thermovies.com/
65.21.134.164301 Moved Permanently 707 B IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET / HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 707
Date: Sun, 04 Dec 2022 15:46:36 GMT
Location: https://thermovies.com/
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13716
Expires: Sun, 04 Dec 2022 19:35:12 GMT
Date: Sun, 04 Dec 2022 15:46:36 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fb2c0697c6d9a96a5411dd2952947458
79e57f831ec396bbdaa5bfe9472a05e6c9fb31f4
3fd7edcc349ab4402f62e54a142be6b4cecf0e7ee3f431d3168bdf0643ba4d92
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3878
Cache-Control: max-age=157759
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:46:36 GMT
Etag: "638c76f5-1d7"
Expires: Tue, 06 Dec 2022 11:35:55 GMT
Last-Modified: Sun, 04 Dec 2022 10:31:17 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 04 Dec 2022 15:18:24 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1692
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14748
Expires: Sun, 04 Dec 2022 19:52:24 GMT
Date: Sun, 04 Dec 2022 15:46:36 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 8JW6yjr6w7EqSZnzIumjVC4VZTIVgcUYPbYlLft1UqmWrk3ON1QIGd7LHEp+ZcTkn3WPtyvVioY=
x-amz-request-id: 93A8CMT9F9XJ0BZD
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 04 Dec 2022 14:47:35 GMT
age: 3541
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
thermovies.com/
65.21.134.164200 OK 26 kB IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4341), with CRLF line terminators
Hash 1564c1fb0f62aab4959daa99e499e609
801462ab368a39795865b5060f9b2f457db8383a
3f5b0d73507337b1d89ac6bee9a2b4a345fe863ce234694262ced38f2416a720
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET / HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
content-type: text/html
last-modified: Mon, 08 Mar 2021 14:11:04 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 25898
date: Sun, 04 Dec 2022 15:46:36 GMT
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 15:46:36 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
thermovies.com/isp_files/sdk.js
65.21.134.164200 OK 112 kB URL HTTP/2 thermovies.com/isp_files/sdk.js
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (20829)
Size 112 kB (112340 bytes)
Hash 5f107ea8bcb9122adfa9f6971223bc00
d14269730e64d338704a94e5f62cc001dde2330f
87fb75877d7ac27c9729006558ed8e4fafa6dfab628311e3756fc433d3925c1f
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /isp_files/sdk.js HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: application/javascript
last-modified: Wed, 24 Feb 2021 08:51:34 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 112340
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/sdk_002.js
65.21.134.164200 OK 1.6 kB URL HTTP/2 thermovies.com/isp_files/sdk_002.js
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (2088)
Hash 9c5ee16f34c0f478354117dd1651c994
ac39605303f9958da05328adeab368be39be14c0
37ab382bd22df8210b438d6987232f44043df8a85f0593eb845058b36572428a
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /isp_files/sdk_002.js HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: application/javascript
last-modified: Wed, 24 Feb 2021 08:51:34 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1595
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/utag_003.js
65.21.134.164200 OK 65 kB URL HTTP/2 thermovies.com/isp_files/utag_003.js
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document, Unicode text, UTF-8 text, with very long lines (21130)
Hash 804a84c4d83d842347c1ff9f0581b8a3
15f190a0bad9311ca4f5d4541d0b695f88b1680f
6882c72ca905e07f3335765d7e45a9ab4ad7aae0d636f565188732ecd246903a
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /isp_files/utag_003.js HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: application/javascript
last-modified: Wed, 24 Feb 2021 08:51:38 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 65415
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/discoveryWidget.js
65.21.134.164200 OK 4.1 kB URL HTTP/2 thermovies.com/isp_files/discoveryWidget.js
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (15888), with CRLF line terminators
Hash 91299a58972e81e3ab3708d8ca64c768
563761363046df453f112d1c64dacb513b933ff1
c8427ce475f90941f9d34341fb7366cd43ee9c1b207b7c908c782bf7f22c1283
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /isp_files/discoveryWidget.js HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: application/javascript
last-modified: Wed, 24 Feb 2021 08:51:14 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4126
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/api.js
65.21.134.164200 OK 372 B URL HTTP/2 thermovies.com/isp_files/api.js
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (674), with no line terminators
Hash eb0bf334dfabcafe2d67a729f9694edd
030b4716c1464575ccb2df4b3e35f4775a9dd200
c5e40bc694158cc2006bb5de105bfbc77c1d1db62b1e900fdccc244e8a102b4d
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /isp_files/api.js HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: application/javascript
last-modified: Wed, 24 Feb 2021 08:51:04 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 372
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/ArchIbPublicStyle.css
65.21.134.164200 OK 16 kB URL HTTP/2 thermovies.com/isp_files/ArchIbPublicStyle.css
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (27521)
Hash 983fc5649f096a112f05db129df8b974
20db8c2c4ee3d258c5244a593cee5e5c34c292c5
dd8fe9f76ae46f19e5aefe99eaa4f2d951c1da0d119507d8bea309307215ba28
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/ArchIbPublicStyle.css HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: text/css
last-modified: Wed, 24 Feb 2021 08:51:06 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 16281
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/header_nav_custom.css
65.21.134.164200 OK 71 B URL HTTP/2 thermovies.com/isp_files/header_nav_custom.css
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with CRLF line terminators
Hash 09608b44bddff764bb0fe2954543a43e
554aa647fad1d0bc68c9b219fd294a62a22147b2
7c83a5042661ba10f25eca2c45b676001414d0e8f6c8c946d1af716cfeb8c179
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/header_nav_custom.css HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: text/css
last-modified: Wed, 24 Feb 2021 08:51:16 GMT
accept-ranges: bytes
content-length: 71
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/utag_002.js
65.21.134.164200 OK 4.7 kB URL HTTP/2 thermovies.com/isp_files/utag_002.js
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (1199)
Hash bf143c8bdabc95aad4b16adfcdb829f2
53a6d61ad333fd8b815e4f2e31a2ebc298e198d2
bc36b2832a1a37e28f4c61a951297f33307fd83bf8737890f38f6449b6ad35f3
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /isp_files/utag_002.js HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: application/javascript
last-modified: Wed, 24 Feb 2021 08:51:36 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4736
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/utag.js
65.21.134.164200 OK 2.9 kB URL HTTP/2 thermovies.com/isp_files/utag.js
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (3388)
Hash 50e25676646708801c96cd1b994ffc9d
9702ecf49550a289e6e384c03387c8d39d8f4588
3b245814264ee5cbc9479697479bd380e458a77c36fef817ed2514786caa4847
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /isp_files/utag.js HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: application/javascript
last-modified: Wed, 24 Feb 2021 08:51:36 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2871
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/utag_004.js
65.21.134.164200 OK 2 B URL HTTP/2 thermovies.com/isp_files/utag_004.js
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 7bc0ee636b3b83484fc3b9348863bd22
ebbffb7d7ea5362a22bfa1bab0bfdeb1617cd610
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /isp_files/utag_004.js HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: application/javascript
last-modified: Wed, 24 Feb 2021 08:51:38 GMT
accept-ranges: bytes
content-length: 2
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/clientlib-all.css
65.21.134.164200 OK 82 kB URL HTTP/2 thermovies.com/isp_files/clientlib-all.css
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (65011)
Hash cc772fb210a3114d885162430c3e0078
d8d36433767e7126411ec119b29c89f818a39cc6
f094bc7f96ee8cec4ba9c7fb4031f6f968551194a63af64d7ace6af4cc0bbbf2
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/clientlib-all.css HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: text/css
last-modified: Wed, 24 Feb 2021 08:51:08 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 81554
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/icon_013.png
65.21.134.164200 OK 798 B URL HTTP/2 thermovies.com/isp_files/icon_013.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 30 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash cd798ec622a5777f4ff2d6ab69ed5fb4
d2a5eb4ad8511ad8be2840a10d2fa589f53fbd39
478c49aa9a07383978500bc901b5650a76489d4077385bbb0fe2bda16ee69519
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/icon_013.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:24 GMT
accept-ranges: bytes
content-length: 798
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/icon_021.png
65.21.134.164200 OK 711 B URL HTTP/2 thermovies.com/isp_files/icon_021.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 30 x 34, 8-bit/color RGBA, non-interlaced\012- data
Hash 13fb65bbf6b71f371734ffcb77eee65c
86c35972ce92ad5e9d2672600e953df51bf6b923
a5e253bb0c4b8566cb8ef1cb425b4b24e00853927a468e8a626ca4da1be73312
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/icon_021.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:26 GMT
accept-ranges: bytes
content-length: 711
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/icon_006.png
65.21.134.164200 OK 900 B URL HTTP/2 thermovies.com/isp_files/icon_006.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 30 x 38, 8-bit/color RGBA, non-interlaced\012- data
Hash be00ed5d688cc89e1ed88c5d19b6112a
5584f034996cf2f921fedff53d0378212d52eb01
c14456513f21407b2fb73f0a5e44ba8b93d868c084dcf27bc7b2cb08d750494d
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/icon_006.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:20 GMT
accept-ranges: bytes
content-length: 900
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/icon_002.png
65.21.134.164200 OK 417 B URL HTTP/2 thermovies.com/isp_files/icon_002.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 32 x 30, 8-bit/color RGBA, non-interlaced\012- data
Hash fcb17cf1047ba4170838c3b99395a848
244c2c2f21d879c4e944e66180100d951c177f92
8a3b5c38fe7253539f893b989c0973c8f8e9fffd11d470e258773e389919c5e6
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/icon_002.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:18 GMT
accept-ranges: bytes
content-length: 417
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/icon_025.png
65.21.134.164200 OK 661 B URL HTTP/2 thermovies.com/isp_files/icon_025.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 35 x 29, 8-bit/color RGBA, non-interlaced\012- data
Hash 1925984e52c6f2ec12ea89c78a0f89fa
30d2e4965e0560ae82182806d780bacd5d243743
5de37a1fe078804b30beff475e96731b604de1d4487b207f12821acb1fb7e75a
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/icon_025.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:28 GMT
accept-ranges: bytes
content-length: 661
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/icon_024.png
65.21.134.164200 OK 2.1 kB URL HTTP/2 thermovies.com/isp_files/icon_024.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 39 x 33, 8-bit/color RGBA, non-interlaced\012- data
Hash 765895c7c36d25b3e9fab1fbbd0e9141
eb18fc417926909986d91ce68d601dc3ce93669d
928b0b6e08c035315069aa10d57aa64a61ef893dae42e33fee7c8d40dc2c1d04
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/icon_024.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:28 GMT
accept-ranges: bytes
content-length: 2088
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/icon_009.png
65.21.134.164200 OK 898 B URL HTTP/2 thermovies.com/isp_files/icon_009.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 58 x 70, 8-bit/color RGBA, non-interlaced\012- data
Hash 9fe49c46bd70c432b1cc5fa16b2eeda0
d136d4aeba48d32fc1e83110bd7d4b0d73813785
d4e7da2a85fd1a67b9aa5a335b2593cd726856733129fc770edd43ad69bfb822
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/icon_009.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:22 GMT
accept-ranges: bytes
content-length: 898
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/icon.png
65.21.134.164200 OK 2.3 kB URL HTTP/2 thermovies.com/isp_files/icon.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 58 x 70, 8-bit/color RGBA, interlaced\012- data
Hash 51c277d3dc61b5e328ce22b0788f239c
616527e6ac2cfde61d21e58d2eefb5edff44407c
19642c4f1cd0daa88e25d98a184cffee87c5f4011d08c34e51bb59074cf831fc
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/icon.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:18 GMT
accept-ranges: bytes
content-length: 2344
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/icon_018.png
65.21.134.164200 OK 1.5 kB URL HTTP/2 thermovies.com/isp_files/icon_018.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 39 x 33, 8-bit/color RGBA, non-interlaced\012- data
Hash 8f53e849de1c9e79db4b95a4eb1316b9
b35a58cc9a56e8fc3673225c39f5192a577c4f56
8db880747b327bc01d6ef7ba5efc67bf3ad43a4c9efbb147084f425b9359d148
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/icon_018.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:26 GMT
accept-ranges: bytes
content-length: 1450
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/icon_010.png
65.21.134.164200 OK 930 B URL HTTP/2 thermovies.com/isp_files/icon_010.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 30 x 28, 8-bit/color RGBA, non-interlaced\012- data
Hash 8786b476163b5626790111201de7a105
f432a249eac59b4a057f0ab2a34cfa99adc898c6
7a2b1b4bff76a3cb518c06ef6abbd483c60e5b2d6377020a6bf1198134ebb8ab
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/icon_010.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:22 GMT
accept-ranges: bytes
content-length: 930
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/icon_005.png
65.21.134.164200 OK 596 B URL HTTP/2 thermovies.com/isp_files/icon_005.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 30 x 27, 8-bit/color RGBA, non-interlaced\012- data
Hash c7d2c21bd468f05bfdabb2e0b2238b3c
46e8967dc3ee2cd90e0e4b627b7b9fc96e8b2288
718107e6d810e9b67562f6a863033f4d10a36a4f64593dd01312aff95bc7ea16
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/icon_005.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:20 GMT
accept-ranges: bytes
content-length: 596
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/icon_011.png
65.21.134.164200 OK 780 B URL HTTP/2 thermovies.com/isp_files/icon_011.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 30 x 23, 8-bit/color RGBA, non-interlaced\012- data
Hash 25fc69e5b31244dd631227402ffd0f0a
f3ed167cbcaea621681f96214c5aab84c3cf6e9e
319ac41473da7a19b6f87692f3cdc4822a9b5283df3638fe88a38aa75b018f0b
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/icon_011.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:22 GMT
accept-ranges: bytes
content-length: 780
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/icon_017.png
65.21.134.164200 OK 1.0 kB URL HTTP/2 thermovies.com/isp_files/icon_017.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 30 x 27, 8-bit/color RGBA, non-interlaced\012- data
Hash e386b810ca1b33a6e67d98b0e42324e7
e11d099289ef780c5770b532dd709c52fe64d11a
3b579671f0f852fb817840c791e1375fce7d12fe48589c41539e0811365020ba
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/icon_017.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:26 GMT
accept-ranges: bytes
content-length: 1023
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/icon_015.png
65.21.134.164200 OK 702 B URL HTTP/2 thermovies.com/isp_files/icon_015.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 30 x 18, 8-bit/color RGBA, non-interlaced\012- data
Hash 0ecbc8cec38438e1f4883c26b97eb7e2
0c6d07f1cff42c4546455ec766259e85339bf3b8
d324d101d0340ef2a01fabab8d52815a08a51c0cfab63daf120b3db017b7b0e7
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/icon_015.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:24 GMT
accept-ranges: bytes
content-length: 702
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/icon_022.png
65.21.134.164200 OK 287 B URL HTTP/2 thermovies.com/isp_files/icon_022.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced\012- data
Hash ab3808552bc16abc55d567419107656f
56eaeaddf34ca22e138a1508d69627bb40e66183
91a6750fa71fbea8f89e59574bac4dc7cd6e876bcfbd1c7b686d9b0b0fdbc8f1
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/icon_022.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:26 GMT
accept-ranges: bytes
content-length: 287
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/icon_014.png
65.21.134.164200 OK 339 B URL HTTP/2 thermovies.com/isp_files/icon_014.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced\012- data
Hash 38e482d8b985ec8db8d6ca0f7d912a2d
10724764fc12023a9f7e32ef94850221b2eb2acd
5094d9a3dad176432afd916ee39939fc052891e93aa515c4aee0c8aec6393c01
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/icon_014.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:24 GMT
accept-ranges: bytes
content-length: 339
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/icon_012.png
65.21.134.164200 OK 389 B URL HTTP/2 thermovies.com/isp_files/icon_012.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced\012- data
Hash 34c0bd611938d57ad5f54c770e5baea8
c159b129658b88217eae93bc1bafb8b058953e41
e9a9af06d3d336672d0826bfa5a4364f5784ff3e50f9a8723a8d53bb5c836831
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/icon_012.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:24 GMT
accept-ranges: bytes
content-length: 389
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/icon_019.png
65.21.134.164200 OK 167 B URL HTTP/2 thermovies.com/isp_files/icon_019.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 30 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 776289406505334eab6ebc26b187c164
87f9b31a036d253d608b93d8a201354ccf837889
9a53840587d6136185d7cb060cd712d59ddc559798f777aa3efd82ca3dc3cd39
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/icon_019.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:26 GMT
accept-ranges: bytes
content-length: 167
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/icon_004.png
65.21.134.164200 OK 428 B URL HTTP/2 thermovies.com/isp_files/icon_004.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 30 x 26, 8-bit/color RGBA, non-interlaced\012- data
Hash 11e91593a166f018a4aa0916c7b73350
4ba63965fdd76a02b4d036f47c255f09e85ff39a
3e0f818be2f1c0bd47c08c179a0b3197877531fd05fdeeb347dd2d57688a3c78
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/icon_004.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:20 GMT
accept-ranges: bytes
content-length: 428
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/icon_020.png
65.21.134.164200 OK 1.6 kB URL HTTP/2 thermovies.com/isp_files/icon_020.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced\012- data
Hash 2e717863b7c31ba33f14c2ee53111095
2e9aa87909ffba3c2f4733edd5c811d08c307d37
7eb9aabfb251336728d1db8891b0c04b8317679348d7fe66a019fb2451eb191e
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/icon_020.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:26 GMT
accept-ranges: bytes
content-length: 1559
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/icon_008.png
65.21.134.164200 OK 1.6 kB URL HTTP/2 thermovies.com/isp_files/icon_008.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced\012- data
Hash 0a05d6251cb7b66ecbede227a1e59b12
2dc09f21115b7c4f1053f46e8346bcbf5b609f48
e8be3c5c3b09a632c4d35d1cd337bd69933d54ac6add4e309de16dfb1339fb8c
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/icon_008.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:22 GMT
accept-ranges: bytes
content-length: 1648
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/icon_016.png
65.21.134.164200 OK 465 B URL HTTP/2 thermovies.com/isp_files/icon_016.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 30 x 19, 8-bit/color RGBA, non-interlaced\012- data
Hash cd67645db5d17d449cd2e41dd931ee4d
153aba2bcd0fa0c734dad14fbf35115b4f7f2172
f81495d9c07fb23b2156b9a00879e506834d185eb68af2d7614ddf07efedcfce
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/icon_016.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:24 GMT
accept-ranges: bytes
content-length: 465
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/icon_023.png
65.21.134.164200 OK 268 B URL HTTP/2 thermovies.com/isp_files/icon_023.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced\012- data
Hash a2f2b84984db06a94a34e3546eedddfd
a07408c53d42caaaa4d4be72f9eec9e2d3fbc56d
109627a1f5a791d10fd2b8604378e8ff6687f68c717ff8c92aeb7963471293ef
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/icon_023.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:28 GMT
accept-ranges: bytes
content-length: 268
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/icon_007.png
65.21.134.164200 OK 769 B URL HTTP/2 thermovies.com/isp_files/icon_007.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 30 x 35, 8-bit/color RGBA, non-interlaced\012- data
Hash e46bd471bd30126c3da601d9d94b9655
81bfcc60c7ac3f6324d676ca948c25b9b7d8730d
de06f4ebd0f89a97e88aaf43f277bfe3fd14727e9d57370c0b65faaf7940f656
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/icon_007.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:20 GMT
accept-ranges: bytes
content-length: 769
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/lock-mobile.png
65.21.134.164200 OK 1.3 kB URL HTTP/2 thermovies.com/isp_files/lock-mobile.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 30 x 70, 8-bit/color RGBA, non-interlaced\012- data
Hash 1878dc1bd179a8e3039c24b85fbd30ae
dd19f60f5e1c144438e2cd33ce75fe54d9ee654e
84266c4ff297f1fe0c23a7c1d5d294535ea69b535d7087e2364324da4bd9aeee
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/lock-mobile.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:28 GMT
accept-ranges: bytes
content-length: 1334
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/logo-intesasanpaolo.png
65.21.134.164200 OK 5.2 kB URL HTTP/2 thermovies.com/isp_files/logo-intesasanpaolo.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 279 x 38, 8-bit/color RGBA, non-interlaced\012- data
Hash 9fa2e7d279a9e8509db5ab5f300091c9
8fa4d667ca1df6df6fe9b7fac0d6a9f4c14daf55
559bde803d8dedb905509859f3c1d14c9837788f2d5cf6ee26f1518f528d0cf8
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/logo-intesasanpaolo.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:30 GMT
accept-ranges: bytes
content-length: 5229
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/parla-con-noi.png
65.21.134.164200 OK 714 B URL HTTP/2 thermovies.com/isp_files/parla-con-noi.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 43 x 38, 8-bit/color RGBA, non-interlaced\012- data
Hash 679d5723383ec7ce8b446cb97814e74c
4b762f2abe6daa22454ced0e1c11804a98ed1e90
854c668d48254817bbb177aba5ee2d0fa637e9a61adb0d80bfb774516cdd4e45
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/parla-con-noi.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:32 GMT
accept-ranges: bytes
content-length: 714
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/ico-burger-mob.png
65.21.134.164200 OK 1.1 kB URL HTTP/2 thermovies.com/isp_files/ico-burger-mob.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 90 x 90, 8-bit/color RGBA, non-interlaced\012- data
Hash d27508c6b9dfeebeb76a1435d6b67f6f
471df94af969bb27fa556d36ff9955301fec1de0
2ed7d3df8b8695db881df15bbb972b5c9d3a61395ec890340da50a21a07ec7af
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/ico-burger-mob.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:18 GMT
accept-ranges: bytes
content-length: 1087
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/ico-lock-mob.png
65.21.134.164200 OK 1.4 kB URL HTTP/2 thermovies.com/isp_files/ico-lock-mob.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 90 x 90, 8-bit/color RGBA, non-interlaced\012- data
Hash cf61cb731e5cd5678710553775eaa44e
89e003c9462054cae899f67fc7852d84ab74dba5
f224f63f26dc4e34bdff81e55d12c78a5657c707d1cf60bc4a99a99cf6667dd5
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/ico-lock-mob.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:18 GMT
accept-ranges: bytes
content-length: 1442
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/ico-search-mob.png
65.21.134.164200 OK 1.4 kB URL HTTP/2 thermovies.com/isp_files/ico-search-mob.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 90 x 90, 8-bit/color RGBA, non-interlaced\012- data
Hash 5c14f42e099f4533b9075e3dd5b2b351
ce590494b780ae735851c3ee5f471299e75a550d
4eb5c5e47a8aed23a202e0ca94d3757d328b87c839ac926c61020d3dfcf3039d
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/ico-search-mob.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:18 GMT
accept-ranges: bytes
content-length: 1441
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/utente_ok_green.png
65.21.134.164200 OK 2.4 kB URL HTTP/2 thermovies.com/isp_files/utente_ok_green.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 45 x 39, 8-bit/color RGBA, non-interlaced\012- data
Hash bf9ffdd6a52e111e89c072d986cf4f6d
e42b80e12b049296fcad35a25b2339be760d6c06
af48163da7ed2b30cde51f80f1000ea670cedfe33ae6c9fbbb020c3e90da9727
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/utente_ok_green.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:38 GMT
accept-ranges: bytes
content-length: 2375
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/tool-gal-ico.png
65.21.134.164200 OK 1.6 kB URL HTTP/2 thermovies.com/isp_files/tool-gal-ico.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 315 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 7bbda1a73109123e492134a89b3524fd
981797657e4e03a4cb0a5855fa1de97a94faf77c
af13859e6c4fa7910d13f78d99dfb525908d4f21b4341895e9da0232619184e6
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/tool-gal-ico.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:36 GMT
accept-ranges: bytes
content-length: 1609
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/footer_image.png
65.21.134.164200 OK 1.6 kB URL HTTP/2 thermovies.com/isp_files/footer_image.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 30 x 30, 8-bit/color RGB, non-interlaced\012- data
Hash fe2e33b806798c4940ec29050769d7be
7f84f4a5f3f90f36bcbe8037cb41bded19309286
17b4afca46166fc395e83752554c9e737206f172f9ea7c155cb936d7af9ef9fc
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/footer_image.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:14 GMT
accept-ranges: bytes
content-length: 1592
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/footer_image_0.png
65.21.134.164200 OK 1.9 kB URL HTTP/2 thermovies.com/isp_files/footer_image_0.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 30x30, components 3\012- data
Hash 61c25ea9855ecf15e827129facb1a6aa
c1c80aba18672b7dd46bfc2b5dea62bc4b7a06ca
6a471ccdefd7b51f03ad674ef48a005a7acc76d159d3b718eab59ce83e0489bb
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/footer_image_0.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:16 GMT
accept-ranges: bytes
content-length: 1920
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/footer_image_1.jpg
65.21.134.164200 OK 840 B URL HTTP/2 thermovies.com/isp_files/footer_image_1.jpg
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 30x30, components 3\012- data
Hash 121c13b8ceb32360446c2d63c374995d
fbee5a2595455562f64b622d187f156ab142f6c7
7cdcf19862698850d11936ae24dd5fc1e56783a64a56846dc1b33ac548a0634d
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/footer_image_1.jpg HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/jpeg
last-modified: Wed, 24 Feb 2021 08:51:16 GMT
accept-ranges: bytes
content-length: 840
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/footer_image_2.jpg
65.21.134.164200 OK 831 B URL HTTP/2 thermovies.com/isp_files/footer_image_2.jpg
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 30x30, components 3\012- data
Hash b1e340c0acb26028dbbc24d3b6196590
acb4cf5d939318eb52832a5d97636a248db69128
426d4f855b51f92ce70ae5b53b71647dc23c4faa3d4df3615615e993720834ec
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/footer_image_2.jpg HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/jpeg
last-modified: Wed, 24 Feb 2021 08:51:16 GMT
accept-ranges: bytes
content-length: 831
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/arrows.png
65.21.134.164200 OK 528 B URL HTTP/2 thermovies.com/isp_files/arrows.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 25 x 25, 8-bit/color RGBA, non-interlaced\012- data
Hash f844b407ff44c6666d38477ae7dff5db
ea52a6b99560e25cd531c06ada26b76ccee59182
354a16c92816350830076c1f625525d9460ff1269cb3b8766592540d5ad28ba8
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/arrows.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:06 GMT
accept-ranges: bytes
content-length: 528
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/main_app_002.js
65.21.134.164200 OK 118 B URL HTTP/2 thermovies.com/isp_files/main_app_002.js
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 4c2973294f593eeb18344fa3bbdb49de
f62e294040a912a088e1481854686eb6bad61871
48e274d621757055ac301b508fc829545d92f78643d8adff850917e4b89cb04b
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /isp_files/main_app_002.js HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: application/javascript
last-modified: Wed, 24 Feb 2021 08:51:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 118
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/ArchIncludeIframeAPI.js
65.21.134.164200 OK 1.8 kB URL HTTP/2 thermovies.com/isp_files/ArchIncludeIframeAPI.js
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (4674), with no line terminators
Hash 9b34d84c2f9f4dd7f7f589a509635b37
5a4e2a4fca217a8d5f3944403df860e66a3a892c
05862a09aabf3e1f0586146e9f9f512196a25748b85b5f278e96f72b8bf86932
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /isp_files/ArchIncludeIframeAPI.js HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: application/javascript
last-modified: Wed, 24 Feb 2021 08:51:06 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1752
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/main_app.js
65.21.134.164200 OK 136 B URL HTTP/2 thermovies.com/isp_files/main_app.js
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document, ASCII text
Hash 8e5f12245ab300f19cb8f58641686a92
606a912d97edcdd066689d71b510b57bb61bb7b7
e3944c7f65a6f7dfead04815abcc404bd6b683dffa8ed62059e1dc1d8a775672
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /isp_files/main_app.js HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: application/javascript
last-modified: Wed, 24 Feb 2021 08:51:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 136
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/clientlib-site.js
65.21.134.164200 OK 57 kB URL HTTP/2 thermovies.com/isp_files/clientlib-site.js
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (851)
Hash ef7a0540696115dceafa2ae37759cc1d
400651862271d5a61d98e74df39c15da5b9bce35
5cb481383c1447b71c6a3b7d34f239f2a3730bdde33d8ceed9a73332b2ff1650
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /isp_files/clientlib-site.js HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: application/javascript
last-modified: Wed, 24 Feb 2021 08:51:10 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 57071
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/acc-hide.png
65.21.134.164200 OK 1.4 kB URL HTTP/2 thermovies.com/isp_files/acc-hide.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 37 x 33, 8-bit/color RGBA, non-interlaced\012- data
Hash 04075b9c724604b649a398fd38b85b45
0ffd0f9d6e2b336b835866d9db4193db665af9d3
366de85e50aa042f34ef304b5195d06a87dcc81107e0a5ac87d997d35d95b275
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/acc-hide.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:02 GMT
accept-ranges: bytes
content-length: 1367
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/acc-show.png
65.21.134.164200 OK 1.0 kB URL HTTP/2 thermovies.com/isp_files/acc-show.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 37 x 33, 8-bit/color RGBA, non-interlaced\012- data
Hash c53b2488e746a5a423d1024ca318e41e
32b36f817c530d595d53142257e25897bf6a73ea
7621b7efdd066ad06e4ab99786b72c02f9d126e63bfa911cee193b1071fa1ccd
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/acc-show.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:02 GMT
accept-ranges: bytes
content-length: 1026
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/acc-hide-mobile.png
65.21.134.164200 OK 3.2 kB URL HTTP/2 thermovies.com/isp_files/acc-hide-mobile.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 77 x 76, 8-bit/color RGBA, non-interlaced\012- data
Hash 6396d65afc34a7989461099bb0072e99
d76fbd4a1d70a6fe1e7d6f34ee5ba61ed8e3baa0
173f71531eaa3fefa888c0c92cfac551e7b27007029ab36a127e5f3232510b8a
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/acc-hide-mobile.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:02 GMT
accept-ranges: bytes
content-length: 3214
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/acc-show-mobile.png
65.21.134.164200 OK 2.5 kB URL HTTP/2 thermovies.com/isp_files/acc-show-mobile.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 77 x 76, 8-bit/color RGBA, non-interlaced\012- data
Hash 8bfcfb986c4de70ce6ec602168d856fa
cc7bc984c5506dd079a5c6358cb36cd73f0e0167
1aec5219cdcd75f87dfe65e36a8d4b860ac03b5573e6c9a2739b119e5defe63e
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/acc-show-mobile.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:02 GMT
accept-ranges: bytes
content-length: 2537
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/logo-isp-footer.png
65.21.134.164200 OK 6.0 kB URL HTTP/2 thermovies.com/isp_files/logo-isp-footer.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 232 x 29, 8-bit/color RGB, non-interlaced\012- data
Hash ef01da585f296c6d8e232268cc000390
74bff78003ad10f9d52a089f6bcad4069dda8047
d9561fa4d3be12499d6736cc0781352340f9a9b209c977ccc233ac737d2c9e4d
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/logo-isp-footer.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:30 GMT
accept-ranges: bytes
content-length: 6022
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/trasparenza.png
65.21.134.164200 OK 4.9 kB URL HTTP/2 thermovies.com/isp_files/trasparenza.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 107 x 25, 8-bit/color RGBA, non-interlaced\012- data
Hash eecd73363f285a2669afb7d9809e8853
d25dce286104c621e3e3f41953a3b67b3abf51fd
09c850d89f41e9c808d6bd12871bcfc7e6f7d76cd1f7f959a5d79ffb800f8de2
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/trasparenza.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:36 GMT
accept-ranges: bytes
content-length: 4927
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/logo_compara_conti.png
65.21.134.164200 OK 9.3 kB URL HTTP/2 thermovies.com/isp_files/logo_compara_conti.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 150 x 29, 8-bit/color RGBA, non-interlaced\012- data
Hash 55d14f23dcaed150e8eccca67f02bc03
5066ec6430a739f2ebdf14d766a73704d13bd1e2
f6980057249f4e1fc3dae211dba4e6fb2193e4f641a8e253f8513c323b7ec4ab
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/logo_compara_conti.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:32 GMT
accept-ranges: bytes
content-length: 9295
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/logo-footer.png
65.21.134.164200 OK 11 kB URL HTTP/2 thermovies.com/isp_files/logo-footer.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 344 x 42, 8-bit/color RGB, interlaced\012- data
Hash 1bdff8a43af86e37593537e037e36c26
067557b4785a26539cbea69d8aca86dd8f0f8efd
10ca81e1589cc3b4b1d18a25ee6acf121970effa02449deb4beb17a880af41fd
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/logo-footer.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:30 GMT
accept-ranges: bytes
content-length: 11396
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/close-cookie.png
65.21.134.164200 OK 313 B URL HTTP/2 thermovies.com/isp_files/close-cookie.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced\012- data
Hash 363e68295b9fca8f40374b01aa9db6eb
9d10e6a226113aaf69d906defc384a9b9fd5c10c
3428070ba9de1802698ea29826428628eab543de85c20e50e076e1a316606790
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/close-cookie.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: image/png
last-modified: Wed, 24 Feb 2021 08:51:10 GMT
accept-ranges: bytes
content-length: 313
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/uuidv4.js
65.21.134.164200 OK 709 B URL HTTP/2 thermovies.com/isp_files/uuidv4.js
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (1572), with no line terminators
Hash e88b5f7f952bf7cb3b3e37cc97eb78be
ae3cf27110e4766c7ab736e2b2b6cf3072d661c9
2e7eecb07f6f56d33be3e61fcddaef3fba5557f166af5c13792036750f146e55
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /isp_files/uuidv4.js HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: application/javascript
last-modified: Wed, 24 Feb 2021 08:51:38 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 709
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 122124f83967c12700f5a6f5546b0f1f
d7acd2db61ad811c388a44b7bd407fa5f4aea8ee
b6b9e0b6c241b4eeb5161b1c297dec2aa6188032017074ee7f8e5533fab87a4d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:46:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
thermovies.com/isp_files/uuidv5.js
65.21.134.164200 OK 1.3 kB URL HTTP/2 thermovies.com/isp_files/uuidv5.js
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (2965), with no line terminators
Hash 86da53aed6ad2c3607435e1e5df9f2ec
2b9875a944d36009c31bfcb29875cf3022ce73dd
bdf6f42d20dda0243e14d8a7e16d9ba1718f9cc11c0f84134a0b085509615ee4
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /isp_files/uuidv5.js HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: application/javascript
last-modified: Wed, 24 Feb 2021 08:51:38 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1284
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/uaparser.js
65.21.134.164200 OK 4.9 kB URL HTTP/2 thermovies.com/isp_files/uaparser.js
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type Unicode text, UTF-8 text, with very long lines (11153)
Hash 292ea3c86307c766b2f5f1aca2584c9b
43deeaefaeb0a7470219574e1ad88eb0f12898ff
3edf7e179adaac4c731e2407cf0124d2604a51811485c26acc80f9f2465ba779
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /isp_files/uaparser.js HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: application/javascript
last-modified: Wed, 24 Feb 2021 08:51:36 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4893
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/archbridge.js
65.21.134.164200 OK 1.2 kB URL HTTP/2 thermovies.com/isp_files/archbridge.js
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
Hash 43c2557b8d798873a8cceb85daad4bc6
9e19dfb474671648e2db125ab47dd57bd4f7175c
9a5917a6bae6328fe3cdf0b58d87f8e5be6e46c154fce02dd65ea5f5e9c82447
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /isp_files/archbridge.js HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: application/javascript
last-modified: Wed, 24 Feb 2021 08:51:06 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1173
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/main_app_003.js
65.21.134.164200 OK 627 B URL HTTP/2 thermovies.com/isp_files/main_app_003.js
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document, ASCII text
Hash fc07c54dea77b1a8a042cb3a6464297f
14d42fbd5dfe6105466c737a615db4a226865d99
e8de7913ba8aa5250c8cfcd00804a9268827e8f0a20f03f594dea08a37e9a80d
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /isp_files/main_app_003.js HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: application/javascript
last-modified: Wed, 24 Feb 2021 08:51:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 627
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/app.css
65.21.134.164200 OK 16 kB URL HTTP/2 thermovies.com/isp_files/app.css
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type Unicode text, UTF-8 text, with very long lines (65530), with no line terminators
Hash 21358e9cfbd0f1239baa616fdb0c2878
9bc1f796e6a1b3f4a70373a42ffb4dbcc96d19e2
483d5cd8afe235be529ee66e9f152071a41491aa9f65e130685b1a0e978ddaf1
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/app.css HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: text/css
last-modified: Wed, 24 Feb 2021 08:51:04 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 16309
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/vendor.js
65.21.134.164200 OK 79 kB URL HTTP/2 thermovies.com/isp_files/vendor.js
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type Unicode text, UTF-8 text, with very long lines (32028)
Hash 5317dd24fc7ed6202537257fd7985af5
192e13f93cbfc68d4566cb99de9094bc0b5dd631
368ceda2fbda98488eecabc58b0598641afc49a040f5f3deb261033839b72ccd
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /isp_files/vendor.js HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: application/javascript
last-modified: Wed, 24 Feb 2021 08:51:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 79190
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/app.js
65.21.134.164200 OK 70 kB URL HTTP/2 thermovies.com/isp_files/app.js
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type Unicode text, UTF-8 text, with very long lines (32075)
Hash 498895b7b3b03f7762bac46daabddab2
22f6de3e349be87f748dd0ae64cb6811454884a8
1c2acef238477125e365a20f89d54a146ab965543f5d4dba14d79dea8f9ef440
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /isp_files/app.js HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: application/javascript
last-modified: Wed, 24 Feb 2021 08:51:06 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 69549
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 122124f83967c12700f5a6f5546b0f1f
d7acd2db61ad811c388a44b7bd407fa5f4aea8ee
b6b9e0b6c241b4eeb5161b1c297dec2aa6188032017074ee7f8e5533fab87a4d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:46:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e471e4415d227aa6441e48d6543b2f5d
5d31fde87a692fcde1747dfeec56d42caa2338e9
691eac9590299d938d2b2722a1a3ca784a1f2d7b49b2982f372c3becdcb631ca
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3632
Cache-Control: max-age=141651
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:46:37 GMT
Etag: "638c3900-1d7"
Expires: Tue, 06 Dec 2022 07:07:28 GMT
Last-Modified: Sun, 04 Dec 2022 06:06:56 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
thermovies.com/isp_files/clientlib-site/css/fonts/OpenSans-Regular7abf-2.html?2r5i7k
65.21.134.164200 OK 4.4 kB URL HTTP/2 thermovies.com/isp_files/clientlib-site/css/fonts/OpenSans-Regular7abf-2.html?2r5i7k
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (5405)
Hash ced45d5ff4f5fff1cb745a88e842e483
6d40f789f26541cef945f6f1f7d037c21598ba2d
cb494351c1e9cb427147de70441c7ab9961c2c5ec37d64745ffeba12a373cc4a
GET /isp_files/clientlib-site/css/fonts/OpenSans-Regular7abf-2.html?2r5i7k HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/isp_files/clientlib-all.css
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1670170594753$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Wed, 24 Feb 2021 16:43:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4446
date: Sun, 04 Dec 2022 15:46:37 GMT
X-Firefox-Spdy: h2
thermovies.com/ib/public/login/login820e.html?language=it&theme=dark&id=ifrmAccessHead
65.21.134.164200 OK 4.4 kB URL HTTP/2 thermovies.com/ib/public/login/login820e.html?language=it&theme=dark&id=ifrmAccessHead
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (5405)
Hash ced45d5ff4f5fff1cb745a88e842e483
6d40f789f26541cef945f6f1f7d037c21598ba2d
cb494351c1e9cb427147de70441c7ab9961c2c5ec37d64745ffeba12a373cc4a
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /ib/public/login/login820e.html?language=it&theme=dark&id=ifrmAccessHead HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1670170594753$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Wed, 24 Feb 2021 16:43:38 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4446
date: Sun, 04 Dec 2022 15:46:37 GMT
X-Firefox-Spdy: h2
thermovies.com/step1.html
65.21.134.164200 OK 3.0 kB URL HTTP/2 thermovies.com/step1.html
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5302), with CRLF line terminators
Hash 422d69cdad04636c75bde29cba40eb69
88e4db5ac516d635334d18ce1dc89f5c90120a93
665545be19fe1825ab400ed59d662021fadd1426601f11c25f5cb00e9b206bcf
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /step1.html HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1670170594753$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Thu, 11 Mar 2021 15:27:08 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2967
date: Sun, 04 Dec 2022 15:46:37 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/clientlib-site/css/images/li-menu-active.html
65.21.134.164200 OK 4.4 kB URL HTTP/2 thermovies.com/isp_files/clientlib-site/css/images/li-menu-active.html
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (5405)
Hash ced45d5ff4f5fff1cb745a88e842e483
6d40f789f26541cef945f6f1f7d037c21598ba2d
cb494351c1e9cb427147de70441c7ab9961c2c5ec37d64745ffeba12a373cc4a
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /isp_files/clientlib-site/css/images/li-menu-active.html HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/isp_files/clientlib-all.css
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1670170594753$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Wed, 24 Feb 2021 16:43:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4446
date: Sun, 04 Dec 2022 15:46:37 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/clientlib-site/css/images/sf-navigation.html
65.21.134.164200 OK 4.4 kB URL HTTP/2 thermovies.com/isp_files/clientlib-site/css/images/sf-navigation.html
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (5405)
Hash ced45d5ff4f5fff1cb745a88e842e483
6d40f789f26541cef945f6f1f7d037c21598ba2d
cb494351c1e9cb427147de70441c7ab9961c2c5ec37d64745ffeba12a373cc4a
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /isp_files/clientlib-site/css/images/sf-navigation.html HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/isp_files/clientlib-all.css
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1670170594753$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Wed, 24 Feb 2021 16:43:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4446
date: Sun, 04 Dec 2022 15:46:37 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/clientlib-site/css/images/ico-search.html
65.21.134.164200 OK 4.4 kB URL HTTP/2 thermovies.com/isp_files/clientlib-site/css/images/ico-search.html
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (5405)
Hash ced45d5ff4f5fff1cb745a88e842e483
6d40f789f26541cef945f6f1f7d037c21598ba2d
cb494351c1e9cb427147de70441c7ab9961c2c5ec37d64745ffeba12a373cc4a
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /isp_files/clientlib-site/css/images/ico-search.html HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/isp_files/clientlib-all.css
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1670170594753$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Wed, 24 Feb 2021 16:43:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4446
date: Sun, 04 Dec 2022 15:46:37 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/clientlib-site/css/images/ico-lock.html
65.21.134.164200 OK 4.4 kB URL HTTP/2 thermovies.com/isp_files/clientlib-site/css/images/ico-lock.html
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (5405)
Hash ced45d5ff4f5fff1cb745a88e842e483
6d40f789f26541cef945f6f1f7d037c21598ba2d
cb494351c1e9cb427147de70441c7ab9961c2c5ec37d64745ffeba12a373cc4a
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /isp_files/clientlib-site/css/images/ico-lock.html HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/isp_files/clientlib-all.css
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1670170594753$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Wed, 24 Feb 2021 16:43:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4446
date: Sun, 04 Dec 2022 15:46:37 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/clientlib-site/css/images/ico-burger.html
65.21.134.164200 OK 4.4 kB URL HTTP/2 thermovies.com/isp_files/clientlib-site/css/images/ico-burger.html
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (5405)
Hash ced45d5ff4f5fff1cb745a88e842e483
6d40f789f26541cef945f6f1f7d037c21598ba2d
cb494351c1e9cb427147de70441c7ab9961c2c5ec37d64745ffeba12a373cc4a
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /isp_files/clientlib-site/css/images/ico-burger.html HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/isp_files/clientlib-all.css
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1670170594753$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Wed, 24 Feb 2021 16:43:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4446
date: Sun, 04 Dec 2022 15:46:37 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/Home-Computer-Business.png
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/isp_files/Home-Computer-Business.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/Home-Computer-Business.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1670170594753$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:37 GMT
X-Firefox-Spdy: h2
dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=761F7500590204020A495ED3%40AdobeOrg&d_nsid=0&ts=1670168794773
3.248.138.237302 Found 0 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=761F7500590204020A495ED3%40AdobeOrg&d_nsid=0&ts=1670168794773
IP 3.248.138.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=761F7500590204020A495ED3%40AdobeOrg&d_nsid=0&ts=1670168794773 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://thermovies.com
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://thermovies.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v045-08c859e6d.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=761F7500590204020A495ED3%40AdobeOrg&d_nsid=0&ts=1670168794773
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=43607909893068064494388020773924840201; Max-Age=15552000; Expires=Fri, 02 Jun 2023 15:46:37 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: weKAEzQ8RGI=
Content-Length: 0
Connection: keep-alive
thermovies.com/isp_files/clientlib-site/css/images/tool-arr-down.html
65.21.134.164200 OK 4.4 kB URL HTTP/2 thermovies.com/isp_files/clientlib-site/css/images/tool-arr-down.html
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (5405)
Hash ced45d5ff4f5fff1cb745a88e842e483
6d40f789f26541cef945f6f1f7d037c21598ba2d
cb494351c1e9cb427147de70441c7ab9961c2c5ec37d64745ffeba12a373cc4a
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /isp_files/clientlib-site/css/images/tool-arr-down.html HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/isp_files/clientlib-all.css
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1670170594753$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Wed, 24 Feb 2021 16:43:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4446
date: Sun, 04 Dec 2022 15:46:37 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/clientlib-site/css/images/linkfooter-active.html
65.21.134.164200 OK 4.4 kB URL HTTP/2 thermovies.com/isp_files/clientlib-site/css/images/linkfooter-active.html
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (5405)
Hash ced45d5ff4f5fff1cb745a88e842e483
6d40f789f26541cef945f6f1f7d037c21598ba2d
cb494351c1e9cb427147de70441c7ab9961c2c5ec37d64745ffeba12a373cc4a
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /isp_files/clientlib-site/css/images/linkfooter-active.html HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/isp_files/clientlib-all.css
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1670170594753$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Wed, 24 Feb 2021 16:43:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4446
date: Sun, 04 Dec 2022 15:46:37 GMT
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 04 Dec 2022 15:08:58 GMT
cache-control: public,max-age=3600
age: 2259
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
thermovies.com/ib/public/login/js/arch/services/ArchIncludeIframeAPI.js?v=1.1.11
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/ib/public/login/js/arch/services/ArchIncludeIframeAPI.js?v=1.1.11
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
GET /ib/public/login/js/arch/services/ArchIncludeIframeAPI.js?v=1.1.11 HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1670170594753$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:37 GMT
X-Firefox-Spdy: h2
thermovies.com/ib/public/vetrina/libs/uuid/uuidv4.min.js
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/ib/public/vetrina/libs/uuid/uuidv4.min.js
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /ib/public/vetrina/libs/uuid/uuidv4.min.js HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1670170594753$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:37 GMT
X-Firefox-Spdy: h2
thermovies.com/ib/public/vetrina/libs/uuid/uuidv5.min.js
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/ib/public/vetrina/libs/uuid/uuidv5.min.js
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /ib/public/vetrina/libs/uuid/uuidv5.min.js HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1670170594753$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:37 GMT
X-Firefox-Spdy: h2
thermovies.com/ib/public/vetrina/libs/uaparser.min.js
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/ib/public/vetrina/libs/uaparser.min.js
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /ib/public/vetrina/libs/uaparser.min.js HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1670170594753$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:37 GMT
X-Firefox-Spdy: h2
thermovies.com/ib/public/vetrina/arch/archbridge.js?v=e7e3dfa
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/ib/public/vetrina/arch/archbridge.js?v=e7e3dfa
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /ib/public/vetrina/arch/archbridge.js?v=e7e3dfa HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1670170594753$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:37 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/clientlib-site/css/fonts/OpenSans-Regular7abf-3.html?2r5i7k
65.21.134.164200 OK 19 kB URL HTTP/2 thermovies.com/isp_files/clientlib-site/css/fonts/OpenSans-Regular7abf-3.html?2r5i7k
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (5405)
Hash adec7129663ef616a9075b0dde44350e
d155704fab981ace91c2329592fff8595f263fcd
68f99278dfb6d0ec9cd0087d2e8f22bff0ccd2b02e3fca72d56f81438d70dc55
GET /isp_files/clientlib-site/css/fonts/OpenSans-Regular7abf-3.html?2r5i7k HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://thermovies.com/isp_files/clientlib-all.css
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1670170594753$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Wed, 24 Feb 2021 16:43:40 GMT
accept-ranges: bytes
content-length: 18837
date: Sun, 04 Dec 2022 15:46:37 GMT
X-Firefox-Spdy: h2
thermovies.com/fonts/ispfont-3.html
65.21.134.164200 OK 4.4 kB URL HTTP/2 thermovies.com/fonts/ispfont-3.html
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (5405)
Hash ced45d5ff4f5fff1cb745a88e842e483
6d40f789f26541cef945f6f1f7d037c21598ba2d
cb494351c1e9cb427147de70441c7ab9961c2c5ec37d64745ffeba12a373cc4a
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /fonts/ispfont-3.html HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/isp_files/ArchIbPublicStyle.css
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1670170594753$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Wed, 24 Feb 2021 16:43:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4446
date: Sun, 04 Dec 2022 15:46:37 GMT
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 31b129c94a90b1e695b21395cb54e378
a3cae46b48d469cc61ab0581303bcd5f5b654db9
fac3f681be358a20f78958dff10c89b7a91365c5114c81246c1bc34c1362ba1e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3866
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:46:37 GMT
Last-Modified: Sun, 04 Dec 2022 14:42:11 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=761F7500590204020A495ED3%40AdobeOrg&d_nsid=0&ts=1670168794773
3.248.138.237200 OK 124 B URL HTTP/1.1 dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=761F7500590204020A495ED3%40AdobeOrg&d_nsid=0&ts=1670168794773
IP 3.248.138.237:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 1f6783349ac4177ec3b3845fd520dca6
d84e7a43a8c8ff6f1a568ad6cb4162767f5b32b7
64bc30aa6a9d9e5396bb67c6af32c31f5ca6610641f0bdea10d759281df6adca
GET /id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=761F7500590204020A495ED3%40AdobeOrg&d_nsid=0&ts=1670168794773 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://thermovies.com
Content-Type: application/x-www-form-urlencoded
Referer: https://thermovies.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://thermovies.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-0e1730cee.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-Error: 172
X-TID: PT9EV+CkQV4=
Content-Length: 124
Connection: keep-alive
thermovies.com/ib/public/vetrina/arch/archbridge.js?v=e7e3dfa
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/ib/public/vetrina/arch/archbridge.js?v=e7e3dfa
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /ib/public/vetrina/arch/archbridge.js?v=e7e3dfa HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1670170594753$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:37 GMT
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash c5da9c31f5e2c79be8782b8c161e7250
9a676006861051c42234a10d4549ede6af89ba92
1a0a09163ffb30f5a6a2d4e2be5cdc15d1117bd5f9db1408680c5533cc4cd187
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 15:46:37 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 02 Dec 2022 18:29:40 GMT
Expires: Fri, 09 Dec 2022 18:29:39 GMT
Etag: "9a676006861051c42234a10d4549ede6af89ba92"
Cache-Control: max-age=441181,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7745ad0a0e8ffac0-OSL
thermovies.com/isp_files/css.css
65.21.134.164200 OK 466 kB URL HTTP/2 thermovies.com/isp_files/css.css
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (65371)
Size 466 kB (466231 bytes)
Hash ecbeaf94116833b3342743899a623dec
5793989dbf99c140823c7b232fb4a7eb3a3b841b
81da6fb284e8e8290ef8cbbe0984b91fd26034973cebfa460b0afc476340a44d
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/css.css HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/step1.html
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1670170594753$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:37 GMT
content-type: text/css
last-modified: Wed, 24 Feb 2021 08:51:14 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 466231
date: Sun, 04 Dec 2022 15:46:37 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/clientlib-site/css/fonts/ispfont-2.html
65.21.134.164200 OK 4.4 kB URL HTTP/2 thermovies.com/isp_files/clientlib-site/css/fonts/ispfont-2.html
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (5405)
Hash ced45d5ff4f5fff1cb745a88e842e483
6d40f789f26541cef945f6f1f7d037c21598ba2d
cb494351c1e9cb427147de70441c7ab9961c2c5ec37d64745ffeba12a373cc4a
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /isp_files/clientlib-site/css/fonts/ispfont-2.html HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/isp_files/clientlib-all.css
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1670170594753$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Wed, 24 Feb 2021 16:43:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4446
date: Sun, 04 Dec 2022 15:46:37 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash da9700d928847bca71f73dc9ca89bd1c
2f156a1557a7504da776ed9a82dc52563662be6f
428ed39905a42b1fc7aaf84f2144caf58ddcb53ac2fbda9af61784ca7394a344
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:46:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
142.250.74.35200 OK 17 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 16740, version 1.0\012- data
Hash e43b535855a4ae53bd5b07a6eeb3bf67
6507312d9491156036316484bf8dc41e8b52ddd9
b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681
GET /s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://thermovies.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 18:52:55 GMT
expires: Tue, 28 Nov 2023 18:52:55 GMT
cache-control: public, max-age=31536000
age: 507222
last-modified: Mon, 15 Aug 2022 18:14:44 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=761F7500590204020A495ED3%40AdobeOrg&d_nsid=0&ts=1670168795492
3.248.138.237302 Found 0 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=761F7500590204020A495ED3%40AdobeOrg&d_nsid=0&ts=1670168795492
IP 3.248.138.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=761F7500590204020A495ED3%40AdobeOrg&d_nsid=0&ts=1670168795492 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://thermovies.com
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://thermovies.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-1-v045-0333db6ef.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=761F7500590204020A495ED3%40AdobeOrg&d_nsid=0&ts=1670168795492
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=68805538884082242984410843014217103161; Max-Age=15552000; Expires=Fri, 02 Jun 2023 15:46:37 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: sRQBVMWMRpQ=
Content-Length: 0
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash c5da9c31f5e2c79be8782b8c161e7250
9a676006861051c42234a10d4549ede6af89ba92
1a0a09163ffb30f5a6a2d4e2be5cdc15d1117bd5f9db1408680c5533cc4cd187
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 15:46:37 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 02 Dec 2022 18:29:40 GMT
Expires: Fri, 09 Dec 2022 18:29:39 GMT
Etag: "9a676006861051c42234a10d4549ede6af89ba92"
Cache-Control: max-age=441181,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7745ad0a0e93b4f1-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash c5da9c31f5e2c79be8782b8c161e7250
9a676006861051c42234a10d4549ede6af89ba92
1a0a09163ffb30f5a6a2d4e2be5cdc15d1117bd5f9db1408680c5533cc4cd187
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 15:46:37 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 02 Dec 2022 18:29:40 GMT
Expires: Fri, 09 Dec 2022 18:29:39 GMT
Etag: "9a676006861051c42234a10d4549ede6af89ba92"
Cache-Control: max-age=441181,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7745ad0a091f1c0a-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 1.1 kB IP 104.18.32.68:0
File type gzip compressed data, max compression\012- data
Hash d89eb44d3d59285ffea3b7b83143cb31
33d48b48b7531fb7d49276bf4f5d04887449a806
045ceeca5f2f887d27e12eb1c5613fd03d217bfbb2d2ab8bb7ec3ff4d8c6c796
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 15:46:37 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 02 Dec 2022 18:29:40 GMT
Expires: Fri, 09 Dec 2022 18:29:39 GMT
Etag: "9a676006861051c42234a10d4549ede6af89ba92"
Cache-Control: max-age=441181,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7745ad0a0974b521-OSL
push.services.mozilla.com/
34.218.168.248101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.218.168.248:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: bTyMDj+LhUSYuLL2U2NoQg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: iE4VyqOzVXW8XU424ibnt+sRJP8=
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash da9700d928847bca71f73dc9ca89bd1c
2f156a1557a7504da776ed9a82dc52563662be6f
428ed39905a42b1fc7aaf84f2144caf58ddcb53ac2fbda9af61784ca7394a344
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:46:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
thermovies.com/ib/public/guestarea/styles/app.css?v=b1e0de6
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/ib/public/guestarea/styles/app.css?v=b1e0de6
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /ib/public/guestarea/styles/app.css?v=b1e0de6 HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:37 GMT
X-Firefox-Spdy: h2
thermovies.com/ib/public/guestarea/scripts/vendor.js?v=b1e0de6
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/ib/public/guestarea/scripts/vendor.js?v=b1e0de6
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /ib/public/guestarea/scripts/vendor.js?v=b1e0de6 HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:38 GMT
X-Firefox-Spdy: h2
cdn.000webhost.com/000webhost/logo/footer-powered-by-000webhost-white2.png
104.19.184.120200 OK 1.7 kB URL HTTP/2 cdn.000webhost.com/000webhost/logo/footer-powered-by-000webhost-white2.png
IP 104.19.184.120:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 4f8ead9b4116b3a5098cf60e0e4195b3
4a783b5ab6cf8a075d89b16fb67250b5f5ed9a5b
86f2673ec74a632865109a76b2232f4f5b3587daa219e07a17ef1d9c76a0fda5
GET /000webhost/logo/footer-powered-by-000webhost-white2.png HTTP/1.1
Host: cdn.000webhost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:46:38 GMT
content-type: image/webp
content-length: 1696
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=2046
content-disposition: inline; filename="footer-powered-by-000webhost-white2.webp"
etag: "637f2580-7fe"
last-modified: Thu, 24 Nov 2022 08:04:16 GMT
strict-transport-security: max-age=2592000
vary: Accept
x-content-type-options: nosniff
x-frame-options: sameorigin
x-hostinger-datacenter: srv
x-hostinger-node: nl-srv-cdn1
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 5126
expires: Sun, 04 Dec 2022 19:46:38 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
server: cloudflare
cf-ray: 7745ad0b9fd8b4eb-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
thermovies.com/ib/public/guestarea/scripts/app.js?v=b1e0de6
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/ib/public/guestarea/scripts/app.js?v=b1e0de6
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /ib/public/guestarea/scripts/app.js?v=b1e0de6 HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:38 GMT
X-Firefox-Spdy: h2
thermovies.com/isp_files/clientlib-site/css/fonts/ispfont-3.html
65.21.134.164200 OK 19 kB URL HTTP/2 thermovies.com/isp_files/clientlib-site/css/fonts/ispfont-3.html
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (5405)
Hash adec7129663ef616a9075b0dde44350e
d155704fab981ace91c2329592fff8595f263fcd
68f99278dfb6d0ec9cd0087d2e8f22bff0ccd2b02e3fca72d56f81438d70dc55
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /isp_files/clientlib-site/css/fonts/ispfont-3.html HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://thermovies.com/isp_files/clientlib-all.css
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Wed, 24 Feb 2021 16:43:40 GMT
accept-ranges: bytes
content-length: 18837
date: Sun, 04 Dec 2022 15:46:38 GMT
X-Firefox-Spdy: h2
dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=761F7500590204020A495ED3%40AdobeOrg&d_nsid=0&ts=1670168795492
3.248.138.237200 OK 124 B URL HTTP/1.1 dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=761F7500590204020A495ED3%40AdobeOrg&d_nsid=0&ts=1670168795492
IP 3.248.138.237:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 1f6783349ac4177ec3b3845fd520dca6
d84e7a43a8c8ff6f1a568ad6cb4162767f5b32b7
64bc30aa6a9d9e5396bb67c6af32c31f5ca6610641f0bdea10d759281df6adca
GET /id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=761F7500590204020A495ED3%40AdobeOrg&d_nsid=0&ts=1670168795492 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://thermovies.com
Content-Type: application/x-www-form-urlencoded
Referer: https://thermovies.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://thermovies.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-0f9127447.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-Error: 172
X-TID: rbrba1CzSaI=
Content-Length: 124
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash c5da9c31f5e2c79be8782b8c161e7250
9a676006861051c42234a10d4549ede6af89ba92
1a0a09163ffb30f5a6a2d4e2be5cdc15d1117bd5f9db1408680c5533cc4cd187
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 15:46:38 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 02 Dec 2022 18:29:40 GMT
Expires: Fri, 09 Dec 2022 18:29:39 GMT
Etag: "9a676006861051c42234a10d4549ede6af89ba92"
Cache-Control: max-age=441180,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7745ad0adf1efac0-OSL
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fd0b48347644ddc60fb16b04140cfcb7
ef8d6c8e3c979e98c82655290150aa14fe5d44d1
f3d27c16653ed979a7cce2dc6239a48a86c7dab2fc34949b540802e50b05275a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5143
Cache-Control: max-age=102876
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:46:38 GMT
Etag: "638b9ba3-1d7"
Expires: Mon, 05 Dec 2022 20:21:14 GMT
Last-Modified: Sat, 03 Dec 2022 18:55:31 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fd0b48347644ddc60fb16b04140cfcb7
ef8d6c8e3c979e98c82655290150aa14fe5d44d1
f3d27c16653ed979a7cce2dc6239a48a86c7dab2fc34949b540802e50b05275a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5143
Cache-Control: max-age=102876
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:46:38 GMT
Etag: "638b9ba3-1d7"
Expires: Mon, 05 Dec 2022 20:21:14 GMT
Last-Modified: Sat, 03 Dec 2022 18:55:31 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/it_IT/sdk.js?hash=5da9ed94a30d32ec1db357dfd10ec19d
157.240.240.1200 OK 88 kB URL HTTP/2 connect.facebook.net/it_IT/sdk.js?hash=5da9ed94a30d32ec1db357dfd10ec19d
IP 157.240.240.1:0
File type ASCII text, with very long lines (18530)
Hash 50b233ac08b0b4963c7a6471601e3b1f
07b4d20876e1b107477c8cf85c34a249b40fbbf0
b1c959e5d142622f971751e19cd6a3a924e13e772db9b9614de4c0b6722d2db4
GET /it_IT/sdk.js?hash=5da9ed94a30d32ec1db357dfd10ec19d HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://thermovies.com
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: a874da46a31a99ad67597c4575607228
etag: "c87de5233d6e72b169b7086d02d8d4d9"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Mon, 04 Dec 2023 14:37:21 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: ULIzrAiwtJY8emRxYB47Hw==
x-fb-debug: vfETqYPs34m5BRVtQWciM3uXdhIx1ktm1DRn1mGMh7ns1+JPqgbOu93i0NWL4ADg/rQn0Fs+dqga6VEI79cr5g==
priority: u=3,i
content-length: 88387
x-fb-trip-id: 1679558926
date: Sun, 04 Dec 2022 15:46:38 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp2.globalsign.com/rootr3
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/rootr3
IP 104.18.20.226:0
Hash 3ba51d5189fee2356b39061ff7cf1897
bacff8f4286b5285567d6574aa62d9c092071db6
243e1d505b2e729a653e312bd2d88bb819bf5be05be5cd22de5371e833a78e38
POST /rootr3 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 81
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 15:46:38 GMT
Content-Type: application/ocsp-response
Content-Length: 1434
Connection: keep-alive
Expires: Thu, 08 Dec 2022 12:37:00 GMT
ETag: "bacff8f4286b5285567d6574aa62d9c092071db6"
Last-Modified: Sun, 04 Dec 2022 12:37:01 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1776
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7745ad0d0859b523-OSL
ocsp2.globalsign.com/gsextendvalsha2g3r3
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsextendvalsha2g3r3
IP 104.18.20.226:0
Hash a765413681d5158926b9b32f3699c843
1d935fa996c79d1d8429f2bb1b6fb7467a934d14
6ab32d8c9c421e3c35333efd12094670e2ef134edc3e9cbbb6f9f19930d09dd1
POST /gsextendvalsha2g3r3 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 15:46:38 GMT
Content-Type: application/ocsp-response
Content-Length: 1444
Connection: keep-alive
Expires: Thu, 08 Dec 2022 12:33:55 GMT
ETag: "1d935fa996c79d1d8429f2bb1b6fb7467a934d14"
Last-Modified: Sun, 04 Dec 2022 12:33:56 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 707
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7745ad0d2875b523-OSL
thermovies.com/content/dam/vetrina/design/loghi/trasparenza.png
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/content/dam/vetrina/design/loghi/trasparenza.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /content/dam/vetrina/design/loghi/trasparenza.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0; actualSection=persona-e-famiglia
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:38 GMT
X-Firefox-Spdy: h2
thermovies.com/content/dam/vetrina/design/loghi/logo_compara_conti.png
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/content/dam/vetrina/design/loghi/logo_compara_conti.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /content/dam/vetrina/design/loghi/logo_compara_conti.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0; actualSection=persona-e-famiglia
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:38 GMT
X-Firefox-Spdy: h2
thermovies.com/content/dam/vetrina/design/loghi/logo-footer.png
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/content/dam/vetrina/design/loghi/logo-footer.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /content/dam/vetrina/design/loghi/logo-footer.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0; actualSection=persona-e-famiglia; WTLOPTOUT=session; IntesaSanpaolo_NoCookie=session
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:38 GMT
X-Firefox-Spdy: h2
www.intesasanpaolo.com/etc/designs/vetrina/favicon.ico
193.41.198.216200 OK 894 B URL HTTP/1.1 www.intesasanpaolo.com/etc/designs/vetrina/favicon.ico
IP 193.41.198.216:0
ASN #20942 Intesa Sanpaolo S.p.A.
File type MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel\012- data
Hash 181d29d10f73ff75eef9bea8adf9f70e
d63deb748f35a8a04d095e42c568b4a4c7857efb
3068a8912d867110dd2fa99fe1df6ba6f81e05fb9bc2f54c29e78bbb3d3c89d7
GET /etc/designs/vetrina/favicon.ico HTTP/1.1
Host: www.intesasanpaolo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 15:46:38 GMT
Access-Control-Max-Age: 86400
Access-Control-Allow-Headers: accept,accept-encoding,accessmode,applicationname,authorization,bank-code,bt,caller,channel,clientversion,content-type,lang,operationsystem,origin,profilo-reset,useragent,x-isp-keyid,x-isp-signature,x-requested-with,formname,X-File-Size,cEgida,accept-language,connection,content-length,host,referer,accept-ranges,range,user-agent,devicemodel,geolocation,x-request-id,my-host,digest,signature,devicedna,f&f,deviceIDrba,deviceSignature,tipoCliente,x-bear-session-token,x-isp-session-id,x-isp-transaction-id,x-isp-execution,x-isp-cypher,x-isp-browsername,,x-ma-bid,x-ma-sid,x-ma-hostname,x-ma-pid,uniqueid,Page
Access-Control-Expose-Headers: accept-ranges,content-encoding,content-length,content-range,deviceIDrba
Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE, PUT, PATCH
Access-Control-Allow-Credentials: true
ETag: "37e"
Accept-Ranges: bytes
Content-Length: 894
X-Frame-Options: SAMEORIGIN
Vary: User-Agent
Cache-Control: no-cache
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: image/vnd.microsoft.icon
Strict-Transport-Security: max-age=16070400; includeSubDomains
Set-Cookie: TS0108408c=014f3a238d89b4e375b5b4a54bade03b1f9bfb24940f5c3e2c9bf6a1311b021d610c1da6cd1e08f216abf6b7ae24e3fca032530724; Path=/; Secure; HTTPOnly
thermovies.com/isp_files/Home-Computer-Business.jpg
65.21.134.164200 OK 191 kB URL HTTP/2 thermovies.com/isp_files/Home-Computer-Business.jpg
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 3116x1173, components 3\012- data
Size 191 kB (190675 bytes)
Hash 3b90373ce2b57fd76f4f4621e4e889b3
64fe2758c80cc845ed3482afd84e7b84b68863a8
d5151538b1873c65f9dcff7a39b5624adfe6c44f059cad333e600bcf7a2a40a0
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /isp_files/Home-Computer-Business.jpg HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0; actualSection=persona-e-famiglia; WTLOPTOUT=session; IntesaSanpaolo_NoCookie=session
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:38 GMT
content-type: image/jpeg
last-modified: Thu, 25 Feb 2021 08:35:14 GMT
accept-ranges: bytes
content-length: 190675
date: Sun, 04 Dec 2022 15:46:38 GMT
X-Firefox-Spdy: h2
thermovies.com/content/dam/vetrina/mock/banks-list.json
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/content/dam/vetrina/mock/banks-list.json
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /content/dam/vetrina/mock/banks-list.json HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0; actualSection=persona-e-famiglia; WTLOPTOUT=session; IntesaSanpaolo_NoCookie=session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:38 GMT
X-Firefox-Spdy: h2
cdn.000webhost.com/000webhost/000webhost-pages/corgi-lies-on-ground.svg
104.19.184.120200 OK 3.5 kB URL HTTP/2 cdn.000webhost.com/000webhost/000webhost-pages/corgi-lies-on-ground.svg
IP 104.19.184.120:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1210)
Hash 6bf6857b690da15fcf1ba94b032eaa21
881e542d6411cf536688643917686bbe2b2b517d
71251ad11ac5f81fd3feb35c7f3b6b40fb5436cadf0d55c188697a0127d3449b
GET /000webhost/000webhost-pages/corgi-lies-on-ground.svg HTTP/1.1
Host: cdn.000webhost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:46:38 GMT
content-type: image/svg+xml
last-modified: Thu, 24 Nov 2022 08:04:16 GMT
etag: W/"637f2580-18e5"
x-hostinger-datacenter: srv
x-hostinger-node: nl-srv-cdn2
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=2592000
cf-cache-status: HIT
age: 4159
expires: Sun, 04 Dec 2022 19:46:38 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 7745ad0b8fc4b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
thermovies.com/ib/public/guestarea/assets/freccinaBianca.png
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/ib/public/guestarea/assets/freccinaBianca.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /ib/public/guestarea/assets/freccinaBianca.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0; actualSection=persona-e-famiglia; WTLOPTOUT=session; IntesaSanpaolo_NoCookie=session
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:38 GMT
X-Firefox-Spdy: h2
thermovies.com/ib/public/guestarea/assets/menugiu.png
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/ib/public/guestarea/assets/menugiu.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /ib/public/guestarea/assets/menugiu.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0; actualSection=persona-e-famiglia; WTLOPTOUT=session; IntesaSanpaolo_NoCookie=session
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:38 GMT
X-Firefox-Spdy: h2
thermovies.com/ib/public/guestarea/assets/menusu.png
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/ib/public/guestarea/assets/menusu.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /ib/public/guestarea/assets/menusu.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0; actualSection=persona-e-famiglia; WTLOPTOUT=session; IntesaSanpaolo_NoCookie=session
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:38 GMT
X-Firefox-Spdy: h2
thermovies.com/ib/public/guestarea/assets/infinito.png
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/ib/public/guestarea/assets/infinito.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /ib/public/guestarea/assets/infinito.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0; actualSection=persona-e-famiglia; WTLOPTOUT=session; IntesaSanpaolo_NoCookie=session
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:38 GMT
X-Firefox-Spdy: h2
thermovies.com/ib/public/guestarea/assets/sliderSx.png
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/ib/public/guestarea/assets/sliderSx.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /ib/public/guestarea/assets/sliderSx.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0; actualSection=persona-e-famiglia; WTLOPTOUT=session; IntesaSanpaolo_NoCookie=session
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:38 GMT
X-Firefox-Spdy: h2
thermovies.com/ib/public/guestarea/assets/sliderDx.png
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/ib/public/guestarea/assets/sliderDx.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /ib/public/guestarea/assets/sliderDx.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0; actualSection=persona-e-famiglia; WTLOPTOUT=session; IntesaSanpaolo_NoCookie=session
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:38 GMT
X-Firefox-Spdy: h2
thermovies.com/ib/public/guestarea/assets/freccia_dropdown.png
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/ib/public/guestarea/assets/freccia_dropdown.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /ib/public/guestarea/assets/freccia_dropdown.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0; actualSection=persona-e-famiglia; WTLOPTOUT=session; IntesaSanpaolo_NoCookie=session
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:38 GMT
X-Firefox-Spdy: h2
thermovies.com/content/vetrina/it.logindesk.html
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/content/vetrina/it.logindesk.html
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /content/vetrina/it.logindesk.html HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0; actualSection=persona-e-famiglia; WTLOPTOUT=session; IntesaSanpaolo_NoCookie=session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:38 GMT
X-Firefox-Spdy: h2
thermovies.com/ib/public/login/js/arch/services/ArchIncludeIframeAPI.js?v=1.1.11
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/ib/public/login/js/arch/services/ArchIncludeIframeAPI.js?v=1.1.11
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
GET /ib/public/login/js/arch/services/ArchIncludeIframeAPI.js?v=1.1.11 HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0; actualSection=persona-e-famiglia; WTLOPTOUT=session; IntesaSanpaolo_NoCookie=session
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:38 GMT
X-Firefox-Spdy: h2
thermovies.com/ib/public/vetrina/libs/uuid/uuidv4.min.js
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/ib/public/vetrina/libs/uuid/uuidv4.min.js
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /ib/public/vetrina/libs/uuid/uuidv4.min.js HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0; actualSection=persona-e-famiglia; WTLOPTOUT=session; IntesaSanpaolo_NoCookie=session
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:38 GMT
X-Firefox-Spdy: h2
thermovies.com/ib/public/vetrina/libs/uuid/uuidv5.min.js
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/ib/public/vetrina/libs/uuid/uuidv5.min.js
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /ib/public/vetrina/libs/uuid/uuidv5.min.js HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0; actualSection=persona-e-famiglia; WTLOPTOUT=session; IntesaSanpaolo_NoCookie=session
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:38 GMT
X-Firefox-Spdy: h2
thermovies.com/ib/public/vetrina/libs/uaparser.min.js
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/ib/public/vetrina/libs/uaparser.min.js
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /ib/public/vetrina/libs/uaparser.min.js HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0; actualSection=persona-e-famiglia; WTLOPTOUT=session; IntesaSanpaolo_NoCookie=session
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:38 GMT
X-Firefox-Spdy: h2
thermovies.com/ib/public/vetrina/arch/archbridge.js?v=e7e3dfa
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/ib/public/vetrina/arch/archbridge.js?v=e7e3dfa
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /ib/public/vetrina/arch/archbridge.js?v=e7e3dfa HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0; actualSection=persona-e-famiglia; WTLOPTOUT=session; IntesaSanpaolo_NoCookie=session
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:38 GMT
X-Firefox-Spdy: h2
thermovies.com/ib/public/vetrina/libs/uuid/uuidv5.min.js
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/ib/public/vetrina/libs/uuid/uuidv5.min.js
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /ib/public/vetrina/libs/uuid/uuidv5.min.js HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0; actualSection=persona-e-famiglia; WTLOPTOUT=session; IntesaSanpaolo_NoCookie=session
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:38 GMT
X-Firefox-Spdy: h2
thermovies.com/ib/public/vetrina/libs/uaparser.min.js
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/ib/public/vetrina/libs/uaparser.min.js
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /ib/public/vetrina/libs/uaparser.min.js HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0; actualSection=persona-e-famiglia; WTLOPTOUT=session; IntesaSanpaolo_NoCookie=session
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:38 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 20b4c0bcec98948166562fa84a47607d
9cddafcd12b1d9783d0f0e0b770ba6ef5e172302
f36da4c1e535ed5e3768b5628675867383d129422f924ecc69ee38f04c9fe6da
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F36DA4C1E535ED5E3768B5628675867383D129422F924ECC69EE38F04C9FE6DA"
Last-Modified: Sat, 03 Dec 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11441
Expires: Sun, 04 Dec 2022 18:57:19 GMT
Date: Sun, 04 Dec 2022 15:46:38 GMT
Connection: keep-alive
thermovies.com/ib/public/vetrina/arch/archbridge.js?v=e7e3dfa
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/ib/public/vetrina/arch/archbridge.js?v=e7e3dfa
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /ib/public/vetrina/arch/archbridge.js?v=e7e3dfa HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0; actualSection=persona-e-famiglia; WTLOPTOUT=session; IntesaSanpaolo_NoCookie=session
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:38 GMT
X-Firefox-Spdy: h2
a.optnmstr.com/app/js/api.min.js
194.242.11.186200 OK 32 kB URL HTTP/2 a.optnmstr.com/app/js/api.min.js
IP 194.242.11.186:0
ASN #34989 ServeTheWorld AS
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 2d1ec4ec5528280323583849a4346675
c2d0508cd71f752ef99e36970b9175a22293c792
499be45b026a57e8fdd27864cb72c68bea30712af01ca40756e159f72967fd8e
GET /app/js/api.min.js HTTP/1.1
Host: a.optnmstr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:46:38 GMT
content-type: application/javascript
server: BunnyCDN-NO1-830
cdn-pullzone: 293267
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestcountrycode: NO
vary: Accept-Encoding, Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
etag: W/"6378026b-13ef5"
last-modified: Fri, 18 Nov 2022 22:08:43 GMT
cdn-storageserver: DE-198
cdn-requestpullsuccess: True
cdn-fileserver: 492
perma-cache: HIT
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-cachedat: 11/25/2022 21:21:37
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: 6d09903e6395c1dc3012736dadc28281
cdn-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sun, 04 Dec 2022 14:41:08 GMT
expires: Sun, 04 Dec 2022 16:41:08 GMT
cache-control: public, max-age=7200
age: 3930
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
thermovies.com/ib/public/guestarea/styles/app.css?v=b1e0de6
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/ib/public/guestarea/styles/app.css?v=b1e0de6
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /ib/public/guestarea/styles/app.css?v=b1e0de6 HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0; actualSection=persona-e-famiglia; WTLOPTOUT=session; IntesaSanpaolo_NoCookie=session; _omappvp=YvE2H3LtqaRniw2Fopcro8glj1eGU5xclJmGp1SBkRlCWCzg722cWUR9LTxfBge6tIz9zgTQnJ1pknhcRTzOK3DYvNgM0FZe; _omappvs=1670168796448
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:38 GMT
X-Firefox-Spdy: h2
thermovies.com/ib/public/guestarea/scripts/vendor.js?v=b1e0de6
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/ib/public/guestarea/scripts/vendor.js?v=b1e0de6
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /ib/public/guestarea/scripts/vendor.js?v=b1e0de6 HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0; actualSection=persona-e-famiglia; WTLOPTOUT=session; IntesaSanpaolo_NoCookie=session; _omappvp=YvE2H3LtqaRniw2Fopcro8glj1eGU5xclJmGp1SBkRlCWCzg722cWUR9LTxfBge6tIz9zgTQnJ1pknhcRTzOK3DYvNgM0FZe; _omappvs=1670168796448
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:38 GMT
X-Firefox-Spdy: h2
thermovies.com/ib/public/guestarea/scripts/app.js?v=b1e0de6
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/ib/public/guestarea/scripts/app.js?v=b1e0de6
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /ib/public/guestarea/scripts/app.js?v=b1e0de6 HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0; actualSection=persona-e-famiglia; WTLOPTOUT=session; IntesaSanpaolo_NoCookie=session; _omappvp=YvE2H3LtqaRniw2Fopcro8glj1eGU5xclJmGp1SBkRlCWCzg722cWUR9LTxfBge6tIz9zgTQnJ1pknhcRTzOK3DYvNgM0FZe; _omappvs=1670168796448
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:38 GMT
X-Firefox-Spdy: h2
thermovies.com/content/internetbanking/it/faq/common.vetrinasearchfaqgal.json
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/content/internetbanking/it/faq/common.vetrinasearchfaqgal.json
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /content/internetbanking/it/faq/common.vetrinasearchfaqgal.json HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0; actualSection=persona-e-famiglia; WTLOPTOUT=session; IntesaSanpaolo_NoCookie=session; _omappvp=YvE2H3LtqaRniw2Fopcro8glj1eGU5xclJmGp1SBkRlCWCzg722cWUR9LTxfBge6tIz9zgTQnJ1pknhcRTzOK3DYvNgM0FZe; _omappvs=1670168796448
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:38 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 57644c6d19dceab7af7100cd59003818
5748dbd884d3e567fa0a8622c97f975d08381773
bb27966df8c14d331ae1bd55477941bbfddf89953b73d6ba37b86d770603d56c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BB27966DF8C14D331AE1BD55477941BBFDDF89953B73D6BA37B86D770603D56C"
Last-Modified: Sat, 03 Dec 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2197
Expires: Sun, 04 Dec 2022 16:23:15 GMT
Date: Sun, 04 Dec 2022 15:46:38 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 3c4319f54a5675ee9acda96c58f97ac6
210ea86db1836d430b321d59b4bd1b016c914f22
cb20ad3ec895ed3a2ae9b1a90dda6b7cc174d8851f3a15ba054a435746cbdc65
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:46:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
thermovies.com/content/dam/vetrina/mock/banks-list.json
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/content/dam/vetrina/mock/banks-list.json
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /content/dam/vetrina/mock/banks-list.json HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0; actualSection=persona-e-famiglia; WTLOPTOUT=session; IntesaSanpaolo_NoCookie=session; _omappvp=YvE2H3LtqaRniw2Fopcro8glj1eGU5xclJmGp1SBkRlCWCzg722cWUR9LTxfBge6tIz9zgTQnJ1pknhcRTzOK3DYvNgM0FZe; _omappvs=1670168796448; _ga=GA1.2.334502075.1670168796; _gid=GA1.2.495936648.1670168796; _gat=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:39 GMT
X-Firefox-Spdy: h2
thermovies.com/ib/public/guestarea/assets/freccinaBiancaGiu.png
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/ib/public/guestarea/assets/freccinaBiancaGiu.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /ib/public/guestarea/assets/freccinaBiancaGiu.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0; actualSection=persona-e-famiglia; WTLOPTOUT=session; IntesaSanpaolo_NoCookie=session; _omappvp=YvE2H3LtqaRniw2Fopcro8glj1eGU5xclJmGp1SBkRlCWCzg722cWUR9LTxfBge6tIz9zgTQnJ1pknhcRTzOK3DYvNgM0FZe; _omappvs=1670168796448; _ga=GA1.2.334502075.1670168796; _gid=GA1.2.495936648.1670168796; _gat=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:39 GMT
X-Firefox-Spdy: h2
thermovies.com/ib/public/guestarea/assets/freccinaBianca.png
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/ib/public/guestarea/assets/freccinaBianca.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /ib/public/guestarea/assets/freccinaBianca.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0; actualSection=persona-e-famiglia; WTLOPTOUT=session; IntesaSanpaolo_NoCookie=session; _omappvp=YvE2H3LtqaRniw2Fopcro8glj1eGU5xclJmGp1SBkRlCWCzg722cWUR9LTxfBge6tIz9zgTQnJ1pknhcRTzOK3DYvNgM0FZe; _omappvs=1670168796448; _ga=GA1.2.334502075.1670168796; _gid=GA1.2.495936648.1670168796; _gat=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:39 GMT
X-Firefox-Spdy: h2
thermovies.com/ib/public/guestarea/assets/menugiu.png
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/ib/public/guestarea/assets/menugiu.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /ib/public/guestarea/assets/menugiu.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0; actualSection=persona-e-famiglia; WTLOPTOUT=session; IntesaSanpaolo_NoCookie=session; _omappvp=YvE2H3LtqaRniw2Fopcro8glj1eGU5xclJmGp1SBkRlCWCzg722cWUR9LTxfBge6tIz9zgTQnJ1pknhcRTzOK3DYvNgM0FZe; _omappvs=1670168796448; _ga=GA1.2.334502075.1670168796; _gid=GA1.2.495936648.1670168796; _gat=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:39 GMT
X-Firefox-Spdy: h2
thermovies.com/ib/public/guestarea/assets/menusu.png
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/ib/public/guestarea/assets/menusu.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /ib/public/guestarea/assets/menusu.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0; actualSection=persona-e-famiglia; WTLOPTOUT=session; IntesaSanpaolo_NoCookie=session; _omappvp=YvE2H3LtqaRniw2Fopcro8glj1eGU5xclJmGp1SBkRlCWCzg722cWUR9LTxfBge6tIz9zgTQnJ1pknhcRTzOK3DYvNgM0FZe; _omappvs=1670168796448; _ga=GA1.2.334502075.1670168796; _gid=GA1.2.495936648.1670168796; _gat=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:39 GMT
X-Firefox-Spdy: h2
thermovies.com/ib/public/guestarea/assets/infinito.png
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/ib/public/guestarea/assets/infinito.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /ib/public/guestarea/assets/infinito.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0; actualSection=persona-e-famiglia; WTLOPTOUT=session; IntesaSanpaolo_NoCookie=session; _omappvp=YvE2H3LtqaRniw2Fopcro8glj1eGU5xclJmGp1SBkRlCWCzg722cWUR9LTxfBge6tIz9zgTQnJ1pknhcRTzOK3DYvNgM0FZe; _omappvs=1670168796448; _ga=GA1.2.334502075.1670168796; _gid=GA1.2.495936648.1670168796; _gat=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:39 GMT
X-Firefox-Spdy: h2
thermovies.com/ib/public/guestarea/assets/sliderSx.png
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/ib/public/guestarea/assets/sliderSx.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /ib/public/guestarea/assets/sliderSx.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0; actualSection=persona-e-famiglia; WTLOPTOUT=session; IntesaSanpaolo_NoCookie=session; _omappvp=YvE2H3LtqaRniw2Fopcro8glj1eGU5xclJmGp1SBkRlCWCzg722cWUR9LTxfBge6tIz9zgTQnJ1pknhcRTzOK3DYvNgM0FZe; _omappvs=1670168796448; _ga=GA1.2.334502075.1670168796; _gid=GA1.2.495936648.1670168796; _gat=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:39 GMT
X-Firefox-Spdy: h2
thermovies.com/ib/public/guestarea/assets/sliderDx.png
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/ib/public/guestarea/assets/sliderDx.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /ib/public/guestarea/assets/sliderDx.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0; actualSection=persona-e-famiglia; WTLOPTOUT=session; IntesaSanpaolo_NoCookie=session; _omappvp=YvE2H3LtqaRniw2Fopcro8glj1eGU5xclJmGp1SBkRlCWCzg722cWUR9LTxfBge6tIz9zgTQnJ1pknhcRTzOK3DYvNgM0FZe; _omappvs=1670168796448; _ga=GA1.2.334502075.1670168796; _gid=GA1.2.495936648.1670168796; _gat=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:39 GMT
X-Firefox-Spdy: h2
thermovies.com/ib/public/guestarea/assets/freccia_dropdown.png
65.21.134.164404 Not Found 708 B URL HTTP/2 thermovies.com/ib/public/guestarea/assets/freccia_dropdown.png
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert openphish Intesa Sanpaolo
GET /ib/public/guestarea/assets/freccia_dropdown.png HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Cookie: utag_main=v_id:0184ddd15681001b36db167288e800050001700900918$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1670170595480$ses_id:1670168794753%3Bexp-session$vapi_domain:thermovies.com; AMCV_761F7500590204020A495ED3%40AdobeOrg=1585540135%7CMCIDTS%7C19331%7CvVersion%7C4.4.0; actualSection=persona-e-famiglia; WTLOPTOUT=session; IntesaSanpaolo_NoCookie=session; _omappvp=YvE2H3LtqaRniw2Fopcro8glj1eGU5xclJmGp1SBkRlCWCzg722cWUR9LTxfBge6tIz9zgTQnJ1pknhcRTzOK3DYvNgM0FZe; _omappvs=1670168796448; _ga=GA1.2.334502075.1670168796; _gid=GA1.2.495936648.1670168796; _gat=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Sun, 04 Dec 2022 15:46:39 GMT
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c553c0a8ab2b420ad3360281248ad3fb
07634c89c3334df80ea7d5f353585e07a766082c
f9ff3ebbfb7d15c9151e91e77efdbe06d4cb597c3e8d31cc16f56b8f2d204ec1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5665
Cache-Control: max-age=149102
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:46:39 GMT
Etag: "638c4e2c-1d7"
Expires: Tue, 06 Dec 2022 09:11:41 GMT
Last-Modified: Sun, 04 Dec 2022 07:37:16 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
intesasanpaolo.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&mcorgid=761F7500590204020A495ED3%40AdobeOrg&ts=1670168796947
15.236.176.210200 OK 2 B URL HTTP/2 intesasanpaolo.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&mcorgid=761F7500590204020A495ED3%40AdobeOrg&ts=1670168796947
IP 15.236.176.210:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /id?d_visid_ver=4.4.0&d_fieldgroup=MC&mcorgid=761F7500590204020A495ED3%40AdobeOrg&ts=1670168796947 HTTP/1.1
Host: intesasanpaolo.d3.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://thermovies.com
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://thermovies.com
access-control-allow-credentials: true
date: Sun, 04 Dec 2022 15:46:39 GMT
p3p: CP="This is not a P3P policy"
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 2
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3353
Expires: Sun, 04 Dec 2022 16:42:32 GMT
Date: Sun, 04 Dec 2022 15:46:39 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3353
Expires: Sun, 04 Dec 2022 16:42:32 GMT
Date: Sun, 04 Dec 2022 15:46:39 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3353
Expires: Sun, 04 Dec 2022 16:42:32 GMT
Date: Sun, 04 Dec 2022 15:46:39 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43309032a892c486f9985ef520df696e
36f4682ca6a33ff80ee02129c77e6f27e996ede0
24225ff504f30405d9ec3feb2555c738fcca0d6b265f285aa9c73a64c78a496e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5681
x-amzn-requestid: 8f0d66b8-d532-48d9-9a29-74540cd6ab3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltXnEotIAMFqkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc296-27349a376ff819ab63b04a81;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:41:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vNP2rQwmWTntetjJyjonO8N_YOBqvQuZUm42BWX7c1GoX7jASOIpCg==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:49:42 GMT
age: 64617
etag: "36f4682ca6a33ff80ee02129c77e6f27e996ede0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61cc2744-b517-4404-bfa2-25fadadfa3f3.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61cc2744-b517-4404-bfa2-25fadadfa3f3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2636f91bb8fa4d9bb7bef114c248a9ae
8637105f41058bc0d2b259d462b560881928adb6
3d93fd8fcf1af31d00ccbd453142dbea5f2b91d7f58373095943ed40a31ed1f7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61cc2744-b517-4404-bfa2-25fadadfa3f3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 10431
x-amzn-requestid: f79ab5e7-8c1b-4827-a531-aaa19c1d80aa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsCGEwxIAMF34g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc073-6358d2950955884c470c0a89;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PQ7xh995cd1UVi3z42EVZGjQjHLLvtAP5BBC-xLEEGr4mEiXS6fC-w==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:47:06 GMT
age: 64773
etag: "8637105f41058bc0d2b259d462b560881928adb6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 14dcca2a9c4792d835ee709bcd947402
1d702df3a64258628f4124eafd580695f2d350af
da01dcd8fef7c50bdb6f7a8a6a4955694092f479df3dba72f7fa69d7280d07b2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 16143
x-amzn-requestid: dc86fad4-4e53-42c9-9b0a-5e4d2cfcd087
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdGyLGqmoAMFnaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851a7-0ea324b31e8c6578098b8ab9;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:03 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KHd4ajJWl-8TDH5HGbkuJXI4NL6I83IwSUBKzfq85cxpyRH_LGl6OA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 05:55:20 GMT
age: 35479
etag: "1d702df3a64258628f4124eafd580695f2d350af"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f00caab-057c-4cc2-a163-fd0bb4d0b5f7.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f00caab-057c-4cc2-a163-fd0bb4d0b5f7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1521243a6fc065bb631bfbde22886fa2
527220e4e8cd1065ce05fcd0694d0d703d817e2e
b83ebf768bbfb34f49d5467f3dfb43ceb3ca3d30d3454e6f37db9aef72d7689a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f00caab-057c-4cc2-a163-fd0bb4d0b5f7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11482
x-amzn-requestid: d1db05ab-bd5d-4ad4-96b4-8f439152e435
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clssNEeAoAMFh_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc181-0221c53842a2f5ef071e8071;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:37:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UZ5kblxfN8fkp55YeSpUA55GzDxZgsLpFZrYTsdJBihf53HLCN0hTA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 22:17:35 GMT
age: 62944
etag: "527220e4e8cd1065ce05fcd0694d0d703d817e2e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg
34.120.237.76200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c01fe1cccdb3b672bbade6d98217ffe9
a9a529dc9894827f6243a1bf57f81caa4fe88fc2
c43da6212c79a08e22e78e04e99e8f5422e64b4b0a87f30b7907f1b4bc675c71
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4666
x-amzn-requestid: 850d341f-5ccb-453c-8adf-a8194f8fbdad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clr_-GiboAMFwww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc066-766293f2526e637235067aca;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: z5uqgjB-Bsl0U55a8aFi37cpJ65Vnbjm6bJ2GnMpaO7RXsMZsOCbPQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:44:01 GMT
age: 64958
etag: "a9a529dc9894827f6243a1bf57f81caa4fe88fc2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
intesasanpaolo.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=761F7500590204020A495ED3%40AdobeOrg&mid=87616778364833994263880457441995279696&ts=1670168797114
15.236.176.210200 OK 2 B URL HTTP/2 intesasanpaolo.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=761F7500590204020A495ED3%40AdobeOrg&mid=87616778364833994263880457441995279696&ts=1670168797114
IP 15.236.176.210:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=761F7500590204020A495ED3%40AdobeOrg&mid=87616778364833994263880457441995279696&ts=1670168797114 HTTP/1.1
Host: intesasanpaolo.d3.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://thermovies.com
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://thermovies.com
access-control-allow-credentials: true
date: Sun, 04 Dec 2022 15:46:39 GMT
p3p: CP="This is not a P3P policy"
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 2
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash db1701b7b9d161a0c935bb6e10b17893
22a8c4bd58c729c1abcf794466e8f3231dfb034b
b495524a33e5b1d3ba34cfbe867ada0da956c061370b1fcde06b23a6194a9787
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8315
x-amzn-requestid: f1bcc33b-aad9-4d3b-b1f9-49282f2d4fb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMGVboAMFfxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-13472a097177d4751c8f7a8c;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: JuY0xcLDiERwrVhq33d4PP64liDqFfk9bc9xX1H62o0tOwrt1ek7Pg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:42:39 GMT
age: 65040
etag: "22a8c4bd58c729c1abcf794466e8f3231dfb034b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=761F7500590204020A495ED3%40AdobeOrg&d_nsid=0&d_mid=87616778364833994263880457441995279696&ts=1670168797176
3.248.138.237200 OK 214 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=761F7500590204020A495ED3%40AdobeOrg&d_nsid=0&d_mid=87616778364833994263880457441995279696&ts=1670168797176
IP 3.248.138.237:0
File type JSON data\012- , ASCII text, with no line terminators
Hash ff29601c62f211df9a83c5b01f2449b0
a3f5969a0f561498777ed83aa12faf36bea49633
1ee283e450849e456544340a2bb42bcb0b7f045bb1f45cc4246b6a09ecb9d0cd
GET /id?d_visid_ver=4.4.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=761F7500590204020A495ED3%40AdobeOrg&d_nsid=0&d_mid=87616778364833994263880457441995279696&ts=1670168797176 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://thermovies.com
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://thermovies.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-0ed41892e.edge-irl1.demdex.com 1 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=87425913509918141673827620336973855813; Max-Age=15552000; Expires=Fri, 02 Jun 2023 15:46:39 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: rGnzHNLQSpg=
Content-Length: 214
Connection: keep-alive
a.omappapi.com/app/js/api.min.css
194.242.11.186200 OK 0 B URL HTTP/2 a.omappapi.com/app/js/api.min.css
IP 194.242.11.186:0
ASN #34989 ServeTheWorld AS
GET /app/js/api.min.css HTTP/1.1
Host: a.omappapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:46:38 GMT
content-type: text/css
server: BunnyCDN-NO1-830
cdn-pullzone: 293267
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestcountrycode: NO
vary: Accept-Encoding, Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
etag: W/"6378026e-464c"
last-modified: Fri, 18 Nov 2022 22:08:46 GMT
cdn-storageserver: DE-165
cdn-requestpullsuccess: True
cdn-fileserver: 296
perma-cache: HIT
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-cachedat: 12/03/2022 14:13:30
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: 819c27af91ea9bd8a00c009612d87392
cdn-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
cdn.000webhost.com/000webhost/000webhost-pages/corgi-spotlight.svg
104.19.184.120200 OK 0 B URL HTTP/2 cdn.000webhost.com/000webhost/000webhost-pages/corgi-spotlight.svg
IP 104.19.184.120:0
GET /000webhost/000webhost-pages/corgi-spotlight.svg HTTP/1.1
Host: cdn.000webhost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:46:38 GMT
content-type: image/svg+xml
last-modified: Thu, 24 Nov 2022 08:04:16 GMT
etag: W/"637f2580-246"
x-hostinger-datacenter: srv
x-hostinger-node: nl-srv-cdn2
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=2592000
cf-cache-status: HIT
age: 4159
expires: Sun, 04 Dec 2022 19:46:38 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 7745ad0b9fd3b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
thermovies.com/isp_files/clientlib-libs.js
65.21.134.164200 OK 0 B URL HTTP/2 thermovies.com/isp_files/clientlib-libs.js
IP 65.21.134.164:0
ASN #24940 Hetzner Online GmbH
Analyzer Verdict Alert openphish Intesa Sanpaolo
fortinet Phishing
GET /isp_files/clientlib-libs.js HTTP/1.1
Host: thermovies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 15:46:36 GMT
content-type: application/javascript
last-modified: Wed, 24 Feb 2021 08:51:10 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 223594
date: Sun, 04 Dec 2022 15:46:36 GMT
X-Firefox-Spdy: h2
cdn.000webhost.com/000webhost/000webhost-pages/corgi-lies-on-ground-looking-back.svg
104.19.184.120200 OK 0 B URL HTTP/2 cdn.000webhost.com/000webhost/000webhost-pages/corgi-lies-on-ground-looking-back.svg
IP 104.19.184.120:0
GET /000webhost/000webhost-pages/corgi-lies-on-ground-looking-back.svg HTTP/1.1
Host: cdn.000webhost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thermovies.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:46:37 GMT
content-type: image/svg+xml
last-modified: Thu, 24 Nov 2022 08:04:16 GMT
etag: W/"637f2580-25b7"
x-hostinger-datacenter: srv
x-hostinger-node: nl-srv-cdn2
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=2592000
cf-cache-status: HIT
age: 4158
expires: Sun, 04 Dec 2022 19:46:37 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 7745ad0a8e22b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2