| eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc |  92.205.15.237 | 200 OK | 7.8 kB |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc IP92.205.15.237:0 ASN#21499 Host Europe GmbH
File typeHTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (457), with CRLF line terminators Hash72fc02383ae21dfa42866b0b1cba2004 54936a8753510dd126d0d35fb3f55b2d492d53a3 7e0d59771ed5000496b354fd08a2df93f4c557ac20ca154b08cdca0f9cc8297f
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 09:37:52 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620; path=/
X-Content-Type-Options: nosniff
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7755
Keep-Alive: timeout=5
Content-Type: text/html; charset=UTF-8
|
|
| r3.o.lencr.org/ |  23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash507011ccb9124dcd57e84a90a0965cc4 1a6575d0ac979c7184490cc9836ac4812ad2afd1 01626c18e1e68507aa33ef7448dbc3311901ab6f29adc2f51d449409b0680dce
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "01626C18E1E68507AA33EF7448DBC3311901AB6F29ADC2F51D449409B0680DCE"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7191
Expires: Mon, 06 Feb 2023 11:37:44 GMT
Date: Mon, 06 Feb 2023 09:37:53 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashc21ba65e44ac95470c314e068e49a9eb 17a13b13738993d889d4afa3d848dc63bf6eba64 9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10692
Expires: Mon, 06 Feb 2023 12:36:05 GMT
Date: Mon, 06 Feb 2023 09:37:53 GMT
Connection: keep-alive
|
|
| firefox.settings.services.mozilla.com/v1/ |  35.241.9.150 | 200 OK | 939 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/ IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (939), with no line terminators Hash30db107dcf4380cef05efea409c2e6a3 96e6a306fbc07299aba64e5c14e2bfca35872fa9 b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 06 Feb 2023 09:34:04 GMT
content-type: application/json
age: 229
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashfb7b6b46e708ad73eaaa3c21e74569ae 950663c025acad81556af5aa3022ecc9d55097fe 763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8579
Expires: Mon, 06 Feb 2023 12:00:52 GMT
Date: Mon, 06 Feb 2023 09:37:53 GMT
Connection: keep-alive
|
|
| content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain | 34.160.144.191 | 200 OK | 5.3 kB |
URL HTTP/2content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain IP34.160.144.191:0
File typePEM certificate\012- , ASCII text Hash7b922915ebf1fa3639b333f994c74f24 144a3f80b98fd0652d4614f24cf6cbbee40f8938 adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: u/dSje3kfIxBBCnCLF5r05bJJ14/L1mw24GDO8wgI7CkrOX4TPJbkMB59KS12IHuaTM8wLg183xJcA7Y3CrVJw==
x-amz-request-id: QY61515JSERZWW95
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 06 Feb 2023 08:53:38 GMT
age: 2655
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| contile.services.mozilla.com/v1/tiles | 34.117.237.239 | 200 OK | 12 B |
URL HTTP/2contile.services.mozilla.com/v1/tiles IP34.117.237.239:0
File typeJSON data\012- , ASCII text, with no line terminators Hash23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 09:37:53 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| eha.a37.mywebsitetransfer.com/ig/files/w/r/VKm5bDmxSHbPLiQLrfgP3bo9xcwevgvkDAmyD5uB4JAtfY4I3KY4XRR5_lSiJ6RiPxRE_SxnAtyVppSR0aYsPbglAJZngvyeMyEcIqpEI7o/resource/BusyIndicator-ver-B7F2943258D5A2E62FFE465B6AD641A2.css | 92.205.15.237 | 200 OK | 467 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/files/w/r/VKm5bDmxSHbPLiQLrfgP3bo9xcwevgvkDAmyD5uB4JAtfY4I3KY4XRR5_lSiJ6RiPxRE_SxnAtyVppSR0aYsPbglAJZngvyeMyEcIqpEI7o/resource/BusyIndicator-ver-B7F2943258D5A2E62FFE465B6AD641A2.css IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashba3e07908b0b05bbb3357a6a6e0aef79 3efdbf2b58e815cd7583197f416a2bae3cd4f669 9bb57b230d013ece0e0dffddbd0a73b5d370fcb7e9eac5dc9529100fd2f76cb0
GET /ig/files/w/r/VKm5bDmxSHbPLiQLrfgP3bo9xcwevgvkDAmyD5uB4JAtfY4I3KY4XRR5_lSiJ6RiPxRE_SxnAtyVppSR0aYsPbglAJZngvyeMyEcIqpEI7o/resource/BusyIndicator-ver-B7F2943258D5A2E62FFE465B6AD641A2.css HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 09:37:53 GMT
Server: Apache
X-Content-Type-Options: nosniff
Last-Modified: Thu, 02 Dec 2021 00:19:36 GMT
ETag: "c9b76-43c-5d21ebed47600-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 467
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/css
|
|
| eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJC/webjars/uilib/6.1.3/stylesheets/bundle.ibbr-ver-815AF0B58A0356260EBCEC54EB03F117.css | 92.205.15.237 | 200 OK | 119 kB |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJC/webjars/uilib/6.1.3/stylesheets/bundle.ibbr-ver-815AF0B58A0356260EBCEC54EB03F117.css IP92.205.15.237:0 ASN#21499 Host Europe GmbH
File typeASCII text, with very long lines (65480) Size119 kB (118883 bytes) Hashff0114961b0fe9b4f594681551555911 dc8e2a6bc4cfa2af73b1a4df51a5eebb76082dae 5a88d370a79554fc9bd45bc123c8bbfab71caeb7c8f3fa8839a93cf455c423aa
GET /ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJC/webjars/uilib/6.1.3/stylesheets/bundle.ibbr-ver-815AF0B58A0356260EBCEC54EB03F117.css HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 09:37:53 GMT
Server: Apache
X-Content-Type-Options: nosniff
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Mon, 17 Jan 2022 08:04:30 GMT
ETag: "c9bc4-dbc3d-5d5c29a245f80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5
Transfer-Encoding: chunked
Content-Type: text/css
|
|
| eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJCiufnK_jN4Y2U02Zk9momlk0s4J6JlZjTwgA42my3nAAsxfVCta4F0LAjmoQI/webjars/uilib/6.1.3/images/ING_Deutschland_NoClaim.svg | 92.205.15.237 | 200 OK | 16 kB |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJCiufnK_jN4Y2U02Zk9momlk0s4J6JlZjTwgA42my3nAAsxfVCta4F0LAjmoQI/webjars/uilib/6.1.3/images/ING_Deutschland_NoClaim.svg IP92.205.15.237:0 ASN#21499 Host Europe GmbH
File typeSVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text Hash3fadbc12d733ab01b8a1ef432d57201e e3b63b70496e1132993e3195b98cce517eb6be7a 9a214e9df938fbc09d96e47ae4dbe031d7a581647a87c38ec371bc2a2d4dc7cf
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJCiufnK_jN4Y2U02Zk9momlk0s4J6JlZjTwgA42my3nAAsxfVCta4F0LAjmoQI/webjars/uilib/6.1.3/images/ING_Deutschland_NoClaim.svg HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJC/webjars/uilib/6.1.3/stylesheets/bundle.ibbr-ver-815AF0B58A0356260EBCEC54EB03F117.css
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 09:37:53 GMT
Server: Apache
X-Content-Type-Options: nosniff
Content-Security-Policy: script-src 'none'
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Mon, 17 Jan 2022 08:04:38 GMT
ETag: "c9bab-3f1d-5d5c29a9e7180"
Accept-Ranges: bytes
Content-Length: 16157
Vary: Accept-Encoding
Keep-Alive: timeout=5
Content-Type: image/svg+xml
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/icon-16x16-ver-14mTFtNTXYag5vhAcgqhwm8jfHYPCEawPA.png | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/icon-16x16-ver-14mTFtNTXYag5vhAcgqhwm8jfHYPCEawPA.png IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ig/static/resource/icon-16x16-ver-14mTFtNTXYag5vhAcgqhwm8jfHYPCEawPA.png HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:53 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=2eb21957b7e6b3288c5839c1f01c1f342eb21957b7e6b3288c5839c1f01c1f34&session=2eb21957b7e6b3288c5839c1f01c1f342eb21957b7e6b3288c5839c1f01c1f34
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US | 35.241.9.150 | 200 OK | 329 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (329), with no line terminators Hash0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 06 Feb 2023 09:07:20 GMT
age: 1833
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJCiufnK_jN4Y2U02Zk9momlk0s4J6JlZjTwgA42my3nAAsxfVCta4F0LAjmoQI/webjars/uilib/6.1.3/stylesheets/webfonts/INGMeWeb-Regular.html | 92.205.15.237 | 200 OK | 30 kB |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJCiufnK_jN4Y2U02Zk9momlk0s4J6JlZjTwgA42my3nAAsxfVCta4F0LAjmoQI/webjars/uilib/6.1.3/stylesheets/webfonts/INGMeWeb-Regular.html IP92.205.15.237:0 ASN#21499 Host Europe GmbH
File typeWeb Open Font Format (Version 2), TrueType, length 29616, version 1.0\012- data Hash97205b19383b6a85ef38eb0997c23c35 f7e0af7cfde57e454dde3a2a0c878cc37de5841e f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJCiufnK_jN4Y2U02Zk9momlk0s4J6JlZjTwgA42my3nAAsxfVCta4F0LAjmoQI/webjars/uilib/6.1.3/stylesheets/webfonts/INGMeWeb-Regular.html HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJC/webjars/uilib/6.1.3/stylesheets/bundle.ibbr-ver-815AF0B58A0356260EBCEC54EB03F117.css
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 09:37:53 GMT
Server: Apache
X-Content-Type-Options: nosniff
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Mon, 17 Jan 2022 08:04:54 GMT
ETag: "c9b78-73b0-5d5c29b929580"
Accept-Ranges: bytes
Content-Length: 29616
Vary: Accept-Encoding
Keep-Alive: timeout=5
Content-Type: text/html
|
|
| eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJCiufnK_jN4Y2U02Zk9momlk0s4J6JlZjTwgA42my3nAAsxfVCta4F0LAjmoQI/webjars/uilib/6.1.3/stylesheets/webfonts/INGMeWeb-Bold.html | 92.205.15.237 | 200 OK | 30 kB |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJCiufnK_jN4Y2U02Zk9momlk0s4J6JlZjTwgA42my3nAAsxfVCta4F0LAjmoQI/webjars/uilib/6.1.3/stylesheets/webfonts/INGMeWeb-Bold.html IP92.205.15.237:0 ASN#21499 Host Europe GmbH
File typeWeb Open Font Format (Version 2), TrueType, length 30456, version 1.0\012- data Hash126c1fdeee5cc17fef5f5909ebb5c86f e2676a4a0c0f88ad2f33fe8acefc038073785de3 3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJCiufnK_jN4Y2U02Zk9momlk0s4J6JlZjTwgA42my3nAAsxfVCta4F0LAjmoQI/webjars/uilib/6.1.3/stylesheets/webfonts/INGMeWeb-Bold.html HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJC/webjars/uilib/6.1.3/stylesheets/bundle.ibbr-ver-815AF0B58A0356260EBCEC54EB03F117.css
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 09:37:53 GMT
Server: Apache
X-Content-Type-Options: nosniff
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Mon, 17 Jan 2022 08:04:54 GMT
ETag: "c9b79-76f8-5d5c29b929580"
Accept-Ranges: bytes
Content-Length: 30456
Vary: Accept-Encoding
Keep-Alive: timeout=5
Content-Type: text/html
|
|
| eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJCiufnK_jN4Y2U02Zk9momlk0s4J6JlZjTwgA42my3nAAsxfVCta4F0LAjmoQI/webjars/uilib/6.1.3/stylesheets/webfonts/icons.woff | 92.205.15.237 | 200 OK | 49 kB |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJCiufnK_jN4Y2U02Zk9momlk0s4J6JlZjTwgA42my3nAAsxfVCta4F0LAjmoQI/webjars/uilib/6.1.3/stylesheets/webfonts/icons.woff IP92.205.15.237:0 ASN#21499 Host Europe GmbH
File typeWeb Open Font Format, TrueType, length 48600, version 1.0\012- data Hashf3bed81a19a4b15ce515be55ca2ec30b ae3b9a4faf5fba0777e0d7bf4558227548db3093 f4d5693a0d7cd4b54adc6825d954388484f67d0467d3ac64db19ef49e35acb4f
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJCiufnK_jN4Y2U02Zk9momlk0s4J6JlZjTwgA42my3nAAsxfVCta4F0LAjmoQI/webjars/uilib/6.1.3/stylesheets/webfonts/icons.woff HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJC/webjars/uilib/6.1.3/stylesheets/bundle.ibbr-ver-815AF0B58A0356260EBCEC54EB03F117.css
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 09:37:53 GMT
Server: Apache
X-Content-Type-Options: nosniff
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Mon, 17 Jan 2022 08:04:38 GMT
ETag: "c9b80-bdd8-5d5c29a9e7180"
Accept-Ranges: bytes
Content-Length: 48600
Vary: Accept-Encoding
Keep-Alive: timeout=5
Content-Type: font/woff
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/icon-512x512-ver-F89530A5EAD037F63979954F143D2DD3.png | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/icon-512x512-ver-F89530A5EAD037F63979954F143D2DD3.png IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ig/static/resource/icon-512x512-ver-F89530A5EAD037F63979954F143D2DD3.png HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:53 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=50b42b3f584bf53412919df04674b29f50b42b3f584bf53412919df04674b29f&session=50b42b3f584bf53412919df04674b29f50b42b3f584bf53412919df04674b29f
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=2eb21957b7e6b3288c5839c1f01c1f342eb21957b7e6b3288c5839c1f01c1f34&session=2eb21957b7e6b3288c5839c1f01c1f342eb21957b7e6b3288c5839c1f01c1f34 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=2eb21957b7e6b3288c5839c1f01c1f342eb21957b7e6b3288c5839c1f01c1f34&session=2eb21957b7e6b3288c5839c1f01c1f342eb21957b7e6b3288c5839c1f01c1f34 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=2eb21957b7e6b3288c5839c1f01c1f342eb21957b7e6b3288c5839c1f01c1f34&session=2eb21957b7e6b3288c5839c1f01c1f342eb21957b7e6b3288c5839c1f01c1f34 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:53 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=c37a0209ddf40d20152e335dcdda679bc37a0209ddf40d20152e335dcdda679b&session=c37a0209ddf40d20152e335dcdda679bc37a0209ddf40d20152e335dcdda679b
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashdedf9c519ac38c4bece9c5bc895787d7 4911175c3f8a435978c5301c33c7a99a5e00a1d5 bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12403
Expires: Mon, 06 Feb 2023 13:04:36 GMT
Date: Mon, 06 Feb 2023 09:37:53 GMT
Connection: keep-alive
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=50b42b3f584bf53412919df04674b29f50b42b3f584bf53412919df04674b29f&session=50b42b3f584bf53412919df04674b29f50b42b3f584bf53412919df04674b29f | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=50b42b3f584bf53412919df04674b29f50b42b3f584bf53412919df04674b29f&session=50b42b3f584bf53412919df04674b29f50b42b3f584bf53412919df04674b29f IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=50b42b3f584bf53412919df04674b29f50b42b3f584bf53412919df04674b29f&session=50b42b3f584bf53412919df04674b29f50b42b3f584bf53412919df04674b29f HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:53 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=78fd7da06959a67858d3326ecd14ed5578fd7da06959a67858d3326ecd14ed55&session=78fd7da06959a67858d3326ecd14ed5578fd7da06959a67858d3326ecd14ed55
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=c37a0209ddf40d20152e335dcdda679bc37a0209ddf40d20152e335dcdda679b&session=c37a0209ddf40d20152e335dcdda679bc37a0209ddf40d20152e335dcdda679b | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=c37a0209ddf40d20152e335dcdda679bc37a0209ddf40d20152e335dcdda679b&session=c37a0209ddf40d20152e335dcdda679bc37a0209ddf40d20152e335dcdda679b IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=c37a0209ddf40d20152e335dcdda679bc37a0209ddf40d20152e335dcdda679b&session=c37a0209ddf40d20152e335dcdda679bc37a0209ddf40d20152e335dcdda679b HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:53 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=3ae2a1b8aadff0d5b6e997eec81f39003ae2a1b8aadff0d5b6e997eec81f3900&session=3ae2a1b8aadff0d5b6e997eec81f39003ae2a1b8aadff0d5b6e997eec81f3900
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| push.services.mozilla.com/ | 34.214.202.214 | 101 Switching Protocols | 0 B |
URL HTTP/1.1push.services.mozilla.com/ IP34.214.202.214:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 2E9eWNvlSpuWvIiC3TKetA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: k7Bg8bIOqkseXz+qbRDg331NLBc=
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=78fd7da06959a67858d3326ecd14ed5578fd7da06959a67858d3326ecd14ed55&session=78fd7da06959a67858d3326ecd14ed5578fd7da06959a67858d3326ecd14ed55 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=78fd7da06959a67858d3326ecd14ed5578fd7da06959a67858d3326ecd14ed55&session=78fd7da06959a67858d3326ecd14ed5578fd7da06959a67858d3326ecd14ed55 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=78fd7da06959a67858d3326ecd14ed5578fd7da06959a67858d3326ecd14ed55&session=78fd7da06959a67858d3326ecd14ed5578fd7da06959a67858d3326ecd14ed55 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:54 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=fc28134e94b365084dbcac7233f2d982fc28134e94b365084dbcac7233f2d982&session=fc28134e94b365084dbcac7233f2d982fc28134e94b365084dbcac7233f2d982
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=3ae2a1b8aadff0d5b6e997eec81f39003ae2a1b8aadff0d5b6e997eec81f3900&session=3ae2a1b8aadff0d5b6e997eec81f39003ae2a1b8aadff0d5b6e997eec81f3900 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=3ae2a1b8aadff0d5b6e997eec81f39003ae2a1b8aadff0d5b6e997eec81f3900&session=3ae2a1b8aadff0d5b6e997eec81f39003ae2a1b8aadff0d5b6e997eec81f3900 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=3ae2a1b8aadff0d5b6e997eec81f39003ae2a1b8aadff0d5b6e997eec81f3900&session=3ae2a1b8aadff0d5b6e997eec81f39003ae2a1b8aadff0d5b6e997eec81f3900 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:54 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=024edc1b2c7cf0f5189bf1f177b78f3d024edc1b2c7cf0f5189bf1f177b78f3d&session=024edc1b2c7cf0f5189bf1f177b78f3d024edc1b2c7cf0f5189bf1f177b78f3d
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=fc28134e94b365084dbcac7233f2d982fc28134e94b365084dbcac7233f2d982&session=fc28134e94b365084dbcac7233f2d982fc28134e94b365084dbcac7233f2d982 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=fc28134e94b365084dbcac7233f2d982fc28134e94b365084dbcac7233f2d982&session=fc28134e94b365084dbcac7233f2d982fc28134e94b365084dbcac7233f2d982 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=fc28134e94b365084dbcac7233f2d982fc28134e94b365084dbcac7233f2d982&session=fc28134e94b365084dbcac7233f2d982fc28134e94b365084dbcac7233f2d982 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:54 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=279afec07c40d78d13f95b41942e6340279afec07c40d78d13f95b41942e6340&session=279afec07c40d78d13f95b41942e6340279afec07c40d78d13f95b41942e6340
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=024edc1b2c7cf0f5189bf1f177b78f3d024edc1b2c7cf0f5189bf1f177b78f3d&session=024edc1b2c7cf0f5189bf1f177b78f3d024edc1b2c7cf0f5189bf1f177b78f3d | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=024edc1b2c7cf0f5189bf1f177b78f3d024edc1b2c7cf0f5189bf1f177b78f3d&session=024edc1b2c7cf0f5189bf1f177b78f3d024edc1b2c7cf0f5189bf1f177b78f3d IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=024edc1b2c7cf0f5189bf1f177b78f3d024edc1b2c7cf0f5189bf1f177b78f3d&session=024edc1b2c7cf0f5189bf1f177b78f3d024edc1b2c7cf0f5189bf1f177b78f3d HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:54 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=0169c7857da143b25dd4b86ab28080b60169c7857da143b25dd4b86ab28080b6&session=0169c7857da143b25dd4b86ab28080b60169c7857da143b25dd4b86ab28080b6
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=279afec07c40d78d13f95b41942e6340279afec07c40d78d13f95b41942e6340&session=279afec07c40d78d13f95b41942e6340279afec07c40d78d13f95b41942e6340 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=279afec07c40d78d13f95b41942e6340279afec07c40d78d13f95b41942e6340&session=279afec07c40d78d13f95b41942e6340279afec07c40d78d13f95b41942e6340 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=279afec07c40d78d13f95b41942e6340279afec07c40d78d13f95b41942e6340&session=279afec07c40d78d13f95b41942e6340279afec07c40d78d13f95b41942e6340 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:54 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=84f6806d4ea0c4af3034433f76e975a684f6806d4ea0c4af3034433f76e975a6&session=84f6806d4ea0c4af3034433f76e975a684f6806d4ea0c4af3034433f76e975a6
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=0169c7857da143b25dd4b86ab28080b60169c7857da143b25dd4b86ab28080b6&session=0169c7857da143b25dd4b86ab28080b60169c7857da143b25dd4b86ab28080b6 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=0169c7857da143b25dd4b86ab28080b60169c7857da143b25dd4b86ab28080b6&session=0169c7857da143b25dd4b86ab28080b60169c7857da143b25dd4b86ab28080b6 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=0169c7857da143b25dd4b86ab28080b60169c7857da143b25dd4b86ab28080b6&session=0169c7857da143b25dd4b86ab28080b60169c7857da143b25dd4b86ab28080b6 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:54 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=6a304ee3337e4fb37da49cf60702007a6a304ee3337e4fb37da49cf60702007a&session=6a304ee3337e4fb37da49cf60702007a6a304ee3337e4fb37da49cf60702007a
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=84f6806d4ea0c4af3034433f76e975a684f6806d4ea0c4af3034433f76e975a6&session=84f6806d4ea0c4af3034433f76e975a684f6806d4ea0c4af3034433f76e975a6 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=84f6806d4ea0c4af3034433f76e975a684f6806d4ea0c4af3034433f76e975a6&session=84f6806d4ea0c4af3034433f76e975a684f6806d4ea0c4af3034433f76e975a6 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=84f6806d4ea0c4af3034433f76e975a684f6806d4ea0c4af3034433f76e975a6&session=84f6806d4ea0c4af3034433f76e975a684f6806d4ea0c4af3034433f76e975a6 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:54 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=869133e2306b2de1684cec109cb37d84869133e2306b2de1684cec109cb37d84&session=869133e2306b2de1684cec109cb37d84869133e2306b2de1684cec109cb37d84
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash3b4ea902c3e097daaa31810cb66d585a 97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049 0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2213
Expires: Mon, 06 Feb 2023 10:14:48 GMT
Date: Mon, 06 Feb 2023 09:37:55 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash3b4ea902c3e097daaa31810cb66d585a 97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049 0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2213
Expires: Mon, 06 Feb 2023 10:14:48 GMT
Date: Mon, 06 Feb 2023 09:37:55 GMT
Connection: keep-alive
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=6a304ee3337e4fb37da49cf60702007a6a304ee3337e4fb37da49cf60702007a&session=6a304ee3337e4fb37da49cf60702007a6a304ee3337e4fb37da49cf60702007a | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=6a304ee3337e4fb37da49cf60702007a6a304ee3337e4fb37da49cf60702007a&session=6a304ee3337e4fb37da49cf60702007a6a304ee3337e4fb37da49cf60702007a IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=6a304ee3337e4fb37da49cf60702007a6a304ee3337e4fb37da49cf60702007a&session=6a304ee3337e4fb37da49cf60702007a6a304ee3337e4fb37da49cf60702007a HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:55 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=94ebaa51fff542e7afb9384bd04319ba94ebaa51fff542e7afb9384bd04319ba&session=94ebaa51fff542e7afb9384bd04319ba94ebaa51fff542e7afb9384bd04319ba
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash3b4ea902c3e097daaa31810cb66d585a 97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049 0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2213
Expires: Mon, 06 Feb 2023 10:14:48 GMT
Date: Mon, 06 Feb 2023 09:37:55 GMT
Connection: keep-alive
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7a9b5f68-fd45-4868-ba31-8118d000f7d9.jpeg | 34.120.237.76 | 200 OK | 9.0 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7a9b5f68-fd45-4868-ba31-8118d000f7d9.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashea463f7a06fe1403c18c8ce8781244a1 fbbe4b97e4b39983b36340030f6b40adc69cd485 93a12a85886512e3336d027c889a2276087976b1c9106356cc81596b88087042
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7a9b5f68-fd45-4868-ba31-8118d000f7d9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8971
x-amzn-requestid: b1baa973-5b7c-4daa-af2e-e9f0b3c6a604
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzViwFG1IAMF4qg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63de02de-4a0c9cf45c1a20083bb838dc;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 07:01:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: sAiUWR0kcs2yN_7IIHwlSl1eNIRMEaSJ8QD_Uti1CU6IFIGh0kSmSw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 08:03:07 GMT
age: 5688
etag: "fbbe4b97e4b39983b36340030f6b40adc69cd485"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24980299-b46f-4879-99f8-3d6a5bcd2153.png | 34.120.237.76 | 200 OK | 12 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24980299-b46f-4879-99f8-3d6a5bcd2153.png IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashb2e321721a636309ac45c6722f71a5d5 8f4224824571577109bf32b1fa7646dbfb88e818 a52611068a9694594dec4dddb1bd29afdbba897a2e1f61dcf3ceb81e262912e8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24980299-b46f-4879-99f8-3d6a5bcd2153.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12459
x-amzn-requestid: 5dd251ba-30e6-47aa-846a-9cefa9aa4928
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiPHlWIAMFnZw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-402585d71ebd0ebf75af210d;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dMwyfVFayhAjpMMOiE96N2N5TwdvJ52UvscJ6miuz4W3qNKXVS9jaA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:50:11 GMT
age: 42464
etag: "8f4224824571577109bf32b1fa7646dbfb88e818"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3694634-2f5a-47ff-b75c-9cb394881acc.jpeg | 34.120.237.76 | 200 OK | 9.8 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3694634-2f5a-47ff-b75c-9cb394881acc.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashccc8078cc937b7de0b299bcee1496f1b 395f04af71767acc9516387c8b07bde08968fdfe cf959fc4a72d80dcab20c235bec6d21eadaab87efa7a8969744cd228628ba050
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3694634-2f5a-47ff-b75c-9cb394881acc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9808
x-amzn-requestid: 75cc8041-19f5-4994-96b6-b14d3c90ec6e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiSFZAIAMF65g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-355d272c345c8c37595b4bb2;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: T7YlRZ936VEDkBvo2YKrS3GbyEh1xzC8W-50KiODzFjTnQb-hvkKpw==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:50:03 GMT
age: 42472
etag: "395f04af71767acc9516387c8b07bde08968fdfe"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6941fb6-e957-4628-8403-b30032e53952.jpeg | 34.120.237.76 | 200 OK | 9.5 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6941fb6-e957-4628-8403-b30032e53952.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashd97807096c24402f2938faa7bef0bb1f 5dcc91fcfb218579f9bb8d74949c62b42a0ee0f5 61d5e5e14348dcd17a2d65ed50bf4870cfa0869b2027bd9e02e5656b71ae7b07
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6941fb6-e957-4628-8403-b30032e53952.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9504
x-amzn-requestid: 5ed1526b-636a-4aac-9900-3438fe44bc68
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4o9ZF4fIAMFuhQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e021ef-6925f9fa343504e94459aa70;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:38:55 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: U81u29w8Kam-xsluWwUqh-4J1bS-8viBRP4f6ERFJcGUpsDLcB-feg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:51:09 GMT
age: 42406
etag: "5dcc91fcfb218579f9bb8d74949c62b42a0ee0f5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9070541c-6707-464e-b141-b6c767d8a58a.jpeg | 34.120.237.76 | 200 OK | 12 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9070541c-6707-464e-b141-b6c767d8a58a.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash062e186a259eda97173695240a492c63 9b476a4ec219667f560b88199a3a4e4b0a93b579 d18570d3c4ada689b5c2a99b0783ce41c629bd125e6683cf225e01b7032f14a4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9070541c-6707-464e-b141-b6c767d8a58a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12256
x-amzn-requestid: 1b959eb9-cf69-414c-b57b-4a63277d709c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fvgx-EhgoAMF2wA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc7b3f-2c58e8ac2aee8a8f409a93a0;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 03:10:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Q5tAmSUsPHlKjkJSksZpvVrOAsduYKg0uuTlc03yvuhtO1BUKlHyuA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 07:54:29 GMT
age: 6206
etag: "9b476a4ec219667f560b88199a3a4e4b0a93b579"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f78f981-25b3-46b1-a96b-baa8e001cc8e.jpeg | 34.120.237.76 | 200 OK | 8.6 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f78f981-25b3-46b1-a96b-baa8e001cc8e.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashad2298793399bf73c51c7d60952065c1 816bd4c36ceea2c46489ae72fde0b4a94c7c4bef dc540d64e5e0835c7007e89ca3b5dd620b43a87e13309f323f3843a5f908a199
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f78f981-25b3-46b1-a96b-baa8e001cc8e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8649
x-amzn-requestid: f85f3c9d-95c1-4db6-af5f-595070fe46c3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiRHzboAMFQCA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-6eed72bf20887cac6dc1a56a;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tNp3KhwtaSjchn-VAo1VellQ63I1W9uIbkQ_84Y7z_4z--vGfz8PGA==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:53:56 GMT
age: 42239
etag: "816bd4c36ceea2c46489ae72fde0b4a94c7c4bef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=869133e2306b2de1684cec109cb37d84869133e2306b2de1684cec109cb37d84&session=869133e2306b2de1684cec109cb37d84869133e2306b2de1684cec109cb37d84 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=869133e2306b2de1684cec109cb37d84869133e2306b2de1684cec109cb37d84&session=869133e2306b2de1684cec109cb37d84869133e2306b2de1684cec109cb37d84 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=869133e2306b2de1684cec109cb37d84869133e2306b2de1684cec109cb37d84&session=869133e2306b2de1684cec109cb37d84869133e2306b2de1684cec109cb37d84 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:55 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=b543300b5e556d2fa8fac69626f1508bb543300b5e556d2fa8fac69626f1508b&session=b543300b5e556d2fa8fac69626f1508bb543300b5e556d2fa8fac69626f1508b
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=94ebaa51fff542e7afb9384bd04319ba94ebaa51fff542e7afb9384bd04319ba&session=94ebaa51fff542e7afb9384bd04319ba94ebaa51fff542e7afb9384bd04319ba | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=94ebaa51fff542e7afb9384bd04319ba94ebaa51fff542e7afb9384bd04319ba&session=94ebaa51fff542e7afb9384bd04319ba94ebaa51fff542e7afb9384bd04319ba IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=94ebaa51fff542e7afb9384bd04319ba94ebaa51fff542e7afb9384bd04319ba&session=94ebaa51fff542e7afb9384bd04319ba94ebaa51fff542e7afb9384bd04319ba HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:55 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=c6c383ee6934b87cde9002a9e9585109c6c383ee6934b87cde9002a9e9585109&session=c6c383ee6934b87cde9002a9e9585109c6c383ee6934b87cde9002a9e9585109
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=b543300b5e556d2fa8fac69626f1508bb543300b5e556d2fa8fac69626f1508b&session=b543300b5e556d2fa8fac69626f1508bb543300b5e556d2fa8fac69626f1508b | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=b543300b5e556d2fa8fac69626f1508bb543300b5e556d2fa8fac69626f1508b&session=b543300b5e556d2fa8fac69626f1508bb543300b5e556d2fa8fac69626f1508b IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=b543300b5e556d2fa8fac69626f1508bb543300b5e556d2fa8fac69626f1508b&session=b543300b5e556d2fa8fac69626f1508bb543300b5e556d2fa8fac69626f1508b HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:55 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=8d2d3fd45340df446c866864589606108d2d3fd45340df446c86686458960610&session=8d2d3fd45340df446c866864589606108d2d3fd45340df446c86686458960610
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=c6c383ee6934b87cde9002a9e9585109c6c383ee6934b87cde9002a9e9585109&session=c6c383ee6934b87cde9002a9e9585109c6c383ee6934b87cde9002a9e9585109 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=c6c383ee6934b87cde9002a9e9585109c6c383ee6934b87cde9002a9e9585109&session=c6c383ee6934b87cde9002a9e9585109c6c383ee6934b87cde9002a9e9585109 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=c6c383ee6934b87cde9002a9e9585109c6c383ee6934b87cde9002a9e9585109&session=c6c383ee6934b87cde9002a9e9585109c6c383ee6934b87cde9002a9e9585109 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:55 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=dbdcf5ae21a1b9cda04a0075dce3d5a1dbdcf5ae21a1b9cda04a0075dce3d5a1&session=dbdcf5ae21a1b9cda04a0075dce3d5a1dbdcf5ae21a1b9cda04a0075dce3d5a1
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=8d2d3fd45340df446c866864589606108d2d3fd45340df446c86686458960610&session=8d2d3fd45340df446c866864589606108d2d3fd45340df446c86686458960610 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=8d2d3fd45340df446c866864589606108d2d3fd45340df446c86686458960610&session=8d2d3fd45340df446c866864589606108d2d3fd45340df446c86686458960610 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=8d2d3fd45340df446c866864589606108d2d3fd45340df446c86686458960610&session=8d2d3fd45340df446c866864589606108d2d3fd45340df446c86686458960610 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:55 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=a0fe84efa6a66fd5df80979ed583d4f3a0fe84efa6a66fd5df80979ed583d4f3&session=a0fe84efa6a66fd5df80979ed583d4f3a0fe84efa6a66fd5df80979ed583d4f3
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=dbdcf5ae21a1b9cda04a0075dce3d5a1dbdcf5ae21a1b9cda04a0075dce3d5a1&session=dbdcf5ae21a1b9cda04a0075dce3d5a1dbdcf5ae21a1b9cda04a0075dce3d5a1 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=dbdcf5ae21a1b9cda04a0075dce3d5a1dbdcf5ae21a1b9cda04a0075dce3d5a1&session=dbdcf5ae21a1b9cda04a0075dce3d5a1dbdcf5ae21a1b9cda04a0075dce3d5a1 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=dbdcf5ae21a1b9cda04a0075dce3d5a1dbdcf5ae21a1b9cda04a0075dce3d5a1&session=dbdcf5ae21a1b9cda04a0075dce3d5a1dbdcf5ae21a1b9cda04a0075dce3d5a1 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:55 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=9ae347c322f16310ffd06e696219daa59ae347c322f16310ffd06e696219daa5&session=9ae347c322f16310ffd06e696219daa59ae347c322f16310ffd06e696219daa5
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=a0fe84efa6a66fd5df80979ed583d4f3a0fe84efa6a66fd5df80979ed583d4f3&session=a0fe84efa6a66fd5df80979ed583d4f3a0fe84efa6a66fd5df80979ed583d4f3 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=a0fe84efa6a66fd5df80979ed583d4f3a0fe84efa6a66fd5df80979ed583d4f3&session=a0fe84efa6a66fd5df80979ed583d4f3a0fe84efa6a66fd5df80979ed583d4f3 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=a0fe84efa6a66fd5df80979ed583d4f3a0fe84efa6a66fd5df80979ed583d4f3&session=a0fe84efa6a66fd5df80979ed583d4f3a0fe84efa6a66fd5df80979ed583d4f3 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:56 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=3adf095bdf3e9e2fd65c7dba4b5b14cb3adf095bdf3e9e2fd65c7dba4b5b14cb&session=3adf095bdf3e9e2fd65c7dba4b5b14cb3adf095bdf3e9e2fd65c7dba4b5b14cb
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=9ae347c322f16310ffd06e696219daa59ae347c322f16310ffd06e696219daa5&session=9ae347c322f16310ffd06e696219daa59ae347c322f16310ffd06e696219daa5 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=9ae347c322f16310ffd06e696219daa59ae347c322f16310ffd06e696219daa5&session=9ae347c322f16310ffd06e696219daa59ae347c322f16310ffd06e696219daa5 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=9ae347c322f16310ffd06e696219daa59ae347c322f16310ffd06e696219daa5&session=9ae347c322f16310ffd06e696219daa59ae347c322f16310ffd06e696219daa5 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:56 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=c7f4962108ce61235c02d956c5086d2cc7f4962108ce61235c02d956c5086d2c&session=c7f4962108ce61235c02d956c5086d2cc7f4962108ce61235c02d956c5086d2c
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=3adf095bdf3e9e2fd65c7dba4b5b14cb3adf095bdf3e9e2fd65c7dba4b5b14cb&session=3adf095bdf3e9e2fd65c7dba4b5b14cb3adf095bdf3e9e2fd65c7dba4b5b14cb | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=3adf095bdf3e9e2fd65c7dba4b5b14cb3adf095bdf3e9e2fd65c7dba4b5b14cb&session=3adf095bdf3e9e2fd65c7dba4b5b14cb3adf095bdf3e9e2fd65c7dba4b5b14cb IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=3adf095bdf3e9e2fd65c7dba4b5b14cb3adf095bdf3e9e2fd65c7dba4b5b14cb&session=3adf095bdf3e9e2fd65c7dba4b5b14cb3adf095bdf3e9e2fd65c7dba4b5b14cb HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:56 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=d9942aa476e1cba27b672d6baca0fb6ad9942aa476e1cba27b672d6baca0fb6a&session=d9942aa476e1cba27b672d6baca0fb6ad9942aa476e1cba27b672d6baca0fb6a
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=c7f4962108ce61235c02d956c5086d2cc7f4962108ce61235c02d956c5086d2c&session=c7f4962108ce61235c02d956c5086d2cc7f4962108ce61235c02d956c5086d2c | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=c7f4962108ce61235c02d956c5086d2cc7f4962108ce61235c02d956c5086d2c&session=c7f4962108ce61235c02d956c5086d2cc7f4962108ce61235c02d956c5086d2c IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=c7f4962108ce61235c02d956c5086d2cc7f4962108ce61235c02d956c5086d2c&session=c7f4962108ce61235c02d956c5086d2cc7f4962108ce61235c02d956c5086d2c HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:56 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=7a4fb923536b5709683dded952c514d17a4fb923536b5709683dded952c514d1&session=7a4fb923536b5709683dded952c514d17a4fb923536b5709683dded952c514d1
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=d9942aa476e1cba27b672d6baca0fb6ad9942aa476e1cba27b672d6baca0fb6a&session=d9942aa476e1cba27b672d6baca0fb6ad9942aa476e1cba27b672d6baca0fb6a | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=d9942aa476e1cba27b672d6baca0fb6ad9942aa476e1cba27b672d6baca0fb6a&session=d9942aa476e1cba27b672d6baca0fb6ad9942aa476e1cba27b672d6baca0fb6a IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=d9942aa476e1cba27b672d6baca0fb6ad9942aa476e1cba27b672d6baca0fb6a&session=d9942aa476e1cba27b672d6baca0fb6ad9942aa476e1cba27b672d6baca0fb6a HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:56 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=4ee0b499b02d832826cd16b328d21f0c4ee0b499b02d832826cd16b328d21f0c&session=4ee0b499b02d832826cd16b328d21f0c4ee0b499b02d832826cd16b328d21f0c
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=7a4fb923536b5709683dded952c514d17a4fb923536b5709683dded952c514d1&session=7a4fb923536b5709683dded952c514d17a4fb923536b5709683dded952c514d1 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=7a4fb923536b5709683dded952c514d17a4fb923536b5709683dded952c514d1&session=7a4fb923536b5709683dded952c514d17a4fb923536b5709683dded952c514d1 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=7a4fb923536b5709683dded952c514d17a4fb923536b5709683dded952c514d1&session=7a4fb923536b5709683dded952c514d17a4fb923536b5709683dded952c514d1 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:56 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=a253cae8894230bb983642bb1c134e2da253cae8894230bb983642bb1c134e2d&session=a253cae8894230bb983642bb1c134e2da253cae8894230bb983642bb1c134e2d
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=4ee0b499b02d832826cd16b328d21f0c4ee0b499b02d832826cd16b328d21f0c&session=4ee0b499b02d832826cd16b328d21f0c4ee0b499b02d832826cd16b328d21f0c | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=4ee0b499b02d832826cd16b328d21f0c4ee0b499b02d832826cd16b328d21f0c&session=4ee0b499b02d832826cd16b328d21f0c4ee0b499b02d832826cd16b328d21f0c IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=4ee0b499b02d832826cd16b328d21f0c4ee0b499b02d832826cd16b328d21f0c&session=4ee0b499b02d832826cd16b328d21f0c4ee0b499b02d832826cd16b328d21f0c HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:56 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=0d6a523744526f06cef7e130058dffcb0d6a523744526f06cef7e130058dffcb&session=0d6a523744526f06cef7e130058dffcb0d6a523744526f06cef7e130058dffcb
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=a253cae8894230bb983642bb1c134e2da253cae8894230bb983642bb1c134e2d&session=a253cae8894230bb983642bb1c134e2da253cae8894230bb983642bb1c134e2d | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=a253cae8894230bb983642bb1c134e2da253cae8894230bb983642bb1c134e2d&session=a253cae8894230bb983642bb1c134e2da253cae8894230bb983642bb1c134e2d IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=a253cae8894230bb983642bb1c134e2da253cae8894230bb983642bb1c134e2d&session=a253cae8894230bb983642bb1c134e2da253cae8894230bb983642bb1c134e2d HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:57 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=fae0708796428609616e1d13b7527094fae0708796428609616e1d13b7527094&session=fae0708796428609616e1d13b7527094fae0708796428609616e1d13b7527094
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=0d6a523744526f06cef7e130058dffcb0d6a523744526f06cef7e130058dffcb&session=0d6a523744526f06cef7e130058dffcb0d6a523744526f06cef7e130058dffcb | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=0d6a523744526f06cef7e130058dffcb0d6a523744526f06cef7e130058dffcb&session=0d6a523744526f06cef7e130058dffcb0d6a523744526f06cef7e130058dffcb IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=0d6a523744526f06cef7e130058dffcb0d6a523744526f06cef7e130058dffcb&session=0d6a523744526f06cef7e130058dffcb0d6a523744526f06cef7e130058dffcb HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:57 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=d6fdaf3b309b5b9f27945ddf4ee3443ed6fdaf3b309b5b9f27945ddf4ee3443e&session=d6fdaf3b309b5b9f27945ddf4ee3443ed6fdaf3b309b5b9f27945ddf4ee3443e
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=fae0708796428609616e1d13b7527094fae0708796428609616e1d13b7527094&session=fae0708796428609616e1d13b7527094fae0708796428609616e1d13b7527094 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=fae0708796428609616e1d13b7527094fae0708796428609616e1d13b7527094&session=fae0708796428609616e1d13b7527094fae0708796428609616e1d13b7527094 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=fae0708796428609616e1d13b7527094fae0708796428609616e1d13b7527094&session=fae0708796428609616e1d13b7527094fae0708796428609616e1d13b7527094 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:57 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=b2838d71be8889eb75efc4afd8aebf7bb2838d71be8889eb75efc4afd8aebf7b&session=b2838d71be8889eb75efc4afd8aebf7bb2838d71be8889eb75efc4afd8aebf7b
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=d6fdaf3b309b5b9f27945ddf4ee3443ed6fdaf3b309b5b9f27945ddf4ee3443e&session=d6fdaf3b309b5b9f27945ddf4ee3443ed6fdaf3b309b5b9f27945ddf4ee3443e | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=d6fdaf3b309b5b9f27945ddf4ee3443ed6fdaf3b309b5b9f27945ddf4ee3443e&session=d6fdaf3b309b5b9f27945ddf4ee3443ed6fdaf3b309b5b9f27945ddf4ee3443e IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=d6fdaf3b309b5b9f27945ddf4ee3443ed6fdaf3b309b5b9f27945ddf4ee3443e&session=d6fdaf3b309b5b9f27945ddf4ee3443ed6fdaf3b309b5b9f27945ddf4ee3443e HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:57 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=aa99f63534f7e99f6086a39dd3d85a3daa99f63534f7e99f6086a39dd3d85a3d&session=aa99f63534f7e99f6086a39dd3d85a3daa99f63534f7e99f6086a39dd3d85a3d
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=b2838d71be8889eb75efc4afd8aebf7bb2838d71be8889eb75efc4afd8aebf7b&session=b2838d71be8889eb75efc4afd8aebf7bb2838d71be8889eb75efc4afd8aebf7b | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=b2838d71be8889eb75efc4afd8aebf7bb2838d71be8889eb75efc4afd8aebf7b&session=b2838d71be8889eb75efc4afd8aebf7bb2838d71be8889eb75efc4afd8aebf7b IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=b2838d71be8889eb75efc4afd8aebf7bb2838d71be8889eb75efc4afd8aebf7b&session=b2838d71be8889eb75efc4afd8aebf7bb2838d71be8889eb75efc4afd8aebf7b HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:57 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=edf7fa2524a27a2d37d99092a5872d8dedf7fa2524a27a2d37d99092a5872d8d&session=edf7fa2524a27a2d37d99092a5872d8dedf7fa2524a27a2d37d99092a5872d8d
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=aa99f63534f7e99f6086a39dd3d85a3daa99f63534f7e99f6086a39dd3d85a3d&session=aa99f63534f7e99f6086a39dd3d85a3daa99f63534f7e99f6086a39dd3d85a3d | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=aa99f63534f7e99f6086a39dd3d85a3daa99f63534f7e99f6086a39dd3d85a3d&session=aa99f63534f7e99f6086a39dd3d85a3daa99f63534f7e99f6086a39dd3d85a3d IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=aa99f63534f7e99f6086a39dd3d85a3daa99f63534f7e99f6086a39dd3d85a3d&session=aa99f63534f7e99f6086a39dd3d85a3daa99f63534f7e99f6086a39dd3d85a3d HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:57 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=111850c0a3c701fa10c3ae51f3a86f1c111850c0a3c701fa10c3ae51f3a86f1c&session=111850c0a3c701fa10c3ae51f3a86f1c111850c0a3c701fa10c3ae51f3a86f1c
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=edf7fa2524a27a2d37d99092a5872d8dedf7fa2524a27a2d37d99092a5872d8d&session=edf7fa2524a27a2d37d99092a5872d8dedf7fa2524a27a2d37d99092a5872d8d | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=edf7fa2524a27a2d37d99092a5872d8dedf7fa2524a27a2d37d99092a5872d8d&session=edf7fa2524a27a2d37d99092a5872d8dedf7fa2524a27a2d37d99092a5872d8d IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=edf7fa2524a27a2d37d99092a5872d8dedf7fa2524a27a2d37d99092a5872d8d&session=edf7fa2524a27a2d37d99092a5872d8dedf7fa2524a27a2d37d99092a5872d8d HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:57 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=d246a7dc3eeb917b370c400ec31a27d9d246a7dc3eeb917b370c400ec31a27d9&session=d246a7dc3eeb917b370c400ec31a27d9d246a7dc3eeb917b370c400ec31a27d9
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=111850c0a3c701fa10c3ae51f3a86f1c111850c0a3c701fa10c3ae51f3a86f1c&session=111850c0a3c701fa10c3ae51f3a86f1c111850c0a3c701fa10c3ae51f3a86f1c | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=111850c0a3c701fa10c3ae51f3a86f1c111850c0a3c701fa10c3ae51f3a86f1c&session=111850c0a3c701fa10c3ae51f3a86f1c111850c0a3c701fa10c3ae51f3a86f1c IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=111850c0a3c701fa10c3ae51f3a86f1c111850c0a3c701fa10c3ae51f3a86f1c&session=111850c0a3c701fa10c3ae51f3a86f1c111850c0a3c701fa10c3ae51f3a86f1c HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:58 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=5313c25d70276ad4c74e9b4489c974045313c25d70276ad4c74e9b4489c97404&session=5313c25d70276ad4c74e9b4489c974045313c25d70276ad4c74e9b4489c97404
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=d246a7dc3eeb917b370c400ec31a27d9d246a7dc3eeb917b370c400ec31a27d9&session=d246a7dc3eeb917b370c400ec31a27d9d246a7dc3eeb917b370c400ec31a27d9 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=d246a7dc3eeb917b370c400ec31a27d9d246a7dc3eeb917b370c400ec31a27d9&session=d246a7dc3eeb917b370c400ec31a27d9d246a7dc3eeb917b370c400ec31a27d9 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=d246a7dc3eeb917b370c400ec31a27d9d246a7dc3eeb917b370c400ec31a27d9&session=d246a7dc3eeb917b370c400ec31a27d9d246a7dc3eeb917b370c400ec31a27d9 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:58 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=e304be4e751c28349e09297e31059d75e304be4e751c28349e09297e31059d75&session=e304be4e751c28349e09297e31059d75e304be4e751c28349e09297e31059d75
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=5313c25d70276ad4c74e9b4489c974045313c25d70276ad4c74e9b4489c97404&session=5313c25d70276ad4c74e9b4489c974045313c25d70276ad4c74e9b4489c97404 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=5313c25d70276ad4c74e9b4489c974045313c25d70276ad4c74e9b4489c97404&session=5313c25d70276ad4c74e9b4489c974045313c25d70276ad4c74e9b4489c97404 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=5313c25d70276ad4c74e9b4489c974045313c25d70276ad4c74e9b4489c97404&session=5313c25d70276ad4c74e9b4489c974045313c25d70276ad4c74e9b4489c97404 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:58 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=a0fd0ea1ada660906f5c6615e56851d6a0fd0ea1ada660906f5c6615e56851d6&session=a0fd0ea1ada660906f5c6615e56851d6a0fd0ea1ada660906f5c6615e56851d6
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=e304be4e751c28349e09297e31059d75e304be4e751c28349e09297e31059d75&session=e304be4e751c28349e09297e31059d75e304be4e751c28349e09297e31059d75 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=e304be4e751c28349e09297e31059d75e304be4e751c28349e09297e31059d75&session=e304be4e751c28349e09297e31059d75e304be4e751c28349e09297e31059d75 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=e304be4e751c28349e09297e31059d75e304be4e751c28349e09297e31059d75&session=e304be4e751c28349e09297e31059d75e304be4e751c28349e09297e31059d75 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:58 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=cf142c19c54ad4bd288ef9b2ad17f95bcf142c19c54ad4bd288ef9b2ad17f95b&session=cf142c19c54ad4bd288ef9b2ad17f95bcf142c19c54ad4bd288ef9b2ad17f95b
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=a0fd0ea1ada660906f5c6615e56851d6a0fd0ea1ada660906f5c6615e56851d6&session=a0fd0ea1ada660906f5c6615e56851d6a0fd0ea1ada660906f5c6615e56851d6 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=a0fd0ea1ada660906f5c6615e56851d6a0fd0ea1ada660906f5c6615e56851d6&session=a0fd0ea1ada660906f5c6615e56851d6a0fd0ea1ada660906f5c6615e56851d6 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=a0fd0ea1ada660906f5c6615e56851d6a0fd0ea1ada660906f5c6615e56851d6&session=a0fd0ea1ada660906f5c6615e56851d6a0fd0ea1ada660906f5c6615e56851d6 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:58 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=0af183f90e90fce6845d8f2faef136ed0af183f90e90fce6845d8f2faef136ed&session=0af183f90e90fce6845d8f2faef136ed0af183f90e90fce6845d8f2faef136ed
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=cf142c19c54ad4bd288ef9b2ad17f95bcf142c19c54ad4bd288ef9b2ad17f95b&session=cf142c19c54ad4bd288ef9b2ad17f95bcf142c19c54ad4bd288ef9b2ad17f95b | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=cf142c19c54ad4bd288ef9b2ad17f95bcf142c19c54ad4bd288ef9b2ad17f95b&session=cf142c19c54ad4bd288ef9b2ad17f95bcf142c19c54ad4bd288ef9b2ad17f95b IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=cf142c19c54ad4bd288ef9b2ad17f95bcf142c19c54ad4bd288ef9b2ad17f95b&session=cf142c19c54ad4bd288ef9b2ad17f95bcf142c19c54ad4bd288ef9b2ad17f95b HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:58 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=899019752770cd24430280b5e8b4abe4899019752770cd24430280b5e8b4abe4&session=899019752770cd24430280b5e8b4abe4899019752770cd24430280b5e8b4abe4
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=0af183f90e90fce6845d8f2faef136ed0af183f90e90fce6845d8f2faef136ed&session=0af183f90e90fce6845d8f2faef136ed0af183f90e90fce6845d8f2faef136ed | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=0af183f90e90fce6845d8f2faef136ed0af183f90e90fce6845d8f2faef136ed&session=0af183f90e90fce6845d8f2faef136ed0af183f90e90fce6845d8f2faef136ed IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=0af183f90e90fce6845d8f2faef136ed0af183f90e90fce6845d8f2faef136ed&session=0af183f90e90fce6845d8f2faef136ed0af183f90e90fce6845d8f2faef136ed HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:59 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=a7f3b20afc073d7e1abbc6cb8624ab77a7f3b20afc073d7e1abbc6cb8624ab77&session=a7f3b20afc073d7e1abbc6cb8624ab77a7f3b20afc073d7e1abbc6cb8624ab77
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=899019752770cd24430280b5e8b4abe4899019752770cd24430280b5e8b4abe4&session=899019752770cd24430280b5e8b4abe4899019752770cd24430280b5e8b4abe4 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=899019752770cd24430280b5e8b4abe4899019752770cd24430280b5e8b4abe4&session=899019752770cd24430280b5e8b4abe4899019752770cd24430280b5e8b4abe4 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=899019752770cd24430280b5e8b4abe4899019752770cd24430280b5e8b4abe4&session=899019752770cd24430280b5e8b4abe4899019752770cd24430280b5e8b4abe4 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:59 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=73e32f7820e0bae9743d6915ec14192673e32f7820e0bae9743d6915ec141926&session=73e32f7820e0bae9743d6915ec14192673e32f7820e0bae9743d6915ec141926
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|
| eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=a7f3b20afc073d7e1abbc6cb8624ab77a7f3b20afc073d7e1abbc6cb8624ab77&session=a7f3b20afc073d7e1abbc6cb8624ab77a7f3b20afc073d7e1abbc6cb8624ab77 | 92.205.15.237 | 302 Moved Temporarily | 0 B |
URL HTTP/1.1eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=a7f3b20afc073d7e1abbc6cb8624ab77a7f3b20afc073d7e1abbc6cb8624ab77&session=a7f3b20afc073d7e1abbc6cb8624ab77a7f3b20afc073d7e1abbc6cb8624ab77 IP92.205.15.237:0 ASN#21499 Host Europe GmbH
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| NIDS | Severity | Alert |
|---|
| suricata | high | ET PHISHING Generic Phishkit Activity (GET) |
GET /ig/static/resource/login.php?cmd=login_submit&id=a7f3b20afc073d7e1abbc6cb8624ab77a7f3b20afc073d7e1abbc6cb8624ab77&session=a7f3b20afc073d7e1abbc6cb8624ab77a7f3b20afc073d7e1abbc6cb8624ab77 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc&session=189301db660f74bf51255e38aea9abbc189301db660f74bf51255e38aea9abbc
Connection: keep-alive
Cookie: PHPSESSID=68be54dc79d44518f6a8092c858a2620
HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:59 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=6a4ae856f5a42963105fda103af6731c6a4ae856f5a42963105fda103af6731c&session=6a4ae856f5a42963105fda103af6731c6a4ae856f5a42963105fda103af6731c
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
|
|