Report - secure-verification-client.info/steps/login.php

Report Overview

URL

secure-verification-client.info/steps/login.php
IP

194.9.172.127

ASN

#207992 FEELB SARL
Submitted

2023-01-21T02:26:56Z

Access
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

0
Threat Detection Systems

24

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
www.google.com (2)	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1385	1514	216.58.211.4
img-getpocket.cdn.mozilla.net (6)	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3246	59306	34.120.237.76
www.aides-pac-national.fr (2)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1038	828	213.190.6.100
firefox.settings.services.mozilla.com (2)	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782	2373	35.241.9.150
push.services.mozilla.com (1)	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606	127	35.161.147.150
bat.bing.com (4)	387	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2212	14053	13.107.21.200
www.google.no (2)	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1383	1514	142.250.74.67
secure-verification-client.info (17)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	8289	90516	194.9.172.127
r3.o.lencr.org (8)	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2704	7090	23.36.76.226
content-signature-2.cdn.mozilla.net (1)	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413	5843	34.160.144.191
kit.fontawesome.com (1)	1868	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	430	607	104.18.23.52
fonts.googleapis.com (1)	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	439	746	142.250.74.74
contile.services.mozilla.com (1)	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333	391	34.117.237.239
ocsp.digicert.com (2)	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682	1534	93.184.220.29
www.googletagmanager.com (1)	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	399	66722	172.217.21.168
ocsp.pki.goog (14)	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4802	9793	142.250.74.131
fonts.gstatic.com (3)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1520	26408	142.250.74.99
googleads.g.doubleclick.net (2)	42	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1565	3637	142.250.74.162

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-21	medium	secure-verification-client.info/steps/login.php	Phishing
2023-01-21	medium	secure-verification-client.info/steps/login.php	Phishing
2023-01-21	medium	secure-verification-client.info/img/logo2.jpeg	Phishing
2023-01-21	medium	secure-verification-client.info/img/logo3.jpeg	Phishing
2023-01-21	medium	secure-verification-client.info/steps/js/jquery.min.js	Phishing
2023-01-21	medium	secure-verification-client.info/steps/js/bootstrap.min.js	Phishing
2023-01-21	medium	secure-verification-client.info/steps/js/script.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-01-20	medium	secure-verification-client.info	Sinkholed
2023-01-20	medium	secure-verification-client.info	Sinkholed
2023-01-20	medium	secure-verification-client.info	Sinkholed
2023-01-20	medium	secure-verification-client.info	Sinkholed
2023-01-20	medium	secure-verification-client.info	Sinkholed
2023-01-20	medium	secure-verification-client.info	Sinkholed
2023-01-20	medium	secure-verification-client.info	Sinkholed
2023-01-20	medium	secure-verification-client.info	Sinkholed
2023-01-20	medium	secure-verification-client.info	Sinkholed
2023-01-20	medium	secure-verification-client.info	Sinkholed
2023-01-20	medium	secure-verification-client.info	Sinkholed
2023-01-20	medium	secure-verification-client.info	Sinkholed
2023-01-20	medium	secure-verification-client.info	Sinkholed
2023-01-20	medium	secure-verification-client.info	Sinkholed
2023-01-20	medium	secure-verification-client.info	Sinkholed
2023-01-20	medium	secure-verification-client.info	Sinkholed
2023-01-20	medium	secure-verification-client.info	Sinkholed

ThreatFox

No alerts detected

HTTP Transactions (70)

URL IP Response Size

secure-verification-client.info/steps/login.php

194.9.172.127

301 Moved Permanently

162

URL HTTP/1.1

secure-verification-client.info/steps/login.php
IP

194.9.172.127:0
ASN

#207992 FEELB SARL

Magic

HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators

Size

162
Hash

4f8e702cc244ec5d4de32740c0ecbd97

3adb1f02d5b6054de0046e367c1d687b6cdf7aff

9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

                                        GET /steps/login.php HTTP/1.1
Host: secure-verification-client.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 21 Jan 2023 02:26:45 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://secure-verification-client.info/steps/login.php

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

20d267853e48ef7d476459ed67da5d97

06d1bd08efd69c0e93486d3c423fa2640f372d29

24323cd45ca2ed01c63f908233d9b2ad5bb6f63394884c45bf6abb0221d0edd6

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "24323CD45CA2ED01C63F908233D9B2AD5BB6F63394884C45BF6ABB0221D0EDD6"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13683
Expires: Sat, 21 Jan 2023 06:14:48 GMT
Date: Sat, 21 Jan 2023 02:26:45 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

b36ef73c20dffb6bc10194bbd2d0dcfa

a67a4023dc8b4944debaeb92f3ba0f1402c079a6

05a7a4d832cf9e593ca44efea309edcbd80734583bada15fda3e740612eff991

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "05A7A4D832CF9E593CA44EFEA309EDCBD80734583BADA15FDA3E740612EFF991"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4971
Expires: Sat, 21 Jan 2023 03:49:36 GMT
Date: Sat, 21 Jan 2023 02:26:45 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

30db107dcf4380cef05efea409c2e6a3

96e6a306fbc07299aba64e5c14e2bfca35872fa9

b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 21 Jan 2023 01:34:40 GMT
content-type: application/json
age: 3125
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

7afaa97fbfa9baa1485c892eac8e114d

8c17c707c218e28ac14197ce8e5eef873207a732

59db16baacb452453dbf44fc2a24f25ab09c4dbaec3a9271fda84230d8f11925

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "59DB16BAACB452453DBF44FC2A24F25AB09C4DBAEC3A9271FDA84230D8F11925"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8477
Expires: Sat, 21 Jan 2023 04:48:02 GMT
Date: Sat, 21 Jan 2023 02:26:45 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

7b922915ebf1fa3639b333f994c74f24

144a3f80b98fd0652d4614f24cf6cbbee40f8938

adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: wT/9U3RnwW0NOSGra2a/F81r6ZkSimndwdITZFmxLiizC2yFLud9HrDcFl2HmQ2kkxDS+ThcvQw=
x-amz-request-id: H56J61PWQKRVSZFD
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 21 Jan 2023 02:17:50 GMT
age: 535
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

ccab065eb18e0e0ccae869d1290e4677

279f87426bffbcab71984e2eedf1d93ba08b8648

da20b317f566bad7f5bdc3bdea430467096786c495b3fc772fd36789e52f404a

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA20B317F566BAD7F5BDC3BDEA430467096786C495B3FC772FD36789E52F404A"
Last-Modified: Wed, 18 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sat, 21 Jan 2023 08:26:45 GMT
Date: Sat, 21 Jan 2023 02:26:45 GMT
Connection: keep-alive

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Sat, 21 Jan 2023 02:26:45 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

secure-verification-client.info/steps/login.php

194.9.172.127

200 OK

10226

URL HTTP/2

secure-verification-client.info/steps/login.php
IP

194.9.172.127:0
ASN

#207992 FEELB SARL

Magic

HTML document text\012- assembler source, Unicode text, UTF-8 text, with very long lines (1324), with CRLF line terminators

Size

10226
Hash

2199c3cbc9f07c9000b48d1821dfcb58

c7b0987cf3a796522351457a640cd9352a03c2ff

355d45b6008f95bddf3bfab5d850c8d1d8cc11532b48a02768b5e7dbe3a568e8

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

                                        GET /steps/login.php HTTP/1.1
Host: secure-verification-client.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                        HTTP/2 200 OK
server: nginx
date: Sat, 21 Jan 2023 02:26:46 GMT
content-type: text/html; charset=UTF-8
content-length: 10226
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=rvb3b901ahc3p2is3dani9s12s; path=/
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PHP/8.0.27, PleskLin
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

91b78d33043a8133af6799bfdec27164

54be430a23d309b5a88170025bed43987c26cd13

a62a4f0a71dc014ef62a14cf6b8c931f179fe77dd29cdeba79a17a5de2645099

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4520
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 02:26:46 GMT
Last-Modified: Sat, 21 Jan 2023 01:11:26 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

5422c49666fc195ae94aa0f5cf837bfc

e0f1dd926cd9328ccf9cc99389337056c62f1043

f639aad2dc85708fa922b793660f13ae597f275a8ebf61e7e72fb2bce257cc76

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 02:26:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

secure-verification-client.info/img/logo4.png

194.9.172.127

200 OK

3247

URL HTTP/2

secure-verification-client.info/img/logo4.png
IP

194.9.172.127:0
ASN

#207992 FEELB SARL

Magic

PNG image data, 210 x 60, 8-bit colormap, non-interlaced\012- data

Size

3247
Hash

6ff0f0212fe59454aac4a8e86743072b

7efa17e79b42a6d29f2c723cde928f2640675c3f

1db98baafc096dcfabbaa2a48024cd3b5839c1b1067f28e5c832a4e5c2eeb6a7

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /img/logo4.png HTTP/1.1
Host: secure-verification-client.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure-verification-client.info/steps/login.php
Cookie: PHPSESSID=rvb3b901ahc3p2is3dani9s12s
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 21 Jan 2023 02:26:46 GMT
content-type: image/png
content-length: 3247
last-modified: Fri, 13 Jan 2023 09:48:34 GMT
etag: "63c128f2-caf"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

bccd1fe14275d3bb56418297e502cd10

cdf19d2a4099ada369589fc7aa7021f9b30302aa

801e8b57b77806d98fe23b8421a8fdba9f1138827cc320cb5dcc986161aa7ca4

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 02:26:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

secure-verification-client.info/img/logo2.jpeg

194.9.172.127

200 OK

12811

URL HTTP/2

secure-verification-client.info/img/logo2.jpeg
IP

194.9.172.127:0
ASN

#207992 FEELB SARL

Magic

JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 315x160, components 3\012- data

Size

12811
Hash

96d263f77b2f1be44944fcd9214a0ff1

fda2908c1eb02b8a0f6f6eed74e4d5fa62251fe3

d32aaa0fdb3254d087260486fba831cf0e1bf7363e5b9db7055f10ab8a1ecdd1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

                                        GET /img/logo2.jpeg HTTP/1.1
Host: secure-verification-client.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure-verification-client.info/steps/login.php
Cookie: PHPSESSID=rvb3b901ahc3p2is3dani9s12s
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 21 Jan 2023 02:26:46 GMT
content-type: image/jpeg
content-length: 12811
last-modified: Fri, 13 Jan 2023 09:48:30 GMT
etag: "63c128ee-320b"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

secure-verification-client.info/img/logo.png

194.9.172.127

200 OK

19017

URL HTTP/2

secure-verification-client.info/img/logo.png
IP

194.9.172.127:0
ASN

#207992 FEELB SARL

Magic

PNG image data, 1877 x 591, 8-bit colormap, non-interlaced\012- data

Size

19017
Hash

af2f48e6612cfefbb61d7c910f20e325

29e569321ce15c7cfb534ccba8cbabc524773f36

a16ab98fa42632f3f69a1b546209fa697b09b887d22bee7b4a377eac265824e3

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /img/logo.png HTTP/1.1
Host: secure-verification-client.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure-verification-client.info/steps/login.php
Cookie: PHPSESSID=rvb3b901ahc3p2is3dani9s12s
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 21 Jan 2023 02:26:46 GMT
content-type: image/png
content-length: 19017
last-modified: Fri, 13 Jan 2023 09:47:48 GMT
etag: "63c128c4-4a49"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

secure-verification-client.info/img/logo3.jpeg

194.9.172.127

200 OK

8731

URL HTTP/2

secure-verification-client.info/img/logo3.jpeg
IP

194.9.172.127:0
ASN

#207992 FEELB SARL

Magic

JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, progressive, precision 8, 210x210, components 3\012- data

Size

8731
Hash

bdf69012dc605068c9bc34034dd43621

007341002c6332e98da10ee091bc189769a5f629

3c00797c46f41ef4d0040cdf2f38676f2d6feb7e830127b11f71d25824b0e5c3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

                                        GET /img/logo3.jpeg HTTP/1.1
Host: secure-verification-client.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure-verification-client.info/steps/login.php
Cookie: PHPSESSID=rvb3b901ahc3p2is3dani9s12s
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 21 Jan 2023 02:26:46 GMT
content-type: image/jpeg
content-length: 8731
last-modified: Fri, 13 Jan 2023 09:48:36 GMT
etag: "63c128f4-221b"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

secure-verification-client.info/img/top.png

194.9.172.127

200 OK

5069

URL HTTP/2

secure-verification-client.info/img/top.png
IP

194.9.172.127:0
ASN

#207992 FEELB SARL

Magic

PNG image data, 50 x 54, 8-bit/color RGBA, non-interlaced\012- data

Size

5069
Hash

4d557caa1ce0a6f6a1d3b8ef9c326859

2bd9f17c4c4e7605c762bd8e48e5e66a920b4ab5

e06e39a8d22d5b67ca2c1bbf871293d6c3ea071fc22ac331528bafd449827626

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /img/top.png HTTP/1.1
Host: secure-verification-client.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure-verification-client.info/steps/login.php
Cookie: PHPSESSID=rvb3b901ahc3p2is3dani9s12s
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Sat, 21 Jan 2023 02:26:46 GMT
content-type: image/png
content-length: 5069
last-modified: Fri, 13 Jan 2023 09:48:12 GMT
etag: "63c128dc-13cd"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=AW-773561122

172.217.21.168

200 OK

65959

URL HTTP/2

www.googletagmanager.com/gtag/js?id=AW-773561122
IP

172.217.21.168:0
ASN

#15169 GOOGLE

Magic

ASCII text, with very long lines (3952)

Size

65959
Hash

ad3117c1c2c45763656c8db845f7f2f6

18b3a65dfbaa54650de68c7bdb6512b5eb6d47e8

95bb61e54e3212b7ae1f398c61286239c1b8378ac3f2d9f5238bacb05860e9a8

HTTP Headers

                                        GET /gtag/js?id=AW-773561122 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure-verification-client.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 21 Jan 2023 02:26:46 GMT
expires: Sat, 21 Jan 2023 02:26:46 GMT
cache-control: private, max-age=900
last-modified: Sat, 21 Jan 2023 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 65959
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

bdb8a13dfce39d6e151a9ef185a772a1

037a680510f9dbce3c7cc3c0f9115fd587dbcd1d

98c8b7f269b9aad73b73fd946788ebfd7a4d7afbdd5347b56c67f73b947f5ff6

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4322
Cache-Control: max-age=114731
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 02:26:46 GMT
Etag: "63ca59af-1d7"
Expires: Sun, 22 Jan 2023 10:18:57 GMT
Last-Modified: Fri, 20 Jan 2023 09:06:55 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Pragma, Content-Length, Alert, Expires, ETag, Last-Modified, Backoff, Content-Type, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 21 Jan 2023 02:17:28 GMT
age: 558
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

5422c49666fc195ae94aa0f5cf837bfc

e0f1dd926cd9328ccf9cc99389337056c62f1043

f639aad2dc85708fa922b793660f13ae597f275a8ebf61e7e72fb2bce257cc76

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 02:26:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

bccd1fe14275d3bb56418297e502cd10

cdf19d2a4099ada369589fc7aa7021f9b30302aa

801e8b57b77806d98fe23b8421a8fdba9f1138827cc320cb5dcc986161aa7ca4

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 02:26:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

kit.fontawesome.com/a076d05399.js

104.18.23.52

403 Forbidden

URL HTTP/2

kit.fontawesome.com/a076d05399.js
IP

104.18.23.52:0
ASN

#13335 CLOUDFLARENET

Magic

ASCII text, with no line terminators

Size

22
Hash

fd97e4f669829c0ab67c2203a6840a09

3cf1ecf50b3c929fb32a43896505db3ff9602275

6ee8906b2c990cc0ccd14c16ed0482a5b6dcacf438908ff2d8a98a4c4d5a35e3

HTTP Headers

                                        GET /a076d05399.js HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://secure-verification-client.info
Connection: keep-alive
Referer: https://secure-verification-client.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 403 Forbidden
date: Sat, 21 Jan 2023 02:26:46 GMT
content-type: text/plain; charset=utf-8
content-length: 22
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; preload
x-request-id: Fzwx4ZzcYP7dxxcg5sMB
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 78cc9b5f9932b4eb-OSL
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

e6d21eff1927f7a74984663b16cfe21a

b747f7d42cdf7cfea6900348cd257066b2634222

a4343acb5bda29aa0d6d64bbefd6bc07a1c5e0166646171be74f4a1d266e3c92

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 02:26:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

e6d21eff1927f7a74984663b16cfe21a

b747f7d42cdf7cfea6900348cd257066b2634222

a4343acb5bda29aa0d6d64bbefd6bc07a1c5e0166646171be74f4a1d266e3c92

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 02:26:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

push.services.mozilla.com/

35.161.147.150

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

35.161.147.150:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ehslTG0ZA5GAtryDCcRRXw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: FqHG5F/1l9sREgg2y8hDQuiZf4A=

fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

142.250.74.99

200 OK

7816

URL HTTP/2

fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
IP

142.250.74.99:0
ASN

#15169 GOOGLE

Magic

Web Open Font Format (Version 2), TrueType, length 7816, version 1.0\012- data

Size

7816
Hash

25b0e113ca7cce3770d542736db26368

cb726212d5d525021752a1d8470a0fb593e0c49e

9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

HTTP Headers

                                        GET /s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://secure-verification-client.info
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7816
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 18 Jan 2023 19:30:59 GMT
expires: Thu, 18 Jan 2024 19:30:59 GMT
cache-control: public, max-age=31536000
age: 197747
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

142.250.74.99

200 OK

8000

URL HTTP/2

fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
IP

142.250.74.99:0
ASN

#15169 GOOGLE

Magic

Web Open Font Format (Version 2), TrueType, length 8000, version 1.0\012- data

Size

8000
Hash

72993dddf88a63e8f226656f7de88e57

179f97ec0275f09603a8db94d4380eb584d81cd5

f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

HTTP Headers

                                        GET /s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://secure-verification-client.info
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 8000
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 17 Jan 2023 14:43:52 GMT
expires: Wed, 17 Jan 2024 14:43:52 GMT
cache-control: public, max-age=31536000
age: 301374
last-modified: Wed, 27 Apr 2022 16:59:07 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

142.250.74.99

200 OK

7748

URL HTTP/2

fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
IP

142.250.74.99:0
ASN

#15169 GOOGLE

Magic

Web Open Font Format (Version 2), TrueType, length 7748, version 1.0\012- data

Size

7748
Hash

a09f2fccfee35b7247b08a1a266f0328

0da2d17e738f46d2a09e6fb7969da451719a9820

cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

HTTP Headers

                                        GET /s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://secure-verification-client.info
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7748
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 18 Jan 2023 08:32:10 GMT
expires: Thu, 18 Jan 2024 08:32:10 GMT
cache-control: public, max-age=31536000
age: 237276
last-modified: Wed, 27 Apr 2022 16:21:30 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

e6d21eff1927f7a74984663b16cfe21a

b747f7d42cdf7cfea6900348cd257066b2634222

a4343acb5bda29aa0d6d64bbefd6bc07a1c5e0166646171be74f4a1d266e3c92

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 02:26:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

875fc1415608498b67d609fd3b7335ae

463aca613dcdfc3446e7c7f4663d9577ef92f94e

fcb4c1657bc5afb8c1adfbec67198211be206ff61b5cc7c13565d5ce492de66e

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 02:26:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

875fc1415608498b67d609fd3b7335ae

463aca613dcdfc3446e7c7f4663d9577ef92f94e

fcb4c1657bc5afb8c1adfbec67198211be206ff61b5cc7c13565d5ce492de66e

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 02:26:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

bat.bing.com/bat.js

United States MICROSOFT-CORP-MSN-AS-BLOCK

13.107.21.200

200 OK

11472

URL HTTP/2

bat.bing.com/bat.js
IP

13.107.21.200:0
ASN

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

Unicode text, UTF-8 text, with very long lines (39124), with no line terminators

Size

11472
Hash

b77f77f4f821a11c0a501be8d6a19659

7bba3d65db27d7c0e050bbf2294021433221de5d

e80b6b1a2f792de4681310088abf8d9172a81ee10a54965c8eb602fae2d92319

HTTP Headers

                                        GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure-verification-client.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
cache-control: private,max-age=1800
content-length: 11472
content-type: application/javascript
content-encoding: gzip
last-modified: Mon, 05 Dec 2022 17:15:50 GMT
accept-ranges: bytes
etag: "027e538cd8d91:0"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C16EBBEE142046C0B1606AE418A7B435 Ref B: OSL30EDGE0317 Ref C: 2023-01-21T02:26:47Z
date: Sat, 21 Jan 2023 02:26:46 GMT
X-Firefox-Spdy: h2

bat.bing.com/action/0?ti=17401941&Ver=2&mid=3ee54094-1bcf-4c05-acb4-7526d13b3b36&sid=1b70e20092ac11ed9b73e9e92699cbcb&vid=6fa52590643111edbee98b53399b73cf&vids=0&msclkid=N&uach=pv%3D10.0.0&pi=918639831&lg=fr-FR&sw=1920&sh=1080&sc=24&tl=Pompe%20%C3%A0%20Chaleur%202023&p=https%3A%2F%2Fwww.aides-pac-national.fr%2F&r=&lt=1055&evt=pageLoad&sv=1&rn=230720

13.107.21.200

204 No Content

URL HTTP/2

bat.bing.com/action/0?ti=17401941&Ver=2&mid=3ee54094-1bcf-4c05-acb4-7526d13b3b36&sid=1b70e20092ac11ed9b73e9e92699cbcb&vid=6fa52590643111edbee98b53399b73cf&vids=0&msclkid=N&uach=pv%3D10.0.0&pi=918639831&lg=fr-FR&sw=1920&sh=1080&sc=24&tl=Pompe%20%C3%A0%20Chaleur%202023&p=https%3A%2F%2Fwww.aides-pac-national.fr%2F&r=&lt=1055&evt=pageLoad&sv=1&rn=230720
IP

13.107.21.200:0
ASN

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /action/0?ti=17401941&Ver=2&mid=3ee54094-1bcf-4c05-acb4-7526d13b3b36&sid=1b70e20092ac11ed9b73e9e92699cbcb&vid=6fa52590643111edbee98b53399b73cf&vids=0&msclkid=N&uach=pv%3D10.0.0&pi=918639831&lg=fr-FR&sw=1920&sh=1080&sc=24&tl=Pompe%20%C3%A0%20Chaleur%202023&p=https%3A%2F%2Fwww.aides-pac-national.fr%2F&r=&lt=1055&evt=pageLoad&sv=1&rn=230720 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure-verification-client.info/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=314B997815F46B661C8A8BD814A36A06; domain=.bing.com; expires=Thu, 15-Feb-2024 02:26:47 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 68FE61FB293B4C81A035186919585D79 Ref B: OSL30EDGE0317 Ref C: 2023-01-21T02:26:47Z
date: Sat, 21 Jan 2023 02:26:46 GMT
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/773561122/?random=1674268005923&cv=11&fst=1674268005923&bg=ffffff&guid=ON&async=1&gtm=2oa1i0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fsecure-verification-client.info%2Fsteps%2Flogin.php&tiba=Pompe%20%C3%A0%20Chaleur%202023&auid=303904765.1674268006&data=event%3Dgtag.config&rfmt=3&fmt=4

142.250.74.162

200 OK

897

URL HTTP/2

googleads.g.doubleclick.net/pagead/viewthroughconversion/773561122/?random=1674268005923&cv=11&fst=1674268005923&bg=ffffff&guid=ON&async=1&gtm=2oa1i0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fsecure-verification-client.info%2Fsteps%2Flogin.php&tiba=Pompe%20%C3%A0%20Chaleur%202023&auid=303904765.1674268006&data=event%3Dgtag.config&rfmt=3&fmt=4
IP

142.250.74.162:0
ASN

#15169 GOOGLE

Magic

ASCII text, with very long lines (1927), with no line terminators

Size

897
Hash

9bcf87381e02352b859288590005bcd0

d59eba0d45df44ab8a956334cb6aa6a41dc8a0af

23b45854221faf1387f368bf03aa59ef766337be3814ae8e3ac94c3a8cd71304

HTTP Headers

                                        GET /pagead/viewthroughconversion/773561122/?random=1674268005923&cv=11&fst=1674268005923&bg=ffffff&guid=ON&async=1&gtm=2oa1i0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fsecure-verification-client.info%2Fsteps%2Flogin.php&tiba=Pompe%20%C3%A0%20Chaleur%202023&auid=303904765.1674268006&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure-verification-client.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 21 Jan 2023 02:26:47 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 897
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 21-Jan-2023 02:41:47 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

875fc1415608498b67d609fd3b7335ae

463aca613dcdfc3446e7c7f4663d9577ef92f94e

fcb4c1657bc5afb8c1adfbec67198211be206ff61b5cc7c13565d5ce492de66e

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 02:26:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

googleads.g.doubleclick.net/pagead/viewthroughconversion/773561122/?random=1673599551696&cv=11&fst=1673599551696&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1920&u_h=1080&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.aides-pac-national.fr%2F&tiba=Pompe%20%C3%A0%20Chaleur%202023&auid=661446660.1673550342&uaa=x86&uab=64&uafvl=Opera%2520GX%3B107.0.5304.110%7CChromium%3B107.0.5304.110%7CNot%253DA%253FBrand%3B24.0.0.0&uap=Windows&uapv=10.0.0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

142.250.74.162

200 OK

888

URL HTTP/2

googleads.g.doubleclick.net/pagead/viewthroughconversion/773561122/?random=1673599551696&cv=11&fst=1673599551696&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1920&u_h=1080&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.aides-pac-national.fr%2F&tiba=Pompe%20%C3%A0%20Chaleur%202023&auid=661446660.1673550342&uaa=x86&uab=64&uafvl=Opera%2520GX%3B107.0.5304.110%7CChromium%3B107.0.5304.110%7CNot%253DA%253FBrand%3B24.0.0.0&uap=Windows&uapv=10.0.0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4
IP

142.250.74.162:0
ASN

#15169 GOOGLE

Magic

ASCII text, with very long lines (1881), with no line terminators

Size

888
Hash

ecc030503f38bd7690d643a49cdaf12a

dbb732f2894fdea2a0fb8946e8e5bf857f5d3d61

e4aef3e8867622ee43088119d52a067f772605e3bfb4ff9824a06b192199c76c

HTTP Headers

                                        GET /pagead/viewthroughconversion/773561122/?random=1673599551696&cv=11&fst=1673599551696&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1920&u_h=1080&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.aides-pac-national.fr%2F&tiba=Pompe%20%C3%A0%20Chaleur%202023&auid=661446660.1673550342&uaa=x86&uab=64&uafvl=Opera%2520GX%3B107.0.5304.110%7CChromium%3B107.0.5304.110%7CNot%253DA%253FBrand%3B24.0.0.0&uap=Windows&uapv=10.0.0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure-verification-client.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 21 Jan 2023 02:26:47 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 888
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 21-Jan-2023 02:41:47 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

bat.bing.com/p/action/17401941.js

13.107.21.200

204 No Content

URL HTTP/2

bat.bing.com/p/action/17401941.js
IP

13.107.21.200:0
ASN

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /p/action/17401941.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure-verification-client.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 204 No Content
cache-control: private,max-age=1800
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F5E72631473F43A1B0E1E24322937781 Ref B: OSL30EDGE0317 Ref C: 2023-01-21T02:26:47Z
date: Sat, 21 Jan 2023 02:26:46 GMT
X-Firefox-Spdy: h2

secure-verification-client.info/steps/css/bootstrap.min.css

194.9.172.127

404 Not Found

23443

URL HTTP/2

secure-verification-client.info/steps/css/bootstrap.min.css
IP

194.9.172.127:0
ASN

#207992 FEELB SARL

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text

Size

23443
Hash

08f5c7a8fa11ef25f2978077d2b16ad4

5fb70687e8f6083fade4a8fd876a56e864e3ce6c

a26f8e16eda2f4c850bba84d38b6c418227d17f2a3625ff08e7b88d1b4a15cfa

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /steps/css/bootstrap.min.css HTTP/1.1
Host: secure-verification-client.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure-verification-client.info/steps/login.php
Cookie: PHPSESSID=rvb3b901ahc3p2is3dani9s12s
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 404 Not Found
server: nginx
date: Sat, 21 Jan 2023 02:26:46 GMT
content-type: text/html
last-modified: Sat, 14 Jan 2023 23:20:13 GMT
etag: W/"328-5f241979bf297"
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
X-Firefox-Spdy: h2

bat.bing.com/action/0?ti=17401941&Ver=2&mid=3061c095-a1b5-46a6-b056-d62ed078ba03&sid=0d4fcc20993311ed95206d828be7c5bf&vid=0d4faff0993311ed8c6fb17a31916976&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Pompe%20%C3%A0%20Chaleur%202023&p=https%3A%2F%2Fsecure-verification-client.info%2Fsteps%2Flogin.php&r=&lt=1451&evt=pageLoad&sv=1&rn=622984

13.107.21.200

204 No Content

URL HTTP/2

bat.bing.com/action/0?ti=17401941&Ver=2&mid=3061c095-a1b5-46a6-b056-d62ed078ba03&sid=0d4fcc20993311ed95206d828be7c5bf&vid=0d4faff0993311ed8c6fb17a31916976&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Pompe%20%C3%A0%20Chaleur%202023&p=https%3A%2F%2Fsecure-verification-client.info%2Fsteps%2Flogin.php&r=&lt=1451&evt=pageLoad&sv=1&rn=622984
IP

13.107.21.200:0
ASN

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /action/0?ti=17401941&Ver=2&mid=3061c095-a1b5-46a6-b056-d62ed078ba03&sid=0d4fcc20993311ed95206d828be7c5bf&vid=0d4faff0993311ed8c6fb17a31916976&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Pompe%20%C3%A0%20Chaleur%202023&p=https%3A%2F%2Fsecure-verification-client.info%2Fsteps%2Flogin.php&r=&lt=1451&evt=pageLoad&sv=1&rn=622984 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure-verification-client.info/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=2DD0A153DB6360703E49B3F3DA3461C6; domain=.bing.com; expires=Thu, 15-Feb-2024 02:26:47 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 599DE709B3EB499EAA4488DCCAEA7383 Ref B: OSL30EDGE0317 Ref C: 2023-01-21T02:26:47Z
date: Sat, 21 Jan 2023 02:26:47 GMT
X-Firefox-Spdy: h2

secure-verification-client.info/steps/img/favicon-16x16.png

194.9.172.127

404 Not Found

841

URL HTTP/2

secure-verification-client.info/steps/img/favicon-16x16.png
IP

194.9.172.127:0
ASN

#207992 FEELB SARL

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text

Size

841
Hash

8cbbe1d726810c08620084548ff15ae0

75dd69530380003664d470053ea55391abd8e9b9

724d4d1f43e6b98b29320ab215316f0c821a6c9e22936d9e5cf481679114d220

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /steps/img/favicon-16x16.png HTTP/1.1
Host: secure-verification-client.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure-verification-client.info/steps/login.php
Cookie: PHPSESSID=rvb3b901ahc3p2is3dani9s12s; _gcl_au=1.1.303904765.1674268006
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 404 Not Found
server: nginx
date: Sat, 21 Jan 2023 02:26:47 GMT
content-type: text/html
last-modified: Sat, 14 Jan 2023 23:20:13 GMT
etag: W/"328-5f241979bf297"
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

34a6ffa8918b00f3f6d21bd90db799f4

6573697e6488b07ba3551ca7fea9b89220494b3a

dff7862c0cfa5ae27f6e8daef94bf0cd05000b667dbabd62a673ec0354e4873b

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 02:26:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

secure-verification-client.info/steps/css/style.css

194.9.172.127

404 Not Found

1836

URL HTTP/2

secure-verification-client.info/steps/css/style.css
IP

194.9.172.127:0
ASN

#207992 FEELB SARL

Magic

HTML document text\012- HTML document text\012- HTML doc

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (11)

#1 JS:Script (size: 206)

#2 JS:Script (size: 587)

#3 JS:Script (size: 39125)

#4 JS:Script (size: 0)

#5 JS:Script (size: 1715)

#6 JS:Script (size: 60180)

#7 JS:Script (size: 89947)

#8 JS:Script (size: 12016)

#9 JS:Script (size: 180731)

#10 JS:Script (size: 1927)

#11 JS:Script (size: 1881)

HTTP Transactions (70)

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

Detections

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1