Report - demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/?view=login&appIdKey=fcd00c0656cc490&country=

Report Overview

Submitted URL
demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/?view=login&appIdKey=fcd00c0656cc490&country=
IP
151.139.128.10
ASN
#20446 STACKPATH-CDN
Submitted
2022-12-28 18:34:51
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
20

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	34.213.140.56
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	48 kB	34.120.237.76
demo2.cloudwp.dev	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	16 kB	301 kB	151.139.128.10
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.2 kB	23.36.76.226
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	341 B	797 B	93.184.220.29

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-12-28	medium	demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/?view=login&appIdKey=fcd00c0656cc490&country=	Generic/Spear Phishing
2022-12-28	medium	demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/?view=login&appIdKey=fcd00c0656cc490&country=	Generic/Spear Phishing

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-28	medium	demo2.cloudwp.dev/myaccount/static-content/css/font/td-original-icons.woff	Phishing
2022-12-28	medium	demo2.cloudwp.dev/myaccount/static-content/css/font/td-original-icons.ttf	Phishing
2022-12-28	medium	demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/assets/TelstraAkkurat-Bold.ttf	Phishing
2022-12-28	medium	demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/font/TelstraAkkurat-Bold.ttf	Phishing
2022-12-28	medium	demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/font/Akkurat.woff	Phishing
2022-12-28	medium	demo2.cloudwp.dev/inactive.htm	Phishing
2022-12-28	medium	demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/assets/TelstraAkkurat-Bold.woff	Phishing
2022-12-28	medium	demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/font/TelstraAkkuratWeb-Light.woff	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (8)

	URL	Size	First Seen	Last Seen
	demo2.cloudwp.dev/sbbi/?sbbpg=sbbShell&gprid=Sg	5.8 kB	2023-03-12	2023-03-12
Pretty URL demo2.cloudwp.dev/sbbi/?sbbpg=sbbShell&gprid=Sg IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 10:10:17 Last Seen2023-03-12 10:10:17 Times Seen1 Hash 7236793c52af2c5328a767a7f9c84c25 d3ad302dbc34093a3c955664ebd1c001d836bf42 a21d48f9998f380f9c55cbaa3ba8248cc87316bd934125bc8702bc131272d268 Loading...

	demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/?view=login&appIdKey=fcd00c0656cc490&country=	159 B	2023-03-12	2023-03-12
Pretty URL demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/?view=login&appIdKey=fcd00c0656cc490&country= IP 151.139.128.10 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 10:10:17 Last Seen2023-03-12 10:10:17 Times Seen1 Hash 877a6642971d18c3bf994bb2bbfaba99 7181338aeef0d0646b3e8f9f753a6bf024f454bc 45af920e8947ce78f4759e2fd3f04cf620956edaa8286a70ee8000a6f0c1188f Loading...

	demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/?view=login&appIdKey=fcd00c0656cc490&country=	6.6 kB	2023-03-12	2023-03-12
Pretty URL demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/?view=login&appIdKey=fcd00c0656cc490&country= IP 151.139.128.10 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 10:10:17 Last Seen2023-03-12 10:10:17 Times Seen1 Hash e494806977c59b1d5185a45bd7edc58c a262153df001a028d3257a076f52f9c547663b45 60065bf2944031b363ed96a545f49fc63eb9cbf82a5e72e6061e6672730f74ae Loading...

	demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/?view=login&appIdKey=fcd00c0656cc490&country=	47 B	2023-03-07	2023-11-03
Pretty URL demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/?view=login&appIdKey=fcd00c0656cc490&country= IP 151.139.128.10 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:09:11 Last Seen2023-11-03 21:42:13 Times Seen17 Hash 9c20fa58583deb1e24d875781f0c57af d97b7559290e16cd6d970a0ef0ae3e07503563a3 ebda92a8fb246aa0daf57cc1fe84a4a89a869ad255c634e0d9de352f75232450 Loading...

	demo2.cloudwp.dev/sbbi/?sbbpg=sbbShell&gprid=Sg&sbbgs=h4116e1c4627fa2954ba7231efa22475e666&ddl=-3	394 B	2023-03-07	2023-04-05
Pretty URL demo2.cloudwp.dev/sbbi/?sbbpg=sbbShell&gprid=Sg&sbbgs=h4116e1c4627fa2954ba7231efa22475e666&ddl=-3 IP 151.139.128.10 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:09:11 Last Seen2023-04-05 02:03:52 Times Seen13 Hash 69c4d76cc0f341cc5af7df58d97334fa 6b5e1fb807f3c0beecbe1c38b77ca9dbfd424553 70256497a27ea851bc21640c6d4c52390ddbc3061e2b259b1070fb9de763874e Loading...

	demo2.cloudwp.dev/sbbi/?sbbpg=sbbShell&gprid=Sg&sbbgs=h4116e1c4627fa2954ba7231efa22475e666&ddl=-3	24 kB	2023-03-12	2023-03-12
Pretty URL demo2.cloudwp.dev/sbbi/?sbbpg=sbbShell&gprid=Sg&sbbgs=h4116e1c4627fa2954ba7231efa22475e666&ddl=-3 IP 151.139.128.10 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 10:10:17 Last Seen2023-03-12 10:10:17 Times Seen1 Hash 1f94e05baaec3b3be7e1d554f6178bd4 2a827702e1bbfba4a715ee2f347400e37a1fd89f 93f96761be610171440635cf4f47937b78645247be1f5323a133d469cc1fe755 Loading...

	demo2.cloudwp.dev/sbbi/?sbbpg=sbbShell&gprid=Sg&sbbgs=h4116e1c4627fa2954ba7231efa22475e666&ddl=-3	197 B	2023-03-07	2023-04-05
Pretty URL demo2.cloudwp.dev/sbbi/?sbbpg=sbbShell&gprid=Sg&sbbgs=h4116e1c4627fa2954ba7231efa22475e666&ddl=-3 IP 151.139.128.10 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:09:11 Last Seen2023-04-05 02:03:52 Times Seen13 Hash 0e05adfe4caf903b2d7d059e5e6f61ba 90d85786f53509186ad96d5c262a1c9361cc728b 8bdad92a93e8a14cd91bdd08a0975ae2eaf77002fecde576f58b4c0fd849d518 Loading...

		Size	First Seen	Last Seen
	#1 Write - bc758d86e37e314f4812eaf9767c6ad4	87 B	2023-03-07	2024-02-25
Pretty Observations First Seen2023-03-07 12:09:11 Last Seen2024-02-25 12:41:54 Times Seen320 Hash bc758d86e37e314f4812eaf9767c6ad4 a1fae42bd02a6b91210c61c0c966705b4624f28a 9f4a8d9a47dccdf390021e4db6a1111d7b98de2a9cfa6431ea3069ef5ee95d33 Loading...

HTTP Transactions (38)

URL IP Response Size

demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/?view=login&appIdKey=fcd00c0656cc490&country=

151.139.128.10

301 Moved Permanently

0 B

URL HTTP/1.1
demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/?view=login&appIdKey=fcd00c0656cc490&country=
IP
151.139.128.10:0
ASN
#20446 STACKPATH-CDN

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing

HTTP Headers

GET /trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/?view=login&appIdKey=fcd00c0656cc490&country= HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Wed, 28 Dec 2022 18:34:40 GMT
Accept-Ranges: bytes
Cache-Control: max-age=0
Location: https://demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/?view=login&appIdKey=fcd00c0656cc490&country=
X-HW: 1672252480.cds018.sk1.h2,1672252480.cds224.sk1.c
Link: <http://demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/>; rel="canonical"
Access-Control-Allow-Origin: *
x-sp-metadata: HS256.CNC0sp0GEksKJDQ0ZWMyYjc2LWYwNWMtNDg0NC05NGEzLTc4NWEzYzZkMmM3ORDYn4qBp9n7AhoGCMCYsp0GIgw5MS45MC40Mi4xNTQowIQDMAIaKAgBEiRkZWI2MGI0Ny03YzcyLTQxZGUtOTMwZC0xNDk5M2NjYzk4ZTUiGAgCEhRjZHMyMjQuc2sxLmh3Y2RuLm5ldA==.3sZN8yXEvkj+5jVZAy4gmhZ9t7qAOTXa+Vx5uzfm67w=
Connection: keep-alive
Content-Length: 0

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cd2bda30513692aa11a672c6a599935d
a944c3aa26b461063194a4bb95ce427d23a32d03
d975d1eab40c9fe4986ae0675d79e4f982eb9c0e2f503ca72b3bdf0ec9e7dfdc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D975D1EAB40C9FE4986AE0675D79E4F982EB9C0E2F503CA72B3BDF0EC9E7DFDC"
Last-Modified: Tue, 27 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2437
Expires: Wed, 28 Dec 2022 19:15:18 GMT
Date: Wed, 28 Dec 2022 18:34:41 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
259d3eba2ac4ea32f0410a59bd01c18a
ab02cd69e6c04e3842ad1778fb0daa6d0e86fddc
0d6ec941dac6d97a0b24c0cf00a5642a4edda68ae5ec8b3019d1ec05f40d2281

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0D6EC941DAC6D97A0B24C0CF00A5642A4EDDA68AE5EC8B3019D1EC05F40D2281"
Last-Modified: Tue, 27 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8938
Expires: Wed, 28 Dec 2022 21:03:39 GMT
Date: Wed, 28 Dec 2022 18:34:41 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 28 Dec 2022 17:46:47 GMT
content-type: application/json
age: 2874
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b2d59bdbb1ca6324590988ec031cf1fc
bfd4e25af37dcde4bac38d9b178c5ac8e50f8834
cef2180120ef42ff09d54577229c058d41d2c569d485f5a6dcfadc74bf8aa647

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CEF2180120EF42FF09D54577229C058D41D2C569D485F5A6DCFADC74BF8AA647"
Last-Modified: Mon, 26 Dec 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3116
Expires: Wed, 28 Dec 2022 19:26:37 GMT
Date: Wed, 28 Dec 2022 18:34:41 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: T6b8t3fuF49SIaOYyFdKyQMGEHPYXSllrgHJNPtnp5/vRnPdrdtbiqozlsBmOYUabRlRpIT1c3c=
x-amz-request-id: 9F3KK5K9RYH7R05D
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 28 Dec 2022 17:58:25 GMT
age: 2176
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 28 Dec 2022 18:34:41 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Last-Modified, Retry-After, Content-Type, Alert, Pragma, ETag, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 28 Dec 2022 18:08:08 GMT
age: 1593
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
125553386d49a0b56facb82deab9bd9f
1a7480b79f4aada477fb5919794f6efd6d44921e
6f3f4223d3c994dd4754df67a11298d736e16f888f301ad2838d0b4db1ac01d7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1880
Cache-Control: max-age=140606
Content-Type: application/ocsp-response
Date: Wed, 28 Dec 2022 18:34:41 GMT
Etag: "63ac0727-1d7"
Expires: Fri, 30 Dec 2022 09:38:07 GMT
Last-Modified: Wed, 28 Dec 2022 09:06:47 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

34.213.140.56

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.213.140.56:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: w4iWmFLaD6jSipIL22cHYw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: DVQmn080CELxibWswM+ppq1hPEE=

demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/login.css

151.139.128.10

200 OK

12 kB

URL HTTP/2
demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/login.css
IP
151.139.128.10:0
ASN
#20446 STACKPATH-CDN

File type
ASCII text, with very long lines (1600), with CRLF line terminators
Size
12 kB (12141 bytes)
Hash
218cec7991d65f188a8e83d2fcb47b32
580eec5e82c1bb9e85b6a2e4294a29210e3f88a0
0fe866af2608350990019659cb13d17b40a99c85689a1d2de5dfd4dc84f2703e

HTTP Headers

GET /trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/login.css HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/?view=login&appIdKey=fcd00c0656cc490&country=
Cookie: SPSI=b7ea2821cf468e4c7c9798a05bdfbaee; SPSE=M0c01B2OX+Hzre5CeiTjJ6alsw0wG5UL7kt4ZMd8ZwiUH0Yt3IPdbxBLE017XgbR17IMHtvDRK9HCttk4FB1ww==; spcsrf=75fc11981955591c88f3bb4b2fafead4; UTGv2=D-h4116e1c4627fa2954ba7231efa22475e666; sp_lit=YVbFCm/HY3jN/lGNizAU7g==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 28 Dec 2022 18:34:43 GMT
etag: "1672178891"
cache-control: max-age=30
content-encoding: gzip
content-length: 12141
content-type: text/css
last-modified: Tue, 27 Dec 2022 22:08:11 GMT
accept-ranges: bytes
vary: Accept-Encoding
x-proxy-cache: MISS
x-robots-tag: noindex, nofollow, noarchive, nosnippet
strict-transport-security: max-age=31536000; includeSubDomains
server: fbs
x-sp-metadata: HS256.CNO0sp0GEoYBCiQ3MDgzOTY0NC1lZDVlLTQyMWUtYmJhNS0yMjg5Mjk5Zjg3ZDgQ2J+KgafZ+wIaBgjCmLKdBiIMOTEuOTAuNDIuMTU0KK5dMAM4BEIWVExTX0FFU18xMjhfR0NNX1NIQTI1NlogYzdkMmI0YzQ4NGE0MTNlMTkxZGU2YWNmZjJkYjIwMDkaKRIkYmU3YjIxZWEtZWNjMi00YWQ3LWJiYmMtMjE4OWMwN2ExNWUxGO1eIhoIAhIUY2RzMjE1LnNrMS5od2Nkbi5uZXQYCA==.PK0KpobX3RG3lyGCOXXBg9sBAq5b8wpNclXjSNiLWyM=
x-hw: 1672252482.cds221.sk1.hn,1672252482.cds215.sk1.sc,1672252483.cds215.sk1.pr
link: <https://demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/login.css>; rel="canonical"
access-control-allow-origin: *
X-Firefox-Spdy: h2

demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/log.css

151.139.128.10

200 OK

8.6 kB

URL HTTP/2
demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/log.css
IP
151.139.128.10:0
ASN
#20446 STACKPATH-CDN

File type
ASCII text, with CRLF line terminators
Size
8.6 kB (8604 bytes)
Hash
c05815aa04cd0f11b92ff1c4a026d0e8
bdd2df38fdedc31ee07c001ba605d718c0cc3488
24201fd75cbf5c2fbdab6e3ff6274d0038bb48e19694b4ca5c928a9bdbad819b

HTTP Headers

GET /trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/log.css HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/?view=login&appIdKey=fcd00c0656cc490&country=
Cookie: SPSI=b7ea2821cf468e4c7c9798a05bdfbaee; SPSE=M0c01B2OX+Hzre5CeiTjJ6alsw0wG5UL7kt4ZMd8ZwiUH0Yt3IPdbxBLE017XgbR17IMHtvDRK9HCttk4FB1ww==; spcsrf=75fc11981955591c88f3bb4b2fafead4; UTGv2=D-h4116e1c4627fa2954ba7231efa22475e666; sp_lit=YVbFCm/HY3jN/lGNizAU7g==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 28 Dec 2022 18:34:43 GMT
etag: "1672178891"
cache-control: max-age=30
content-encoding: gzip
content-length: 8604
content-type: text/css
last-modified: Tue, 27 Dec 2022 22:08:11 GMT
accept-ranges: bytes
vary: Accept-Encoding
x-proxy-cache: MISS
x-robots-tag: noindex, nofollow, noarchive, nosnippet
strict-transport-security: max-age=31536000; includeSubDomains
server: fbs
x-sp-metadata: HS256.CNO0sp0GEoYBCiQ3MTkwNmIxOC01YzBiLTQyOTEtYWJjZC1iOGVlOTBkY2IxMGQQ2J+KgafZ+wIaBgjCmLKdBiIMOTEuOTAuNDIuMTU0KK5dMAM4BEIWVExTX0FFU18xMjhfR0NNX1NIQTI1NlogYzdkMmI0YzQ4NGE0MTNlMTkxZGU2YWNmZjJkYjIwMDkaKRIkMmYzYWQ2ZjctNzE5Ni00MTFiLWI5YWItMmE3ODVkM2YxNTRhGJxDIhoIAhIUY2RzMDE3LnNrMS5od2Nkbi5uZXQYCA==.FhvHGdHvoJ02luVuSuTCjwd332hJQkfALOx1kXDot+M=
x-hw: 1672252482.cds221.sk1.hn,1672252482.cds017.sk1.sc,1672252483.cds017.sk1.pr
link: <https://demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/log.css>; rel="canonical"
access-control-allow-origin: *
X-Firefox-Spdy: h2

demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/?view=login&appIdKey=fcd00c0656cc490&country=

151.139.128.10

200 OK

55 kB

URL HTTP/2
demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/?view=login&appIdKey=fcd00c0656cc490&country=
IP
151.139.128.10:0
ASN
#20446 STACKPATH-CDN

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (10703)
Size
55 kB (55211 bytes)
Hash
df09969db9ad96bb7d246a2f502c5101
c7ac753b90892c193a89db0bfca82453aa933589
82dfd64300541697977a206a03eff5b046fb1f369d427aa583462a8c1bed36de

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing

HTTP Headers

GET /trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/?view=login&appIdKey=fcd00c0656cc490&country= HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Wed, 28 Dec 2022 18:34:42 GMT
accept-ranges: bytes
content-encoding: gzip
content-type: text/html; charset=UTF-8
x-hw: 1672252481.cds221.sk1.hn,1672252481.cds224.sk1.sc,1672252482.cdn2-wafbe04-arn1.stackpath.systems.-.wx,1672252482.cds224.sk1.p
link: <https://demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/>; rel="canonical"
x-powered-by: PHP/7.4.33
x-proxy-cache: MISS
x-robots-tag: noindex, nofollow, noarchive, nosnippet
strict-transport-security: max-age=31536000; includeSubDomains
server: fbs
cache-control: private
set-cookie: SPSI=b7ea2821cf468e4c7c9798a05bdfbaee; path=/; HttpOnly; SameSite=Lax;
SPSE=M0c01B2OX+Hzre5CeiTjJ6alsw0wG5UL7kt4ZMd8ZwiUH0Yt3IPdbxBLE017XgbR17IMHtvDRK9HCttk4FB1ww==; path=/; HttpOnly; SameSite=Lax;
spcsrf=75fc11981955591c88f3bb4b2fafead4; path=/; SameSite=Strict; HttpOnly;  expires=Wed, 28-Dec-22 20:34:41 GMT
adOtr=obsvl; path=/; SameSite=Lax; expires=Thu, 2 Aug 2001 20:47:11 UTC
UTGv2=D-h4116e1c4627fa2954ba7231efa22475e666; path=/; SameSite=Lax; expires=Mon, 26-Jun-23 18:34:41 GMT
sp_lit=YVbFCm/HY3jN/lGNizAU7g==; path=/; SameSite=Strict; HttpOnly; expires=Wed, 28-Dec-22 18:39:42 GMT
vary: Accept-Encoding
x-sp-metadata: HS256.CNK0sp0GEoYBCiRmNTExZTViNy05MTE0LTRhZDktYmY4OC1kNjk1NTQyYWQxNjQQ2J+KgafZ+wIaBgjBmLKdBiIMOTEuOTAuNDIuMTU0KK5dMAM4BEIWVExTX0FFU18xMjhfR0NNX1NIQTI1NlogYzdkMmI0YzQ4NGE0MTNlMTkxZGU2YWNmZjJkYjIwMDkaKhIkNGJmNTE5NWMtZTllNi00MmE2LWEyNTUtZGNkYTlkZDk1NDdjGISdAiIaCAISFGNkczIyNC5zazEuaHdjZG4ubmV0GAg=.GkRp8GwjYms7uq0FpRgDHdgVOysAOAqy0I0nCrueoaY=
access-control-allow-origin: *
X-Firefox-Spdy: h2

demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/log2.css

151.139.128.10

200 OK

100 kB

URL HTTP/2
demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/log2.css
IP
151.139.128.10:0
ASN
#20446 STACKPATH-CDN

File type
ASCII text, with very long lines (310), with CRLF line terminators
Size
100 kB (99488 bytes)
Hash
325e2f697e6b328219f5bf14664e48e7
60aaa542ba28a820f58d06eede05550e9f0a1906
c472a6473cadf56b46c128db2b58693da5dd6c358bd5bfb710d4208ac4f5a4d6

HTTP Headers

GET /trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/log2.css HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/?view=login&appIdKey=fcd00c0656cc490&country=
Cookie: SPSI=b7ea2821cf468e4c7c9798a05bdfbaee; SPSE=M0c01B2OX+Hzre5CeiTjJ6alsw0wG5UL7kt4ZMd8ZwiUH0Yt3IPdbxBLE017XgbR17IMHtvDRK9HCttk4FB1ww==; spcsrf=75fc11981955591c88f3bb4b2fafead4; UTGv2=D-h4116e1c4627fa2954ba7231efa22475e666; sp_lit=YVbFCm/HY3jN/lGNizAU7g==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 28 Dec 2022 18:34:43 GMT
etag: "1672178891"
cache-control: max-age=30
content-encoding: gzip
content-length: 99488
content-type: text/css
last-modified: Tue, 27 Dec 2022 22:08:11 GMT
accept-ranges: bytes
vary: Accept-Encoding
x-proxy-cache: MISS
x-robots-tag: noindex, nofollow, noarchive, nosnippet
strict-transport-security: max-age=31536000; includeSubDomains
server: fbs
x-sp-metadata: HS256.CNO0sp0GEoYBCiRhMGVkZmU5ZS0yYWZlLTQ5ZjUtODY5YS0yMzAwYTJlNzg0YmYQ2J+KgafZ+wIaBgjCmLKdBiIMOTEuOTAuNDIuMTU0KK5dMAM4BEIWVExTX0FFU18xMjhfR0NNX1NIQTI1NlogYzdkMmI0YzQ4NGE0MTNlMTkxZGU2YWNmZjJkYjIwMDkaKhIkZjU3NDNiY2UtYzVjMy00NjZlLWE2YzctZDJjNzdmYzlmNWMwGKCJBiIaCAISFGNkczIxMS5zazEuaHdjZG4ubmV0GAg=.f7dtgRwdH+217GJffNwqtoJjkCJROBOSs9hmA2ekhTs=
x-hw: 1672252482.cds221.sk1.hn,1672252482.cds211.sk1.sc,1672252483.cds211.sk1.pr
link: <https://demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/log2.css>; rel="canonical"
access-control-allow-origin: *
X-Firefox-Spdy: h2

demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/log1.css

151.139.128.10

200 OK

81 kB

URL HTTP/2
demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/log1.css
IP
151.139.128.10:0
ASN
#20446 STACKPATH-CDN

File type
ASCII text, with very long lines (464), with CRLF line terminators
Size
81 kB (81415 bytes)
Hash
da555dfa5bd1062341bdeac56f2deca1
fe4d16135c6f62281d50ceadd6714cd9644e1f19
e7886c6868a5d350a59d16f2e6fef34dd4bb98efd6bb2c7e291bd03a9e09b25f

HTTP Headers

GET /trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/log1.css HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/?view=login&appIdKey=fcd00c0656cc490&country=
Cookie: SPSI=b7ea2821cf468e4c7c9798a05bdfbaee; SPSE=M0c01B2OX+Hzre5CeiTjJ6alsw0wG5UL7kt4ZMd8ZwiUH0Yt3IPdbxBLE017XgbR17IMHtvDRK9HCttk4FB1ww==; spcsrf=75fc11981955591c88f3bb4b2fafead4; UTGv2=D-h4116e1c4627fa2954ba7231efa22475e666; sp_lit=YVbFCm/HY3jN/lGNizAU7g==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 28 Dec 2022 18:34:43 GMT
etag: "1672178891"
cache-control: max-age=30
content-encoding: gzip
content-length: 81415
content-type: text/css
last-modified: Tue, 27 Dec 2022 22:08:11 GMT
accept-ranges: bytes
vary: Accept-Encoding
x-proxy-cache: MISS
x-robots-tag: noindex, nofollow, noarchive, nosnippet
strict-transport-security: max-age=31536000; includeSubDomains
server: fbs
x-sp-metadata: HS256.CNO0sp0GEoYBCiRlZjY2ZWFkMi1iMzFlLTQ5MzUtOTRkMS1hMjFkMTRjNjMwMDIQ2J+KgafZ+wIaBgjCmLKdBiIMOTEuOTAuNDIuMTU0KK5dMAM4BEIWVExTX0FFU18xMjhfR0NNX1NIQTI1NlogYzdkMmI0YzQ4NGE0MTNlMTkxZGU2YWNmZjJkYjIwMDkaKhIkNjNkNDNkY2ItZTQzZS00M2FlLThlZjgtOTg1ZmQyNjFkOTdhGIf8BCIaCAISFGNkczAyNC5zazEuaHdjZG4ubmV0GAg=.l55t7kHnCsRNMmETaF2pbTjmYHivWficRRcb0BKpVoY=
x-hw: 1672252482.cds221.sk1.hn,1672252482.cds024.sk1.sc,1672252483.cds024.sk1.pr
link: <https://demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/log1.css>; rel="canonical"
access-control-allow-origin: *
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
563a71326245b9544f7051f983f4d897
7293247391520689fb7aeac14ee6c984d82d7de3
17c444592282f17c3eb8a0d8e10ae9b3be096d621bdf2bbd8e12faf13ff4999c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17C444592282F17C3EB8A0D8E10AE9B3BE096D621BDF2BBD8E12FAF13FF4999C"
Last-Modified: Tue, 27 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3500
Expires: Wed, 28 Dec 2022 19:33:03 GMT
Date: Wed, 28 Dec 2022 18:34:43 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
563a71326245b9544f7051f983f4d897
7293247391520689fb7aeac14ee6c984d82d7de3
17c444592282f17c3eb8a0d8e10ae9b3be096d621bdf2bbd8e12faf13ff4999c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17C444592282F17C3EB8A0D8E10AE9B3BE096D621BDF2BBD8E12FAF13FF4999C"
Last-Modified: Tue, 27 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3500
Expires: Wed, 28 Dec 2022 19:33:03 GMT
Date: Wed, 28 Dec 2022 18:34:43 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
563a71326245b9544f7051f983f4d897
7293247391520689fb7aeac14ee6c984d82d7de3
17c444592282f17c3eb8a0d8e10ae9b3be096d621bdf2bbd8e12faf13ff4999c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17C444592282F17C3EB8A0D8E10AE9B3BE096D621BDF2BBD8E12FAF13FF4999C"
Last-Modified: Tue, 27 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3500
Expires: Wed, 28 Dec 2022 19:33:03 GMT
Date: Wed, 28 Dec 2022 18:34:43 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
563a71326245b9544f7051f983f4d897
7293247391520689fb7aeac14ee6c984d82d7de3
17c444592282f17c3eb8a0d8e10ae9b3be096d621bdf2bbd8e12faf13ff4999c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17C444592282F17C3EB8A0D8E10AE9B3BE096D621BDF2BBD8E12FAF13FF4999C"
Last-Modified: Tue, 27 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3500
Expires: Wed, 28 Dec 2022 19:33:03 GMT
Date: Wed, 28 Dec 2022 18:34:43 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7efeb4a1-9d83-4fe3-bd8d-999279ed4dcd.jpeg

34.120.237.76

200 OK

4.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7efeb4a1-9d83-4fe3-bd8d-999279ed4dcd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.4 kB (4443 bytes)
Hash
ae5da67479fa2f3afda50a7566b5e46e
d71de1881ea09f0aed36703f95635cc0cd552429
a67eca901c4f8436074f48a594cd9942742430c8776745152baf3f858a9c3407

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7efeb4a1-9d83-4fe3-bd8d-999279ed4dcd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4443
x-amzn-requestid: 6ca832c3-dcdc-4fc3-bb60-6868d09f824b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d0y_zFEOoAMF9KQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ab6531-0a9be43a500ea8b41200cc43;Sampled=0
x-amzn-remapped-date: Tue, 27 Dec 2022 21:35:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: VvXODqjCpshzmjPEPpfo9vYkptKA-JEjqereJgM_8WqhMLJUC-a_0w==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Dec 2022 22:04:23 GMT
etag: "d71de1881ea09f0aed36703f95635cc0cd552429"
content-type: image/jpeg
age: 73820
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F346e7d95-abf9-4783-baa6-85137bb9cc29.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.8 kB (7817 bytes)
Hash
8ab36b0d168174ef2d960be9810fdb2d
7c8a7415cab3ef88b5d1204af214a687b1676dda
a1d842fd02273603db0090d34c317d7a3ce3e5f00f29271d45fc4ed6d09ee21e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F346e7d95-abf9-4783-baa6-85137bb9cc29.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7817
x-amzn-requestid: 21a68509-6fec-48b3-8bce-fb2ebfab3289
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d0yuCEVwIAMFUrQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ab64c0-5e23ceec731631d93e01e2c8;Sampled=0
x-amzn-remapped-date: Tue, 27 Dec 2022 21:33:52 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XW37o6TY-ynuySDq8QgtRV96fMBxkZeslHuLJNWBDLaiSz-fHJSQDA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Dec 2022 21:35:40 GMT
age: 75543
etag: "7c8a7415cab3ef88b5d1204af214a687b1676dda"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d43b473-21c7-4775-9398-1bdecb4d7d28.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.0 kB (9007 bytes)
Hash
b373925ce249ca67e6984c436f5cd2b8
ddbc25025b933587990f8e9c32e91c9773256840
7d3c992b715283efeba9bee2e5c08042267017e76074ca6aad870e1dd45b4564

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d43b473-21c7-4775-9398-1bdecb4d7d28.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9007
x-amzn-requestid: 15b3b2e5-d493-4b54-aab4-7374bf892e83
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: drrFbESxIAMFikw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a7beef-37f4ab8e7738b186705bb1db;Sampled=0
x-amzn-remapped-date: Sun, 25 Dec 2022 03:09:35 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: SgjNBdI4lkk3DIdROxkZ8sdadoe-pewXA9Q5M55pGe-LNk012lLFmQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Dec 2022 03:23:10 GMT
age: 54693
etag: "ddbc25025b933587990f8e9c32e91c9773256840"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F45fd5586-9fcc-4409-88f6-52a554307609.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.9 kB (5888 bytes)
Hash
a022f080982dddeaf2decce39bf2f1f7
dd9cb19eb6008d3558f60332bc16c83108474f66
fe2c473fa2e8bb50ead0a1faef96024d711c765330b887e72f53219e96adaf20

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F45fd5586-9fcc-4409-88f6-52a554307609.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5888
x-amzn-requestid: c2212a71-2743-49ed-80fe-5319f266932a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d0y_0FUgoAMF1dA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ab6531-05343b8c4c574b530118c293;Sampled=0
x-amzn-remapped-date: Tue, 27 Dec 2022 21:35:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: E9gjc0GrMNyiChebZDcRKpM8isaP2_IctY5n3_5G2VFzF9xkcKotRA==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Dec 2022 22:08:00 GMT
age: 73603
etag: "dd9cb19eb6008d3558f60332bc16c83108474f66"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8978692-1057-4721-b58a-03675b009dec.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.9 kB (5880 bytes)
Hash
003be820cd1d0f0365928cab98019457
e2a5c2764e4850aa95594c8b303aa4963d33954b
098fd59f48bb33d33764f64eb15d14840467d84544c34f35a6f86bb893be516d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8978692-1057-4721-b58a-03675b009dec.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5880
x-amzn-requestid: e87391e7-c302-42a9-9cdf-0ca5a264c973
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d0z-4GrNoAMFYyw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ab66c5-6b7d0f3044ed76e91a8815d7;Sampled=0
x-amzn-remapped-date: Tue, 27 Dec 2022 21:42:29 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KXwo_ZLyai8bxDmdQl1NzH6FQgVqM6RW1uNlrjolkt26kxpqPgV4Sg==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Dec 2022 22:02:36 GMT
age: 73927
etag: "e2a5c2764e4850aa95594c8b303aa4963d33954b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac8e7926-34e8-4a65-ba5a-894c252c5826.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.1 kB (9103 bytes)
Hash
b970ffab86fbe4a36726473524096ed1
92bc9a2cc454608eae4e310456f2ec180d4ccdca
9d9377466c1d69d25cbde0092dbebb8579ba3f172a001e3068690c7d7efc779c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac8e7926-34e8-4a65-ba5a-894c252c5826.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9103
x-amzn-requestid: d35b52dd-fc72-47ca-8232-00e48cd6d209
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d0z_EEruIAMFlQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ab66c6-574a052f67683ba238966de5;Sampled=0
x-amzn-remapped-date: Tue, 27 Dec 2022 21:42:30 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ohxADRAP902PofikgbhHb6N0yLainQlafqatm4eBQ1u5DHGr1r15Fg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Dec 2022 22:05:36 GMT
age: 73747
etag: "92bc9a2cc454608eae4e310456f2ec180d4ccdca"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

demo2.cloudwp.dev/myaccount/static-content/css/font/td-original-icons.woff

151.139.128.10

301 Moved Permanently

246 B

URL HTTP/2
demo2.cloudwp.dev/myaccount/static-content/css/font/td-original-icons.woff
IP
151.139.128.10:0
ASN
#20446 STACKPATH-CDN

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
246 B (246 bytes)
Hash
34e7e14b00c9dd2bccc95c97fc80b049
3489a6241b5a46a124b0eb5908dfeac166919eee
0ffeeccf9b904bc7cfe3a9d9554dc8e05907adec665e93a5921d79a9415ab5b0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /myaccount/static-content/css/font/td-original-icons.woff HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/log1.css
Cookie: SPSI=b7ea2821cf468e4c7c9798a05bdfbaee; SPSE=M0c01B2OX+Hzre5CeiTjJ6alsw0wG5UL7kt4ZMd8ZwiUH0Yt3IPdbxBLE017XgbR17IMHtvDRK9HCttk4FB1ww==; spcsrf=75fc11981955591c88f3bb4b2fafead4; UTGv2=h4116e1c4627fa2954ba7231efa22475e666; sp_lit=YVbFCm/HY3jN/lGNizAU7g==; PRLST=Sg
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 301 Moved Permanently
date: Wed, 28 Dec 2022 18:34:43 GMT
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-length: 246
content-type: text/html; charset=iso-8859-1
pragma: no-cache
expires: Sun, 20 Apr 1975 05:05:00 GMT
location: https://demo2.cloudwp.dev/inactive.htm
x-proxy-cache: MISS
x-robots-tag: noindex, nofollow, noarchive, nosnippet
strict-transport-security: max-age=31536000; includeSubDomains
server: fbs
link: <https://demo2.cloudwp.dev/myaccount/static-content/css/font/td-original-icons.woff>; rel="canonical"
x-hw: 1672252483.cds221.sk1.hn,1672252483.cds254.sk1.sc,1672252483.cdn2-redis02-arn1.stackpath.systems.-.wx,1672252483.cds254.sk1.p
access-control-allow-origin: *
x-sp-metadata: HS256.CNO0sp0GEoYBCiQwMzdmNmNmMi0xZjRhLTRlODYtODc3ZS0yMmM5YzZiZjUyZTUQ2J+KgafZ+wIaBgjDmLKdBiIMOTEuOTAuNDIuMTU0KK5dMAM4BEIWVExTX0FFU18xMjhfR0NNX1NIQTI1NlogYzdkMmI0YzQ4NGE0MTNlMTkxZGU2YWNmZjJkYjIwMDkaKRIkMTJlODFiN2MtYWQzZC00ZTQ4LTk1OTYtMTk2YjQ2ZmQxZTdlGPYBIhoIAhIUY2RzMjU0LnNrMS5od2Nkbi5uZXQYCA==.BLmkhiY0RbuDmBHGJjRO8+EXDTgHB5Tb02WF7LiVjSk=
X-Firefox-Spdy: h2

demo2.cloudwp.dev/favicon.ico

151.139.128.10

200 OK

1.2 kB

URL HTTP/2
demo2.cloudwp.dev/favicon.ico
IP
151.139.128.10:0
ASN
#20446 STACKPATH-CDN

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
1.2 kB (1189 bytes)
Hash
6af2b6286c753a22bf1dd95100bd3093
004c513c359ae3c57ed85910f27804def11e2d26
9a187b9fc2a7a7ebeae725b685c4a33848f94b2cf69d276a227401c10a268058

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/?view=login&appIdKey=fcd00c0656cc490&country=
Cookie: SPSI=b7ea2821cf468e4c7c9798a05bdfbaee; SPSE=M0c01B2OX+Hzre5CeiTjJ6alsw0wG5UL7kt4ZMd8ZwiUH0Yt3IPdbxBLE017XgbR17IMHtvDRK9HCttk4FB1ww==; spcsrf=75fc11981955591c88f3bb4b2fafead4; UTGv2=h4116e1c4627fa2954ba7231efa22475e666; sp_lit=YVbFCm/HY3jN/lGNizAU7g==; PRLST=Sg; adOtr=2a78b1ec24f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 28 Dec 2022 18:34:44 GMT
cache-control: max-age=30
content-length: 1189
content-type: image/x-icon
last-modified: Tue, 21 Apr 2015 20:19:14 GMT
accept-ranges: bytes
etag: "5536b0c2-4a5"
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-origin: *
x-robots-tag: noindex, nofollow, noarchive, nosnippet
strict-transport-security: max-age=31536000; includeSubDomains
server: fbs
x-sp-metadata: HS256.CNS0sp0GEoYBCiQ4Yjk0OTZhMi1iZmI1LTRmMzMtODRkZi00NDJmNTU0NzM0ZjYQ2J+KgafZ+wIaBgjDmLKdBiIMOTEuOTAuNDIuMTU0KK5dMAM4BEIWVExTX0FFU18xMjhfR0NNX1NIQTI1NlogYzdkMmI0YzQ4NGE0MTNlMTkxZGU2YWNmZjJkYjIwMDkaKRIkNjg1MmM3ODMtZGEyYi00N2I5LWI5MzEtM2RjNTIyZmJhYTA0GKUJIhoIAhIUY2RzMDE1LnNrMS5od2Nkbi5uZXQYCA==.j8D3fD894bHBBKMN59TmxXXUAHnZSm/9rjUsanGshYY=
x-hw: 1672252483.cds221.sk1.hn,1672252483.cds015.sk1.sc,1672252484.cds015.sk1.pr
link: <https://demo2.cloudwp.dev/favicon.ico>; rel="canonical"
X-Firefox-Spdy: h2

demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/images/background-image-landing-thin.png

151.139.128.10

404 Not Found

22 kB

URL HTTP/2
demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/images/background-image-landing-thin.png
IP
151.139.128.10:0
ASN
#20446 STACKPATH-CDN

File type
data
Size
22 kB (22342 bytes)
Hash
de2d38cb6d58a57e835f172e9ed88914
0fa4c569905dd9820fe4a5d0293dcafd62cd7cc0
38a5e0c4b97ca3c7b2c029cd8f16a1afeaa98491a6552979c517e9e32c6e4880

HTTP Headers

GET /trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/images/background-image-landing-thin.png HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/log3.css
Cookie: SPSI=b7ea2821cf468e4c7c9798a05bdfbaee; SPSE=M0c01B2OX+Hzre5CeiTjJ6alsw0wG5UL7kt4ZMd8ZwiUH0Yt3IPdbxBLE017XgbR17IMHtvDRK9HCttk4FB1ww==; spcsrf=75fc11981955591c88f3bb4b2fafead4; UTGv2=D-h4116e1c4627fa2954ba7231efa22475e666; sp_lit=YVbFCm/HY3jN/lGNizAU7g==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
date: Wed, 28 Dec 2022 18:34:44 GMT
accept-ranges: bytes
content-encoding: gzip
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
cache-control: no-cache, must-revalidate, max-age=0
server: fbs
link: <https://demo2.cloudwp.dev/trial-94445377/wp-json/>; rel="https://api.w.org/", <https://demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/images/background-image-landing-thin.png>; rel="canonical"
x-hw: 1672252483.cds221.sk1.hn,1672252483.cds257.sk1.sc,1672252484.cdn2-wafbe01-arn1.stackpath.systems.-.wx,1672252484.cds257.sk1.p
access-control-allow-origin: *
x-sp-metadata: HS256.CNS0sp0GEoYBCiQ1ZjhmNDhhYS01YmEwLTRiMTMtOTBkMy1mZDg0OWY0YjI0NDIQ2J+KgafZ+wIaBgjDmLKdBiIMOTEuOTAuNDIuMTU0KK5dMAM4BEIWVExTX0FFU18xMjhfR0NNX1NIQTI1NlogYzdkMmI0YzQ4NGE0MTNlMTkxZGU2YWNmZjJkYjIwMDkaJhIkNzhkY2RiZTctZTFjYS00OGY4LWExMjYtNmY0YjA3ZTRmMjNiIhoIAhIUY2RzMjU3LnNrMS5od2Nkbi5uZXQYCA==.I+miSHD9dy3TUc9PoZfRN1VkcEjehHpcs1YmouF6kVI=
X-Firefox-Spdy: h2

demo2.cloudwp.dev/myaccount/static-content/css/font/td-original-icons.ttf

151.139.128.10

301 Moved Permanently

0 B

URL HTTP/2
demo2.cloudwp.dev/myaccount/static-content/css/font/td-original-icons.ttf
IP
151.139.128.10:0
ASN
#20446 STACKPATH-CDN

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /myaccount/static-content/css/font/td-original-icons.ttf HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/log1.css
Cookie: SPSI=b7ea2821cf468e4c7c9798a05bdfbaee; SPSE=M0c01B2OX+Hzre5CeiTjJ6alsw0wG5UL7kt4ZMd8ZwiUH0Yt3IPdbxBLE017XgbR17IMHtvDRK9HCttk4FB1ww==; spcsrf=6dc0a9d0ae0db6346a911584ec390afe; UTGv2=h4116e1c4627fa2954ba7231efa22475e666; sp_lit=ahZmeocdpBt+DQ4oL0qfEQ==; PRLST=; adOtr=2a78b1ec24f
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 301 Moved Permanently
date: Wed, 28 Dec 2022 18:34:45 GMT
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: text/html; charset=iso-8859-1
set-cookie: spcsrf=cbf328dc90589da520a7d185658d177b; path=/; SameSite=Strict; HttpOnly;  expires=Wed, 28-Dec-22 20:34:44 GMT
pragma: no-cache
expires: Sun, 20 Apr 1975 05:05:00 GMT
location: https://demo2.cloudwp.dev/inactive.htm
x-proxy-cache: MISS
x-robots-tag: noindex, nofollow, noarchive, nosnippet
strict-transport-security: max-age=31536000; includeSubDomains
server: fbs
link: <https://demo2.cloudwp.dev/myaccount/static-content/css/font/td-original-icons.ttf>; rel="canonical"
x-hw: 1672252484.cds221.sk1.hn,1672252484.cds251.sk1.sc,1672252485.cdn2-wafbe01-arn1.stackpath.systems.-.wx,1672252485.cds251.sk1.p
access-control-allow-origin: *
x-sp-metadata: HS256.CNW0sp0GEoYBCiRlYzdlOWI4Yi1mMmFjLTRhYWItOTRjNy1iYTE3MWNmZjdkYjUQ2J+KgafZ+wIaBgjEmLKdBiIMOTEuOTAuNDIuMTU0KK5dMAM4BEIWVExTX0FFU18xMjhfR0NNX1NIQTI1NlogYzdkMmI0YzQ4NGE0MTNlMTkxZGU2YWNmZjJkYjIwMDkaKRIkMThlNjU0ZDgtNDdhOC00ZjlmLThmODEtMTA1MjNjYzc0YTUwGPYBIhoIAhIUY2RzMjUxLnNrMS5od2Nkbi5uZXQYCA==.01iijlvRW5cSH8/h1PX+ERNmLGUQaKkJ4saQ8PQiTxk=
X-Firefox-Spdy: h2

demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/assets/TelstraAkkurat-Bold.ttf

151.139.128.10

404 Not Found

0 B

URL HTTP/2
demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/assets/TelstraAkkurat-Bold.ttf
IP
151.139.128.10:0
ASN
#20446 STACKPATH-CDN

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/assets/TelstraAkkurat-Bold.ttf HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/login.css
Cookie: SPSI=b7ea2821cf468e4c7c9798a05bdfbaee; SPSE=M0c01B2OX+Hzre5CeiTjJ6alsw0wG5UL7kt4ZMd8ZwiUH0Yt3IPdbxBLE017XgbR17IMHtvDRK9HCttk4FB1ww==; spcsrf=6dc0a9d0ae0db6346a911584ec390afe; UTGv2=h4116e1c4627fa2954ba7231efa22475e666; sp_lit=ahZmeocdpBt+DQ4oL0qfEQ==; PRLST=; adOtr=2a78b1ec24f
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
date: Wed, 28 Dec 2022 18:34:46 GMT
accept-ranges: bytes
content-encoding: gzip
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
cache-control: no-cache, must-revalidate, max-age=0
server: fbs
set-cookie: spcsrf=58df9b042394861a53dcec8d0328b88d; path=/; SameSite=Strict; HttpOnly;  expires=Wed, 28-Dec-22 20:34:44 GMT
PRLST=; Sun, 25-Dec-22 18:34:44 GMT; path=/; SameSite=Lax;
sp_lit=vbm2c9m44RWZRHZFqthHfw==; path=/; SameSite=Strict; HttpOnly; expires=Wed, 28-Dec-22 18:39:46 GMT
link: <https://demo2.cloudwp.dev/trial-94445377/wp-json/>; rel="https://api.w.org/", <https://demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/assets/TelstraAkkurat-Bold.ttf>; rel="canonical"
x-hw: 1672252484.cds221.sk1.hn,1672252484.cds202.sk1.sc,1672252486.cdn2-redis01-arn1.stackpath.systems.-.wx,1672252486.cds202.sk1.p
access-control-allow-origin: *
x-sp-metadata: HS256.CNa0sp0GEoYBCiRhZjg3MDFiOC05NTVhLTQ2OWUtYTI2Mi1mYjNhNDQ0Zjg3OGYQ2J+KgafZ+wIaBgjEmLKdBiIMOTEuOTAuNDIuMTU0KK5dMAM4BEIWVExTX0FFU18xMjhfR0NNX1NIQTI1NlogYzdkMmI0YzQ4NGE0MTNlMTkxZGU2YWNmZjJkYjIwMDkaJhIkNGQ0MjAzYTQtNWI0Mi00ZWFkLTlhNjQtZGIyMmViMDdjMWU2IhoIAhIUY2RzMjAyLnNrMS5od2Nkbi5uZXQYCA==.0EDtY05UUjpToHlYiVbCHOkf48jSHT4ggEAT8XQ4BQY=
X-Firefox-Spdy: h2

demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/font/TelstraAkkurat-Bold.ttf

151.139.128.10

404 Not Found

0 B

URL HTTP/2
demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/font/TelstraAkkurat-Bold.ttf
IP
151.139.128.10:0
ASN
#20446 STACKPATH-CDN

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/font/TelstraAkkurat-Bold.ttf HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/log3.css
Cookie: SPSI=b7ea2821cf468e4c7c9798a05bdfbaee; SPSE=M0c01B2OX+Hzre5CeiTjJ6alsw0wG5UL7kt4ZMd8ZwiUH0Yt3IPdbxBLE017XgbR17IMHtvDRK9HCttk4FB1ww==; spcsrf=58df9b042394861a53dcec8d0328b88d; UTGv2=h4116e1c4627fa2954ba7231efa22475e666; sp_lit=vbm2c9m44RWZRHZFqthHfw==; PRLST=; adOtr=2a78b1ec24f
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
date: Wed, 28 Dec 2022 18:34:48 GMT
accept-ranges: bytes
content-encoding: gzip
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
cache-control: no-cache, must-revalidate, max-age=0
server: fbs
set-cookie: spcsrf=82ec109920a40164b7cb717b48b76732; path=/; SameSite=Strict; HttpOnly;  expires=Wed, 28-Dec-22 20:34:47 GMT
PRLST=; Sun, 25-Dec-22 18:34:47 GMT; path=/; SameSite=Lax;
sp_lit=GpbXYOMeT+F7uPL6DJRK4Q==; path=/; SameSite=Strict; HttpOnly; expires=Wed, 28-Dec-22 18:39:48 GMT
link: <https://demo2.cloudwp.dev/trial-94445377/wp-json/>; rel="https://api.w.org/", <https://demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/font/TelstraAkkurat-Bold.ttf>; rel="canonical"
x-hw: 1672252487.cds221.sk1.hn,1672252487.cds235.sk1.sc,1672252488.cdn2-wafbe01-arn1.stackpath.systems.-.wx,1672252488.cds235.sk1.p
access-control-allow-origin: *
x-sp-metadata: HS256.CNi0sp0GEoYBCiRkYjdmZDI5Ni0xN2FhLTQ0ZmMtYTgyYy05MmY3MWZiNDA1MzkQ2J+KgafZ+wIaBgjHmLKdBiIMOTEuOTAuNDIuMTU0KK5dMAM4BEIWVExTX0FFU18xMjhfR0NNX1NIQTI1NlogYzdkMmI0YzQ4NGE0MTNlMTkxZGU2YWNmZjJkYjIwMDkaJhIkN2IxMjM0ZTYtNzZkNi00MDJjLTlhYWEtYWU5ZjEwZjM5NDE2IhoIAhIUY2RzMjM1LnNrMS5od2Nkbi5uZXQYCA==.8WWV2CvJeodVj7TsKaPqOOUc98pUE9Y8Uw9p1C/+KT8=
X-Firefox-Spdy: h2

demo2.cloudwp.dev/sbbi/?sbbpg=sbbShell&gprid=Sg&sbbgs=h4116e1c4627fa2954ba7231efa22475e666&ddl=-3

151.139.128.10

200 OK

0 B

URL HTTP/2
demo2.cloudwp.dev/sbbi/?sbbpg=sbbShell&gprid=Sg&sbbgs=h4116e1c4627fa2954ba7231efa22475e666&ddl=-3
IP
151.139.128.10:0
ASN
#20446 STACKPATH-CDN

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sbbi/?sbbpg=sbbShell&gprid=Sg&sbbgs=h4116e1c4627fa2954ba7231efa22475e666&ddl=-3 HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/?view=login&appIdKey=fcd00c0656cc490&country=
Cookie: SPSI=b7ea2821cf468e4c7c9798a05bdfbaee; SPSE=M0c01B2OX+Hzre5CeiTjJ6alsw0wG5UL7kt4ZMd8ZwiUH0Yt3IPdbxBLE017XgbR17IMHtvDRK9HCttk4FB1ww==; spcsrf=75fc11981955591c88f3bb4b2fafead4; UTGv2=h4116e1c4627fa2954ba7231efa22475e666; sp_lit=YVbFCm/HY3jN/lGNizAU7g==; PRLST=Sg
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 28 Dec 2022 18:34:43 GMT
cache-control: no-store, no-cache, max-age=0, must-revalidate, private,  max-stale=0, post-check=0, pre-check=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
server: fbs
x-accel-expires: 0
link: <https://demo2.cloudwp.dev/sbbi/>; rel="canonical"
x-hw: 1672252483.cds221.sk1.hn,1672252483.cds208.sk1.sc,1672252483.cdn2-redis02-arn1.stackpath.systems.-.i,1672252483.cds208.sk1.p
access-control-allow-origin: *
x-sp-metadata: HS256.CNO0sp0GEoYBCiQzMDkxNDdhNC0zNzY3LTRkYjktYTFkYi03ZDFlZDRkMjhiODUQ2J+KgafZ+wIaBgjDmLKdBiIMOTEuOTAuNDIuMTU0KK5dMAM4BEIWVExTX0FFU18xMjhfR0NNX1NIQTI1NlogYzdkMmI0YzQ4NGE0MTNlMTkxZGU2YWNmZjJkYjIwMDkaJhIkODk5M2MyOWYtOWJhNy00ZThlLWFiM2YtODljNjJiODIyNzM4IhoIAhIUY2RzMjA4LnNrMS5od2Nkbi5uZXQYCA==.+lS9wfKwNUvQsPzdQG4gzeZIbtnJbxwuyvaWwTSLPdI=
X-Firefox-Spdy: h2

demo2.cloudwp.dev/sbbi/?sbbpg=sbbShell&gprid=Sg&sbbgs=h4116e1c4627fa2954ba7231efa22475e666&ddl=-3

151.139.128.10

200 OK

0 B

URL HTTP/2
demo2.cloudwp.dev/sbbi/?sbbpg=sbbShell&gprid=Sg&sbbgs=h4116e1c4627fa2954ba7231efa22475e666&ddl=-3
IP
151.139.128.10:0
ASN
#20446 STACKPATH-CDN

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /sbbi/?sbbpg=sbbShell&gprid=Sg&sbbgs=h4116e1c4627fa2954ba7231efa22475e666&ddl=-3 HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 497
Origin: https://demo2.cloudwp.dev
Connection: keep-alive
Referer: https://demo2.cloudwp.dev/sbbi/?sbbpg=sbbShell&gprid=Sg&sbbgs=h4116e1c4627fa2954ba7231efa22475e666&ddl=-3
Cookie: SPSI=b7ea2821cf468e4c7c9798a05bdfbaee; SPSE=M0c01B2OX+Hzre5CeiTjJ6alsw0wG5UL7kt4ZMd8ZwiUH0Yt3IPdbxBLE017XgbR17IMHtvDRK9HCttk4FB1ww==; spcsrf=75fc11981955591c88f3bb4b2fafead4; UTGv2=h4116e1c4627fa2954ba7231efa22475e666; sp_lit=YVbFCm/HY3jN/lGNizAU7g==; PRLST=Sg; adOtr=2a78b1ec24f
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 28 Dec 2022 18:34:43 GMT
cache-control: no-store, no-cache, max-age=0, must-revalidate, private,  max-stale=0, post-check=0, pre-check=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
server: fbs
x-accel-expires: 0
link: <https://demo2.cloudwp.dev/sbbi/>; rel="canonical"
x-hw: 1672252483.cds221.sk1.hn,1672252483.cds210.sk1.sc,1672252483.cdn2-redis01-arn1.stackpath.systems.-.i,1672252483.cds210.sk1.p
access-control-allow-origin: *
x-sp-metadata: HS256.CNO0sp0GEoYBCiQ3YTQ4YjI0Yi1hOTU2LTQ3MGYtOGVmZS0yN2U2MDg5OTg0MzgQ2J+KgafZ+wIaBgjDmLKdBiIMOTEuOTAuNDIuMTU0KK5dMAM4BEIWVExTX0FFU18xMjhfR0NNX1NIQTI1NlogYzdkMmI0YzQ4NGE0MTNlMTkxZGU2YWNmZjJkYjIwMDkaJhIkZGY0ZmJiOGUtMGIzMi00Mzk1LWFlMzEtOWU2OTQ0MzkzNTMzIhoIAhIUY2RzMjEwLnNrMS5od2Nkbi5uZXQYCA==.acUTkkHp11Jc9KV4663ukKoi3lu6qQnTZi2dwhfXaWI=
X-Firefox-Spdy: h2

demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/font/Akkurat.woff

151.139.128.10

404 Not Found

0 B

URL HTTP/2
demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/font/Akkurat.woff
IP
151.139.128.10:0
ASN
#20446 STACKPATH-CDN

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/font/Akkurat.woff HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/login.css
Cookie: SPSI=b7ea2821cf468e4c7c9798a05bdfbaee; SPSE=M0c01B2OX+Hzre5CeiTjJ6alsw0wG5UL7kt4ZMd8ZwiUH0Yt3IPdbxBLE017XgbR17IMHtvDRK9HCttk4FB1ww==; spcsrf=58df9b042394861a53dcec8d0328b88d; UTGv2=h4116e1c4627fa2954ba7231efa22475e666; sp_lit=vbm2c9m44RWZRHZFqthHfw==; PRLST=; adOtr=2a78b1ec24f
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
date: Wed, 28 Dec 2022 18:34:47 GMT
accept-ranges: bytes
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
cache-control: no-cache, must-revalidate, max-age=0
server: fbs
link: <https://demo2.cloudwp.dev/trial-94445377/wp-json/>; rel="https://api.w.org/", <https://demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/font/Akkurat.woff>; rel="canonical"
x-hw: 1672252486.cds221.sk1.hn,1672252486.cds222.sk1.sc,1672252487.cdn2-redis01-arn1.stackpath.systems.-.wx,1672252487.cds222.sk1.p
access-control-allow-origin: *
x-sp-metadata: HS256.CNe0sp0GEoYBCiQ2ZjliNGY4NS04ZDBjLTRiOWYtOGJmOS1kNGQ5NmJmNmFjNjkQ2J+KgafZ+wIaBgjGmLKdBiIMOTEuOTAuNDIuMTU0KK5dMAM4BEIWVExTX0FFU18xMjhfR0NNX1NIQTI1NlogYzdkMmI0YzQ4NGE0MTNlMTkxZGU2YWNmZjJkYjIwMDkaJhIkNWE3Y2QxMTktYTRhZi00NmUyLWFlYzQtYWY0NTJjMWU2Yjg0IhoIAhIUY2RzMjIyLnNrMS5od2Nkbi5uZXQYCA==.TTWcis5a2QaiGtLFvYB4Wusf6rFvoj5Js6zMNXjBS/o=
X-Firefox-Spdy: h2

demo2.cloudwp.dev/inactive.htm

151.139.128.10

200 OK

0 B

URL HTTP/2
demo2.cloudwp.dev/inactive.htm
IP
151.139.128.10:0
ASN
#20446 STACKPATH-CDN

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /inactive.htm HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/log1.css
Connection: keep-alive
Cookie: SPSI=b7ea2821cf468e4c7c9798a05bdfbaee; SPSE=M0c01B2OX+Hzre5CeiTjJ6alsw0wG5UL7kt4ZMd8ZwiUH0Yt3IPdbxBLE017XgbR17IMHtvDRK9HCttk4FB1ww==; spcsrf=75fc11981955591c88f3bb4b2fafead4; UTGv2=h4116e1c4627fa2954ba7231efa22475e666; sp_lit=YVbFCm/HY3jN/lGNizAU7g==; PRLST=Sg; adOtr=2a78b1ec24f
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 28 Dec 2022 18:34:44 GMT
cache-control: private
content-encoding: gzip
content-type: text/html; charset=utf-8
last-modified: Fri, 09 Jul 2021 17:42:39 GMT
vary: Accept-Encoding
x-proxy-cache: MISS
x-robots-tag: noindex, nofollow, noarchive, nosnippet
strict-transport-security: max-age=31536000; includeSubDomains
server: fbs
set-cookie: spcsrf=6dc0a9d0ae0db6346a911584ec390afe; path=/; SameSite=Strict; HttpOnly;  expires=Wed, 28-Dec-22 20:34:43 GMT
PRLST=; Sun, 25-Dec-22 18:34:43 GMT; path=/; SameSite=Lax;
sp_lit=ahZmeocdpBt+DQ4oL0qfEQ==; path=/; SameSite=Strict; HttpOnly; expires=Wed, 28-Dec-22 18:39:44 GMT
link: <https://demo2.cloudwp.dev/inactive.htm>; rel="canonical"
x-hw: 1672252483.cds221.sk1.hn,1672252483.cds018.sk1.sc,1672252484.cdn2-wafbe02-arn1.stackpath.systems.-.wx,1672252484.cds018.sk1.p
access-control-allow-origin: *
x-sp-metadata: HS256.CNS0sp0GEoYBCiRiMTNlYzQxNS03MTdkLTQ4NDAtODMyNi00MWM2YmQzMWU1YTIQ2J+KgafZ+wIaBgjDmLKdBiIMOTEuOTAuNDIuMTU0KK5dMAM4BEIWVExTX0FFU18xMjhfR0NNX1NIQTI1NlogYzdkMmI0YzQ4NGE0MTNlMTkxZGU2YWNmZjJkYjIwMDkaJhIkMjA5YjYxM2ItM2M2ZS00N2NhLTk4NGYtOWVjNWRkYzJhZTRkIhoIAhIUY2RzMDE4LnNrMS5od2Nkbi5uZXQYCA==.QR25KmnFT5sMKH/TF/6UbsCcMTAFWdG0novtPaj6UiM=
X-Firefox-Spdy: h2

demo2.cloudwp.dev/sbbi/?sbbpg=utMedia&vii=bh74e1a1268e211cc4f642678fea42c975c49b7a9782a3015ebfdaf2b2a4e7e5ieo6y6v6

151.139.128.10

200 OK

0 B

URL HTTP/2
demo2.cloudwp.dev/sbbi/?sbbpg=utMedia&vii=bh74e1a1268e211cc4f642678fea42c975c49b7a9782a3015ebfdaf2b2a4e7e5ieo6y6v6
IP
151.139.128.10:0
ASN
#20446 STACKPATH-CDN

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sbbi/?sbbpg=utMedia&vii=bh74e1a1268e211cc4f642678fea42c975c49b7a9782a3015ebfdaf2b2a4e7e5ieo6y6v6 HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/?view=login&appIdKey=fcd00c0656cc490&country=
Cookie: SPSI=b7ea2821cf468e4c7c9798a05bdfbaee; SPSE=M0c01B2OX+Hzre5CeiTjJ6alsw0wG5UL7kt4ZMd8ZwiUH0Yt3IPdbxBLE017XgbR17IMHtvDRK9HCttk4FB1ww==; spcsrf=75fc11981955591c88f3bb4b2fafead4; UTGv2=h4116e1c4627fa2954ba7231efa22475e666; sp_lit=YVbFCm/HY3jN/lGNizAU7g==; PRLST=Sg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 28 Dec 2022 18:34:43 GMT
cache-control: no-store, no-cache, max-age=0, must-revalidate, private,  max-stale=0, post-check=0, pre-check=0
content-type: image/gif
server: fbs
x-accel-expires: 0
link: <https://demo2.cloudwp.dev/sbbi/>; rel="canonical"
x-hw: 1672252483.cds221.sk1.hn,1672252483.cds263.sk1.sc,1672252483.cdn2-redis02-arn1.stackpath.systems.-.i,1672252483.cds263.sk1.p
access-control-allow-origin: *
x-sp-metadata: HS256.CNO0sp0GEoYBCiQxYmNiZDEyMS05MjVlLTRmMWQtOWEzMi01MmEyYjMwMTM5OWEQ2J+KgafZ+wIaBgjDmLKdBiIMOTEuOTAuNDIuMTU0KK5dMAM4BEIWVExTX0FFU18xMjhfR0NNX1NIQTI1NlogYzdkMmI0YzQ4NGE0MTNlMTkxZGU2YWNmZjJkYjIwMDkaJhIkNDBkZjJhNjYtYjhkZS00MWQwLWE2YzUtZGI4NmZkODQyMTljIhoIAhIUY2RzMjYzLnNrMS5od2Nkbi5uZXQYCA==.W9j/hwWnaNMhWn1GnSAoiyacV4dGqS6V403sovyhFVA=
X-Firefox-Spdy: h2

demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/assets/TelstraAkkurat-Bold.woff

151.139.128.10

404 Not Found

0 B

URL HTTP/2
demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/assets/TelstraAkkurat-Bold.woff
IP
151.139.128.10:0
ASN
#20446 STACKPATH-CDN

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/assets/TelstraAkkurat-Bold.woff HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/login.css
Cookie: SPSI=b7ea2821cf468e4c7c9798a05bdfbaee; SPSE=M0c01B2OX+Hzre5CeiTjJ6alsw0wG5UL7kt4ZMd8ZwiUH0Yt3IPdbxBLE017XgbR17IMHtvDRK9HCttk4FB1ww==; spcsrf=75fc11981955591c88f3bb4b2fafead4; UTGv2=h4116e1c4627fa2954ba7231efa22475e666; sp_lit=YVbFCm/HY3jN/lGNizAU7g==; PRLST=Sg
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
date: Wed, 28 Dec 2022 18:34:44 GMT
accept-ranges: bytes
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
cache-control: no-cache, must-revalidate, max-age=0
server: fbs
link: <https://demo2.cloudwp.dev/trial-94445377/wp-json/>; rel="https://api.w.org/", <https://demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/assets/TelstraAkkurat-Bold.woff>; rel="canonical"
x-hw: 1672252483.cds221.sk1.hn,1672252483.cds216.sk1.sc,1672252484.cdn2-wafbe01-arn1.stackpath.systems.-.wx,1672252484.cds216.sk1.p
access-control-allow-origin: *
x-sp-metadata: HS256.CNS0sp0GEoYBCiQ3ZGU4ZDFlNS0wYzEwLTQ1MWQtYjc3OS1lYzRmM2MyNjQyYTkQ2J+KgafZ+wIaBgjDmLKdBiIMOTEuOTAuNDIuMTU0KK5dMAM4BEIWVExTX0FFU18xMjhfR0NNX1NIQTI1NlogYzdkMmI0YzQ4NGE0MTNlMTkxZGU2YWNmZjJkYjIwMDkaJhIkNzhlN2IwZTItOTMxMy00OGI1LWEyNWUtYTU1YmQ2ZjYyZDk1IhoIAhIUY2RzMjE2LnNrMS5od2Nkbi5uZXQYCA==.LQNDotx/Rh/RM7nryFRZp19UhKMmrFNHGdXkB/k0Av8=
X-Firefox-Spdy: h2

demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/font/TelstraAkkuratWeb-Light.woff

151.139.128.10

404 Not Found

0 B

URL HTTP/2
demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/font/TelstraAkkuratWeb-Light.woff
IP
151.139.128.10:0
ASN
#20446 STACKPATH-CDN

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/font/TelstraAkkuratWeb-Light.woff HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/log3.css
Cookie: SPSI=b7ea2821cf468e4c7c9798a05bdfbaee; SPSE=M0c01B2OX+Hzre5CeiTjJ6alsw0wG5UL7kt4ZMd8ZwiUH0Yt3IPdbxBLE017XgbR17IMHtvDRK9HCttk4FB1ww==; spcsrf=75fc11981955591c88f3bb4b2fafead4; UTGv2=h4116e1c4627fa2954ba7231efa22475e666; sp_lit=YVbFCm/HY3jN/lGNizAU7g==; PRLST=Sg
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
date: Wed, 28 Dec 2022 18:34:44 GMT
accept-ranges: bytes
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
cache-control: no-cache, must-revalidate, max-age=0
server: fbs
link: <https://demo2.cloudwp.dev/trial-94445377/wp-json/>; rel="https://api.w.org/", <https://demo2.cloudwp.dev/trial-94445377/wp-admin/service/telstra/myid.telstra.com/manage/src/font/TelstraAkkuratWeb-Light.woff>; rel="canonical"
x-hw: 1672252483.cds221.sk1.hn,1672252483.cds221.sk1.sc,1672252484.cdn2-wafbe04-arn1.stackpath.systems.-.wx,1672252484.cds221.sk1.p
access-control-allow-origin: *
x-sp-metadata: HS256.CNS0sp0GEoYBCiQ2ZWY2M2I1ZS1kNGMwLTRlNWQtOWQ0ZC0wNDUyODhjYjZkNGYQ2J+KgafZ+wIaBgjDmLKdBiIMOTEuOTAuNDIuMTU0KK5dMAM4BEIWVExTX0FFU18xMjhfR0NNX1NIQTI1NlogYzdkMmI0YzQ4NGE0MTNlMTkxZGU2YWNmZjJkYjIwMDkaJhIkYzkyMjE3ZjAtNmVkMS00NzYzLWI3NzAtZmJhNzQwYjUwYTQ1IhoIAhIUY2RzMjIxLnNrMS5od2Nkbi5uZXQYCA==.ws11nsKKKCFqMlOYRZsI4IB8hDfAp44ZvxU+WQKl5gA=
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (38)

URL HTTP/1.1

IP

ASN