.1 www.saha-banks.com/wp-content/themes/jannah/assets/js/desktop.min.js?ver=6.0.1
IP 104.21.77.237:0
File type ASCII text, with very long lines (18002)
Hash 08f3564fe02643f632af8db483079dec
fd5897658a57986b46a3dc88e2c6f129412f0e7b
f21a0152825b0609135e73a0077a3742c2add8eea66a6ba1167fbcdb5e0e0421
GET /wp-content/themes/jannah/assets/js/desktop.min.js?ver=6.0.1 HTTP/1.1
Host: www.saha-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.saha-banks.com/issuing-al-ahly-atm-card-instead-of-a-lost-self-service-card/
Cookie: _ga_MNTK4YVF83=GS1.1.1673182829.1.0.1673182829.0.0.0; _ga=GA1.1.1103795036.1673182830
HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 13:00:43 GMT
Content-Type: application/javascript
Content-Length: 6771
Connection: keep-alive
Last-Modified: Sat, 31 Dec 2022 20:27:08 GMT
Cache-Control: max-age=86400
Expires: Mon, 09 Jan 2023 13:00:42 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6xPxXT%2B18j7ciRjyYVRVS3PQJLMVYdlXaWnZpVzmoZ9lfYXi9Ssk6vK2i4vsDEWjAnlXOakGu6%2BafWmBK8GUpIR1qLglrXx917rJiZP37CX%2BaG0jlrQHlokWx33%2FsJ4Vxsal3FU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78651e1fd995fac8-OSL
alt-svc: h2=":443"; ma=60
www.saha-banks.com/wp-content/themes/jannah/assets/js/live-search.js?ver=6.0.1
104.21.77.237200 OK 5.8 kB URL HTTP/1.1 www.saha-banks.com/wp-content/themes/jannah/assets/js/live-search.js?ver=6.0.1
IP 104.21.77.237:0
File type ASCII text, with very long lines (13532)
Hash 9bf567f02589ecd685ea926901d1c3ae
ca48792eabbc9cd167bab26dc52728711ba5b3e0
6ba8506c5aac579499e3eb9022d0972ccd31199774b8e8a7e0e8629f46a13f64
GET /wp-content/themes/jannah/assets/js/live-search.js?ver=6.0.1 HTTP/1.1
Host: www.saha-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.saha-banks.com/issuing-al-ahly-atm-card-instead-of-a-lost-self-service-card/
Cookie: _ga_MNTK4YVF83=GS1.1.1673182829.1.0.1673182829.0.0.0; _ga=GA1.1.1103795036.1673182830
HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 13:00:43 GMT
Content-Type: application/javascript
Content-Length: 5752
Connection: keep-alive
Last-Modified: Sat, 31 Dec 2022 20:27:08 GMT
Cache-Control: max-age=86400
Expires: Mon, 09 Jan 2023 13:00:42 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xuSMJ1CKrNxXYWRKhw9X%2F0j7ApI0RKHz1TLm02rwEcGVbE9g4FqpNexjk0BSoUGjiJDznbaCsCV7T4AHeIjFpvxGJX6c73HO8NnFN3O9aUv4JeHaprtKPUUdSrri4kRypUz4peQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78651e1fcdd30b49-OSL
alt-svc: h2=":443"; ma=60
www.saha-banks.com/wp-content/themes/jannah/assets/fonts/tielabs-fonticon/tielabs-fonticon.woff
104.21.77.237200 OK 41 kB URL HTTP/1.1 www.saha-banks.com/wp-content/themes/jannah/assets/fonts/tielabs-fonticon/tielabs-fonticon.woff
IP 104.21.77.237:0
File type Web Open Font Format, TrueType, length 40812, version 2.0\012- data
Hash b5b7e935f421e6ca7967b036fb08afd5
38a99c496548c5d2ee22c6df3b9dfd5081a73332
f1bc17112f84d3e3b9e381a292e9ee6263cfb0706f07e34501396dee3a7c8a2a
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/jannah/assets/fonts/tielabs-fonticon/tielabs-fonticon.woff HTTP/1.1
Host: www.saha-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.saha-banks.com/wp-content/themes/jannah/assets/css/helpers.min.css?ver=6.0.1
Cookie: _ga_MNTK4YVF83=GS1.1.1673182829.1.0.1673182829.0.0.0; _ga=GA1.1.1103795036.1673182830
HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 13:00:43 GMT
Content-Type: font/woff
Content-Length: 40812
Connection: keep-alive
Last-Modified: Sat, 31 Dec 2022 20:27:08 GMT
Cache-Control: max-age=86400
Expires: Mon, 09 Jan 2023 13:00:42 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3l4sZwYY8%2By6VLT2h6bvjSZk9m97YEx1ODGAEXfm3vVTjQ8lxKyIc0mP5sIn9YxajHEVmedRVW4M1n5Kf3gE7sVPrhWOdmYouZROdPK4vLdqKzHcHa%2FWboekaYW7ai89sn%2BoQyY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78651e1f6fe9b50f-OSL
alt-svc: h2=":443"; ma=60
www.saha-banks.com/wp-content/themes/jannah/assets/css/print.css?ver=6.0.1
104.21.77.237200 OK 702 B URL HTTP/1.1 www.saha-banks.com/wp-content/themes/jannah/assets/css/print.css?ver=6.0.1
IP 104.21.77.237:0
File type ASCII text, with very long lines (1760)
Hash 8ea40413b0999dedb6605ebeb8bb610b
2a6428bdb0a9e53bab87ed5f8d2d1e5c015de9de
2ce6e8aeb208877c5e6c046177a7a739600417b7da2e747eea36d22ce722e8bf
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/jannah/assets/css/print.css?ver=6.0.1 HTTP/1.1
Host: www.saha-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.saha-banks.com/issuing-al-ahly-atm-card-instead-of-a-lost-self-service-card/
Cookie: _ga_MNTK4YVF83=GS1.1.1673182829.1.0.1673182829.0.0.0; _ga=GA1.1.1103795036.1673182830
HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 13:00:43 GMT
Content-Type: text/css
Content-Length: 702
Connection: keep-alive
Last-Modified: Sat, 31 Dec 2022 20:27:08 GMT
Cache-Control: max-age=86400
Expires: Mon, 09 Jan 2023 13:00:43 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iI0luOInVXAwZ8qWVvFw4VE3TOQiyMtbtpNj4nBtDjaMVBxnmSuZq3ikFvCwZKPN%2BPXYOBntXXEzxGIO7viA8fNZK35wN8yHlB%2BU89QzfIPooTSg0bUBomu6Lrlxb%2FL0wbBlS%2Bs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78651e1fae33b515-OSL
alt-svc: h2=":443"; ma=60
www.saha-banks.com/wp-content/themes/jannah/assets/js/single.min.js?ver=6.0.1
104.21.77.237200 OK 2.2 kB URL HTTP/1.1 www.saha-banks.com/wp-content/themes/jannah/assets/js/single.min.js?ver=6.0.1
IP 104.21.77.237:0
File type HTML document, ASCII text, with very long lines (5548)
Hash 54ee2458031284f8ff653682b1afcdd8
fec4e94be86f5fdb938f0048cbb977a84bd8f3dd
d65f2e5c8b694987dbfc42359cc5ea3092b7e878b67cec45ed5c353d5dc06771
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/jannah/assets/js/single.min.js?ver=6.0.1 HTTP/1.1
Host: www.saha-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.saha-banks.com/issuing-al-ahly-atm-card-instead-of-a-lost-self-service-card/
Cookie: _ga_MNTK4YVF83=GS1.1.1673182829.1.0.1673182829.0.0.0; _ga=GA1.1.1103795036.1673182830
HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 13:00:43 GMT
Content-Type: application/javascript
Content-Length: 2194
Connection: keep-alive
Last-Modified: Sat, 31 Dec 2022 20:27:08 GMT
Cache-Control: max-age=86400
Expires: Mon, 09 Jan 2023 13:00:43 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ngTABq8SPx3Mg01gZfqgPg87%2BXetgpahxDKPDW8Qq5SBlH6rRY68oCfDXHCl%2Ff19GoZPHs1XzxjvYXmn%2BXQrK37hXn9c5et7Qss8nAs9I7PGF2MJ75x1t125KBnmgCb84SgsL7c%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78651e1fcd500b65-OSL
alt-svc: h2=":443"; ma=60
www.saha-banks.com/wp-content/themes/jannah/assets/ilightbox/lightbox.js?ver=6.0.1
104.21.77.237200 OK 32 kB URL HTTP/1.1 www.saha-banks.com/wp-content/themes/jannah/assets/ilightbox/lightbox.js?ver=6.0.1
IP 104.21.77.237:0
File type ASCII text, with very long lines (2026)
Hash 04c34bd00edeca5e9f0067d8de727263
8303c1c817ef8f2719dd26ff9ea7ab3fe878163d
a7ba5f9c7bb2a1eacaaf3d91ac38ed27ab66548379884936e7cc890834e351c9
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/jannah/assets/ilightbox/lightbox.js?ver=6.0.1 HTTP/1.1
Host: www.saha-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.saha-banks.com/issuing-al-ahly-atm-card-instead-of-a-lost-self-service-card/
Cookie: _ga_MNTK4YVF83=GS1.1.1673182829.1.0.1673182829.0.0.0; _ga=GA1.1.1103795036.1673182830
HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 13:00:43 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 31 Dec 2022 20:27:08 GMT
Cache-Control: max-age=86400
Expires: Mon, 09 Jan 2023 13:00:43 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=riURdTxWgE5wgxre8psB7Ngzik0c18Mf%2BFNJDY4A2ubWdDyuzcfgJIsfAU3YRqz7T1OGspVDiq%2FjRy6oBA73AuSYaoK1%2FZNoviTkKIq1q9iTepcZjffz9QZPK5q9xLKR87PEKN4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78651e20f8e2b512-OSL
alt-svc: h2=":443"; ma=60
www.saha-banks.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.2
104.21.77.237409 Conflict 276 B URL HTTP/1.1 www.saha-banks.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.2
IP 104.21.77.237:0
File type HTML document, ASCII text, with no line terminators
Hash ee7d57a861e7839603c0124a2cffb987
9d2d42be0975d6ef5b67844e27cc01bed6c4d11e
5784c2f69e6933ef70a4ece16358f45e710351335adc678191127f71a4156095
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.2 HTTP/1.1
Host: www.saha-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.saha-banks.com/issuing-al-ahly-atm-card-instead-of-a-lost-self-service-card/
Cookie: _ga_MNTK4YVF83=GS1.1.1673182829.1.0.1673182829.0.0.0; _ga=GA1.1.1103795036.1673182830
HTTP/1.1 409 Conflict
Date: Sun, 08 Jan 2023 13:00:43 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bQ9741Cw2Uy52NzhJLRwdlpM62FTde86PVJYKZE0a6NyTqeBfxEz%2Bb1DvU2iJtPwlOeOhurkbtYk7t8AaOjmG6arEX416TANeTIGaRP56k6a8au0qCzq0DmqoBQwKmT7pbgmDXM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78651e21aac0b50f-OSL
alt-svc: h2=":443"; ma=60
www.saha-banks.com/wp-content/plugins/table-of-contents-plus/front.min.js?ver=2212
104.21.77.237200 OK 2.6 kB URL HTTP/1.1 www.saha-banks.com/wp-content/plugins/table-of-contents-plus/front.min.js?ver=2212
IP 104.21.77.237:0
File type ASCII text, with very long lines (6091), with no line terminators
Hash 04707e026d958b0930058e62e149a320
5add6ddce69863946c147d32b8b17ebf8d996270
25ba9835e3b974f8f386b819df9e9458775f30cb4d5411f4264f754be09659ed
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/table-of-contents-plus/front.min.js?ver=2212 HTTP/1.1
Host: www.saha-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.saha-banks.com/issuing-al-ahly-atm-card-instead-of-a-lost-self-service-card/
Cookie: _ga_MNTK4YVF83=GS1.1.1673182829.1.0.1673182829.0.0.0; _ga=GA1.1.1103795036.1673182830
HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 13:00:43 GMT
Content-Type: application/javascript
Content-Length: 2574
Connection: keep-alive
Last-Modified: Sat, 31 Dec 2022 20:26:49 GMT
Cache-Control: max-age=86400
Expires: Mon, 09 Jan 2023 13:00:43 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SZdAYHTgjUvooJ6xnyNyzPVCPlxIbKdzvqKwQh%2FaagZIP3PJIWPzsRiogyGs%2F6Q8G%2Fk2hvk5rSd0YhvT5Fa4TgDW0AZf65jq98gPOud8TLf1svy4usBA%2BBUmpMlxZTE276smSBY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78651e210f740b49-OSL
alt-svc: h2=":443"; ma=60
www.saha-banks.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1673179200
104.21.77.237200 OK 17 kB URL HTTP/1.1 www.saha-banks.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1673179200
IP 104.21.77.237:0
File type ASCII text, with very long lines (34252), with no line terminators
Hash 436ffe411d7a275edd7436cf2345e5fd
1c83000aea539e165f93f18c7b96b85fe3dd4b79
867f9b080713a6f6353193b7e8fdce49c018f093999a3fc21e95bc9ccb73302d
Analyzer Verdict Alert fortinet Phishing
GET /cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1673179200 HTTP/1.1
Host: www.saha-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: _ga_MNTK4YVF83=GS1.1.1673182829.1.0.1673182829.0.0.0; _ga=GA1.1.1103795036.1673182830
HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 13:00:43 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
content-encoding: gzip
cache-control: max-age=14400, public
x-control-type-options: nosniff
vary: accept-encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VsFLjAE4Y1bxlmMmIb9iJzPPFUV%2BLV2MzfUWIyOWfmQ%2FZCfxqmPY0PeigfqEbLdRKJABEoBoVI5qONCyTOiNKbZf5PyWyT%2BlztYird1Do3dO%2BgF3CUrgo9aM0KKLVKLYOZumMNI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78651e233a320b49-OSL
alt-svc: h2=":443"; ma=60
www.saha-banks.com/wp-content/themes/jannah/assets/js/scripts.min.js?ver=6.0.1
104.21.77.237200 OK 9.3 kB URL HTTP/1.1 www.saha-banks.com/wp-content/themes/jannah/assets/js/scripts.min.js?ver=6.0.1
IP 104.21.77.237:0
File type HTML document, ASCII text, with very long lines (23452)
Hash c71948baa7efc749b427fa84f76a17b9
906d046ea213beb93d6c02eb68bfb3cfa10edb48
3bbe2e1e4b4982f5e17d8fb150f0f45f2362122f5a845c3090cbb4153e5aa5d0
GET /wp-content/themes/jannah/assets/js/scripts.min.js?ver=6.0.1 HTTP/1.1
Host: www.saha-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.saha-banks.com/issuing-al-ahly-atm-card-instead-of-a-lost-self-service-card/
Cookie: _ga_MNTK4YVF83=GS1.1.1673182829.1.0.1673182829.0.0.0; _ga=GA1.1.1103795036.1673182830
HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 13:00:43 GMT
Content-Type: application/javascript
Content-Length: 9292
Connection: keep-alive
Last-Modified: Sat, 31 Dec 2022 20:27:08 GMT
Cache-Control: max-age=86400
Expires: Mon, 09 Jan 2023 13:00:43 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vGofhce9otCLdRpnK3hRBlT%2FeyF7OvgSG5vliPJKBl2vH1%2F8%2F9ak0JMDrJl2kAxpmp1nVWbBjya0H5txP9mFwLenDj6oKQiTuGfdE7y6BZToFNHTCztrzi0kobCZN04ttJNUF24%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78651e210a76fac8-OSL
alt-svc: h2=":443"; ma=60
www.saha-banks.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.2
104.21.77.237409 Conflict 276 B URL HTTP/1.1 www.saha-banks.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.2
IP 104.21.77.237:0
File type HTML document, ASCII text, with no line terminators
Hash 6d63af39e6f6bab60dbcbb3423e46848
4988fb614495bd82e826b50e67588a13a7146040
6f4452d6a29c3e08a99ef6b4e9c5bb65fdccbf79edf19933e80319b6c4fcf47a
GET /wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.2 HTTP/1.1
Host: www.saha-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.saha-banks.com/issuing-al-ahly-atm-card-instead-of-a-lost-self-service-card/
Cookie: _ga_MNTK4YVF83=GS1.1.1673182829.1.0.1673182829.0.0.0; _ga=GA1.1.1103795036.1673182830
HTTP/1.1 409 Conflict
Date: Sun, 08 Jan 2023 13:00:43 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4T2ihxx2ZL3cs8a5Za4e21Y1l0sFrbJzDchjAyFR9jeBNkNaaW1eb8EEhNDQU2CAJF%2BqcEc8sNDa3A%2B5Qw2nXdO19f4FzqAKAmBFhpK05GltMaJorti%2BS8NCzBIp2eohQNxYfSE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78651e21e938b515-OSL
alt-svc: h2=":443"; ma=60
www.saha-banks.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
104.21.77.237200 OK 4.6 kB URL HTTP/1.1 www.saha-banks.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 104.21.77.237:0
File type ASCII text, with very long lines (11126)
Hash acdb97105af28a7066790c6748ae2e1e
65794d2c5a9d04f747faf370bc8bacd330e69e5a
dc4efbc4b704b142b5313588c32e56ea56648068a01d2bc596a4eee06b379b5e
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: www.saha-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.saha-banks.com/issuing-al-ahly-atm-card-instead-of-a-lost-self-service-card/
Cookie: _ga_MNTK4YVF83=GS1.1.1673182829.1.0.1673182829.0.0.0; _ga=GA1.1.1103795036.1673182830
HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 13:00:43 GMT
Content-Type: application/javascript
Content-Length: 4618
Connection: keep-alive
Last-Modified: Wed, 18 Nov 2020 21:36:06 GMT
Cache-Control: max-age=86400
Expires: Mon, 09 Jan 2023 13:00:43 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eAOXXXK86%2FO6QZMFGvcKuFfe1TlWmNe7wzEujrxg17Yb%2FuJFdET%2F17CkDTGMrVPS%2Fh2tNqccodMX%2Bk46svIXpeA0Q10thF061Wd5GZ4lMOdEjk3xWUfo4CcYEPtd9%2FYq3IiNGLc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78651e220fcc0b65-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 457ca75ed75785c514fb36a16792410f
fcc640c00713c93633d0b2887104c8fbc6c754f9
ff6a40bdaa6bc25eefb2d7ed130ea34460494d92c19c07dff4cc371c45d1ac44
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FF6A40BDAA6BC25EEFB2D7ED130EA34460494D92C19C07DFF4CC371C45D1AC44"
Last-Modified: Fri, 06 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9672
Expires: Sun, 08 Jan 2023 15:41:55 GMT
Date: Sun, 08 Jan 2023 13:00:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 457ca75ed75785c514fb36a16792410f
fcc640c00713c93633d0b2887104c8fbc6c754f9
ff6a40bdaa6bc25eefb2d7ed130ea34460494d92c19c07dff4cc371c45d1ac44
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FF6A40BDAA6BC25EEFB2D7ED130EA34460494D92C19C07DFF4CC371C45D1AC44"
Last-Modified: Fri, 06 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9672
Expires: Sun, 08 Jan 2023 15:41:55 GMT
Date: Sun, 08 Jan 2023 13:00:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 457ca75ed75785c514fb36a16792410f
fcc640c00713c93633d0b2887104c8fbc6c754f9
ff6a40bdaa6bc25eefb2d7ed130ea34460494d92c19c07dff4cc371c45d1ac44
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FF6A40BDAA6BC25EEFB2D7ED130EA34460494D92C19C07DFF4CC371C45D1AC44"
Last-Modified: Fri, 06 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9672
Expires: Sun, 08 Jan 2023 15:41:55 GMT
Date: Sun, 08 Jan 2023 13:00:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 457ca75ed75785c514fb36a16792410f
fcc640c00713c93633d0b2887104c8fbc6c754f9
ff6a40bdaa6bc25eefb2d7ed130ea34460494d92c19c07dff4cc371c45d1ac44
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FF6A40BDAA6BC25EEFB2D7ED130EA34460494D92C19C07DFF4CC371C45D1AC44"
Last-Modified: Fri, 06 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9672
Expires: Sun, 08 Jan 2023 15:41:55 GMT
Date: Sun, 08 Jan 2023 13:00:43 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fea675957-36a1-4a10-8735-4cba73296e89.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fea675957-36a1-4a10-8735-4cba73296e89.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5dc193698e3154c6727f0f8a468f4896
ac3e055c64cc024e55bbdc2bdfdb07799f06f83b
4e7fa4cc65a3514cd05a6582a7bcafa3b898cf9cf5fcc5f580c4b05c2b09e5e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fea675957-36a1-4a10-8735-4cba73296e89.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14548
x-amzn-requestid: 5b7bca56-608c-43a4-b082-2c44534377c6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eZmqdEPHoAMFd9Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ba1e42-1555e2f52c04321c48a72a62;Sampled=0
x-amzn-remapped-date: Sun, 08 Jan 2023 01:37:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: zVGn_81T5E6rBNgnwEZRb0r9ePl0UkoqyLZJd481FElYin_LIEcZ-w==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Sun, 08 Jan 2023 07:40:00 GMT
age: 19243
etag: "ac3e055c64cc024e55bbdc2bdfdb07799f06f83b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc647e729-b53f-49f8-a6ab-2ce5f8545fb6.jpeg
34.120.237.76200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc647e729-b53f-49f8-a6ab-2ce5f8545fb6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 72302799dca34901be4db1c732277abb
34c149aa1986ba9bbefeddae4f19ff58f4b5093b
f017823817627b30cc424f10babc7cea1470158788026a06ef537435bf7d495c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc647e729-b53f-49f8-a6ab-2ce5f8545fb6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6536
x-amzn-requestid: 231fb617-4d68-4069-9627-135017be4a93
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eZDufFHeIAMFiYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b9e65c-53903c7d05368c07629f4156;Sampled=0
x-amzn-remapped-date: Sat, 07 Jan 2023 21:38:36 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CgCLMZPEe18AbIV0uxNOAC2kvwDiy-myo9Q103jA2IS-l0ANK0_EhQ==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 07 Jan 2023 21:41:46 GMT
age: 55137
etag: "34c149aa1986ba9bbefeddae4f19ff58f4b5093b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc4c877ef-76ec-4130-a623-3cfe6579a770.png
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc4c877ef-76ec-4130-a623-3cfe6579a770.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 30c53ae078b112f7186e910c38898233
d3c58c28f0734f98bed64a26ede077464c3ad3f2
8f7dd1cf9f1472468a7caaf67a8f9c15bfe8836badcfb3249a9a8a7a6c3c0533
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc4c877ef-76ec-4130-a623-3cfe6579a770.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13787
x-amzn-requestid: 2598b4fe-a032-47d7-8e6c-cfdcfbe9d64a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eZDvYE35IAMF1Vw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b9e662-574eb7370aac63dd531d6b75;Sampled=0
x-amzn-remapped-date: Sat, 07 Jan 2023 21:38:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: cd50TSdgJPa-oMD9VpvWgVF9DMls8TmQqVUNNj5d6BPlVnN1_3vTUA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 07 Jan 2023 22:05:52 GMT
age: 53691
etag: "d3c58c28f0734f98bed64a26ede077464c3ad3f2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd91e555-c9f3-4166-92be-27db2e1919b6.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd91e555-c9f3-4166-92be-27db2e1919b6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash afcc8f4875f4b74ca0640829b689731e
584d0e11665ae89f9a294baf1e9bb4f0e4e9a4df
3e487396389c4330abc99bc99053eecc6aaf56f7afa398d70c30e1f4709577a0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd91e555-c9f3-4166-92be-27db2e1919b6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13626
x-amzn-requestid: 407fef75-2217-4da7-8ea8-b5ede48a0615
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eNKshEEvoAMFkMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b524b6-72ca4e7b3034e7ac1f3fa1ed;Sampled=0
x-amzn-remapped-date: Wed, 04 Jan 2023 07:03:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xOpZDrVh8MsfFqh0HuJJIWFvlgIm0jUE73p9MpgRA1PO_VAv0vP2nw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 07 Jan 2023 16:43:14 GMT
age: 73049
etag: "584d0e11665ae89f9a294baf1e9bb4f0e4e9a4df"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F753d022b-5cb9-4f9b-b520-756c952710b3.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F753d022b-5cb9-4f9b-b520-756c952710b3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f2abe0388f11bae93f827a971bd29802
a57915c3b8388bc23c3a677ba12cc0525d949c2c
d23c15ca723fe73f6893703c7d1830034182fb1c9c620837313774c62368fa06
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F753d022b-5cb9-4f9b-b520-756c952710b3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10544
x-amzn-requestid: 04bdd2a7-b3dd-434b-833c-7101a1da9da7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eZDy1E_goAMFmgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b9e678-3468e4a9174280c146f28962;Sampled=0
x-amzn-remapped-date: Sat, 07 Jan 2023 21:39:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: BTPEBPH5icsKe4sSjs8d_ILObhQcrFYwZG6VnW33Wv6lQzEp_AzcnQ==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Sat, 07 Jan 2023 22:37:47 GMT
age: 51776
etag: "a57915c3b8388bc23c3a677ba12cc0525d949c2c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3750e6a-c5c3-4c07-8912-be2b2eaf7e4f.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3750e6a-c5c3-4c07-8912-be2b2eaf7e4f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 073554b46cc8ac731a6ae967ff367f70
d1a8816ad1296220be03d2191f6505f4b9fe6837
918e2a1addecb099a2b00ac33288ec1b7cd8d2a1ea9a9f90c5f1d2c54367cef1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3750e6a-c5c3-4c07-8912-be2b2eaf7e4f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11629
x-amzn-requestid: f284312f-cc21-4148-bc52-13f52fae1190
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eT5KkHRQIAMFVOQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b7d576-7ee3d3fd4afbfcfc4faa613b;Sampled=0
x-amzn-remapped-date: Fri, 06 Jan 2023 08:01:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XTxyVFQ59QCjs_0CD-nzFgyMsFKeU77l75dzWNYLJYmYZpxs6tGfHQ==
via: 1.1 1ec2938341958d70d56193d709c89dee.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Sun, 08 Jan 2023 03:57:57 GMT
age: 32566
etag: "d1a8816ad1296220be03d2191f6505f4b9fe6837"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.saha-banks.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.11.0
104.21.77.237200 OK 3.9 kB URL HTTP/1.1 www.saha-banks.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.11.0
IP 104.21.77.237:0
File type ASCII text, with very long lines (1577)
Hash 0de3f234bf5adf709c64d6a81701e107
ec76e30709d2ac94c86121529768c54b84943872
c67075988b28f06061348cebb275f465c608e141f9a00b50c5e4824f57ed10f3
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.11.0 HTTP/1.1
Host: www.saha-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.saha-banks.com/issuing-al-ahly-atm-card-instead-of-a-lost-self-service-card/
Cookie: _ga_MNTK4YVF83=GS1.1.1673182829.1.0.1673182829.0.0.0; _ga=GA1.1.1103795036.1673182830
HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 13:00:43 GMT
Content-Type: application/javascript
Content-Length: 3861
Connection: keep-alive
Last-Modified: Mon, 12 Dec 2022 20:34:10 GMT
Cache-Control: max-age=86400
Expires: Mon, 09 Jan 2023 13:00:43 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u5KMKDQpD7n18XEDBo59%2FCg4fcM06BRqw8V0DBUCGz6EOzc40gmY4GrJk%2FsXGTn0yP14EjXZ4jAN%2BsSdHW1mhWXCEYAY8waCWeKZ34goldziZo2DSqlIR%2BOOefhf%2BAy8K1tKbpc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78651e22dc6cb50f-OSL
alt-svc: h2=":443"; ma=60
www.saha-banks.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
104.21.77.237200 OK 39 kB URL HTTP/1.1 www.saha-banks.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP 104.21.77.237:0
File type ASCII text, with very long lines (65447)
Hash 32f58a61f7c5a7e10f8b2dcf8e9a8e34
865c25589283ab1debd45bdfa6c4d8c6ecf15ad3
481cb2216fbdb0797af8c61b69c0bda2c10d025f7b11f2cdfac382d35dc45d63
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: www.saha-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.saha-banks.com/issuing-al-ahly-atm-card-instead-of-a-lost-self-service-card/
Cookie: _ga_MNTK4YVF83=GS1.1.1673182829.1.0.1673182829.0.0.0; _ga=GA1.1.1103795036.1673182830
HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 13:00:43 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 02 Nov 2022 08:34:13 GMT
Cache-Control: max-age=86400
Expires: Mon, 09 Jan 2023 13:00:43 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lflr2yfQUgbw7bb9JXPKtAWYi%2FIRNE%2F9GYXVk9unSzzycNAA7VTrLaw15sYoN7N%2Byhg49rAJqXKQ9XkogKnXWA5msREX4%2FTVUvlwik2D3W7P2LLWZk1aFQWAh%2FYnnLSptdDOjAQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78651e223a36b512-OSL
alt-svc: h2=":443"; ma=60
www.saha-banks.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
104.21.77.237200 OK 5.3 kB URL HTTP/1.1 www.saha-banks.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
IP 104.21.77.237:0
File type ASCII text, with very long lines (15660)
Hash 710f8b142ea44c0682dc2c30f318f065
49144e9b3a76d3d383b1d4359cf7a25e947f4233
708bb5819879a2a2c7670abc20a58cca68a415ffd621011cbc4c3c9d82dddc50
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.1.1 HTTP/1.1
Host: www.saha-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.saha-banks.com/issuing-al-ahly-atm-card-instead-of-a-lost-self-service-card/
Cookie: _ga_MNTK4YVF83=GS1.1.1673182829.1.0.1673182829.0.0.0; _ga=GA1.1.1103795036.1673182830
HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 13:00:43 GMT
Content-Type: application/javascript
Content-Length: 5321
Connection: keep-alive
Last-Modified: Tue, 12 Apr 2022 17:26:24 GMT
Cache-Control: max-age=86400
Expires: Mon, 09 Jan 2023 13:00:43 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HHz3svOB9nxZP9WQc%2BuDHRun3NWVWuPumK3nEdw90KLsEm0z7hx3IqRvwyOBa%2BajcgpbKM7dKjIUICNNjdssgNXc0JSXSmjIJP8Vfa4n2%2BoggC7TRbH4LDjFdacRDmyoG0Wkq8U%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78651e236a680b49-OSL
alt-svc: h2=":443"; ma=60
www.saha-banks.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.2
104.21.77.237409 Conflict 276 B URL HTTP/1.1 www.saha-banks.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.2
IP 104.21.77.237:0
File type HTML document, ASCII text, with no line terminators
Hash 7451176c75fedf8dafcf54ec8355d274
1c9223af620034c594869b1ac7193f4f929cdec0
c4b6d838990846d9bd893f429f83c179df1236d02a06ed12cb0eba9117e4cfe8
GET /wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.2 HTTP/1.1
Host: www.saha-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.saha-banks.com/issuing-al-ahly-atm-card-instead-of-a-lost-self-service-card/
Cookie: _ga_MNTK4YVF83=GS1.1.1673182829.1.0.1673182829.0.0.0; _ga=GA1.1.1103795036.1673182830
HTTP/1.1 409 Conflict
Date: Sun, 08 Jan 2023 13:00:43 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=khW1U5ePqCpaT3UyRxmxHl50wqPi00loT7ORhFhA0uAM8xP3itt0slM%2BapNCpSOi30GzQLYuHk36sIxE9EIWr7X4GJN1WID2uPYUN0Zgn868BWfPzDp7Id0R5KrZaQ27yMeatno%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78651e25ca3bb50f-OSL
alt-svc: h2=":443"; ma=60
2.gravatar.com/avatar/e683bd3c16c93896774f76c132ffb44f?s=140&d=mm&r=g
192.0.73.2200 OK 8.1 kB URL HTTP/2 2.gravatar.com/avatar/e683bd3c16c93896774f76c132ffb44f?s=140&d=mm&r=g
IP 192.0.73.2:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 140x140, components 3\012- data
Hash c25cbc4a9a13cad4cd9d4763afa94359
d9fbab0918619a9094338198020ed46792fd801e
e2ac7c902c15f2367a7de997362ec45490b4a4b72a7282cb13ea896c78d607a5
GET /avatar/e683bd3c16c93896774f76c132ffb44f?s=140&d=mm&r=g HTTP/1.1
Host: 2.gravatar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.saha-banks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 08 Jan 2023 13:00:44 GMT
content-type: image/jpeg
content-length: 8076
last-modified: Thu, 09 Mar 2017 15:27:12 GMT
link: <https://www.gravatar.com/avatar/e683bd3c16c93896774f76c132ffb44f?s=140&d=mm&r=g>; rel="canonical"
content-disposition: inline; filename="e683bd3c16c93896774f76c132ffb44f.jpeg"
access-control-allow-origin: *
expires: Sun, 08 Jan 2023 13:05:44 GMT
cache-control: max-age=300
x-nc: MISS arn 4
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 69c3f0bdbb90c95313c7de5255c3b6e8
8edcbfcc3b87aeecc9f3ca84537512e01039ad6a
754d91c7500f67369c1ea04649eddef7e4201932f81405a0662a6d5f4b80a3da
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 08 Jan 2023 13:00:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 910d902590c4dce2c5fde148d455a94c
05617b6a2fd1a7eb4fcb098a7ce48011d3f835bc
3bfd7cff0474a36458748e4cc6dfa647fdd7bd8b4fa792079042a04c7dffe0b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 08 Jan 2023 13:00:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/adsid/integrator.js?domain=www.saha-banks.com
142.250.74.34200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=www.saha-banks.com
IP 142.250.74.34:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=www.saha-banks.com HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.saha-banks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 08 Jan 2023 13:00:44 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=www.saha-banks.com
172.217.21.162200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=www.saha-banks.com
IP 172.217.21.162:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=www.saha-banks.com HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.saha-banks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 08 Jan 2023 13:00:44 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 69c3f0bdbb90c95313c7de5255c3b6e8
8edcbfcc3b87aeecc9f3ca84537512e01039ad6a
754d91c7500f67369c1ea04649eddef7e4201932f81405a0662a6d5f4b80a3da
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 08 Jan 2023 13:00:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 910d902590c4dce2c5fde148d455a94c
05617b6a2fd1a7eb4fcb098a7ce48011d3f835bc
3bfd7cff0474a36458748e4cc6dfa647fdd7bd8b4fa792079042a04c7dffe0b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 08 Jan 2023 13:00:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.saha-banks.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.2
104.21.77.237409 Conflict 276 B URL HTTP/1.1 www.saha-banks.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.2
IP 104.21.77.237:0
File type HTML document, ASCII text, with no line terminators
Hash a748a1bbe2ebb84af00ec57e4e120159
ecd9af1b333851987790054076e969d7aa9e302e
763fc1ec0b5fd1472875d5181b255ff9cb07f7893667320aa24dd38e9c5d0003
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.2 HTTP/1.1
Host: www.saha-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.saha-banks.com/issuing-al-ahly-atm-card-instead-of-a-lost-self-service-card/
Cookie: _ga_MNTK4YVF83=GS1.1.1673182829.1.0.1673182829.0.0.0; _ga=GA1.1.1103795036.1673182830
HTTP/1.1 409 Conflict
Date: Sun, 08 Jan 2023 13:00:44 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cg8jj%2Fcb9L2BBu7a7h97GkdM6yFPFS1CbVqMafzHmBIniRXghKFldfuk84oEsVwk5zR39%2B27fNtpy%2B27IfDJIQzypkA88HnYI1Z%2F06%2BxxVZZVaiOMMT85xMBgykS92kQUWxKBLA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78651e26fb84b50f-OSL
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e4d2865d6f7ea60de63ad932691f4fe5
5f1c688c4d676eb8ecdad52c5d9a23d711c5aef0
25e569ecceb0af06dd128875e54d9ea2a2c902c9fd781ad5d689ed5c205204b7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 08 Jan 2023 13:00:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/webfont/1/webfont.js
142.250.74.74200 OK 5.4 kB URL HTTP/1.1 ajax.googleapis.com/ajax/libs/webfont/1/webfont.js
IP 142.250.74.74:0
File type ASCII text, with very long lines (2134)
Hash 30ca3165d143baf2835023bfcf463450
62c662c0873b79a314c040fef28dcd29abb14480
4f405d00e8ced09d5826e3e070b7e4d3f3556f856ca790b0b4a2c2eaaf58d33b
GET /ajax/libs/webfont/1/webfont.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.saha-banks.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Timing-Allow-Origin: *
Content-Length: 5437
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 07 Jan 2023 09:37:20 GMT
Expires: Sun, 07 Jan 2024 09:37:20 GMT
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Content-Type: text/javascript; charset=UTF-8
Age: 98604
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e4d2865d6f7ea60de63ad932691f4fe5
5f1c688c4d676eb8ecdad52c5d9a23d711c5aef0
25e569ecceb0af06dd128875e54d9ea2a2c902c9fd781ad5d689ed5c205204b7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 08 Jan 2023 13:00:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Cairo%7CChanga%7CQuestrial:100,100italic,300,300italic,regular,italic,500,500italic,700,700italic,800,800italic,900,900italic&subset=latin,latin,latin&display=swap
216.58.207.202200 OK 609 B URL HTTP/1.1 fonts.googleapis.com/css?family=Cairo%7CChanga%7CQuestrial:100,100italic,300,300italic,regular,italic,500,500italic,700,700italic,800,800italic,900,900italic&subset=latin,latin,latin&display=swap
IP 216.58.207.202:0
Hash 361fdf2276076cc33d6b512e7f8591d8
3b940dacd9f1207eab2bcb6fc47c2524fa853815
76f15d81c8faa3d4a27f851e06a63488846c47d7c64fc856627ee96b292870f0
GET /css?family=Cairo%7CChanga%7CQuestrial:100,100italic,300,300italic,regular,italic,500,500italic,700,700italic,800,800italic,900,900italic&subset=latin,latin,latin&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.saha-banks.com/
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sun, 08 Jan 2023 13:00:44 GMT
Date: Sun, 08 Jan 2023 13:00:44 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2fc84f7daa4df6827d6d78b618547959
9323b08ef3841ed8764b82b2106672d7aff54e80
d307b3f523cfd33dc763f89cd6b270d8a3d0ad5b3edd7aabfd230775a21f8f38
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 08 Jan 2023 13:00:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/sodar/sodar2.js
216.58.211.1200 OK 6.4 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2.js
IP 216.58.211.1:0
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.saha-banks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Sun, 08 Jan 2023 13:00:44 GMT
expires: Sun, 08 Jan 2023 13:00:44 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.saha-banks.com/cdn-cgi/challenge-platform/h/b/cv/result/78651e141e19fac8
104.21.77.237200 OK 28 B URL HTTP/1.1 www.saha-banks.com/cdn-cgi/challenge-platform/h/b/cv/result/78651e141e19fac8
IP 104.21.77.237:0
File type ASCII text, with no line terminators
Hash 86de097d54457ad4fbf85150ea2dc2fb
194863f4b15ecf7eb4f38bf7ed46b688289be8a4
6301b31e8f84ba8a7465199ebf1c2341253198f21763ad7e7cf6fdebe3d832ec
Analyzer Verdict Alert fortinet Phishing
POST /cdn-cgi/challenge-platform/h/b/cv/result/78651e141e19fac8 HTTP/1.1
Host: www.saha-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
Content-Length: 11902
Origin: http://www.saha-banks.com
Connection: keep-alive
Referer: http://www.saha-banks.com/issuing-al-ahly-atm-card-instead-of-a-lost-self-service-card/
Cookie: _ga_MNTK4YVF83=GS1.1.1673182829.1.0.1673182829.0.0.0; _ga=GA1.1.1103795036.1673182830; __gads=ID=3983deef905ccff2-22b7d9da35db00f9:T=1673182844:RT=1673182844:S=ALNI_MZAKssAuv5J3LtrWksh_-f8wdTEmw; __gpi=UID=00000b9fad2c7ba6:T=1673182844:RT=1673182844:S=ALNI_Mb6jCHCquWyQqTKN1ufhr96aFcWBg
HTTP/1.1 200 OK
Date: Sun, 08 Jan 2023 13:00:44 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cf_bm=kV9PNsmFaQ0ze10absc_61cSpTGWZ05dWycJJPi7zRs-1673182844-0-AbXjJF6DnScIyAUAfJogWN0KGq5Xk5IoDeZar+Cc3OB8xrIKOjTAmRSts/erkW1tHaHhIB+FGeJvhOSpBBDJMu8zH22whkty7IFXUpMYdIO2QHfe96OdLZJlxI1lj9uKTtGDZDBmWyoID0EjSvPi+zI=; path=/; expires=Sun, 08-Jan-23 13:30:44 GMT; domain=.saha-banks.com; HttpOnly; SameSite=None
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OjysdLqTG8xnLi2lmmm6aCrSxppq%2BEbytr6L0Ce69KqUZDUocflRHT0NhXawlXDDLjS0PrQQwsLeDaT3bWmwEThDethvDtKnbEaeB7Nqhi2AlnvjF3FQ2wFHl6%2FNUzBXmcnwFLk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78651e2d0c7db50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
fonts.gstatic.com/s/changa/v20/2-c79JNi2YuVOUcOarRPgnNGooxCZ62xcjfj9w.woff2
142.250.74.35200 OK 9.1 kB URL HTTP/1.1 fonts.gstatic.com/s/changa/v20/2-c79JNi2YuVOUcOarRPgnNGooxCZ62xcjfj9w.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 9120, version 1.0\012- data
Hash 18ad880aaa4e28b6cd1ef0d30ac95573
da6a33a1ecc296aa481432e2727b273140b78543
f2c5710634752d1a156adf5ac961c8400e3a577c90f97a6a293a07f4a28957fd
GET /s/changa/v20/2-c79JNi2YuVOUcOarRPgnNGooxCZ62xcjfj9w.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.saha-banks.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 9120
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 07 Jan 2023 20:06:35 GMT
Expires: Sun, 07 Jan 2024 20:06:35 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Fri, 24 Jun 2022 18:40:48 GMT
Content-Type: font/woff2
Age: 60850
fonts.gstatic.com/s/cairo/v22/SLXgc1nY6HkvangtZmpQdkhzfH5lkSs2SgRjCAGMQ1z0hOA-a1PiLA.woff2
142.250.74.35200 OK 14 kB URL HTTP/1.1 fonts.gstatic.com/s/cairo/v22/SLXgc1nY6HkvangtZmpQdkhzfH5lkSs2SgRjCAGMQ1z0hOA-a1PiLA.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 14316, version 1.0\012- data
Hash 9383ff090e200fc692eb9d0f91df0e6a
eae567c614d06c697ab908310bbf3af6fa331db3
91fa743b90662d1247ff2a9e452e5cfa525e0d4a4caa1a29ed9820a74bb0f80c
GET /s/cairo/v22/SLXgc1nY6HkvangtZmpQdkhzfH5lkSs2SgRjCAGMQ1z0hOA-a1PiLA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.saha-banks.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 14316
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 02 Jan 2023 12:14:47 GMT
Expires: Tue, 02 Jan 2024 12:14:47 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 08 Nov 2022 19:56:04 GMT
Content-Type: font/woff2
Age: 521158
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f3bf71643ae5219a72dda1da70667cf6
00e3e8da4828280fa90ad6f8550b32a1afe9eda7
a62b2beef5db6770d7caefcc77a94da89d1d64e3de538b47926c8b6dee469137
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 08 Jan 2023 13:00:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/questrial/v18/QdVUSTchPBm7nuUeVf70viFl.woff2
142.250.74.35200 OK 19 kB URL HTTP/1.1 fonts.gstatic.com/s/questrial/v18/QdVUSTchPBm7nuUeVf70viFl.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 19292, version 1.0\012- data
Hash 19007b17e56daa60133bce9e9b352a95
bac1384caeae5762e7a1d8c18037f69c8cd21bc4
fd88a03358ba14440b78c6329717bdf6ed1a9fe97c3ad4e0a0a39d31fb1ac546
GET /s/questrial/v18/QdVUSTchPBm7nuUeVf70viFl.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.saha-banks.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 19292
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 07 Jan 2023 18:17:31 GMT
Expires: Sun, 07 Jan 2024 18:17:31 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Wed, 27 Apr 2022 16:12:54 GMT
Content-Type: font/woff2
Age: 67394
www.google.com/recaptcha/api2/aframe
142.250.74.132200 OK 513 B URL HTTP/2 www.google.com/recaptcha/api2/aframe
IP 142.250.74.132:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash 5bce3100f80f6e3376912bb281f2f586
d9253993ba9428e1ecf2ef8a11280b74b6775bc7
fa9bd46144e6c8dbb9aa5ef3e8966f61dc59bbd0d2f416f5aca11e0d5cff1280
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.saha-banks.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sun, 08 Jan 2023 13:00:45 GMT
date: Sun, 08 Jan 2023 13:00:45 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-NvfdXwh8LArsJqKGBBiYFA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.no/adsid/integrator.js?domain=www.saha-banks.com
142.250.74.34200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=www.saha-banks.com
IP 142.250.74.34:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=www.saha-banks.com HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.saha-banks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 08 Jan 2023 13:00:45 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/changa/v20/2-c79JNi2YuVOUcOarRPgnNGooxCZ62xcjLj9ytf.woff2
142.250.74.35200 OK 8.7 kB URL HTTP/1.1 fonts.gstatic.com/s/changa/v20/2-c79JNi2YuVOUcOarRPgnNGooxCZ62xcjLj9ytf.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 8708, version 1.0\012- data
Hash cd316e4c96f15e4f5ee9b4cad904f4c7
c9d4a1c25311b932f4707d1315cfa037bff2687c
4e1343e3fad2721d8db43b01c81295a45afd6f82d519f0376290715426abbacc
GET /s/changa/v20/2-c79JNi2YuVOUcOarRPgnNGooxCZ62xcjLj9ytf.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.saha-banks.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 8708
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 07 Jan 2023 20:06:35 GMT
Expires: Sun, 07 Jan 2024 20:06:35 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Fri, 24 Jun 2022 18:40:47 GMT
Content-Type: font/woff2
Age: 60850
fonts.gstatic.com/s/cairo/v22/SLXgc1nY6HkvangtZmpQdkhzfH5lkSs2SgRjCAGMQ1z0hOA-a1biLD-H.woff2
142.250.74.35200 OK 12 kB URL HTTP/1.1 fonts.gstatic.com/s/cairo/v22/SLXgc1nY6HkvangtZmpQdkhzfH5lkSs2SgRjCAGMQ1z0hOA-a1biLD-H.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 11760, version 1.0\012- data
Hash dc696827ea29c67ac521ff0b36f50562
5fad76118dc2cf6d27666856a085693f0569db9a
157025606cebc118ce7bb7a62122058604fb39cbae9ae6bf2e7ad57bf4eb8087
GET /s/cairo/v22/SLXgc1nY6HkvangtZmpQdkhzfH5lkSs2SgRjCAGMQ1z0hOA-a1biLD-H.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.saha-banks.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 11760
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 06 Jan 2023 08:53:25 GMT
Expires: Sat, 06 Jan 2024 08:53:25 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 08 Nov 2022 19:55:08 GMT
Content-Type: font/woff2
Age: 187640
adservice.google.no/adsid/integrator.js?domain=www.saha-banks.com
142.250.74.34200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=www.saha-banks.com
IP 142.250.74.34:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=www.saha-banks.com HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.saha-banks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 08 Jan 2023 13:00:45 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.no/adsid/integrator.js?domain=www.saha-banks.com
142.250.74.34200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=www.saha-banks.com
IP 142.250.74.34:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=www.saha-banks.com HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.saha-banks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 08 Jan 2023 13:00:46 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.no/adsid/integrator.js?domain=www.saha-banks.com
142.250.74.34200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=www.saha-banks.com
IP 142.250.74.34:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=www.saha-banks.com HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.saha-banks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 08 Jan 2023 13:00:46 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2