Report - www.demaflexsnc.it/public/posten/

Report Overview

Submitted URL
www.demaflexsnc.it/public/posten/
IP
31.11.33.147
ASN
#31034 Aruba S.p.A.
Submitted
2023-02-17 13:58:39
Access
Website Title
Final URL
Tags
posten logistics phishing
urlquery detections
Phishing - Posten Norge

Detections

urlquery
23
Network Intrusion Detection
0
Threat Detection Systems
24

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
ocsp.globalsign.com	2075	2012-07-20T19:46:16Z	2023-03-13T05:09:19Z	368 B	1.9 kB	104.18.20.226
8260928.fls.doubleclick.net	unknown	2017-12-01T13:39:49Z	2023-03-13T08:39:24Z	2.8 kB	4.0 kB	142.250.74.70
script.hotjar.com	887	2020-11-05T17:23:46Z	2023-03-13T07:54:54Z	386 B	90 kB	54.230.111.73
adservice.google.no	96969	2018-06-20T01:38:38Z	2023-03-13T05:09:46Z	3.0 kB	2.9 kB	216.58.207.194
ib.adnxs.com	241	2012-05-20T21:01:49Z	2023-03-13T05:28:06Z	1.6 kB	1.0 kB	37.252.171.53
static.ads-twitter.com	614	2018-06-24T00:08:39Z	2023-03-13T05:25:18Z	1.1 kB	17 kB	151.101.244.157
snap.licdn.com	1044	2014-10-06T10:43:45Z	2023-03-13T05:12:55Z	383 B	5.1 kB	95.101.11.48
www.gstatic.com	unknown	2016-07-26T11:37:06Z	2023-03-13T07:57:11Z	845 B	4.1 kB	142.250.74.99
cdn.mycomandia.com	unknown	2017-02-08T17:30:34Z	2023-03-10T15:56:45Z	3.1 kB	51 kB	176.31.232.62
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	7.2 kB	15 kB	142.250.74.131
cdn.jsdelivr.net	439	2012-09-30T02:15:09Z	2023-03-13T06:17:54Z	1.2 kB	87 kB	151.101.129.229
www.googletagmanager.com	75	2013-05-22T04:07:37Z	2023-03-13T08:28:24Z	2.0 kB	122 kB	142.250.74.168
acdn.adnxs.com	573	2015-11-11T14:40:40Z	2023-03-13T07:55:59Z	286 B	3.9 kB	151.101.65.108
www.google.no	25607	2016-04-05T21:50:59Z	2023-03-13T06:26:15Z	706 B	758 B	142.250.74.163
www.facebook.com	99	2012-05-21T02:23:41Z	2021-02-04T00:31:35Z	620 B	349 B	157.240.200.35
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	3.0 kB	8.0 kB	95.101.11.115
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.9 kB	34.160.144.191
translate.googleapis.com	1005	2012-05-31T09:21:21Z	2023-03-13T08:44:18Z	417 B	4.5 kB	142.250.74.170
siteimproveanalytics.com	3559	2014-12-11T11:13:11Z	2023-03-13T08:57:44Z	306 B	27 kB	172.64.197.24
in.taskanalytics.com	unknown	2016-02-05T07:44:24Z	2023-03-12T20:15:09Z	4.0 kB	3.8 kB	54.216.252.255
ocsp.sca1b.amazontrust.com	1015	2017-03-03T16:20:51Z	2019-03-27T05:05:54Z	350 B	944 B	54.230.245.39
static.hotjar.com	641	2014-11-01T06:14:27Z	2023-03-13T05:12:51Z	378 B	629 B	54.230.111.39
connect.facebook.net	139	2012-05-22T04:51:28Z	2023-03-13T05:09:29Z	669 B	30 kB	31.13.72.12
px.ads.linkedin.com	522	2018-06-15T13:29:56Z	2023-03-13T07:16:10Z	477 B	748 B	13.107.42.14
z.moatads.com	374	2014-02-11T17:19:47Z	2023-03-13T05:10:11Z	392 B	1.4 kB	23.38.201.146
tienda.correos.es	unknown	2018-12-13T09:45:01Z	2023-03-10T15:56:45Z	782 B	2.1 kB	94.23.87.92
b.scorecardresearch.com	3959	2012-06-26T16:32:10Z	2023-03-12T22:35:00Z	289 B	2.4 kB	54.230.111.73
www.google-analytics.com	40	2012-10-03T03:04:21Z	2023-03-13T07:36:03Z	756 B	22 kB	142.250.74.110
www.google.com	7	2015-05-10T13:11:19Z	2023-03-13T06:40:43Z	694 B	1.2 kB	142.250.74.164
encrypted-tbn0.gstatic.com	unknown	2013-05-31T04:32:18Z	2023-03-13T06:08:26Z	456 B	7.1 kB	142.250.74.78
ocsp.r2m01.amazontrust.com	unknown	2022-10-12T22:43:53Z	2023-03-13T08:10:39Z	350 B	944 B	54.230.80.227
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	44.228.217.71
vars.hotjar.com	1014	2020-11-05T11:13:14Z	2023-03-12T19:56:22Z	568 B	788 B	54.230.111.85
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.3 kB	52 kB	34.120.237.76
6015663.global.siteimproveanalytics.io	unknown	2019-07-01T12:06:58Z	2023-03-12T20:02:27Z	614 B	615 B	3.122.28.13
www.demaflexsnc.it	unknown	2015-11-14T01:12:32Z	2023-02-17T13:39:11Z	5.7 kB	173 kB	31.11.33.147
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-13T08:14:31Z	398 B	1.1 kB	142.250.74.138
posten.boost.ai	unknown	2018-11-15T11:19:37Z	2023-03-13T08:35:08Z	375 B	226 kB	54.229.45.73
adservice.google.com	76	2021-02-20T17:10:48Z	2023-03-13T08:49:52Z	3.1 kB	3.4 kB	142.250.74.34
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	682 B	1.5 kB	93.184.220.29
www.googleadservices.com	107	2012-06-26T16:53:06Z	2023-03-13T08:26:04Z	388 B	16 kB	142.250.74.162
googleads.g.doubleclick.net	42	2021-02-20T16:43:32Z	2023-03-13T08:39:16Z	721 B	757 B	142.250.74.66

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-17	medium	www.demaflexsnc.it/public/posten/	Phishing
2023-02-17	medium	www.demaflexsnc.it/public/posten/file/f.txt	Phishing
2023-02-17	medium	www.demaflexsnc.it/public/posten/file/1.txt	Phishing
2023-02-17	medium	www.demaflexsnc.it/_/asset/no.posten.website:1594301215/js/chatbot.js	Phishing
2023-02-17	medium	www.demaflexsnc.it/public/posten/file/1(1).txt	Phishing
2023-02-17	medium	www.demaflexsnc.it/_/asset/no.posten.website:1594301215/js/bundle.js	Phishing
2023-02-17	medium	www.demaflexsnc.it/public/posten/file/js	Phishing
2023-02-17	medium	www.demaflexsnc.it/public/posten/file/moatframe.js.t%C3%A9l%C3%A9chargement	Phishing
2023-02-17	medium	www.demaflexsnc.it/public/posten/file/js	Phishing
2023-02-17	medium	www.demaflexsnc.it/public/posten/file/moatframe.js.t%C3%A9l%C3%A9chargement	Phishing
2023-02-17	medium	www.demaflexsnc.it/_/asset/no.posten.website:1594301215/js/bundle.js	Phishing
2023-02-17	medium	www.demaflexsnc.it/_/asset/no.posten.website:1594301215/js/chatbot.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (31)

	URL	Size	First Seen	Last Seen
	acdn.adnxs.com/dmp/up/pixie.js	9.1 kB	2023-03-07	2024-01-23
Pretty URL acdn.adnxs.com/dmp/up/pixie.js IP 151.101.65.108 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:42 Last Seen2024-01-23 08:30:01 Times Seen221 Hash e286c68ac0ac089b297abd8a3d9832a7 08a5e998ea0b980201d11b0282861c4efaeea396 f033d6a9b4acc24957ac5ca92d278b9aca16ec1b264658ae3267b1efa6ef4a5e Loading...

	cdn.jsdelivr.net/npm/@posten/hedwig@11/dist/icons.min.js	485 B	2023-03-07	2024-02-10
Pretty URL cdn.jsdelivr.net/npm/@posten/hedwig@11/dist/icons.min.js IP 151.101.129.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:33:11 Last Seen2024-02-10 15:41:35 Times Seen31 Hash d1c15763ff2e6116a9a24bed1e3e5e45 5806ce4ce54205a0de89e45e2602ef9ff5ca8e9e f660ca0badb23ddca91dd3b86c7a538d64c5acab3327a981942f792484ef631f Loading...

	b.scorecardresearch.com/beacon.js	3.9 kB	2023-03-07	2024-01-14
Pretty URL b.scorecardresearch.com/beacon.js IP 54.230.111.73 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:19 Last Seen2024-01-14 12:48:16 Times Seen58 Hash eaf85c1c6758e84acfe134efd70e9373 5caec39b3ce7c2ec9912aff8ae6fa05aa9fb757e ee54b51af15f1f68f707da981f3c135c249a25e9293871e1e0cbd2c24c7b6117 Loading...

	www.demaflexsnc.it/public/posten/	26 B	2023-03-07	2024-04-18
Pretty URL www.demaflexsnc.it/public/posten/ IP 31.11.33.147 ASN #31034 Aruba S.p.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:05:05 Last Seen2024-04-18 12:33:01 Times Seen664 Hash eb7a24ef1bd1aec83ac360dcc088ba45 ec5f90396a524b12f0c07a53394a1b1b45d6b95c 2cc26ff044a57e2085fbda562947b3f955f2bd9758ad3f9f710dc4a6ce173f24 Loading...

	www.google-analytics.com/plugins/ua/linkid.js	1.6 kB	2023-03-07	2024-04-15
Pretty URL www.google-analytics.com/plugins/ua/linkid.js IP 142.250.74.110 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-04-15 19:01:06 Times Seen1974 Hash 0cc3a63fe10060af4a349e5df666eefe 3e8d3925b550345123f2cab26568221fd4154f9c 92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54 Loading...

	connect.facebook.net/signals/config/843920095719058?v=2.9.96&r=stable	386 kB	2023-03-14	2023-04-18
Pretty URL connect.facebook.net/signals/config/843920095719058?v=2.9.96&r=stable IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 02:13:19 Last Seen2023-04-18 13:54:37 Times Seen5 Hash baaea03cb9cc27e0514a53a774bf85a5 5287186d5bc591589f12b0df17e0be57466706bb a3f65402d21a8c6db9f099f4207ac9ea6116819bf52bb2ae4e49e113bc9a95dd Loading...

	www.demaflexsnc.it/public/posten/	388 B	2023-03-07	2024-02-10
Pretty URL www.demaflexsnc.it/public/posten/ IP 31.11.33.147 ASN #31034 Aruba S.p.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:33:11 Last Seen2024-02-10 15:41:34 Times Seen10 Hash 5dff850e6b367601ba25831d730aef28 fc0b38495d75ca512063fae5ab20c5f449e8de7c a86be6d3ee819a76df13fb3f24d98fcab7e90730a3883f09ade59ccc063ca21f Loading...

	static.ads-twitter.com/uwt.js	58 kB	2023-03-08	2024-04-16
Pretty URL static.ads-twitter.com/uwt.js IP 151.101.244.157 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:46 Last Seen2024-04-16 19:18:01 Times Seen4327 Hash 32ad004436155ec972bc50e6238b5b67 9b2cdb645c2fa5b98a9d05dcdca521fed4a17b7b cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-12	2024-04-15
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.110 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 21:46:21 Last Seen2024-04-15 18:54:35 Times Seen35101 Hash 54e51056211dda674100cc5b323a58ad 26dc5034cb6c7f3bbe061edd37c7fc6006cb835b 5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de Loading...

	www.demaflexsnc.it/public/posten/	349 B	2023-03-07	2023-12-19
Pretty URL www.demaflexsnc.it/public/posten/ IP 31.11.33.147 ASN #31034 Aruba S.p.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:33:11 Last Seen2023-12-19 03:50:04 Times Seen4 Hash 6465f9741b3b1d267cae0273cdaaf3b9 67face847fbc1110c4d2cb034210b6bd7889c3ca f1e391b47cb63e79dcff31b4eaeb01f1cbdcdf86800be1c980c50aa0819c6313 Loading...

	snap.licdn.com/li.lms-analytics/insight.min.js	13 kB	2023-03-12	2024-03-30
Pretty URL snap.licdn.com/li.lms-analytics/insight.min.js IP 95.101.11.48 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 18:01:01 Last Seen2024-03-30 11:38:49 Times Seen5925 Hash b846c9d158853dd4aa95d3d7407ed8bb 2cf0eb02a22e8bd80d19a50a84593420d777d5db f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f Loading...

	z.moatads.com/addthismoatframe568911941483/moatframe.js	1.7 kB	2023-03-07	2023-11-01
Pretty URL z.moatads.com/addthismoatframe568911941483/moatframe.js IP 23.38.201.146 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:57 Last Seen2023-11-01 14:42:28 Times Seen4278 Hash dd1a19cb8d13e4571d2b293c0a0d2ccf 18070dd5c894930a8aef7117bf8d49bd4922a723 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd Loading...

	www.demaflexsnc.it/public/posten/	416 B	2023-03-07	2024-02-10
Pretty URL www.demaflexsnc.it/public/posten/ IP 31.11.33.147 ASN #31034 Aruba S.p.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:33:11 Last Seen2024-02-10 15:41:34 Times Seen10 Hash 86e5f08705d17f53f803a1a255ada213 0e9770da8d5473f50cf3b25afb6d482b53583f25 05e43a4d8cf191ebd68225b1c4140e8f18cd4004e18a83d7b2f32c8fe3f00e08 Loading...

	www.demaflexsnc.it/public/posten/	323 B	2023-03-07	2024-02-10
Pretty URL www.demaflexsnc.it/public/posten/ IP 31.11.33.147 ASN #31034 Aruba S.p.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:33:11 Last Seen2024-02-10 15:41:34 Times Seen12 Hash c50e511eeaa71ac73fa8c00e28615b88 9317098f9e34e984c8351d7cba137629866b6e0f 1980c6e6d0bb39a0c1db0c4afe331ff50270c0cbe80876098b961fedacad95b3 Loading...

	www.google.com/pagead/1p-conversion/undefined/?random=1676642308896&cv=11&fst=1676642308896&bg=ffffff&guid=ON&async=1&gtm=45He32f0&u_w=1280&u_h=1024&label=undefined&hn=www.google.com&frm=0&url=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&tiba=Posten.no&value=0&bttype=purchase&auid=833644386.1676642309&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4	43 B	2023-03-07	2024-04-08
Pretty URL www.google.com/pagead/1p-conversion/undefined/?random=1676642308896&cv=11&fst=1676642308896&bg=ffffff&guid=ON&async=1&gtm=45He32f0&u_w=1280&u_h=1024&label=undefined&hn=www.google.com&frm=0&url=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&tiba=Posten.no&value=0&bttype=purchase&auid=833644386.1676642309&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4 IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:30 Last Seen2024-04-08 20:17:10 Times Seen63935 Hash ad8b6f08655797587cdec719a94efe59 182adf5a140796f81e930649d05654dbf22fd5b7 77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6 Loading...

	unknown	0 B	2023-03-07	2024-04-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-20 04:29:37 Times Seen36969590 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-M83DX4	224 kB	2023-03-14	2023-03-14
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-M83DX4 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 02:13:36 Last Seen2023-03-14 02:13:36 Times Seen1 Hash 4d427e9efbaad76da90d2327ecec39e7 07ceee9b5824ee645cffd92528b0f313a643b89b 1cae9ce85c6611481c5a451079c1c985e35940d0be4b3173ac54dc11479cd0d2 Loading...

	www.demaflexsnc.it/public/posten/	349 B	2023-03-07	2023-12-19
Pretty URL www.demaflexsnc.it/public/posten/ IP 31.11.33.147 ASN #31034 Aruba S.p.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:33:11 Last Seen2023-12-19 03:50:04 Times Seen4 Hash 4bb3a2c40cca89845dbdacbfa0bfdcfa 61244453ec6976eeda02cd8c45045dbd4c77da17 093c1594dce6c71fb46527c29c2a76b05219ea1ff0e757b9261030bd1dd0a810 Loading...

	www.demaflexsnc.it/public/posten/	395 B	2023-03-07	2024-02-10
Pretty URL www.demaflexsnc.it/public/posten/ IP 31.11.33.147 ASN #31034 Aruba S.p.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:33:11 Last Seen2024-02-10 15:41:34 Times Seen10 Hash c5d733f815a28785992cefae3fa1d60f 8122aff7bbcb2a1956c03398d99e10e664ec71e0 730dac7ab9f3041646ba8e024bdd12e626dfa26a5ec64f651871e46492c8364e Loading...

	www.demaflexsnc.it/public/posten/file/f.txt	30 kB	2023-03-10	2024-02-10
Pretty URL www.demaflexsnc.it/public/posten/file/f.txt IP 31.11.33.147 ASN #31034 Aruba S.p.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 08:45:48 Last Seen2024-02-10 15:41:36 Times Seen13 Hash de7af9d1087edf65499fa8ce40a3c986 1596691629bae9f57063992bdf1af732d447559a 324573528cdc2d00cee54159016323477090223630c684b4cc46b9e437cb13c8 Loading...

	www.demaflexsnc.it/public/posten/file/1(1).txt	1.5 kB	2023-03-07	2024-02-10
Pretty URL www.demaflexsnc.it/public/posten/file/1(1).txt IP 31.11.33.147 ASN #31034 Aruba S.p.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:33:11 Last Seen2024-02-10 15:41:36 Times Seen37 Hash f63ac3d276b7077a987675d6006a39dd a226c5e9acbafd79dab86c1018c274a879cdb5a1 ea0ff8a36f44af31d5379e7c0a28551018e697d4d424f9f31cdd37ed8891616d Loading...

	www.googleadservices.com/pagead/conversion_async.js	42 kB	2023-03-13	2023-03-14
Pretty URL www.googleadservices.com/pagead/conversion_async.js IP 142.250.74.162 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 14:41:31 Last Seen2023-03-14 07:58:23 Times Seen1 Hash d3e2a489afafaffa70824acb767c43c8 e69e4fd49936d906db66aa2070ead053f0fd2d49 29566211c0742a044398ba7ae7fe728cd72c94c9ac0e1a114424ae21daf74a22 Loading...

	connect.facebook.net/en_US/fbevents.js	109 kB	2023-03-14	2023-10-19
Pretty URL connect.facebook.net/en_US/fbevents.js IP 31.13.72.12 ASN #32934 FACEBOOK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 00:30:04 Last Seen2023-10-19 02:58:15 Times Seen11 Hash 467eb094cd171743fc97afdaa813ee31 e3c70cc60cc406293f2eefbadeebc1791942632f dca9b6afcb6c37d6a32456973fe5f2986a348a70d11774e102de6fc420992a19 Loading...

	www.demaflexsnc.it/public/posten/file/1.txt	263 B	2023-03-07	2024-02-10
Pretty URL www.demaflexsnc.it/public/posten/file/1.txt IP 31.11.33.147 ASN #31034 Aruba S.p.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:33:11 Last Seen2024-02-10 15:41:36 Times Seen36 Hash 628aab205fc5a86c455467f9ebcf5e9c 90d8bf119e9c1c3b36d12b96669093bf31575625 c941476875f1024e95df21890a7eb5eddc4acd304a54a8c3b0b033f3356bdaf1 Loading...

	www.googletagmanager.com/gtag/js?id=DC-9852050&l=dataLayer&cx=c	114 kB	2023-03-14	2023-03-14
Pretty URL www.googletagmanager.com/gtag/js?id=DC-9852050&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 02:13:36 Last Seen2023-03-14 02:13:36 Times Seen1 Hash 64ad52a7d8e6dfd9ecb0b94dafb53004 ad3700151ace3544937d3b96f6aff624103aa38a 95154cfc83f9afc212fe9ef818367ff0189b6d0ade6d4db9f319127e9d11565f Loading...

	posten.boost.ai/chatPanel/chatPanel.js	764 kB	2023-03-13	2023-04-18
Pretty URL posten.boost.ai/chatPanel/chatPanel.js IP 54.229.45.73 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:35:55 Last Seen2023-04-18 13:54:36 Times Seen3 Hash e17167ce8ac367bf66344ed34ffc77d5 5f360ac1d8a62dad7fd4eaefc3cc2e2e66f0513b d18681cdf434fdd7cad7850bc98cbda28d7bbe9ff29b51dc164619ef1608949a Loading...

		Size	First Seen	Last Seen
	#1 Eval - 959103c20b8c7e7c16d3470987d47023	87 B	2023-03-07	2023-03-14
Pretty Observations First Seen2023-03-07 14:33:11 Last Seen2023-03-14 02:13:36 Times Seen1 Hash 959103c20b8c7e7c16d3470987d47023 5d1746f4d0296b85788e4a8a3f2043bd0586dd28 57417104a96d1a427e8d15e07d2d7ee0cf0cc28b9c5c4b6cc5b69d94b15d3175 Loading...

	#2 Eval - fb5cb7b246e69034e02cb9a126ea18af	38 B	2023-03-07	2024-04-18
Pretty Observations First Seen2023-03-07 12:06:54 Last Seen2024-04-18 11:24:09 Times Seen728 Hash fb5cb7b246e69034e02cb9a126ea18af 59691e84cdc7797ab899b6828d78fe0e59015c64 21e1463f2dbdf773d27eb5b59524062b4aedb68414d396e65bb440516cdeae44 Loading...

	#3 Eval - 6c2b481ed8522d2217940e1553317555	873 B	2023-03-07	2023-03-14
Pretty Observations First Seen2023-03-07 14:33:11 Last Seen2023-03-14 02:13:36 Times Seen1 Hash 6c2b481ed8522d2217940e1553317555 0b9b34a1f90e545f70f32cd6d3dc86fb4e72d144 afdb6c824fa50b49f1ad290a4c94fd53f39f598902460805804cc0c1775e6720 Loading...

	#4 Eval - fd474c68b715a71665cb3de47e348c28	873 B	2023-03-07	2023-03-14
Pretty Observations First Seen2023-03-07 14:33:11 Last Seen2023-03-14 02:13:36 Times Seen1 Hash fd474c68b715a71665cb3de47e348c28 a3a8ea817f62ddbf860adeb42223c75a02bc97c3 ed04fe40f9d557c156a53678bc2ebda259efb1c1b4c42215b1cd57a590ab3db2 Loading...

	#5 Eval - 1429e32594860bab89900f5932d918c3	132 B	2023-03-07	2023-03-14
Pretty Observations First Seen2023-03-07 14:33:11 Last Seen2023-03-14 02:13:36 Times Seen1 Hash 1429e32594860bab89900f5932d918c3 21624360ff680994575b5713a678fa68ca5109b9 cefd82456250e4101fa38516ce1c37e1414218788d6106605297abce42788e69 Loading...

HTTP Transactions (136)

URL IP Response Size

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
698e7914bce829103467184723ba90af
d893e1796a889eac97608c2d0914d9e35a022250
6d3f61c3503884e04f24c83d591c2f043c5618b1d84d92a4488d8bb3131b9a75

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D3F61C3503884E04F24C83D591C2F043C5618B1D84D92A4488D8BB3131B9A75"
Last-Modified: Fri, 17 Feb 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4115
Expires: Fri, 17 Feb 2023 15:07:03 GMT
Date: Fri, 17 Feb 2023 13:58:28 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e2774fdb28d9f6ef0658eb7286166e3f
9240e40dcd6422d6b92b9f9b54c79e7629f28828
e59f037bbb477951b8d775acb4d62c243d19d6b0022787348bae224092690d53

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E59F037BBB477951B8D775ACB4D62C243D19D6B0022787348BAE224092690D53"
Last-Modified: Thu, 16 Feb 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10815
Expires: Fri, 17 Feb 2023 16:58:43 GMT
Date: Fri, 17 Feb 2023 13:58:28 GMT
Connection: keep-alive

www.demaflexsnc.it/public/posten/

31.11.33.147

200 OK

92 kB

URL HTTP/1.1
www.demaflexsnc.it/public/posten/
IP
31.11.33.147:0
ASN
#31034 Aruba S.p.A.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (12059), with CRLF line terminators
Size
92 kB (92231 bytes)
Hash
bb243bde46c0d3cd2d909aa3f842f094
6640f5c86e59ffced81d15f1f1516d6df83fba86
f79c0762174af9f297c3d1292bb24d57fcb71997ac3647ffc39f070c2d15c29c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /public/posten/ HTTP/1.1
Host: www.demaflexsnc.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Tue, 02 Feb 2021 04:36:50 GMT
Accept-Ranges: bytes
ETag: "05dc251df9d61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Aruba2-Cache: NA
X-Aruba-Cache: NA
Date: Fri, 17 Feb 2023 13:58:28 GMT
Content-Length: 92231

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 17 Feb 2023 13:37:38 GMT
content-type: application/json
age: 1250
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ab826368e69a2ca160ec61aa596a7a27
52d3afd0d0a2bc2e65c09df55bfc58bf84034afd
48b80951de12295fa262aca8aa9b26e24725ea47d205f60737f37643ce43aa1a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B80951DE12295FA262ACA8AA9B26E24725EA47D205F60737F37643CE43AA1A"
Last-Modified: Thu, 16 Feb 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4532
Expires: Fri, 17 Feb 2023 15:14:00 GMT
Date: Fri, 17 Feb 2023 13:58:28 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: YmQV4gZXfJc6aHblnx5nYpu6kuYgdDM/Am6FRGRaJ8tAWZhI6skEhb87nd532Ei3gX1XChi13mA=
x-amz-request-id: RNK0YV1JK00G17PH
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 17 Feb 2023 13:21:06 GMT
age: 2242
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 17 Feb 2023 13:58:28 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

www.demaflexsnc.it/public/posten/file/new-style.css

31.11.33.147

200 OK

9.0 kB

URL HTTP/1.1
www.demaflexsnc.it/public/posten/file/new-style.css
IP
31.11.33.147:0
ASN
#31034 Aruba S.p.A.

File type
ASCII text, with very long lines (306), with CRLF line terminators
Size
9.0 kB (9044 bytes)
Hash
fa5d7200cac26a31ca7ad45365d58dfb
9166ed9368fe8da134289378e2bc2a9c7da96772
3e71175a939fd2ec67df0ac36071a84f20fd086560b45a33752b0a6a26c41064

HTTP Headers

GET /public/posten/file/new-style.css HTTP/1.1
Host: www.demaflexsnc.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/public/posten/

HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Tue, 02 Feb 2021 04:36:50 GMT
Accept-Ranges: bytes
ETag: "05dc251df9d61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Aruba2-Cache: NA
X-Aruba-Cache: NA
Date: Fri, 17 Feb 2023 13:58:28 GMT
Content-Length: 9044

z.moatads.com/addthismoatframe568911941483/moatframe.js

23.38.201.146

200 OK

948 B

URL HTTP/2
z.moatads.com/addthismoatframe568911941483/moatframe.js
IP
23.38.201.146:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (523)
Size
948 B (948 bytes)
Hash
f14b4e1f799b14f798a195f43cf58376
b6fd3b3d407fb4c0a00fb8a31862235e2a6e0a86
92ed3e9fda5fa4d738ff4d9023846b56633617363dda6a750cacb4fba53241ac

HTTP Headers

GET /addthismoatframe568911941483/moatframe.js HTTP/1.1
Host: z.moatads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: e0HboiVQpjIDEK8WTxqU5+8G8wOtu9bNCFY72alTHLP0/Yb+qoiTOxu6fad89ebRofzHxENxOOg=
x-amz-request-id: 61EC92F13BB22DD4
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
etag: "f14b4e1f799b14f798a195f43cf58376"
content-encoding: gzip
accept-ranges: bytes
content-type: application/x-javascript
content-length: 948
server: AmazonS3
vary: Accept-Encoding
cache-control: max-age=13657
date: Fri, 17 Feb 2023 13:58:28 GMT
X-Firefox-Spdy: h2

cdn.mycomandia.com/static/shop/common/fonts/flaticon/flaticon.css?v=2019.12.17

176.31.232.62

200 OK

1.2 kB

URL HTTP/2
cdn.mycomandia.com/static/shop/common/fonts/flaticon/flaticon.css?v=2019.12.17
IP
176.31.232.62:0
ASN
#16276 OVH SAS

File type
ASCII text
Size
1.2 kB (1210 bytes)
Hash
e8b5e4d5eb0df11eb339ba959520b978
24777a5efa576aec4026ff30bcf4fd6ecd81b003
2650ffdcb2bf4147d062825fee353bd86e80c1f1c22c0b29ea856fdd3213e0a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /static/shop/common/fonts/flaticon/flaticon.css?v=2019.12.17 HTTP/1.1
Host: cdn.mycomandia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 17 Feb 2023 13:58:28 GMT
content-type: text/css
content-length: 1210
last-modified: Tue, 27 Aug 2019 11:07:48 GMT
etag: "5d650f04-4ba"
server: rebelio-n1
expires: Sat, 17 Feb 2024 13:58:28 GMT
cache-control: max-age=31536000
backend: 1
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
06e06b8a5a6fd7eb0580e616478b58b8
c1e3a37c3c6b831fad95fb469ddbcd7154e5a3e8
5b8ac8bdb71711d0ac3c2cff8d21d1fee72f17042acbb70d59dde449b3745429

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdn.mycomandia.com/static/shop/common/css/validationEngine.jquery.css?v=2019.12.17

176.31.232.62

200 OK

3.3 kB

URL HTTP/2
cdn.mycomandia.com/static/shop/common/css/validationEngine.jquery.css?v=2019.12.17
IP
176.31.232.62:0
ASN
#16276 OVH SAS

File type
ASCII text, with CRLF line terminators
Size
3.3 kB (3334 bytes)
Hash
a8935f51f8ca663bf3a18d4b1da31bf7
6f2e6f9c21ced7020e6d8c73c2e8ad71d797aa9d
cd363d0f8425d6b271c14ee5d6a8d693c3aa1323b64979b69c69d26661927303

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /static/shop/common/css/validationEngine.jquery.css?v=2019.12.17 HTTP/1.1
Host: cdn.mycomandia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 17 Feb 2023 13:58:28 GMT
content-type: text/css
content-length: 3334
last-modified: Thu, 18 Oct 2018 11:43:12 GMT
etag: "5bc871d0-d06"
server: rebelio-n1
expires: Sat, 17 Feb 2024 13:58:28 GMT
cache-control: max-age=31536000
backend: 1
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

tienda.correos.es/css/common-dynamic.css

94.23.87.92

200 OK

717 B

URL HTTP/1.1
tienda.correos.es/css/common-dynamic.css
IP
94.23.87.92:0
ASN
#16276 OVH SAS

File type
ASCII text, with CRLF line terminators
Size
717 B (717 bytes)
Hash
45bca144e962bb998d9d807e54e521c3
63beb9c869ed56068010f501fde069d8e02164d7
31dda737e3779db2e9efd81ab860e724f61738acce5b10558cb6c56c76daf544

HTTP Headers

GET /css/common-dynamic.css HTTP/1.1
Host: tienda.correos.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: server
Date: Fri, 17 Feb 2023 13:58:28 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Backend: 1
Content-Encoding: gzip
X-IPLB-Request-ID: 5B5A2A9A:5BC1_5E17575C:01BB_63EF8804_5B8C4:1B82A
X-IPLB-Instance: 35327
Set-Cookie: SERVERID139651=c80001a3|Y++IB|Y++IB; path=/; HttpOnly
Cache-control: private

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
2479adc544d5ddacfa7ef52d41903025
b682994b05d0c55bcac304b23af0e91972ea107b
1cecaeec65d53f424a9a558110e7fa4dc8fc7fd17d76b5a5d41d48324d510a6c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.demaflexsnc.it/public/posten/file/f.txt

31.11.33.147

200 OK

11 kB

URL HTTP/1.1
www.demaflexsnc.it/public/posten/file/f.txt
IP
31.11.33.147:0
ASN
#31034 Aruba S.p.A.

File type
ASCII text, with very long lines (1994), with CRLF line terminators
Size
11 kB (11134 bytes)
Hash
c5150435d031a56ff2b24b5fc4526d10
fc2f710907b649d90f2c07b3ff1a660556763f14
d321dc9ce0b7e29828011e6f7aca55947210f048b8a64353b43a3f72ec51abc2

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /public/posten/file/f.txt HTTP/1.1
Host: www.demaflexsnc.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/public/posten/

HTTP/1.1 200 OK
Content-Type: text/plain
Content-Encoding: gzip
Last-Modified: Tue, 02 Feb 2021 04:36:50 GMT
Accept-Ranges: bytes
ETag: "05dc251df9d61:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Aruba2-Cache: NA
X-Aruba-Cache: NA
Date: Fri, 17 Feb 2023 13:58:28 GMT
Content-Length: 11134

tienda.correos.es/css/common-dynamic.css

94.23.87.92

200 OK

717 B

URL HTTP/1.1
tienda.correos.es/css/common-dynamic.css
IP
94.23.87.92:0
ASN
#16276 OVH SAS

File type
ASCII text, with CRLF line terminators
Size
717 B (717 bytes)
Hash
45bca144e962bb998d9d807e54e521c3
63beb9c869ed56068010f501fde069d8e02164d7
31dda737e3779db2e9efd81ab860e724f61738acce5b10558cb6c56c76daf544

HTTP Headers

GET /css/common-dynamic.css HTTP/1.1
Host: tienda.correos.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: server
Date: Fri, 17 Feb 2023 13:58:29 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Backend: 3
Content-Encoding: gzip
X-IPLB-Request-ID: 5B5A2A9A:5BC1_5E17575C:01BB_63EF8804_5B8C5:1B82A
X-IPLB-Instance: 35327
Set-Cookie: SERVERID139651=8b65149d|Y++IC|Y++IC; path=/; HttpOnly
Cache-control: private

cdn.mycomandia.com/static/logos/correos-paq-72-mini.png

176.31.232.62

200 OK

2.4 kB

URL HTTP/2
cdn.mycomandia.com/static/logos/correos-paq-72-mini.png
IP
176.31.232.62:0
ASN
#16276 OVH SAS

File type
PNG image data, 175 x 30, 8-bit/color RGBA, interlaced\012- data
Size
2.4 kB (2373 bytes)
Hash
ad8f5552abb3d774a9c23cf3b0c9272b
4fc71ddac34c0b7438effc6883956ba2149a6a0c
984461e2d55896f29bb79d75b8ab42c1f8c4111bd2fb0c5f03dbc50d1b24b894

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /static/logos/correos-paq-72-mini.png HTTP/1.1
Host: cdn.mycomandia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 17 Feb 2023 13:58:29 GMT
content-type: image/png
content-length: 2373
last-modified: Mon, 10 May 2021 14:53:58 GMT
etag: "60994906-945"
server: rebelio-n1
expires: Sat, 17 Feb 2024 13:58:29 GMT
cache-control: max-age=31536000
backend: 1
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.mycomandia.com/static/logos/correos-paq72.png

176.31.232.62

200 OK

2.0 kB

URL HTTP/2
cdn.mycomandia.com/static/logos/correos-paq72.png
IP
176.31.232.62:0
ASN
#16276 OVH SAS

File type
PNG image data, 128 x 40, 8-bit/color RGBA, non-interlaced\012- data
Size
2.0 kB (1976 bytes)
Hash
567c7f32c85fe6ca5625f95403eb05e9
ef5da723f8b205d4f75bcb2b63b6e948fa25f330
5d2fb215dbbcbfd1bd663a0cdeaf31c63abde8c6f20aa63551733ebc498bf605

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /static/logos/correos-paq72.png HTTP/1.1
Host: cdn.mycomandia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 17 Feb 2023 13:58:29 GMT
content-type: image/png
content-length: 1976
last-modified: Mon, 28 Dec 2020 12:06:56 GMT
etag: "5fe9ca60-7b8"
server: rebelio-n1
expires: Sat, 17 Feb 2024 13:58:29 GMT
cache-control: max-age=31536000
backend: 1
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

translate.googleapis.com/translate_static/css/translateelement.css

142.250.74.170

200 OK

3.6 kB

URL HTTP/2
translate.googleapis.com/translate_static/css/translateelement.css
IP
142.250.74.170:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (22967)
Size
3.6 kB (3632 bytes)
Hash
f7bf2121608909b56672e6398ac2335c
864ef3bac46b08ab6609fad23f00d5f09815647d
b9d3a8600d9b6edf9c71b793c42782282ecfb01e2026e0128608b949e91e152c

HTTP Headers

GET /translate_static/css/translateelement.css HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: br
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 3632
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 17 Feb 2023 12:58:41 GMT
expires: Fri, 17 Feb 2023 13:58:41 GMT
cache-control: public, max-age=3600
age: 3588
last-modified: Mon, 09 Jan 2023 20:58:00 GMT
content-type: text/css
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/@posten/hedwig@11/dist/posten.css

151.101.129.229

200 OK

29 kB

URL HTTP/2
cdn.jsdelivr.net/npm/@posten/hedwig@11/dist/posten.css
IP
151.101.129.229:0
ASN
#54113 FASTLY

File type
Unicode text, UTF-8 text, with very long lines (54670)
Size
29 kB (29077 bytes)
Hash
cab4a25d88a7f23bbe46846ffc169ace
d470188177492d7ce663c298301c852a9cfbde59
6971be30d85421291f18493ae6d84494f4fc9cd42d194aefd7197031f730cbe7

HTTP Headers

GET /npm/@posten/hedwig@11/dist/posten.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 11.9.10
x-jsd-version-type: version
etag: W/"35ae7-VIUJ2giFc9+RlRgcbyfbUh4mbO8"
content-encoding: gzip
accept-ranges: bytes
date: Fri, 17 Feb 2023 13:58:29 GMT
age: 31936
x-served-by: cache-fra-eddf8230074-FRA, cache-bma1659-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 29077
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b9763adf5a3803ebbbd946989691ebad
79cc60d6949fa803a03f11396f7edc967e6aa8d4
5870c9bdf050b42605bd48728cb5f36ae4628e89e4727bb553c1218ddbfb6846

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdn.mycomandia.com/static/shop/common/bundle/font-awesome-5/web-fonts-with-css/css/fontawesome-all.min.css?v=2019.12.17

176.31.232.62

200 OK

9.8 kB

URL HTTP/2
cdn.mycomandia.com/static/shop/common/bundle/font-awesome-5/web-fonts-with-css/css/fontawesome-all.min.css?v=2019.12.17
IP
176.31.232.62:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (36420)
Size
9.8 kB (9758 bytes)
Hash
551a9f8172e4e450bc402d18df5fb62d
591c7e2662e1054443e052d73a21978c2fd5c339
94b36d1fabef67fb8cccf740ad04e05ceb7c625abacc26866f94b06244ed45fa

HTTP Headers

GET /static/shop/common/bundle/font-awesome-5/web-fonts-with-css/css/fontawesome-all.min.css?v=2019.12.17 HTTP/1.1
Host: cdn.mycomandia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 17 Feb 2023 13:58:28 GMT
content-type: text/css
last-modified: Thu, 18 Oct 2018 11:43:16 GMT
vary: Accept-Encoding
etag: W/"5bc871d4-8ef7"
server: rebelio-n1
expires: Sat, 17 Feb 2024 13:58:28 GMT
cache-control: max-age=31536000
backend: 1
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

www.demaflexsnc.it/public/posten/file/1.txt

31.11.33.147

200 OK

263 B

URL HTTP/1.1
www.demaflexsnc.it/public/posten/file/1.txt
IP
31.11.33.147:0
ASN
#31034 Aruba S.p.A.

File type
ASCII text, with no line terminators
Size
263 B (263 bytes)
Hash
628aab205fc5a86c455467f9ebcf5e9c
90d8bf119e9c1c3b36d12b96669093bf31575625
c941476875f1024e95df21890a7eb5eddc4acd304a54a8c3b0b033f3356bdaf1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge
fortinet	Phishing

HTTP Headers

GET /public/posten/file/1.txt HTTP/1.1
Host: www.demaflexsnc.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/public/posten/

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Tue, 02 Feb 2021 04:36:50 GMT
Accept-Ranges: bytes
ETag: "b31e951df9d61:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Aruba2-Cache: NA
X-Aruba-Cache: NA
Date: Fri, 17 Feb 2023 13:58:28 GMT
Content-Length: 263

siteimproveanalytics.com/js/siteanalyze_6015663.js

172.64.197.24

200 OK

26 kB

URL HTTP/1.1
siteimproveanalytics.com/js/siteanalyze_6015663.js
IP
172.64.197.24:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65492), with no line terminators
Size
26 kB (25663 bytes)
Hash
efed05da78b6a02254508bcda8d175ec
693b43c0ea204919ec9fe5a9b1c19057a894c19b
a4c7ca0fceb7f40af4f6862474c688b81f912b488626e8e461170b63831cb527

HTTP Headers

GET /js/siteanalyze_6015663.js HTTP/1.1
Host: siteimproveanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/

HTTP/1.1 200 OK
Date: Fri, 17 Feb 2023 13:58:29 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 25663
Connection: keep-alive
x-amz-id-2: FUfm5THqacbXr0paDYu667At2Y1QMxM6e8DWzLxHwMxsyyXo0tCmFYQGL/4RyDLdGcwE+jr8gsI=
x-amz-request-id: 1ED0XQ99C6FXBZXF
Cache-Control: max-age=86400, no-transform
Content-Encoding: gzip
Last-Modified: Fri, 17 Feb 2023 09:36:57 GMT
ETag: "efed05da78b6a02254508bcda8d175ec"
CF-Cache-Status: HIT
Age: 1176
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TGoE%2Big1qIwN4VtfcHavs72ZebRqPawILe4LAt7GxFFIgrUsxc40%2BXaagw7%2BNnvcAwmp7MT8DonatgX5v5G9gwqYVRgq%2FG9wjo0ywaIpI3LAu%2B35WtVYySKFDaTl46cHaw6DkGP1JRiryQE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79af09bfabe1776d-LHR
alt-svc: h2=":443"; ma=60

cdn.jsdelivr.net/npm/@posten/hedwig@11/dist/main.js

151.101.129.229

200 OK

55 kB

URL HTTP/2
cdn.jsdelivr.net/npm/@posten/hedwig@11/dist/main.js
IP
151.101.129.229:0
ASN
#54113 FASTLY

File type
Unicode text, UTF-8 text, with very long lines (33341), with NEL line terminators
Size
55 kB (55053 bytes)
Hash
aceb930ded7386fd3874e88db9a79c1d
8ac16d7b8129e0bec4093cfb9d651c034f0745d9
8244dcb68ca3f57c94b683848d4d0f93d0ff560834ee6426f400cadc2477e4e1

HTTP Headers

GET /npm/@posten/hedwig@11/dist/main.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 11.9.10
x-jsd-version-type: version
etag: W/"281a4-/N1Jx7Y0IzQHyIjw7iTyyO0L1PY"
content-encoding: gzip
accept-ranges: bytes
date: Fri, 17 Feb 2023 13:58:29 GMT
age: 26167
x-served-by: cache-fra-eddf8230133-FRA, cache-bma1659-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 55053
X-Firefox-Spdy: h2

www.demaflexsnc.it/_/asset/no.posten.website:1594301215/js/chatbot.js

31.11.33.147

404 Not Found

5.0 kB

URL HTTP/1.1
www.demaflexsnc.it/_/asset/no.posten.website:1594301215/js/chatbot.js
IP
31.11.33.147:0
ASN
#31034 Aruba S.p.A.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (365)
Size
5.0 kB (5048 bytes)
Hash
996d3793b539211cafb79d47ff4c53c7
a6236aa92cbe74c607f60cb5d5f3e09f8adc2f0e
7615edebccc304e02a44be9454df922f7b5de610ad3b57dc1ee28bb0db3bb6b8

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /_/asset/no.posten.website:1594301215/js/chatbot.js HTTP/1.1
Host: www.demaflexsnc.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/public/posten/

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Aruba2-Cache: NA
X-Aruba-Cache: NA
Date: Fri, 17 Feb 2023 13:58:28 GMT
Content-Length: 5048

www.demaflexsnc.it/_/asset/no.posten.website:1594301215/css/postenstyle.css

31.11.33.147

404 Not Found

5.1 kB

URL HTTP/1.1
www.demaflexsnc.it/_/asset/no.posten.website:1594301215/css/postenstyle.css
IP
31.11.33.147:0
ASN
#31034 Aruba S.p.A.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (365)
Size
5.1 kB (5060 bytes)
Hash
6decb17f08eb9584bd3976dc0ea95306
5e7978dd4fc4ee56b8d2aeb89c09efcdf31518aa
59e3ed172f3689c968a10f44b5cc88a5264af6f02f852eff3706f1c33ae1f960

HTTP Headers

GET /_/asset/no.posten.website:1594301215/css/postenstyle.css HTTP/1.1
Host: www.demaflexsnc.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/public/posten/

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Aruba2-Cache: NA
X-Aruba-Cache: NA
Date: Fri, 17 Feb 2023 13:58:28 GMT
Content-Length: 5060

www.demaflexsnc.it/public/posten/file/1(1).txt

31.11.33.147

200 OK

1.5 kB

URL HTTP/1.1
www.demaflexsnc.it/public/posten/file/1(1).txt
IP
31.11.33.147:0
ASN
#31034 Aruba S.p.A.

File type
ASCII text, with very long lines (1529), with no line terminators
Size
1.5 kB (1529 bytes)
Hash
f63ac3d276b7077a987675d6006a39dd
a226c5e9acbafd79dab86c1018c274a879cdb5a1
ea0ff8a36f44af31d5379e7c0a28551018e697d4d424f9f31cdd37ed8891616d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge
fortinet	Phishing

HTTP Headers

GET /public/posten/file/1(1).txt HTTP/1.1
Host: www.demaflexsnc.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/public/posten/

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Tue, 02 Feb 2021 04:36:50 GMT
Accept-Ranges: bytes
ETag: "bb2fe751df9d61:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Aruba2-Cache: NA
X-Aruba-Cache: NA
Date: Fri, 17 Feb 2023 13:58:28 GMT
Content-Length: 1529

cdn.jsdelivr.net/npm/@posten/hedwig@11/dist/icons.min.js

151.101.129.229

200 OK

325 B

URL HTTP/2
cdn.jsdelivr.net/npm/@posten/hedwig@11/dist/icons.min.js
IP
151.101.129.229:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (484)
Size
325 B (325 bytes)
Hash
3cf89faabd93e7347ff136ce46273e50
11e620a5bdd6f53f699c1117f6abfd368275df67
162897c7f4536145c8f704320004aa5b68d7d08c9e080065657fd1dcee4979f8

HTTP Headers

GET /npm/@posten/hedwig@11/dist/icons.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 11.9.10
x-jsd-version-type: version
etag: W/"1e5-WAbOTOVCBaDeieReJgLvn/XKjp4"
content-encoding: gzip
accept-ranges: bytes
date: Fri, 17 Feb 2023 13:58:29 GMT
age: 3035
x-served-by: cache-fra-eddf8230027-FRA, cache-bma1659-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 325
X-Firefox-Spdy: h2

in.taskanalytics.com/00012/tm.js?r=&1595299259698

54.216.252.255

403 Forbidden

7 B

URL HTTP/1.1
in.taskanalytics.com/00012/tm.js?r=&1595299259698
IP
54.216.252.255:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /00012/tm.js?r=&1595299259698 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/

HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:58:29 GMT
Via: 1.1 vegur

in.taskanalytics.com/00012/tm.js?r=&1595299259862

54.216.252.255

403 Forbidden

7 B

URL HTTP/1.1
in.taskanalytics.com/00012/tm.js?r=&1595299259862
IP
54.216.252.255:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /00012/tm.js?r=&1595299259862 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/

HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:58:29 GMT
Via: 1.1 vegur

fonts.googleapis.com/css?family=PT+Sans:400,700

142.250.74.138

200 OK

488 B

URL HTTP/2
fonts.googleapis.com/css?family=PT+Sans:400,700
IP
142.250.74.138:0
ASN
#15169 GOOGLE

File type
data
Size
488 B (488 bytes)
Hash
6d1e091d3c90eeb9ee1fe8db93c8d5a3
19c480fe399035da5608cf08290e22cf5a592cf4
ca0dadfe6325a8d6610bf5dd5c5a2e17f7f10eee1a6e3f37840e2c784c898755

HTTP Headers

GET /css?family=PT+Sans:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 17 Feb 2023 13:58:28 GMT
date: Fri, 17 Feb 2023 13:58:28 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.mycomandia.com/static/shop/common/bundle/bootstrap-4.1.0/css/bootstrap.min.css?v=2019.12.17

176.31.232.62

200 OK

28 kB

URL HTTP/2
cdn.mycomandia.com/static/shop/common/bundle/bootstrap-4.1.0/css/bootstrap.min.css?v=2019.12.17
IP
176.31.232.62:0
ASN
#16276 OVH SAS

File type
data
Size
28 kB (28178 bytes)
Hash
a2bc347b69d7b237cce7a105b7db1dab
afeb04a7547ceca59dc386fc1aa6a847c951aabe
163779b58018ea27b0a57fe68432c446e138edd5a8d2cecf1836f031798e4888

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /static/shop/common/bundle/bootstrap-4.1.0/css/bootstrap.min.css?v=2019.12.17 HTTP/1.1
Host: cdn.mycomandia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 17 Feb 2023 13:58:28 GMT
content-type: text/css
last-modified: Thu, 18 Oct 2018 11:43:18 GMT
vary: Accept-Encoding
etag: W/"5bc871d6-22485"
server: rebelio-n1
expires: Sat, 17 Feb 2024 13:58:28 GMT
cache-control: max-age=31536000
backend: 1
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

in.taskanalytics.com/00012/tm.js?r=&1595299259690

54.216.252.255

403 Forbidden

7 B

URL HTTP/1.1
in.taskanalytics.com/00012/tm.js?r=&1595299259690
IP
54.216.252.255:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /00012/tm.js?r=&1595299259690 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/

HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:58:29 GMT
Via: 1.1 vegur

www.demaflexsnc.it/_/asset/no.posten.website:1594301215/js/bundle.js

31.11.33.147

404 Not Found

5.0 kB

URL HTTP/1.1
www.demaflexsnc.it/_/asset/no.posten.website:1594301215/js/bundle.js
IP
31.11.33.147:0
ASN
#31034 Aruba S.p.A.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (365)
Size
5.0 kB (5046 bytes)
Hash
252df4ca942b6304456b714c52fecf2a
3c4785f3039284c72876a22675e2388df9c9936a
9a055139cbe7d843c55a7febdee36cf1e943a110363a689b3d4688de96500913

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /_/asset/no.posten.website:1594301215/js/bundle.js HTTP/1.1
Host: www.demaflexsnc.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/public/posten/

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Aruba2-Cache: NA
X-Aruba-Cache: NA
Date: Fri, 17 Feb 2023 13:58:28 GMT
Content-Length: 5046

www.demaflexsnc.it/public/posten/file/js

31.11.33.147

404 Not Found

7.1 kB

URL HTTP/1.1
www.demaflexsnc.it/public/posten/file/js
IP
31.11.33.147:0
ASN
#31034 Aruba S.p.A.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1892)
Size
7.1 kB (7072 bytes)
Hash
9c19cc13d6f13855bf50f842bcf2ff3a
d90622850a5081db2de1eba59bcfe3d351e26d24
5e459a546ee37828fd3f339daa8f71b90d3e9e461b7a532490fd551bd35b9b76

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /public/posten/file/js HTTP/1.1
Host: www.demaflexsnc.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/public/posten/

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Aruba2-Cache: NA
X-Aruba-Cache: NA
Date: Fri, 17 Feb 2023 13:58:28 GMT
Content-Length: 7072

in.taskanalytics.com/00012/tm.js?r=&1595293061723

54.216.252.255

403 Forbidden

7 B

URL HTTP/1.1
in.taskanalytics.com/00012/tm.js?r=&1595293061723
IP
54.216.252.255:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /00012/tm.js?r=&1595293061723 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/

HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:58:29 GMT
Via: 1.1 vegur

www.googletagmanager.com/gtm.js?id=GTM-M83DX4

142.250.74.168

302 Found

250 B

URL HTTP/1.1
www.googletagmanager.com/gtm.js?id=GTM-M83DX4
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
250 B (250 bytes)
Hash
1373afd5f63dc37d3b1e0cd4a9857230
c6f8ae3f09ce337c9e491f0946bdfe8eab86188a
989490b30a61855760b9f74412798e09385461c1f5f07e630d5fa943bc27a47e

HTTP Headers

GET /gtm.js?id=GTM-M83DX4 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtm.js?id=GTM-M83DX4
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 17 Feb 2023 13:58:29 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 250
X-XSS-Protection: 0

ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4

104.18.20.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1462 bytes)
Hash
80bafb50039175fef776333e16b5294d
5fbeb1106fa363638176894b6e541eaa91196e8d
cf2d467afda5048859dcdf84ca9ebbff35959def6754ae5dcbd6495038f2ec78

HTTP Headers

POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 17 Feb 2023 13:58:29 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "C0867CEF0EE31AA349D2BC43AB5629DB97BAAEB0"
Expires: Sat, 18 Feb 2023 01:00:00 GMT
Last-Modified: Fri, 17 Feb 2023 13:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2839
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79af09c07df1fab4-OSL

www.googletagmanager.com/gtag/js?id=DC-9852050&l=dataLayer&cx=c

142.250.74.168

200 OK

44 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=DC-9852050&l=dataLayer&cx=c
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1759)
Size
44 kB (44400 bytes)
Hash
2a2874237c95293bab1dea93e0691a65
927da3ae4568e0dc2d8f3f614e1b53ca95c3ac0b
21d58ebad86958fc7dc4c4940c8cbd700a33fb41d84de69cdbcf9974876001bf

HTTP Headers

GET /gtag/js?id=DC-9852050&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 17 Feb 2023 13:58:29 GMT
expires: Fri, 17 Feb 2023 13:58:29 GMT
cache-control: private, max-age=900
last-modified: Fri, 17 Feb 2023 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44400
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.demaflexsnc.it/public/posten/file/moatframe.js.t%C3%A9l%C3%A9chargement

31.11.33.147

404 Not Found

5.0 kB

URL HTTP/1.1
www.demaflexsnc.it/public/posten/file/moatframe.js.t%C3%A9l%C3%A9chargement
IP
31.11.33.147:0
ASN
#31034 Aruba S.p.A.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (365)
Size
5.0 kB (5044 bytes)
Hash
7f74d09e5f50b4315b83aa23cac72e73
7c5ca57e391e2d6fb586282483853d4632a42fc2
75a8d9a3db0c439c98ef1c37d812c009893df4b00ad6a8e588d6be199fcc9f59

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /public/posten/file/moatframe.js.t%C3%A9l%C3%A9chargement HTTP/1.1
Host: www.demaflexsnc.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/public/posten/

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Aruba2-Cache: NA
X-Aruba-Cache: NA
Date: Fri, 17 Feb 2023 13:58:28 GMT
Content-Length: 5044

www.googletagmanager.com/gtm.js?id=GTM-M83DX4

142.250.74.168

200 OK

74 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-M83DX4
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
Unicode text, UTF-8 text, with very long lines (22818)
Size
74 kB (74109 bytes)
Hash
aef4d93e3349d0264b0d59a78987385a
f3e245b634a1e9369833c07fb699e8504a3f325d
ef64b9013d863bcdb954cc56ba56e1ec029c1b2797fc4e8222480f6f42769d3f

HTTP Headers

GET /gtm.js?id=GTM-M83DX4 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.demaflexsnc.it/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 17 Feb 2023 13:58:29 GMT
expires: Fri, 17 Feb 2023 13:58:29 GMT
cache-control: private, max-age=900
last-modified: Fri, 17 Feb 2023 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74109
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b9763adf5a3803ebbbd946989691ebad
79cc60d6949fa803a03f11396f7edc967e6aa8d4
5870c9bdf050b42605bd48728cb5f36ae4628e89e4727bb553c1218ddbfb6846

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.sca1b.amazontrust.com/

54.230.245.39

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.39:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
51193703c31973e958c4e7845fde953b
05639ee0175bee76db2b8a1995933491420f04bb
50829dec1e1e26f4415931eb8bec0193dd3df3d3639618ffa175f39f9d6cff2f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 17 Feb 2023 13:58:29 GMT
Last-Modified: Fri, 17 Feb 2023 13:14:42 GMT
Server: ECS (nyb/1D29)
X-Cache: Miss from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: PNeAQJgV5bGIaTfT0Wb270YNlq8NOu5e37K6kVxKYyO9w-r4ROd-5w==
Age: 2627

in.taskanalytics.com/00012/tm.js?r=&1595299259690

54.216.252.255

403 Forbidden

7 B

URL HTTP/1.1
in.taskanalytics.com/00012/tm.js?r=&1595299259690
IP
54.216.252.255:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /00012/tm.js?r=&1595299259690 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/

HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:58:29 GMT
Via: 1.1 vegur

in.taskanalytics.com/00012/tm.js?r=&1595299259862

54.216.252.255

403 Forbidden

7 B

URL HTTP/1.1
in.taskanalytics.com/00012/tm.js?r=&1595299259862
IP
54.216.252.255:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /00012/tm.js?r=&1595299259862 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/

HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:58:29 GMT
Via: 1.1 vegur

in.taskanalytics.com/00012/tm.js?r=&1595299259698

54.216.252.255

403 Forbidden

7 B

URL HTTP/1.1
in.taskanalytics.com/00012/tm.js?r=&1595299259698
IP
54.216.252.255:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /00012/tm.js?r=&1595299259698 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/

HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:58:29 GMT
Via: 1.1 vegur

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, Alert, Content-Length, Backoff, ETag, Cache-Control, Retry-After, Last-Modified, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 17 Feb 2023 13:20:33 GMT
age: 2276
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

www.demaflexsnc.it/public/posten/file/js

31.11.33.147

404 Not Found

7.1 kB

URL HTTP/1.1
www.demaflexsnc.it/public/posten/file/js
IP
31.11.33.147:0
ASN
#31034 Aruba S.p.A.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1892)
Size
7.1 kB (7072 bytes)
Hash
9c19cc13d6f13855bf50f842bcf2ff3a
d90622850a5081db2de1eba59bcfe3d351e26d24
5e459a546ee37828fd3f339daa8f71b90d3e9e461b7a532490fd551bd35b9b76

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /public/posten/file/js HTTP/1.1
Host: www.demaflexsnc.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/public/posten/

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Aruba2-Cache: NA
X-Aruba-Cache: NA
Date: Fri, 17 Feb 2023 13:58:29 GMT
Content-Length: 7072

www.demaflexsnc.it/public/posten/file/moatframe.js.t%C3%A9l%C3%A9chargement

31.11.33.147

404 Not Found

5.0 kB

URL HTTP/1.1
www.demaflexsnc.it/public/posten/file/moatframe.js.t%C3%A9l%C3%A9chargement
IP
31.11.33.147:0
ASN
#31034 Aruba S.p.A.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (365)
Size
5.0 kB (5044 bytes)
Hash
7f74d09e5f50b4315b83aa23cac72e73
7c5ca57e391e2d6fb586282483853d4632a42fc2
75a8d9a3db0c439c98ef1c37d812c009893df4b00ad6a8e588d6be199fcc9f59

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /public/posten/file/moatframe.js.t%C3%A9l%C3%A9chargement HTTP/1.1
Host: www.demaflexsnc.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/public/posten/

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Aruba2-Cache: NA
X-Aruba-Cache: NA
Date: Fri, 17 Feb 2023 13:58:29 GMT
Content-Length: 5044

in.taskanalytics.com/00012/tm.js?r=&1595293061872

54.216.252.255

403 Forbidden

7 B

URL HTTP/1.1
in.taskanalytics.com/00012/tm.js?r=&1595293061872
IP
54.216.252.255:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /00012/tm.js?r=&1595293061872 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/

HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:58:29 GMT
Via: 1.1 vegur

www.googletagmanager.com/gtm.js?id=GTM-M83DX4

142.250.74.168

302 Found

250 B

URL HTTP/1.1
www.googletagmanager.com/gtm.js?id=GTM-M83DX4
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
250 B (250 bytes)
Hash
1373afd5f63dc37d3b1e0cd4a9857230
c6f8ae3f09ce337c9e491f0946bdfe8eab86188a
989490b30a61855760b9f74412798e09385461c1f5f07e630d5fa943bc27a47e

HTTP Headers

GET /gtm.js?id=GTM-M83DX4 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtm.js?id=GTM-M83DX4
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 17 Feb 2023 13:58:29 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 250
X-XSS-Protection: 0

in.taskanalytics.com/00012/tm.js?r=&1595293061723

54.216.252.255

403 Forbidden

7 B

URL HTTP/1.1
in.taskanalytics.com/00012/tm.js?r=&1595293061723
IP
54.216.252.255:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /00012/tm.js?r=&1595293061723 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/

HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:58:29 GMT
Via: 1.1 vegur

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
994f9c0eff12561e85b404a8778fbab9
c1c1b7f546cace7c578012cc4c3398497f913d31
85013590974c889416a33112a9b7c5dc82b74c628714f30fc7b2266b8ffbde4f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "85013590974C889416A33112A9B7C5DC82B74C628714F30FC7B2266B8FFBDE4F"
Last-Modified: Fri, 17 Feb 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3664
Expires: Fri, 17 Feb 2023 14:59:33 GMT
Date: Fri, 17 Feb 2023 13:58:29 GMT
Connection: keep-alive

posten.boost.ai/chatPanel/chatPanel.js

54.229.45.73

200 OK

226 kB

URL HTTP/2
posten.boost.ai/chatPanel/chatPanel.js
IP
54.229.45.73:0
ASN
#16509 AMAZON-02

File type
data
Size
226 kB (225525 bytes)
Hash
94e0fb1eb19d11a396438321be36acfe
9f0c872e20f4da5cf1c576e61cec6d83c8978335
35fb3b77f8f05058a3004ef0537ed2a43f3354e51f24328497a014d4491f94cc

HTTP Headers

GET /chatPanel/chatPanel.js HTTP/1.1
Host: posten.boost.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 17 Feb 2023 13:58:29 GMT
content-type: application/javascript
server: Apache
access-control-allow-methods: POST, GET, OPTIONS
strict-transport-security: max-age=94608000; includeSubDomains
access-control-max-age: 600
access-control-allow-headers: origin, content-type, accept, x-csrf-token, X-Requested-With, Access-Control-Request-Method, Access-Control-Request-Headers, X-CSRF-TOKEN, X-XSRF-TOKEN, X-XHR-Logon, x-ms-client-application-name, x-ms-client-request-id, x-ms-client-session-id, x-ms-effective-locale
x-robots-tag: noindex
last-modified: Fri, 17 Feb 2023 13:15:53 GMT
etag: "ba81d-5f4e51ce96afd-gzip"
accept-ranges: bytes
cache-control: max-age=600
expires: Fri, 17 Feb 2023 14:08:29 GMT
vary: Accept-Encoding,Origin
content-encoding: gzip
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-M83DX4

142.250.74.168

302 Found

250 B

URL HTTP/1.1
www.googletagmanager.com/gtm.js?id=GTM-M83DX4
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
250 B (250 bytes)
Hash
1373afd5f63dc37d3b1e0cd4a9857230
c6f8ae3f09ce337c9e491f0946bdfe8eab86188a
989490b30a61855760b9f74412798e09385461c1f5f07e630d5fa943bc27a47e

HTTP Headers

GET /gtm.js?id=GTM-M83DX4 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtm.js?id=GTM-M83DX4
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 17 Feb 2023 13:58:29 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 250
X-XSS-Protection: 0

in.taskanalytics.com/00012/tm.js?r=&1595285185398

54.216.252.255

403 Forbidden

7 B

URL HTTP/1.1
in.taskanalytics.com/00012/tm.js?r=&1595285185398
IP
54.216.252.255:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /00012/tm.js?r=&1595285185398 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/

HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:58:29 GMT
Via: 1.1 vegur

www.googletagmanager.com/gtm.js?id=GTM-M83DX4

142.250.74.168

302 Found

250 B

URL HTTP/1.1
www.googletagmanager.com/gtm.js?id=GTM-M83DX4
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
250 B (250 bytes)
Hash
1373afd5f63dc37d3b1e0cd4a9857230
c6f8ae3f09ce337c9e491f0946bdfe8eab86188a
989490b30a61855760b9f74412798e09385461c1f5f07e630d5fa943bc27a47e

HTTP Headers

GET /gtm.js?id=GTM-M83DX4 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtm.js?id=GTM-M83DX4
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 17 Feb 2023 13:58:29 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 250
X-XSS-Protection: 0

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
cb1f5e62b141c5096e8c7d26a07dc226
126ad2b6b2b64a77e8a41c7d13aa350301462272
f63f12b64a341369e32d441bd666ff6e3aa49e3d2464dab168d97dc3ac6d2230

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.demaflexsnc.it/_/asset/no.posten.website:1594301215/js/bundle.js

31.11.33.147

404 Not Found

5.0 kB

URL HTTP/1.1
www.demaflexsnc.it/_/asset/no.posten.website:1594301215/js/bundle.js
IP
31.11.33.147:0
ASN
#31034 Aruba S.p.A.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (365)
Size
5.0 kB (5046 bytes)
Hash
252df4ca942b6304456b714c52fecf2a
3c4785f3039284c72876a22675e2388df9c9936a
9a055139cbe7d843c55a7febdee36cf1e943a110363a689b3d4688de96500913

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /_/asset/no.posten.website:1594301215/js/bundle.js HTTP/1.1
Host: www.demaflexsnc.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/public/posten/
Cookie: _gcl_au=1.1.833644386.1676642309

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Aruba2-Cache: NA
X-Aruba-Cache: NA
Date: Fri, 17 Feb 2023 13:58:29 GMT
Content-Length: 5046

8260928.fls.doubleclick.net/activityi;src=8260928;type=global;cat=postengl;ord=6894569483852;gtm=45He32f0;auiddc=833644386.1676642309;u1=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F;u2=public;u3=posten-;u4=Posten.no;u5=;~oref=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F?

142.250.74.70

200 OK

259 B

URL HTTP/2
8260928.fls.doubleclick.net/activityi;src=8260928;type=global;cat=postengl;ord=6894569483852;gtm=45He32f0;auiddc=833644386.1676642309;u1=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F;u2=public;u3=posten-;u4=Posten.no;u5=;~oref=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F?
IP
142.250.74.70:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (563), with no line terminators
Size
259 B (259 bytes)
Hash
953e7d111814e4dc8a05b51c1d2b5b4d
3631917c634f4c9eb70aed44349ede0d5df9c714
39ca520566356baa571f0be1615016ac30d5e332272a35931f64534ba989d097

HTTP Headers

GET /activityi;src=8260928;type=global;cat=postengl;ord=6894569483852;gtm=45He32f0;auiddc=833644386.1676642309;u1=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F;u2=public;u3=posten-;u4=Posten.no;u5=;~oref=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F? HTTP/1.1
Host: 8260928.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 17 Feb 2023 13:58:29 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 259
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 17-Feb-2023 14:13:29 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.mycomandia.com/static/shop/common/fonts/flaticon/Flaticon.woff2

176.31.232.62

200 OK

2.0 kB

URL HTTP/2
cdn.mycomandia.com/static/shop/common/fonts/flaticon/Flaticon.woff2
IP
176.31.232.62:0
ASN
#16276 OVH SAS

File type
Web Open Font Format (Version 2), TrueType, length 2024, version 1.0\012- data
Size
2.0 kB (2024 bytes)
Hash
c1b7ca92614b5e76d59b8b467f1d8dd9
6ada3f43e5b4ec1a77383f2af00dd2b3c990af5c
a92c73eb3e53032a9846ca27c2c579b424b45a893ac814288954762e878b5e1b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /static/shop/common/fonts/flaticon/Flaticon.woff2 HTTP/1.1
Host: cdn.mycomandia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.demaflexsnc.it
Connection: keep-alive
Referer: https://cdn.mycomandia.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 17 Feb 2023 13:58:29 GMT
content-type: application/octet-stream
content-length: 2024
last-modified: Tue, 27 Aug 2019 11:07:46 GMT
etag: "5d650f02-7e8"
server: rebelio-n1
expires: Sat, 17 Feb 2024 13:58:29 GMT
cache-control: max-age=31536000
backend: 1
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
167cff66da2ad389f3881da21eaf9c4a
d41bde1198e497ded95069effafcba927c07be5c
2f7f1a258056ae5b8cbe7caf0c10e693bb4f67906090a298ca4d0a092d173e95

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

push.services.mozilla.com/

44.228.217.71

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
44.228.217.71:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: lItYeZ6ZIFIWg6lrtfE8pA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: v6UwJyJmri2L0N1NhIZXFg78pEQ=

www.demaflexsnc.it/_/asset/no.posten.website:1594301215/js/chatbot.js

31.11.33.147

404 Not Found

5.0 kB

URL HTTP/1.1
www.demaflexsnc.it/_/asset/no.posten.website:1594301215/js/chatbot.js
IP
31.11.33.147:0
ASN
#31034 Aruba S.p.A.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (365)
Size
5.0 kB (5048 bytes)
Hash
996d3793b539211cafb79d47ff4c53c7
a6236aa92cbe74c607f60cb5d5f3e09f8adc2f0e
7615edebccc304e02a44be9454df922f7b5de610ad3b57dc1ee28bb0db3bb6b8

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /_/asset/no.posten.website:1594301215/js/chatbot.js HTTP/1.1
Host: www.demaflexsnc.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/public/posten/
Cookie: _gcl_au=1.1.833644386.1676642309

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Aruba2-Cache: NA
X-Aruba-Cache: NA
Date: Fri, 17 Feb 2023 13:58:29 GMT
Content-Length: 5048

8260928.fls.doubleclick.net/activityi;src=8260928;type=global;cat=postengl;ord=1731455357069;gtm=2wg783;auiddc=1977740214.1595281331;u1=https%3A%2F%2Fwww.posten.no%2F;u2=;u3=undefined;u4=Posten.no;u5=;~oref=https%3A%2F%2Fwww.posten.no%2F?

142.250.74.70

200 OK

379 B

URL HTTP/1.1
8260928.fls.doubleclick.net/activityi;src=8260928;type=global;cat=postengl;ord=1731455357069;gtm=2wg783;auiddc=1977740214.1595281331;u1=https%3A%2F%2Fwww.posten.no%2F;u2=;u3=undefined;u4=Posten.no;u5=;~oref=https%3A%2F%2Fwww.posten.no%2F?
IP
142.250.74.70:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (514), with no line terminators
Size
379 B (379 bytes)
Hash
b0d6eab9eab3a20438b0bd13da342a70
134028116c2bead7b536a69aff5cdffbe7cef66c
a10b560c3b8f69897480622085a0ab5675665bff0b3e3f8ead749b3f2535c7dc

HTTP Headers

GET /activityi;src=8260928;type=global;cat=postengl;ord=1731455357069;gtm=2wg783;auiddc=1977740214.1595281331;u1=https%3A%2F%2Fwww.posten.no%2F;u2=;u3=undefined;u4=Posten.no;u5=;~oref=https%3A%2F%2Fwww.posten.no%2F? HTTP/1.1
Host: 8260928.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 17 Feb 2023 13:58:30 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Strict-Transport-Security: max-age=21600
Content-Type: text/html; charset=UTF-8
Pragma: no-cache
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
Content-Length: 379
X-XSS-Protection: 0

8260928.fls.doubleclick.net/activityi;src=8260928;type=global;cat=postengl;ord=4649758211791;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D?

142.250.74.70

200 OK

427 B

URL HTTP/1.1
8260928.fls.doubleclick.net/activityi;src=8260928;type=global;cat=postengl;ord=4649758211791;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D?
IP
142.250.74.70:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (636), with no line terminators
Size
427 B (427 bytes)
Hash
78b225543f9ea122bf259d94fd379b4b
cbe260dd69e0791c6479bf8c214f28aa09a41286
e2e8bdcba10a07de068f0c41f8f0c7dd6bfed0b8b0f4aaedae5b263cd70e0362

HTTP Headers

GET /activityi;src=8260928;type=global;cat=postengl;ord=4649758211791;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D? HTTP/1.1
Host: 8260928.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 17 Feb 2023 13:58:30 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Strict-Transport-Security: max-age=21600
Content-Type: text/html; charset=UTF-8
Pragma: no-cache
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
Content-Length: 427
X-XSS-Protection: 0

in.taskanalytics.com/00012/tm.js?r=&1676642309217

54.216.252.255

403 Forbidden

7 B

URL HTTP/1.1
in.taskanalytics.com/00012/tm.js?r=&1676642309217
IP
54.216.252.255:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /00012/tm.js?r=&1676642309217 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/

HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:58:30 GMT
Via: 1.1 vegur

8260928.fls.doubleclick.net/activityi;src=8260928;type=global;cat=postengl;ord=8037061832867;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D?

142.250.74.70

200 OK

427 B

URL HTTP/1.1
8260928.fls.doubleclick.net/activityi;src=8260928;type=global;cat=postengl;ord=8037061832867;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D?
IP
142.250.74.70:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (636), with no line terminators
Size
427 B (427 bytes)
Hash
7894f56de7efa41c42aab98bd8cd19ba
4a3a8110cc5a2e6deccedda3ac6d00bed188ff10
34c3b01b8c469b58e9933b67e4a12c9dd98ec4daefd4324f0aceb92cf8dd6d44

HTTP Headers

GET /activityi;src=8260928;type=global;cat=postengl;ord=8037061832867;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D? HTTP/1.1
Host: 8260928.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 17 Feb 2023 13:58:30 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Strict-Transport-Security: max-age=21600
Content-Type: text/html; charset=UTF-8
Pragma: no-cache
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
Content-Length: 427
X-XSS-Protection: 0

in.taskanalytics.com/00012/tm.js?r=&1676642309222

54.216.252.255

403 Forbidden

7 B

URL HTTP/1.1
in.taskanalytics.com/00012/tm.js?r=&1676642309222
IP
54.216.252.255:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /00012/tm.js?r=&1676642309222 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/

HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:58:30 GMT
Via: 1.1 vegur

in.taskanalytics.com/00012/tm.js?r=&1676642309226

54.216.252.255

403 Forbidden

7 B

URL HTTP/1.1
in.taskanalytics.com/00012/tm.js?r=&1676642309226
IP
54.216.252.255:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /00012/tm.js?r=&1676642309226 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/

HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:58:30 GMT
Via: 1.1 vegur

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
aca8b73a066e2f30e966c25d0ff80224
c465ff174891c76ba6899a50c81fcdf700887de8
f5a07ec450cba204cf6c38a5ac3d16f0a63811f83816aa874d08148fb6c23e29

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

b.scorecardresearch.com/beacon.js

54.230.111.73

200 OK

1.9 kB

URL HTTP/1.1
b.scorecardresearch.com/beacon.js
IP
54.230.111.73:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (3936)
Size
1.9 kB (1852 bytes)
Hash
b67d2bfd2ffc510f6344e0dee7f05de3
db5a2e6076fbed3d01ddd5a5150a761cb6bc1886
1e6b30c3e6f7ac17aab743639939cc408ba4f6bde7176eb4438c6ead54c80e07

HTTP Headers

GET /beacon.js HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/

HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 28 Jun 2022 13:19:23 GMT
x-amz-server-side-encryption: AES256
Server: AmazonS3
Content-Encoding: gzip
Date: Fri, 17 Feb 2023 03:09:49 GMT
Cache-Control: max-age=86400
ETag: W/"eaf85c1c6758e84acfe134efd70e9373"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: lVT_dqL2qCc6afX797rblLc7KAnsUI7pdNlrmv0ec4Hd2-21Dz80zw==
Age: 38922

vars.hotjar.com/box-XMRheight:%201px%20!important;%20opacity:%200%20!important;%20pointer-events:%20none%20!important;

54.230.111.85

403 Forbidden

243 B

URL HTTP/2
vars.hotjar.com/box-XMRheight:%201px%20!important;%20opacity:%200%20!important;%20pointer-events:%20none%20!important;
IP
54.230.111.85:0
ASN
#16509 AMAZON-02

File type
data
Size
243 B (243 bytes)
Hash
7d30a5fef1cd3bd2a3cb91b5400b87ea
78eeec260cc4261a81135bbc1b9e480e5b7b3491
be865efbef59bf161c4d0b7962d46ff82e5f750a6699b1e7c054aab080e84957

HTTP Headers

GET /box-XMRheight:%201px%20!important;%20opacity:%200%20!important;%20pointer-events:%20none%20!important; HTTP/1.1
Host: vars.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 403 Forbidden
content-type: application/xml
content-length: 243
date: Fri, 17 Feb 2023 13:58:30 GMT
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=2592000; includeSubDomains
x-robots-tag: none
vary: Accept-Encoding
x-cache: Error from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: F6cUYJmTN6mRZNq5xBWBP4c47M6aIq9a4BJfjaaCulbQO5VtUBlXAw==
X-Firefox-Spdy: h2

adservice.google.com/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=6894569483852;gtm=45He32f0;auiddc=833644386.1676642309;u1=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F;u2=public;u3=posten-;u4=Posten.no;u5=;~oref=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F

142.250.74.34

200 OK

261 B

URL HTTP/2
adservice.google.com/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=6894569483852;gtm=45He32f0;auiddc=833644386.1676642309;u1=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F;u2=public;u3=posten-;u4=Posten.no;u5=;~oref=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F
IP
142.250.74.34:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (562), with no line terminators
Size
261 B (261 bytes)
Hash
737c1bcb08c03b190ff3781327e09cfa
5f201156d8709fc5b86ac364d943f1798ad30bf7
ea6c82d0715f1e448b809259033d384971a427ef3c7e356984746f79e76305f5

HTTP Headers

GET /ddm/fls/i/src=8260928;type=global;cat=postengl;ord=6894569483852;gtm=45He32f0;auiddc=833644386.1676642309;u1=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F;u2=public;u3=posten-;u4=Posten.no;u5=;~oref=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://8260928.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 17 Feb 2023 13:58:30 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 261
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

static.ads-twitter.com/uwt.js

151.101.244.157

200 OK

15 kB

URL HTTP/1.1
static.ads-twitter.com/uwt.js
IP
151.101.244.157:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (57596), with no line terminators
Size
15 kB (15375 bytes)
Hash
573e6a7f86f6f3063763360ef0672c01
b12eab3b4ac8872d49ac6e15f9cd17741765c0cf
02445eb022a04139531f0ce8d8980c31083a1c670936f1477f5cfc4d252133f7

HTTP Headers

GET /uwt.js HTTP/1.1
Host: static.ads-twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/

HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 15375
Last-Modified: Thu, 27 Oct 2022 18:55:37 GMT
Cache-Control: no-cache
Content-Type: application/javascript; charset=utf-8
Content-Encoding: gzip
Etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
Accept-Ranges: bytes
Date: Fri, 17 Feb 2023 13:58:30 GMT
X-Served-By: cache-iad-kjyo7100147-IAD, cache-hel1410022-HEL
X-Cache: HIT, HIT
Vary: Accept-Encoding,Host
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT

connect.facebook.net/en_US/fbevents.js

31.13.72.12

301 Moved Permanently

0 B

URL HTTP/1.1
connect.facebook.net/en_US/fbevents.js
IP
31.13.72.12:0
ASN
#32934 FACEBOOK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/

HTTP/1.1 301 Moved Permanently
Location: https://connect.facebook.net/en_US/fbevents.js
Content-Type: text/plain
Server: proxygen-bolt
Date: Fri, 17 Feb 2023 13:58:30 GMT
Connection: keep-alive
Content-Length: 0

static.hotjar.com/c/hotjar-507531.js?sv=7

54.230.111.39

200 OK

0 B

URL HTTP/2
static.hotjar.com/c/hotjar-507531.js?sv=7
IP
54.230.111.39:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c/hotjar-507531.js?sv=7 HTTP/1.1
Host: static.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 0
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=2592000; includeSubDomains
x-cache-hit: 1
x-content-type-options: nosniff
date: Fri, 17 Feb 2023 13:58:30 GMT
cache-control: max-age=60
etag: W/d41d8cd98f00b204e9800998ecf8427e
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: TfKVR7ypIPtIX1oU-3z8cxoWMU8E9w_tJuK0x9Cys3zodLYKFzNfbw==
age: 59
X-Firefox-Spdy: h2

adservice.google.com/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=1731455357069;gtm=2wg783;auiddc=1977740214.1595281331;u1=https%3A%2F%2Fwww.posten.no%2F;u2=;u3=undefined;u4=Posten.no;u5=;~oref=https%3A%2F%2Fwww.posten.no%2F

142.250.74.34

200 OK

251 B

URL HTTP/2
adservice.google.com/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=1731455357069;gtm=2wg783;auiddc=1977740214.1595281331;u1=https%3A%2F%2Fwww.posten.no%2F;u2=;u3=undefined;u4=Posten.no;u5=;~oref=https%3A%2F%2Fwww.posten.no%2F
IP
142.250.74.34:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (513), with no line terminators
Size
251 B (251 bytes)
Hash
66bab8b407292b70d4f0f305ec9acacd
4acdd7d1e3e07355322ca7aaf74899a6e67a64a8
fffcc1ee1d9daaab2e3396862ae8e5913226f7da9049f41dad4a15604fc939c9

HTTP Headers

GET /ddm/fls/i/src=8260928;type=global;cat=postengl;ord=1731455357069;gtm=2wg783;auiddc=1977740214.1595281331;u1=https%3A%2F%2Fwww.posten.no%2F;u2=;u3=undefined;u4=Posten.no;u5=;~oref=https%3A%2F%2Fwww.posten.no%2F HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://8260928.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 17 Feb 2023 13:58:30 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 251
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

adservice.google.com/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=4649758211791;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D

142.250.74.34

200 OK

299 B

URL HTTP/2
adservice.google.com/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=4649758211791;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D
IP
142.250.74.34:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (635), with no line terminators
Size
299 B (299 bytes)
Hash
73fbf7971c5c280fa659ce0ac803c7ab
15baa8bc86051abe9c8da4d47720b403004d4ec0
5171ae2d45af40b0aa0c09c444ff33f7322ca5d258a1be8e2f00f795d32ef652

HTTP Headers

GET /ddm/fls/i/src=8260928;type=global;cat=postengl;ord=4649758211791;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://8260928.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 17 Feb 2023 13:58:30 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 299
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

snap.licdn.com/li.lms-analytics/insight.min.js

95.101.11.48

200 OK

4.8 kB

URL HTTP/2
snap.licdn.com/li.lms-analytics/insight.min.js
IP
95.101.11.48:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (13351)
Size
4.8 kB (4777 bytes)
Hash
74f72658f6efd10c4c286ab07cd5e452
9fa4dfc644b6e818914f2f2c4fe4bdf791fd6d39
6681619d5962f95b3fccfa34a7f035664edb66522d237ea0c28a05851f9d295c

HTTP Headers

GET /li.lms-analytics/insight.min.js HTTP/1.1
Host: snap.licdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Tue, 10 Jan 2023 17:22:56 GMT
accept-ranges: bytes
content-type: application/x-javascript;charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=48216
date: Fri, 17 Feb 2023 13:58:30 GMT
content-length: 4777
x-content-type-options: nosniff
x-cdn: AKAM
X-Firefox-Spdy: h2

static.ads-twitter.com/uwt.js

151.101.244.157

304 Not Modified

0 B

URL HTTP/1.1
static.ads-twitter.com/uwt.js
IP
151.101.244.157:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uwt.js HTTP/1.1
Host: static.ads-twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
If-Modified-Since: Thu, 27 Oct 2022 18:55:37 GMT
If-None-Match: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"

HTTP/1.1 304 Not Modified
Connection: keep-alive
Date: Fri, 17 Feb 2023 13:58:30 GMT
Cache-Control: no-cache
ETag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
X-Served-By: cache-hel1410022-HEL
X-Cache: HIT
Vary: Accept-Encoding,Host
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT

script.hotjar.com/modules.a1fbf755044ca8f629ba.js

54.230.111.73

200 OK

89 kB

URL HTTP/2
script.hotjar.com/modules.a1fbf755044ca8f629ba.js
IP
54.230.111.73:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (65536), with no line terminators
Size
89 kB (88758 bytes)
Hash
db69fc2480d3485a988c1628d311d0c0
82abdfda4d399e9e8032a71f1f962e91ad80860f
7517e0f2be2260c0cd09514fb51ac73f72751caa5e58e4fa5267732f3862b318

HTTP Headers

GET /modules.a1fbf755044ca8f629ba.js HTTP/1.1
Host: script.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript
content-length: 88758
date: Thu, 05 Jan 2023 12:22:43 GMT
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=31536000
content-encoding: br
cross-origin-resource-policy: cross-origin
etag: "db69fc2480d3485a988c1628d311d0c0"
last-modified: Wed, 22 Jul 2020 09:42:49 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ECRScANUKzxwe1n3XUxj-T1jMlEsGwiSJpPfDIKsNuyyCbgcmjKAFQ==
age: 3720947
X-Firefox-Spdy: h2

adservice.google.com/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=8037061832867;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D

142.250.74.34

200 OK

297 B

URL HTTP/2
adservice.google.com/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=8037061832867;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D
IP
142.250.74.34:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (635), with no line terminators
Size
297 B (297 bytes)
Hash
bc6d6c3a1c420799472640b0a824691d
a5386ff8c52d713dc16ee1630746b76ee6a0c37a
c077749c0272ef956823be09fc24bb8b28c91397ece025c16b8ddfddce8b8806

HTTP Headers

GET /ddm/fls/i/src=8260928;type=global;cat=postengl;ord=8037061832867;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://8260928.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 17 Feb 2023 13:58:30 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 297
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
6cfaa4d7152a5617a55e9bcc0372ba0c
58b079d9f8fb3181dd88a9f7de88fbd8c0d10b02
5a21bd1aee52814fb4ab4efa7dab375778743f85d28978af9c09eacf16fd6b58

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.demaflexsnc.it/_/image/60b33711-0a7f-40bc-974b-0209e50dae4a:91dbc5bf28c5fb069b0219ca5856e5da19efea66/square-16/posten-logo.png

31.11.33.147

404 Not Found

5.2 kB

URL HTTP/1.1
www.demaflexsnc.it/_/image/60b33711-0a7f-40bc-974b-0209e50dae4a:91dbc5bf28c5fb069b0219ca5856e5da19efea66/square-16/posten-logo.png
IP
31.11.33.147:0
ASN
#31034 Aruba S.p.A.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (365)
Size
5.2 kB (5170 bytes)
Hash
e0ea91d84dffe13a12e06f6c271281ec
ab81b64f8e67e1f886451076e2c0e64c937d129d
4dd3291fead32e13d2d6845409cef6032492f6852df75d834ced69711c7e4a25

HTTP Headers

GET /_/image/60b33711-0a7f-40bc-974b-0209e50dae4a:91dbc5bf28c5fb069b0219ca5856e5da19efea66/square-16/posten-logo.png HTTP/1.1
Host: www.demaflexsnc.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/public/posten/
Cookie: _gcl_au=1.1.833644386.1676642309

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Aruba2-Cache: NA
X-Aruba-Cache: NA
Date: Fri, 17 Feb 2023 13:58:29 GMT
Content-Length: 5170

static.ads-twitter.com/uwt.js

151.101.244.157

304 Not Modified

0 B

URL HTTP/1.1
static.ads-twitter.com/uwt.js
IP
151.101.244.157:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uwt.js HTTP/1.1
Host: static.ads-twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
If-Modified-Since: Thu, 27 Oct 2022 18:55:37 GMT
If-None-Match: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"

HTTP/1.1 304 Not Modified
Connection: keep-alive
Date: Fri, 17 Feb 2023 13:58:30 GMT
Cache-Control: no-cache
ETag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
X-Served-By: cache-hel1410022-HEL
X-Cache: HIT
Vary: Accept-Encoding,Host
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT

www.google-analytics.com/analytics.js

142.250.74.110

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.110:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1490)
Size
20 kB (20085 bytes)
Hash
ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Fri, 17 Feb 2023 13:53:25 GMT
expires: Fri, 17 Feb 2023 15:53:25 GMT
cache-control: public, max-age=7200
age: 305
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google-analytics.com/plugins/ua/linkid.js

142.250.74.110

200 OK

859 B

URL HTTP/2
www.google-analytics.com/plugins/ua/linkid.js
IP
142.250.74.110:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1335)
Size
859 B (859 bytes)
Hash
904463ce35aee800847ab85ec948aaf6
904e4d2647466c7f7e0f7412019984e3b2ccfb24
057b4d29359dfe2536a2ec40243bdfa7b151222efcc1eb358608994a14c34237

HTTP Headers

GET /plugins/ua/linkid.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 859
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 17 Feb 2023 13:47:14 GMT
expires: Fri, 17 Feb 2023 14:47:14 GMT
cache-control: public, max-age=3600
age: 676
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
1bf3278c2046b4fdb1f775dca9bc8b16
54fa26cf0329818b9878e437a59ddccc8d72d35f
f794ad5a7249fe547829bc49ec42f96270f9de8ce9b17c1581e06c0ff3e9785d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4559
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:30 GMT
Last-Modified: Fri, 17 Feb 2023 12:42:32 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
1d265a8dd327a623f78bca3983a79e02
61e62434256bfbb2a88b27f50b059c03580300ca
cada3b43d2add1edbac39f050ec315498f12b2ec3c8ea1061322054ec5c56549

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googleadservices.com/pagead/conversion_async.js

142.250.74.162

200 OK

15 kB

URL HTTP/2
www.googleadservices.com/pagead/conversion_async.js
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1654)
Size
15 kB (15164 bytes)
Hash
74ace29e686ae4445710506fba552bd5
f09b4d13010f36b8f3efb0442b3d6e616e26a643
f655be0a03ae5bb0d71fae713a55c95462e40c688c2154221ba8c95d94917ff1

HTTP Headers

GET /pagead/conversion_async.js HTTP/1.1
Host: www.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 17 Feb 2023 13:58:30 GMT
expires: Fri, 17 Feb 2023 13:58:30 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 10376002428160754156
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 15164
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

connect.facebook.net/en_US/fbevents.js

31.13.72.12

200 OK

28 kB

URL HTTP/2
connect.facebook.net/en_US/fbevents.js
IP
31.13.72.12:0
ASN
#32934 FACEBOOK

File type
ASCII text, with very long lines (64348)
Size
28 kB (27843 bytes)
Hash
be5a1814429d0a129322abda3791987f
9e0eeee65e17a9c6df149ed1f01d3d7194833fd8
75afa897dd6f4b97b0697589569c7c4f87e32b79addf981febc78a4ff741210e

HTTP Headers

GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
origin-agent-cluster: ?0
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: l4mezuTX2daMM4ARayR4CGp613OdXqjIJDL6Z5PzHcr2oRfyTkARIFdY/iTHYS5K/I0cFpZh/Q66mhpXVOD5GQ==
content-length: 27843
x-fb-trip-id: 1904183273
date: Fri, 17 Feb 2023 13:58:30 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
0fa96c0ed89bf54a1fb36555f527fcde
00366fa4ab2dbf17dbc987fb055cd9f573ccd30a
6f182e3b430c1e94329d84d1ee10dc550fe1b79f251a8467118cf6102e403a9d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f8e34919a45c91c9c24ade6931afd022
388e683ca7de47486837127ab54d6265867443ea
c2ff7fece933be0048e1d6b1b82afec259124974fa63ab86f789981bfcb1eb78

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f8e34919a45c91c9c24ade6931afd022
388e683ca7de47486837127ab54d6265867443ea
c2ff7fece933be0048e1d6b1b82afec259124974fa63ab86f789981bfcb1eb78

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

acdn.adnxs.com/dmp/up/pixie.js

151.101.65.108

200 OK

3.3 kB

URL HTTP/1.1
acdn.adnxs.com/dmp/up/pixie.js
IP
151.101.65.108:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (9139), with no line terminators
Size
3.3 kB (3340 bytes)
Hash
75b9af81e30e45403e6856566e888545
d013e9a47331447f32c2bdf6f35b286e711788f0
dd26e2e55783f6174ceea7c7a3b10e5af1c7fca56fc2543956a38b848f32a151

HTTP Headers

GET /dmp/up/pixie.js HTTP/1.1
Host: acdn.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/

HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 3340
Server: nginx/1.18.0 (Ubuntu)
Content-Type: application/javascript
Last-Modified: Wed, 02 Jun 2021 15:04:00 GMT
ETag: W/"60b79de0-23b3"
Expires: Fri, 27 Jan 2023 02:11:02 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Fri, 17 Feb 2023 13:58:30 GMT
Age: 42406
X-Served-By: cache-lga21930-LGA, cache-bma1663-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 101, 6862
X-Timer: S1676642310.294885,VS0,VE0
Vary: Accept-Encoding

www.google.com/pagead/1p-conversion/undefined/?random=1676642308896&cv=11&fst=1676642308896&bg=ffffff&guid=ON&async=1&gtm=45He32f0&u_w=1280&u_h=1024&label=undefined&hn=www.google.com&frm=0&url=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&tiba=Posten.no&value=0&bttype=purchase&auid=833644386.1676642309&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4

142.250.74.164

302 Found

63 B

URL HTTP/2
www.google.com/pagead/1p-conversion/undefined/?random=1676642308896&cv=11&fst=1676642308896&bg=ffffff&guid=ON&async=1&gtm=45He32f0&u_w=1280&u_h=1024&label=undefined&hn=www.google.com&frm=0&url=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&tiba=Posten.no&value=0&bttype=purchase&auid=833644386.1676642309&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
63 B (63 bytes)
Hash
0339f8f57d1bf75003db591e28957e45
ae2286e497c9f76a02cb40c40a674b73bd293b76
609cd8e12464fe137cfaa9f1ab6637150d44e105559c901b6df50303fd05aa26

HTTP Headers

GET /pagead/1p-conversion/undefined/?random=1676642308896&cv=11&fst=1676642308896&bg=ffffff&guid=ON&async=1&gtm=45He32f0&u_w=1280&u_h=1024&label=undefined&hn=www.google.com&frm=0&url=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&tiba=Posten.no&value=0&bttype=purchase&auid=833644386.1676642309&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 17 Feb 2023 13:58:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
location: https://www.google.no/pagead/1p-conversion/undefined/?random=1676642308896&cv=11&fst=1676642308896&bg=ffffff&guid=ON&async=1&gtm=45He32f0&u_w=1280&u_h=1024&label=undefined&hn=www.google.com&frm=0&url=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&tiba=Posten.no&value=0&bttype=purchase&auid=833644386.1676642309&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0
content-type: text/javascript; charset=UTF-8
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 63
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

encrypted-tbn0.gstatic.com/images?q=tbn%3AANd9GcQTrX8MP4pA-vzwCA0DiAM71Fj69Cm9CP7aY7NITLF99rsGcwM9

142.250.74.78

200 OK

6.2 kB

URL HTTP/2
encrypted-tbn0.gstatic.com/images?q=tbn%3AANd9GcQTrX8MP4pA-vzwCA0DiAM71Fj69Cm9CP7aY7NITLF99rsGcwM9
IP
142.250.74.78:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x168, components 3\012- data
Size
6.2 kB (6238 bytes)
Hash
2063951383d22405d0663550e2ed3762
6a256b7cdec8d0e0aaf2c86c17e7cc34693a609e
0fb41ab8877699782e17566fafad17e01b8d04b840db658583cb0d3b9508fff4

HTTP Headers

GET /images?q=tbn%3AANd9GcQTrX8MP4pA-vzwCA0DiAM71Fj69Cm9CP7aY7NITLF99rsGcwM9 HTTP/1.1
Host: encrypted-tbn0.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-length: 6238
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 17 Feb 2023 06:24:19 GMT
expires: Sat, 17 Feb 2024 06:24:19 GMT
cache-control: public, max-age=31536000
age: 27251
last-modified: Thu, 28 Dec 2017 03:23:06 GMT
content-type: image/jpeg
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
fc63911e4661aa872ac148ba0e622495
8c71e1a1ca7a84edaeda049a242868a603685883
f9801dcdaab6db35dde3127add82844087ebdba6bf3149e4b54946e5e8e234d4

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gstatic.com/images/branding/product/1x/translate_24dp.png

142.250.74.99

200 OK

846 B

URL HTTP/2
www.gstatic.com/images/branding/product/1x/translate_24dp.png
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
846 B (846 bytes)
Hash
e9cd262114358f26b7608b56905185dc
6dbde0a96deaab2b529723ce26c62043cf9180ab
5a861509b658aa24fc3aed2867ac3c061e7d818d90b9990959afc6d1b5d4ff99

HTTP Headers

GET /images/branding/product/1x/translate_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 846
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 17 Feb 2023 13:01:44 GMT
expires: Sat, 17 Feb 2024 13:01:44 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
content-type: image/png
vary: Origin
age: 3406
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
1bf3278c2046b4fdb1f775dca9bc8b16
54fa26cf0329818b9878e437a59ddccc8d72d35f
f794ad5a7249fe547829bc49ec42f96270f9de8ce9b17c1581e06c0ff3e9785d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4559
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:30 GMT
Last-Modified: Fri, 17 Feb 2023 12:42:32 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d56fcc1e441a5a55e8e534be7b4f0e78
534216c89feed8f38c5b289ba5134f2b74b714ce
32b19f3ef1a5d882a0b243a836adc26bf4c854cc40aa2ae9fac271e6f32b5241

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gstatic.com/images/branding/product/2x/translate_24dp.png

142.250.74.99

200 OK

1.8 kB

URL HTTP/2
www.gstatic.com/images/branding/product/2x/translate_24dp.png
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
1.8 kB (1842 bytes)
Hash
c69c796362406f9e11c7f4bf5bb628da
e489ce95ab56208090868882113d7416abf46775
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82

HTTP Headers

GET /images/branding/product/2x/translate_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://translate.googleapis.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1842
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 17 Feb 2023 13:56:49 GMT
expires: Sat, 17 Feb 2024 13:56:49 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
content-type: image/png
vary: Origin
age: 101
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c9e6e005454b8541d1c2b06348e59b91
8f7f5ae9386edf53c6dc1cffed0a1d89ebb413cd
92e1518234ecff2b0656e1714f63ff8501eb727addcdcfc5c293a42eef177765

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b617ba367e1ea63751230f57dea54575
e8e5b334030322c32596b4b8ca13688ae94426f5
7a9f17f10e76770dfd7ec9d725225699cf1364ec83f5d0ec077774f388605245

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4e2047d0030ab6ef9ef1aa93bc0e225b
6d370262f2ba2ad80b2bc2ce29ca47a4ad0a7134
77d6af824538cdbd9dcd7e62429c5c5f1fa0970c4a8ddc358d0e95d2049b0140

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

googleads.g.doubleclick.net/pagead/viewthroughconversion/undefined/?random=1676642308896&cv=11&fst=1676642308896&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45He32f0&u_w=1280&u_h=1024&label=undefined&hn=www.google.com&frm=0&url=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&tiba=Posten.no&value=0&bttype=purchase&auid=833644386.1676642309&gcp=1&ct_cookie_present=1

142.250.74.66

200 OK

42 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/undefined/?random=1676642308896&cv=11&fst=1676642308896&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45He32f0&u_w=1280&u_h=1024&label=undefined&hn=www.google.com&frm=0&url=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&tiba=Posten.no&value=0&bttype=purchase&auid=833644386.1676642309&gcp=1&ct_cookie_present=1
IP
142.250.74.66:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/viewthroughconversion/undefined/?random=1676642308896&cv=11&fst=1676642308896&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45He32f0&u_w=1280&u_h=1024&label=undefined&hn=www.google.com&frm=0&url=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&tiba=Posten.no&value=0&bttype=purchase&auid=833644386.1676642309&gcp=1&ct_cookie_present=1 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 17 Feb 2023 13:58:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 17-Feb-2023 14:13:30 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f8e34919a45c91c9c24ade6931afd022
388e683ca7de47486837127ab54d6265867443ea
c2ff7fece933be0048e1d6b1b82afec259124974fa63ab86f789981bfcb1eb78

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

adservice.google.no/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=6894569483852;gtm=45He32f0;auiddc=833644386.1676642309;u1=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F;u2=public;u3=posten-;u4=Posten.no;u5=;~oref=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F

216.58.207.194

200 OK

85 B

URL HTTP/2
adservice.google.no/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=6894569483852;gtm=45He32f0;auiddc=833644386.1676642309;u1=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F;u2=public;u3=posten-;u4=Posten.no;u5=;~oref=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F
IP
216.58.207.194:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size
85 B (85 bytes)
Hash
4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb

HTTP Headers

GET /ddm/fls/i/src=8260928;type=global;cat=postengl;ord=6894569483852;gtm=45He32f0;auiddc=833644386.1676642309;u1=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F;u2=public;u3=posten-;u4=Posten.no;u5=;~oref=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 17 Feb 2023 13:58:30 GMT
expires: Fri, 17 Feb 2023 13:58:30 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f8e34919a45c91c9c24ade6931afd022
388e683ca7de47486837127ab54d6265867443ea
c2ff7fece933be0048e1d6b1b82afec259124974fa63ab86f789981bfcb1eb78

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

adservice.google.no/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=8037061832867;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D

216.58.207.194

200 OK

85 B

URL HTTP/2
adservice.google.no/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=8037061832867;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D
IP
216.58.207.194:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size
85 B (85 bytes)
Hash
4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb

HTTP Headers

GET /ddm/fls/i/src=8260928;type=global;cat=postengl;ord=8037061832867;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 17 Feb 2023 13:58:30 GMT
expires: Fri, 17 Feb 2023 13:58:30 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

adservice.google.no/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=1731455357069;gtm=2wg783;auiddc=1977740214.1595281331;u1=https%3A%2F%2Fwww.posten.no%2F;u2=;u3=undefined;u4=Posten.no;u5=;~oref=https%3A%2F%2Fwww.posten.no%2F

216.58.207.194

200 OK

85 B

URL HTTP/2
adservice.google.no/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=1731455357069;gtm=2wg783;auiddc=1977740214.1595281331;u1=https%3A%2F%2Fwww.posten.no%2F;u2=;u3=undefined;u4=Posten.no;u5=;~oref=https%3A%2F%2Fwww.posten.no%2F
IP
216.58.207.194:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size
85 B (85 bytes)
Hash
4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb

HTTP Headers

GET /ddm/fls/i/src=8260928;type=global;cat=postengl;ord=1731455357069;gtm=2wg783;auiddc=1977740214.1595281331;u1=https%3A%2F%2Fwww.posten.no%2F;u2=;u3=undefined;u4=Posten.no;u5=;~oref=https%3A%2F%2Fwww.posten.no%2F HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 17 Feb 2023 13:58:30 GMT
expires: Fri, 17 Feb 2023 13:58:30 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

adservice.google.no/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=4649758211791;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D

216.58.207.194

200 OK

85 B

URL HTTP/2
adservice.google.no/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=4649758211791;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D
IP
216.58.207.194:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size
85 B (85 bytes)
Hash
4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb

HTTP Headers

GET /ddm/fls/i/src=8260928;type=global;cat=postengl;ord=4649758211791;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 17 Feb 2023 13:58:30 GMT
expires: Fri, 17 Feb 2023 13:58:30 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c8e9eeefa5d57aae7902f22001cacc91
30a9795bf30ff5c1056f506d866b00535defaeac
22d15f22115215143d2e173bf51e1b694de15e43d86ae46107fed2af7c15eca7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c9e6e005454b8541d1c2b06348e59b91
8f7f5ae9386edf53c6dc1cffed0a1d89ebb413cd
92e1518234ecff2b0656e1714f63ff8501eb727addcdcfc5c293a42eef177765

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:58:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.r2m01.amazontrust.com/

54.230.80.227

200 OK

471 B

URL HTTP/1.1
ocsp.r2m01.amazontrust.com/
IP
54.230.80.227:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
4311193f1701ae091d50ba2eeabf36be
5c857e688f238adde8e19e470568a05f97a3d93e
021728417b1d75143bbf5bc1e926a50c17bd3ecd910c3090cc9efd03e43ee561

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 17 Feb 2023 13:58:30 GMT
Last-Modified: Fri, 17 Feb 2023 12:37:33 GMT
Server: ECS (nyb/1D13)
X-Cache: Miss from cloudfront
Via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: -h94I8aa0pbGGiiVvEz5DLaeup6KaqBG2JFVJ9hzSHEQi9kNMlCNpg==
Age: 4857

6015663.global.siteimproveanalytics.io/image.aspx?url=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&title=Posten.no&res=1280x1024&accountid=6015663&rt=1179&prev=1c7c27f8-a1c0-dbe0-1b0f-aeb91c18c13f&luid=7fbc8064-fbb7-58b6-40cd-f5e3bbe5b1e0&rnd=40451

3.122.28.13

200 OK

34 B

URL HTTP/2
6015663.global.siteimproveanalytics.io/image.aspx?url=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&title=Posten.no&res=1280x1024&accountid=6015663&rt=1179&prev=1c7c27f8-a1c0-dbe0-1b0f-aeb91c18c13f&luid=7fbc8064-fbb7-58b6-40cd-f5e3bbe5b1e0&rnd=40451
IP
3.122.28.13:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
34 B (34 bytes)
Hash
a82ba3a9d42148e9cf209df13d8c3f3d
dba80835d31175bdcf0bcad1abafefb06d86e304
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /image.aspx?url=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&title=Posten.no&res=1280x1024&accountid=6015663&rt=1179&prev=1c7c27f8-a1c0-dbe0-1b0f-aeb91c18c13f&luid=7fbc8064-fbb7-58b6-40cd-f5e3bbe5b1e0&rnd=40451 HTTP/1.1
Host: 6015663.global.siteimproveanalytics.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 17 Feb 2023 13:58:30 GMT
content-type: image/gif
content-length: 34
set-cookie: AWSALB=pbqw6+M/FdBklUxTpyp+CKDyvPJh97VJs2sWbd6pd2Qw6xKtWGdR9NIPXmxFOS1AQ2fKrepwc0krr8GLG1HFGgJKG99vE2g9TPZz4rDHuZqRtXr+xLr2npBaJYUW; Expires=Fri, 24 Feb 2023 13:58:30 GMT; Path=/
AWSALBCORS=pbqw6+M/FdBklUxTpyp+CKDyvPJh97VJs2sWbd6pd2Qw6xKtWGdR9NIPXmxFOS1AQ2fKrepwc0krr8GLG1HFGgJKG99vE2g9TPZz4rDHuZqRtXr+xLr2npBaJYUW; Expires=Fri, 24 Feb 2023 13:58:30 GMT; Path=/; SameSite=None; Secure
cache-control: max-age=0
expires: Fri, 17 Feb 2023 13:58:30 UTC
X-Firefox-Spdy: h2

www.google.no/pagead/1p-conversion/undefined/?random=1676642308896&cv=11&fst=1676642308896&bg=ffffff&guid=ON&async=1&gtm=45He32f0&u_w=1280&u_h=1024&label=undefined&hn=www.google.com&frm=0&url=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&tiba=Posten.no&value=0&bttype=purchase&auid=833644386.1676642309&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0

142.250.74.163

200 OK

63 B

URL HTTP/2
www.google.no/pagead/1p-conversion/undefined/?random=1676642308896&cv=11&fst=1676642308896&bg=ffffff&guid=ON&async=1&gtm=45He32f0&u_w=1280&u_h=1024&label=undefined&hn=www.google.com&frm=0&url=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&tiba=Posten.no&value=0&bttype=purchase&auid=833644386.1676642309&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
63 B (63 bytes)
Hash
0339f8f57d1bf75003db591e28957e45
ae2286e497c9f76a02cb40c40a674b73bd293b76
609cd8e12464fe137cfaa9f1ab6637150d44e105559c901b6df50303fd05aa26

HTTP Headers

GET /pagead/1p-conversion/undefined/?random=1676642308896&cv=11&fst=1676642308896&bg=ffffff&guid=ON&async=1&gtm=45He32f0&u_w=1280&u_h=1024&label=undefined&hn=www.google.com&frm=0&url=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&tiba=Posten.no&value=0&bttype=purchase&auid=833644386.1676642309&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.demaflexsnc.it/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 17 Feb 2023 13:58:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/javascript; charset=UTF-8
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 63
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ib.adnxs.com/pixie?e=PageView&pi=3ff1e0a2-bf36-4112-bfb2-d9ea337ee435&it=1676642309595&v=0.0.20&u=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&st=1676642309595&et=1676642309595&if=0

37.252.171.53

200 OK

42 B

URL HTTP/1.1
ib.adnxs.com/pixie?e=PageView&pi=3ff1e0a2-bf36-4112-bfb2-d9ea337ee435&it=1676642309595&v=0.0.20&u=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&st=1676642309595&et=1676642309595&if=0
IP
37.252.171.53:0
ASN
#29990 ASN-APPNEX

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pixie?e=PageView&pi=3ff1e0a2-bf36-4112-bfb2-d9ea337ee435&it=1676642309595&v=0.0.20&u=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&st=1676642309595&et=1676642309595&if=0 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Fri, 17 Feb 2023 13:58:30 GMT
Content-Type: image/gif
Content-Length: 42
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com

ib.adnxs.com/pixie?e=PageView&pi=9c3f7c51-769b-4487-8db5-bef9b5c66993&it=1676642309598&v=0.0.20&u=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&st=1676642309595&et=1676642309599&if=0

37.252.171.53

200 OK

42 B

URL HTTP/1.1
ib.adnxs.com/pixie?e=PageView&pi=9c3f7c51-769b-4487-8db5-bef9b5c66993&it=1676642309598&v=0.0.20&u=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&st=1676642309595&et=1676642309599&if=0
IP
37.252.171.53:0
ASN
#29990 ASN-APPNEX

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pixie?e=PageView&pi=9c3f7c51-769b-4487-8db5-bef9b5c66993&it=1676642309598&v=0.0.20&u=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&st=1676642309595&et=1676642309599&if=0 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Fri, 17 Feb 2023 13:58:30 GMT
Content-Type: image/gif
Content-Length: 42
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com

ib.adnxs.com/pixie?e=PageView&pi=3ff1e0a2-bf36-4112-bfb2-d9ea337ee435&it=1676642309595&v=0.0.20&u=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&st=1676642309595&et=1676642309598&if=0

37.252.171.53

200 OK

42 B

URL HTTP/1.1
ib.adnxs.com/pixie?e=PageView&pi=3ff1e0a2-bf36-4112-bfb2-d9ea337ee435&it=1676642309595&v=0.0.20&u=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&st=1676642309595&et=1676642309598&if=0
IP
37.252.171.53:0
ASN
#29990 ASN-APPNEX

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pixie?e=PageView&pi=3ff1e0a2-bf36-4112-bfb2-d9ea337ee435&it=1676642309595&v=0.0.20&u=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&st=1676642309595&et=1676642309598&if=0 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Fri, 17 Feb 2023 13:58:30 GMT
Content-Type: image/gif
Content-Length: 42
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com

px.ads.linkedin.com/collect?v=2&fmt=js&pid=&time=1676642309457&url=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F

13.107.42.14

200 OK

0 B

URL HTTP/2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=&time=1676642309457&url=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F
IP
13.107.42.14:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /collect?v=2&fmt=js&pid=&time=1676642309457&url=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript
set-cookie: bcookie="v=2&d780addd-527d-4b81-8b7e-c25407798410"; domain=.linkedin.com; Path=/; Secure; Expires=Sat, 17-Feb-2024 13:58:30 GMT; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2434:u=1:x=1:i=1676642310:t=1676728710:v=2:sig=AQEJWTfEQre3YaSrwN6ldAqLWfAik9rY"; Expires=Sat, 18 Feb 2023 13:58:30 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAX05bVVoZw7VOcZpJvHQw==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 604368A4E0E34D2FA942910D10BD4106 Ref B: OSL30EDGE0207 Ref C: 2023-02-17T13:58:30Z
date: Fri, 17 Feb 2023 13:58:30 GMT
content-length: 0
X-Firefox-Spdy: h2

www.facebook.com/tr/?id=843920095719058&ev=PageView&dl=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&rl=&if=false&ts=1676642309877&sw=1280&sh=1024&v=2.9.96&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1676642309876.1174613635&it=1676642309580&coo=false&rqm=GET

157.240.200.35

200 OK

0 B

URL HTTP/2
www.facebook.com/tr/?id=843920095719058&ev=PageView&dl=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&rl=&if=false&ts=1676642309877&sw=1280&sh=1024&v=2.9.96&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1676642309876.1174613635&it=1676642309580&coo=false&rqm=GET
IP
157.240.200.35:0
ASN
#32934 FACEBOOK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /tr/?id=843920095719058&ev=PageView&dl=http%3A%2F%2Fwww.demaflexsnc.it%2Fpublic%2Fposten%2F&rl=&if=false&ts=1676642309877&sw=1280&sh=1024&v=2.9.96&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1676642309876.1174613635&it=1676642309580&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.demaflexsnc.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin: 
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Fri, 17 Feb 2023 13:58:30 GMT
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2f69937cf01dd0d8c6d25684dc465ecb
2267c4125b164eb66dd9cbc9e472272dd872d23d
3679252c806e273ddd31834976560e4e72bef32fa89be83088b3a779d227808f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3679252C806E273DDD31834976560E4E72BEF32FA89BE83088B3A779D227808F"
Last-Modified: Fri, 17 Feb 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21358
Expires: Fri, 17 Feb 2023 19:54:29 GMT
Date: Fri, 17 Feb 2023 13:58:31 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2f69937cf01dd0d8c6d25684dc465ecb
2267c4125b164eb66dd9cbc9e472272dd872d23d
3679252c806e273ddd31834976560e4e72bef32fa89be83088b3a779d227808f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3679252C806E273DDD31834976560E4E72BEF32FA89BE83088B3A779D227808F"
Last-Modified: Fri, 17 Feb 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21358
Expires: Fri, 17 Feb 2023 19:54:29 GMT
Date: Fri, 17 Feb 2023 13:58:31 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2f69937cf01dd0d8c6d25684dc465ecb
2267c4125b164eb66dd9cbc9e472272dd872d23d
3679252c806e273ddd31834976560e4e72bef32fa89be83088b3a779d227808f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3679252C806E273DDD31834976560E4E72BEF32FA89BE83088B3A779D227808F"
Last-Modified: Fri, 17 Feb 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21358
Expires: Fri, 17 Feb 2023 19:54:29 GMT
Date: Fri, 17 Feb 2023 13:58:31 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2f69937cf01dd0d8c6d25684dc465ecb
2267c4125b164eb66dd9cbc9e472272dd872d23d
3679252c806e273ddd31834976560e4e72bef32fa89be83088b3a779d227808f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3679252C806E273DDD31834976560E4E72BEF32FA89BE83088B3A779D227808F"
Last-Modified: Fri, 17 Feb 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13860
Expires: Fri, 17 Feb 2023 17:49:31 GMT
Date: Fri, 17 Feb 2023 13:58:31 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2f69937cf01dd0d8c6d25684dc465ecb
2267c4125b164eb66dd9cbc9e472272dd872d23d
3679252c806e273ddd31834976560e4e72bef32fa89be83088b3a779d227808f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3679252C806E273DDD31834976560E4E72BEF32FA89BE83088B3A779D227808F"
Last-Modified: Fri, 17 Feb 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21358
Expires: Fri, 17 Feb 2023 19:54:29 GMT
Date: Fri, 17 Feb 2023 13:58:31 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ff85c78-1c5e-4e0e-b056-c59edc64e066.jpeg

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ff85c78-1c5e-4e0e-b056-c59edc64e066.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8683 bytes)
Hash
6a689195f741507797cbfee1088b6096
7114ea3a2073e2a9356a82611300afb43a44af02
8e304f2e413644bd97225abaf443121aea7a8b1ae5237cfffd8acd0bc9ece258

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ff85c78-1c5e-4e0e-b056-c59edc64e066.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8683
x-amzn-requestid: 52627a4c-8764-4aa7-9d95-5a364a5c48a9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AKaBSGKgoAMFesw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e73d3b-40df63f72db14cab7d4f2e7b;Sampled=0
x-amzn-remapped-date: Sat, 11 Feb 2023 07:01:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: knG5uaFviCGKFtYeHBxEV6VPTGJwElhQuruCBPn0mN-iKtITf06_ag==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 17 Feb 2023 00:15:13 GMT
age: 49398
etag: "7114ea3a2073e2a9356a82611300afb43a44af02"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2836952b-4531-4fd4-b65f-4b46b34c589e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.0 kB (6975 bytes)
Hash
d2eae6226e2383cf7a14956fb5e00973
207870779f0bc576f842c3444c8a36cfb83827e7
1339bb05cf778cda51646dff372080356ec3d215ebe59fe8a8c3478422fe16ac

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2836952b-4531-4fd4-b65f-4b46b34c589e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 6975
x-amzn-requestid: a51f7d5f-b9f5-45ad-a864-fcf92ee45a09
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AHHalERAoAMFZRA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e5ec43-2aa1297878995458524758f3;Sampled=0
x-amzn-remapped-date: Fri, 10 Feb 2023 07:03:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: JbtPJs7uVnoMc8WtfcO85KEK8e8c439tQuWcGzILuYVC0-LCOS84DA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Feb 2023 22:18:33 GMT
age: 56398
etag: "207870779f0bc576f842c3444c8a36cfb83827e7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff32076f9-7699-4060-8c4f-8ca2cdd454e2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.8 kB (8813 bytes)
Hash
043c29f528f5414d1e280640e7bd6d79
5006aea566216e56530d02f3133b5eb0d15fd1a5
01c099af56ff9d26301d66f1bca427d41c7096ec687551b656edac95b0520e4a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff32076f9-7699-4060-8c4f-8ca2cdd454e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8813
x-amzn-requestid: 510cb459-2870-46eb-9c53-da577d62f83c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AdPCKEggoAMF3vQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63eec540-23f553c202ad097f53c58dc4;Sampled=0
x-amzn-remapped-date: Fri, 17 Feb 2023 00:07:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: F-Wi5siD9pPdWz8E84A8TeiWrgMnHr-3IiQuPjp2zz6RpCHSxUX09A==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Fri, 17 Feb 2023 00:45:51 GMT
age: 47560
etag: "5006aea566216e56530d02f3133b5eb0d15fd1a5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4748156e-3671-4964-bccd-dcff5a4dcabd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.5 kB (6486 bytes)
Hash
0f696a6d6b899ea990863fd3f6cef50b
15ed196a642a4e767c5527ec92e346109632fbbb
afd3a83fffd1b1d3df4c95632b78508e6509e369fea66b3e78cca1db1dd97d92

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4748156e-3671-4964-bccd-dcff5a4dcabd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6486
x-amzn-requestid: 9cd0762a-003f-45fd-ad59-2cb9d1c9a1e6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Ac4-lESQIAMFlhQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63eea1f6-22c2261c4bdfab1d44a07164;Sampled=0
x-amzn-remapped-date: Thu, 16 Feb 2023 21:36:54 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3a6crVzn1im5K9oMA5RqaEIjX2vluZ5yCcIkAfTUTB0cluzbzJbTGA==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Feb 2023 21:53:13 GMT
age: 57918
etag: "15ed196a642a4e767c5527ec92e346109632fbbb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6c942f8-27c2-4bf4-8e35-92d403d00f29.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7575 bytes)
Hash
1a34f09bb10a93df46b8b23e4cf0d4c0
c08103bfbfd0e097ae94773476143fcc02b126f4
4890fd0de8eb6ba08a5188eb24c4f7efad037a70f491329db7597df9ba2224fd

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6c942f8-27c2-4bf4-8e35-92d403d00f29.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7575
x-amzn-requestid: d8da5085-979c-4c8d-8883-94359384b9e3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AKaBQE-cIAMFpHA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e73d3a-5c65ae966ca81da764446a6e;Sampled=0
x-amzn-remapped-date: Sat, 11 Feb 2023 07:01:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0hOEJH96jaVZWiJ9UsLYQ4hj5DVyJGv_Etn1-rLalah7WDXP9Y787A==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Feb 2023 15:34:36 GMT
age: 80635
etag: "c08103bfbfd0e097ae94773476143fcc02b126f4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881c24a9-07ee-4126-b2c3-501b0461ee5e.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.9 kB (6879 bytes)
Hash
9c5a0bab7d34e51ee6476be179b356ba
87917d3cf520d73b7b1029f44505e7700413d51d
136e727a99409218318247b645558fad485ed84bcd90bd43a5895492cb317d89

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881c24a9-07ee-4126-b2c3-501b0461ee5e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6879
x-amzn-requestid: 18c46562-f8d9-4f7f-8ea0-1bb46e206f80
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ANnahEWgIAMFwYg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e885dc-50a7cfe4693b4efb038ce1a7;Sampled=0
x-amzn-remapped-date: Sun, 12 Feb 2023 06:23:24 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: qwK1XWOYMXy8qna9sVCV7q__QKMko9KXa8towbYhIj1EolPbqEuIHQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Feb 2023 15:50:12 GMT
age: 79699
etag: "87917d3cf520d73b7b1029f44505e7700413d51d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.demaflexsnc.it/_/image/60b33711-0a7f-40bc-974b-0209e50dae4a:91dbc5bf28c5fb069b0219ca5856e5da19efea66/square-192/posten-logo.png

31.11.33.147

404 Not Found

0 B

URL HTTP/1.1
www.demaflexsnc.it/_/image/60b33711-0a7f-40bc-974b-0209e50dae4a:91dbc5bf28c5fb069b0219ca5856e5da19efea66/square-192/posten-logo.png
IP
31.11.33.147:0
ASN
#31034 Aruba S.p.A.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /_/image/60b33711-0a7f-40bc-974b-0209e50dae4a:91dbc5bf28c5fb069b0219ca5856e5da19efea66/square-192/posten-logo.png HTTP/1.1
Host: www.demaflexsnc.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.demaflexsnc.it/public/posten/
Cookie: _gcl_au=1.1.833644386.1676642309

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Aruba2-Cache: NA
X-Aruba-Cache: NA
Date: Fri, 17 Feb 2023 13:58:29 GMT
Content-Length: 5172

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (31)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML