Overview

URLc2541454.ferozo.com/fa/webcss/
IP 200.58.111.50 (Argentina)
ASN#27823 Dattatec.com
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-12-05 22:09:03 UTC
StatusLoading report..
IDS alerts0
Blocklist alert8
urlquery alerts
21
Phishing - Banca Sella
Tags None

Domain Summary (9)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
billng-netlflex-llogian.com (2) 0 2022-12-05 08:23:43 UTC 2022-12-05 12:35:32 UTC 200.58.111.50 Unknown ranking
r3.o.lencr.org (8) 344 No data No data 23.36.77.32
c2541454.ferozo.com (12) 0 2022-12-05 06:50:54 UTC 2022-12-05 12:21:03 UTC 200.58.111.50 Domain (ferozo.com) ranked at: 237713
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-12-05 04:09:09 UTC 34.102.187.140
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-12-05 04:09:48 UTC 34.117.237.239
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 34.216.192.228
img-getpocket.cdn.mozilla.net (7) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
ocsp.digicert.com (2) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
Scan Date Severity Indicator Comment
2022-12-05 2 c2541454.ferozo.com/fa/webcss/ Banca Sella

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-12-05 2 c2541454.ferozo.com/fa/webcss/ Phishing
2022-12-05 2 c2541454.ferozo.com/fa/webcss/css/osp.js Phishing
2022-12-05 2 c2541454.ferozo.com/fa/webcss/css/icon_arrowhead_progressBar_finished.svg Phishing
2022-12-05 2 c2541454.ferozo.com/fa/webcss/css/language_italian.svg Phishing
2022-12-05 2 c2541454.ferozo.com/fa/webcss/css/icon_arrowhead_progressBar_now.svg Phishing
2022-12-05 2 c2541454.ferozo.com/fa/webcss/css/icon_arrowhead_progressBar_next.svg Phishing
2022-12-05 2 c2541454.ferozo.com/fa/webcss/css/LOGO_BSE_PAGAM.svg Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 200.58.111.50
Date UQ / IDS / BL URL IP
2023-01-27 20:34:52 +0000 0 - 0 - 7 c2541481.ferozo.com/step-4.php 200.58.111.50
2023-01-27 20:34:33 +0000 0 - 0 - 7 c2541481.ferozo.com/step-3.php 200.58.111.50
2023-01-27 20:34:17 +0000 0 - 0 - 7 c2541481.ferozo.com/step-2.php 200.58.111.50
2023-01-27 20:33:55 +0000 0 - 0 - 18 c2541481.ferozo.com/ 200.58.111.50
2023-01-27 06:49:36 +0000 0 - 1 - 26 c2541481.ferozo.com/hotmailverifi/Pin.html 200.58.111.50


Last 5 reports on ASN: Dattatec.com
Date UQ / IDS / BL URL IP
2023-02-04 16:04:24 +0000 27 - 1 - 0 globalinterpacific.com.co/wp-content/themes/f (...) 200.58.110.67
2023-02-04 16:04:17 +0000 27 - 1 - 0 globalinterpacific.com.co/wp-content/themes/f (...) 200.58.110.67
2023-02-04 13:40:12 +0000 0 - 1 - 2 environ-mental.com.ar/css/UltraBranch/login.p (...) 200.58.111.46
2023-02-04 10:21:56 +0000 0 - 1 - 43 environ-mental.com.ar/css/ultrabranch/login.p (...) 200.58.111.46
2023-02-04 07:39:25 +0000 0 - 1 - 2 environ-mental.com.ar/css/UltraBranch/login.p (...) 200.58.111.46


Last 5 reports on domain: ferozo.com
Date UQ / IDS / BL URL IP
2023-02-03 21:34:48 +0000 33 - 0 - 0 j5000477.ferozo.com/wp-admin/maint/Aramex/cli (...) 200.58.111.230
2023-02-03 18:46:26 +0000 33 - 0 - 0 j5000477.ferozo.com/wp-admin/maint/Aramex/cli (...) 200.58.111.230
2023-02-03 18:19:55 +0000 31 - 0 - 0 j5000477.ferozo.com/wp-admin/maint/Aramex/cli (...) 200.58.111.230
2023-02-03 12:04:11 +0000 0 - 1 - 17 c1572007.ferozo.com/ 200.58.110.107
2023-02-01 12:42:16 +0000 0 - 1 - 4 c1450565.ferozo.com/fichier/ajax/Cuidad/verif (...) 200.58.111.68


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-12-22 06:22:00 +0000 13 - 0 - 11 rinnovadominio-it.167-99-242-43.plesk.page/pa (...) 167.99.242.43
2022-12-22 06:21:40 +0000 13 - 0 - 9 rinnovadominio-it.167-99-242-43.plesk.page/ 167.99.242.43
2022-09-13 22:19:38 +0000 0 - 0 - 9 idolnutrition.com/area/b532536d5f8d808978b5f0 (...) 163.44.198.41
2022-09-13 22:19:18 +0000 0 - 0 - 9 idolnutrition.com/area/4a61d37a4e4f459e687436 (...) 163.44.198.41
2022-09-13 22:01:22 +0000 0 - 0 - 10 idolnutrition.com/area/ed31de20fff66637225f30 (...) 163.44.198.41

JavaScript

Executed Scripts (3)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (36)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4421
Expires: Mon, 05 Dec 2022 23:22:33 GMT
Date: Mon, 05 Dec 2022 22:08:52 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7949
Expires: Tue, 06 Dec 2022 00:21:21 GMT
Date: Mon, 05 Dec 2022 22:08:52 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1015
Cache-Control: max-age=131962
Date: Mon, 05 Dec 2022 22:08:52 GMT
Etag: "638dc877-1d7"
Expires: Wed, 07 Dec 2022 10:48:14 GMT
Last-Modified: Mon, 05 Dec 2022 10:31:19 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: Gf6HaM715qA9UHR3SDiYCRqe210EKRdv6MqB3oWqN+N8/B3TKgB7PRXJQayQnmlJq257iis18R0=
x-amz-request-id: MMA9B2N0EZ8XXGVE
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 05 Dec 2022 21:46:50 GMT
age: 1322
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    53341dea33f4f3d9b4966f80589f429a
Sha1:   20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
Sha256: 651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 05 Dec 2022 21:20:20 GMT
cache-control: public,max-age=3600
age: 2912
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    14cd9a0afb6ba9a763651d5112760d1e
Sha1:   75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
Sha256: 4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Mon, 05 Dec 2022 22:08:52 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 05 Dec 2022 21:11:19 GMT
cache-control: public,max-age=3600
age: 3454
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1000
Cache-Control: max-age=126879
Date: Mon, 05 Dec 2022 22:08:53 GMT
Etag: "638db4ac-1d7"
Expires: Wed, 07 Dec 2022 09:23:32 GMT
Last-Modified: Mon, 05 Dec 2022 09:06:52 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /fa/webcss/ HTTP/1.1 
Host: c2541454.ferozo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         200.58.111.50
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Mon, 05 Dec 2022 22:08:52 GMT
Server: Apache
X-Powered-By: PHP/7.4.25
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=10, max=200
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (322)
Size:   3409
Md5:    a1df98dd741347521e5100eaaeda2703
Sha1:   94306a6227f80e315c4104b2c4233528af02f523
Sha256: 60fc5152b18edf7908d57848c96ead6a001f1d141c7f99ea7a3629c6577b21d1

Alerts:
  Blocklists:
    - openphish: Banca Sella
    - fortinet: Phishing
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: UjvP5HwU2vu2hYzrnrszVw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         34.216.192.228
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: UCmwDAsj4VKf+HBnUT7l4gSDu+M=

                                        
                                            GET /fa/webcss/css/jquery-ui.css HTTP/1.1 
Host: c2541454.ferozo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c2541454.ferozo.com/fa/webcss/

search
                                         200.58.111.50
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Mon, 05 Dec 2022 22:08:53 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 03 Dec 2022 07:00:04 GMT
ETag: "6e23-5eee700ede500-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6750
Keep-Alive: timeout=10, max=200


--- Additional Info ---
Magic:  ASCII text, with very long lines (28195), with no line terminators
Size:   6750
Md5:    613596a9b61d4505f619b62ebe0e65b2
Sha1:   ddca79f5d3d0cf1ee5cf130f1d0228973e64ce8f
Sha256: 225bf998eb5f7f8bca06e729f4ca5bff000a7fb35f24d35e591cb8c5a36a325d

Alerts:
  urlquery:
    - Phishing - Banca Sella
    - Phishing - Banca Sella
                                        
                                            GET /fa/webcss/css/osp.js HTTP/1.1 
Host: c2541454.ferozo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c2541454.ferozo.com/fa/webcss/

search
                                         200.58.111.50
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Mon, 05 Dec 2022 22:08:53 GMT
Server: Apache
Last-Modified: Sat, 03 Dec 2022 07:00:04 GMT
ETag: "b7b-5eee700ede500-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 767
Keep-Alive: timeout=10, max=199
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   767
Md5:    9318db4200c12e5eec8acd91c9942bc1
Sha1:   cae0f15e1b346023e3734ac84ec638fbb3d4ea1e
Sha256: ff0fdf98dcd765d3333ba851ac191631b48672d092e6c2bcd9e8211f4383a81e

Alerts:
  urlquery:
    - Phishing - Banca Sella
    - Phishing - Banca Sella
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4230
Expires: Mon, 05 Dec 2022 23:19:23 GMT
Date: Mon, 05 Dec 2022 22:08:53 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4230
Expires: Mon, 05 Dec 2022 23:19:23 GMT
Date: Mon, 05 Dec 2022 22:08:53 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4230
Expires: Mon, 05 Dec 2022 23:19:23 GMT
Date: Mon, 05 Dec 2022 22:08:53 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4230
Expires: Mon, 05 Dec 2022 23:19:23 GMT
Date: Mon, 05 Dec 2022 22:08:53 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4230
Expires: Mon, 05 Dec 2022 23:19:23 GMT
Date: Mon, 05 Dec 2022 22:08:53 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa99f7bcf-386e-4655-b6f0-99abdf67f097.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8469
x-amzn-requestid: c17eff92-da62-4f0f-9e75-2741012ec43a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_sqFSjoAMFQ6w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d131d-61d61d2f0bb01ecb21b809ea;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:33 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: TKSlCefkyQ7VDufJJOh1D7zhioft93jfOsoXxTD4ncAK5ktxlPvIoA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:52:07 GMT
age: 1006
etag: "ff254a1df087d2c157d88a6ef04e395dc49efe5e"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8469
Md5:    2f60a6490f38a772dcd50a1132e98e1b
Sha1:   ff254a1df087d2c157d88a6ef04e395dc49efe5e
Sha256: 653e40becd103cd76cc2f194a87e933e8c548d346f87520fefca3b16430fc4ab
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3af2e495-85ff-410f-8418-e683c7f84bcd.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7728
x-amzn-requestid: 9f37e7a6-1f00-4a81-9b14-962fd0b6cdf4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMEJxoAMFchQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-4a4cce217327b44525ea1e98;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ztC4S0WeA3ft_9JafrL6fInXo4jwkb0cTWUx4Z8L2uz3EWQS-d6F5A==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 22:09:54 GMT
age: 86339
etag: "9f80bb7ca6f699d88eaec2248dec508c589fe994"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7728
Md5:    027480c06cd67621f373c6765dafee4d
Sha1:   9f80bb7ca6f699d88eaec2248dec508c589fe994
Sha256: f69a0d6bd6e79d8fa7f2f15df11237c0a8b04d45af3cd5870eeef86d18f553bf
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60dcc231-abb7-48f1-8ec5-e25b31bd100b.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10396
x-amzn-requestid: b879fd2e-b6cf-4373-b780-2d97481c45f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cioNbH5KoAMFUsA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a8722-6add7f8e225878473b20c015;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 23:15:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ir97GJKaFoW6BNXCcmMqp0JSUd5JhCACyUvLh5G-0BWCDVJsqs7XhQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 11:06:22 GMT
age: 39751
etag: "2cc31dc1c5d2d2a8b3a378dce8a1240a79acfec9"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10396
Md5:    24c69d7ef356b352956d6dcbc9f5df1d
Sha1:   2cc31dc1c5d2d2a8b3a378dce8a1240a79acfec9
Sha256: 94d068620c34652cb2d24ca8b3cf962febe9606e6d3a33d937fc9d99f176edef
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8315
x-amzn-requestid: f1bcc33b-aad9-4d3b-b1f9-49282f2d4fb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMGVboAMFfxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-13472a097177d4751c8f7a8c;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6UQ_BhPmpVpe9w6gsExB-EpNq_syeCCK6fr4Y1FFK1jDJh_n1Sd0Eg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:42:44 GMT
age: 1569
etag: "22a8c4bd58c729c1abcf794466e8f3231dfb034b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8315
Md5:    db1701b7b9d161a0c935bb6e10b17893
Sha1:   22a8c4bd58c729c1abcf794466e8f3231dfb034b
Sha256: b495524a33e5b1d3ba34cfbe867ada0da956c061370b1fcde06b23a6194a9787
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4666
x-amzn-requestid: 850d341f-5ccb-453c-8adf-a8194f8fbdad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clr_-GiboAMFwww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc066-766293f2526e637235067aca;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: xXZKQokvEn01KKCxpvmljAhSNK1Ya-FYSqvkuKjqVTOlO3o3cjbw9w==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:44:06 GMT
age: 1487
etag: "a9a529dc9894827f6243a1bf57f81caa4fe88fc2"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4666
Md5:    c01fe1cccdb3b672bbade6d98217ffe9
Sha1:   a9a529dc9894827f6243a1bf57f81caa4fe88fc2
Sha256: c43da6212c79a08e22e78e04e99e8f5422e64b4b0a87f30b7907f1b4bc675c71
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5681
x-amzn-requestid: 8f0d66b8-d532-48d9-9a29-74540cd6ab3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltXnEotIAMFqkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc296-27349a376ff819ab63b04a81;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:41:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vNP2rQwmWTntetjJyjonO8N_YOBqvQuZUm42BWX7c1GoX7jASOIpCg==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:49:47 GMT
age: 1146
etag: "36f4682ca6a33ff80ee02129c77e6f27e996ede0"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5681
Md5:    43309032a892c486f9985ef520df696e
Sha1:   36f4682ca6a33ff80ee02129c77e6f27e996ede0
Sha256: 24225ff504f30405d9ec3feb2555c738fcca0d6b265f285aa9c73a64c78a496e
                                        
                                            GET /fa/webcss/css/dyf.css HTTP/1.1 
Host: c2541454.ferozo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c2541454.ferozo.com/fa/webcss/

search
                                         200.58.111.50
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Mon, 05 Dec 2022 22:08:53 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 03 Dec 2022 07:00:04 GMT
ETag: "409d-5eee700ede500-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4110
Keep-Alive: timeout=10, max=200


--- Additional Info ---
Magic:  ASCII text, with very long lines (16540)
Size:   4110
Md5:    0e0f8b4252ccc38ad635f604763bab1a
Sha1:   0dd5f15e764c14fa0060657787317e2ede36d563
Sha256: 485d69c9ad66124b3a915ded4b54f06aed602fb700dd3812f005c7284bb8681d

Alerts:
  urlquery:
    - Phishing - Banca Sella
    - Phishing - Banca Sella
                                        
                                            GET /fa/webcss/css/checkBrowser.css HTTP/1.1 
Host: c2541454.ferozo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c2541454.ferozo.com/fa/webcss/

search
                                         200.58.111.50
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Mon, 05 Dec 2022 22:08:53 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 03 Dec 2022 07:00:04 GMT
ETag: "a28-5eee700ede500-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 864
Keep-Alive: timeout=10, max=200


--- Additional Info ---
Magic:  ASCII text, with very long lines (2600), with no line terminators
Size:   864
Md5:    6e1fd832a2e7dbf9f91868ad470ec791
Sha1:   bdc3d374ebce929927853a76c0f1a0770c7feecc
Sha256: d3a01d02b09f5afa5319e44b652d9488d61d9d1baabccdd04ef145e6e449caf7

Alerts:
  urlquery:
    - Phishing - Banca Sella
    - Phishing - Banca Sella
                                        
                                            GET /fa/webcss/css/icon_arrowhead_progressBar_finished.svg HTTP/1.1 
Host: c2541454.ferozo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c2541454.ferozo.com/fa/webcss/

search
                                         200.58.111.50
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Mon, 05 Dec 2022 22:08:54 GMT
Server: Apache
Last-Modified: Sat, 03 Dec 2022 07:00:04 GMT
ETag: "84b-5eee700ede500"
Accept-Ranges: bytes
Content-Length: 2123
Keep-Alive: timeout=10, max=199
Connection: Keep-Alive


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size:   2123
Md5:    79cb503e5c3e30edf4892fe5ec9644c0
Sha1:   5dd40919bbde6c302b545527db83d5b90fd6d94a
Sha256: 80052e087c7689485037572a21818f76c1132d3f447b76e619a07bb6e77431d3

Alerts:
  urlquery:
    - Phishing - Banca Sella
    - Phishing - Banca Sella
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /fa/webcss/css/language_italian.svg HTTP/1.1 
Host: c2541454.ferozo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c2541454.ferozo.com/fa/webcss/

search
                                         200.58.111.50
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Mon, 05 Dec 2022 22:08:54 GMT
Server: Apache
Last-Modified: Sat, 03 Dec 2022 07:00:04 GMT
ETag: "2f0-5eee700ede500"
Accept-Ranges: bytes
Content-Length: 752
Keep-Alive: timeout=10, max=199
Connection: Keep-Alive


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size:   752
Md5:    f7130db0bdfa4142f9d4f701352c1ef8
Sha1:   9b206f451f13bba685d2d7330036ad0eb120d55b
Sha256: 893899185a057e264b6b13635054edd3ae805c6abc2767a7ab79b361edc8f9c8

Alerts:
  urlquery:
    - Phishing - Banca Sella
    - Phishing - Banca Sella
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /fa/webcss/css/icon_arrowhead_progressBar_now.svg HTTP/1.1 
Host: c2541454.ferozo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c2541454.ferozo.com/fa/webcss/

search
                                         200.58.111.50
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Mon, 05 Dec 2022 22:08:54 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 03 Dec 2022 07:00:04 GMT
ETag: "856-5eee700ede500"
Accept-Ranges: bytes
Content-Length: 2134
Keep-Alive: timeout=10, max=200


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size:   2134
Md5:    d42b09150a5fd1763c1863cd2ef29691
Sha1:   8f51b5e2d0c2f7a9ce726035497b9b844db288b2
Sha256: 78968380547ed62f00c1d115f573b73fd7c928bc3c418dbc2ea0934406edf912

Alerts:
  urlquery:
    - Phishing - Banca Sella
    - Phishing - Banca Sella
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /fa/webcss/css/icon_arrowhead_progressBar_next.svg HTTP/1.1 
Host: c2541454.ferozo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c2541454.ferozo.com/fa/webcss/

search
                                         200.58.111.50
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Mon, 05 Dec 2022 22:08:54 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 03 Dec 2022 07:00:04 GMT
ETag: "857-5eee700ede500"
Accept-Ranges: bytes
Content-Length: 2135
Keep-Alive: timeout=10, max=200


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size:   2135
Md5:    d040b47418a5f512244024ac13a9c9d3
Sha1:   132d8e28fb93f17bc647873f4b350ab3df06dcae
Sha256: 55cc680096c147031170a3f5bc174ae7c721d8ec9c4a4495c1cff47ecd2fa9ab

Alerts:
  urlquery:
    - Phishing - Banca Sella
    - Phishing - Banca Sella
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /fa/webcss/css/LOGO_BSE_PAGAM.svg HTTP/1.1 
Host: c2541454.ferozo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c2541454.ferozo.com/fa/webcss/

search
                                         200.58.111.50
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Mon, 05 Dec 2022 22:08:54 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 03 Dec 2022 07:00:04 GMT
ETag: "def-5eee700ede500"
Accept-Ranges: bytes
Content-Length: 3567
Keep-Alive: timeout=10, max=200


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (3567), with no line terminators
Size:   3567
Md5:    dfb0ffcf8c984e467909cfc00b8623ef
Sha1:   ff135655c9426dacb1eccdf44ce1c572580dd643
Sha256: b7df3f607e2704502e16154beb52a35346a937ab5ccd276ccb288f0c5a7aad66

Alerts:
  urlquery:
    - Phishing - Banca Sella
    - Phishing - Banca Sella
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /fa/images/icon_arrowhead_main.svg HTTP/1.1 
Host: c2541454.ferozo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c2541454.ferozo.com/fa/webcss/css/dyf.css

search
                                         200.58.111.50
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Mon, 05 Dec 2022 22:08:54 GMT
Server: Apache
X-Powered-By: PHP/7.4.25
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://billng-netlflex-llogian.com/wp-json/>; rel="https://api.w.org/"
Keep-Alive: timeout=10, max=199
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7116)
Size:   14063
Md5:    3130b6b5c9a4af60c8aa117f11d093e3
Sha1:   f0fa639460a5713fd37b52fe6fbb6a8d55ce7e5a
Sha256: 4c293f6f893a0f93b98913e7b046229196b13c6bf2059a027f7d26fc1fa84c7a
                                        
                                            GET /wp-includes/images/w-logo-blue-white-bg.png HTTP/1.1 
Host: billng-netlflex-llogian.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://c2541454.ferozo.com/
Connection: keep-alive

search
                                         200.58.111.50
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Mon, 05 Dec 2022 22:08:55 GMT
Server: Apache
Location: https://billng-netlflex-llogian.com/wp-includes/images/w-logo-blue-white-bg.png
Content-Length: 287
Keep-Alive: timeout=10, max=200
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   287
Md5:    6485795fdc2e931cbd78a95900466b41
Sha1:   727b7365153b9f24a3bb600ddddafacf2ebaa4c3
Sha256: ffaec6451f459095a1c3bda2b4fce624b28774b3e1cb62173f6bdd188d7908bf
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "126562A2D72F6C68B4D942D1D1DEB9512A37FB5FF1BFA6C9949AF69C4C7571FA"
Last-Modified: Sat, 03 Dec 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=727
Expires: Mon, 05 Dec 2022 22:21:03 GMT
Date: Mon, 05 Dec 2022 22:08:56 GMT
Connection: keep-alive

                                        
                                            GET /wp-includes/images/w-logo-blue-white-bg.png HTTP/1.1 
Host: billng-netlflex-llogian.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://c2541454.ferozo.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         200.58.111.50
HTTP/2 200 OK
content-type: image/png
                                        
last-modified: Fri, 25 Mar 2022 12:18:14 GMT
etag: "1017-5db09f4ee4d80"
accept-ranges: bytes
content-length: 4119
date: Mon, 05 Dec 2022 22:08:56 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced\012- data
Size:   4119
Md5:    000bf649cc8f6bf27cfb04d1bcdcd3c7
Sha1:   d73d2f6d74ec6cdcbae07955592962e77d8ae814
Sha256: 6bdb369337ac2496761c6f063bffea0aa6a91d4662279c399071a468251f51f0

Alerts:
  urlquery:
    - Phishing - Banca Sella
    - Phishing - Banca Sella
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba66ee21-e2f8-434c-a2b3-004950fdfd58.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11253
x-amzn-requestid: e0561a00-8657-4af0-b24c-08b328282f79
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_wKE9coAMFjmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d1334-2844266d51d5c5672f34ff61;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: YFjiAbS_6iVjzeqDGEwfpx3D7OhK7_fo0RLiSyTfPPxWNi9OyBX0aw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:52:16 GMT
age: 1004
etag: "c314368e2e73dabf2c5d856e2c3e1fae610a3005"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11253
Md5:    557fea28a0a540d2ffdadd828e03de0b
Sha1:   c314368e2e73dabf2c5d856e2c3e1fae610a3005
Sha256: 0fdd195911cdfff46a6dd8ba7b760953e5317fd7ee88abf1e19458518979fdee
                                        
                                            GET /fa/images/icon_arrowhead_back.svg HTTP/1.1 
Host: c2541454.ferozo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c2541454.ferozo.com/fa/webcss/css/dyf.css

search
                                         200.58.111.50
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Mon, 05 Dec 2022 22:08:54 GMT
Server: Apache
X-Powered-By: PHP/7.4.25
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://billng-netlflex-llogian.com/wp-json/>; rel="https://api.w.org/"
Keep-Alive: timeout=10, max=198
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---