Report - netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/

Report Overview

Submitted URL
netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/
IP
63.250.43.9
ASN
#22612 NAMECHEAP-NET
Submitted
2022-10-23 21:53:46
Access
Website Title
Final URL
Tags
None
urlquery detections
Phishing - DHL

Detections

urlquery
2
Network Intrusion Detection
0
Threat Detection Systems
30

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-09T05:09:05Z	2.0 kB	5.3 kB	23.36.77.32
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-09T05:09:48Z	321 B	229 B	34.117.237.239
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-09T05:09:50Z	1.3 kB	2.8 kB	142.250.74.3
code.jquery.com	634	2012-05-21T19:28:02Z	2023-03-09T05:11:44Z	382 B	31 kB	69.16.175.10
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-09T05:09:49Z	401 B	5.8 kB	34.160.144.191
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-09T10:04:36Z	3.2 kB	67 kB	34.120.237.76
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-09T10:01:47Z	491 B	24 kB	216.58.207.195
ocsp.sectigo.com	487	2019-11-29T12:50:24Z	2023-03-09T11:25:06Z	328 B	963 B	172.64.155.188
netoflix-bc7fae.ingress-baronn.ewp.live	unknown	2022-10-23T00:59:13Z	2023-02-25T16:35:13Z	13 kB	181 kB	63.250.43.10
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-09T11:52:10Z	329 B	797 B	93.184.220.29
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-09T05:09:13Z	594 B	127 B	54.148.77.40
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-09T05:09:18Z	758 B	2.8 kB	143.204.55.27
status.geotrust.com	3662	2017-12-01T09:55:31Z	2023-03-09T05:10:19Z	1.7 kB	3.8 kB	93.184.220.29
www.correoargentino.com.ar	940255	2012-11-14T11:36:20Z	2023-03-09T17:49:36Z	2.5 kB	611 kB	190.139.111.3
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-09T12:17:45Z	780 B	2.4 kB	142.250.74.10

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-10-23	medium	netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/	DHL Airways, Inc.

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-10-23	medium	netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/	Phishing
2022-10-23	medium	netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/filess/form.js.download	Phishing
2022-10-23	medium	netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/filess/tc.js.download	Phishing
2022-10-23	medium	netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/js/main.js	Phishing
2022-10-23	medium	netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/js/validate.js	Phishing
2022-10-23	medium	netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/filess/tc.js.download	Phishing
2022-10-23	medium	netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/info.html	Phishing
2022-10-23	medium	netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/fonts/Delivery_W_Bd.woff	Phishing
2022-10-23	medium	netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/payform.min.js	Phishing
2022-10-23	medium	netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/cform.js	Phishing
2022-10-23	medium	netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/floating-label.js	Phishing
2022-10-23	medium	netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/TelefonicaWeb-Regular.woff	Phishing
2022-10-23	medium	netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/TelefonicaWeb-Regular.ttf	Phishing
2022-10-23	medium	netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/filess/ruxitagentjs_ICA27Vfjqrux_10247220811100421.js.download	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (17)

	URL	Size	First Seen	Last Seen
	netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/info.html	65 B	2023-03-10	2023-03-10
Pretty URL netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/info.html IP 63.250.43.10 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 13:30:49 Last Seen2023-03-10 14:08:15 Times Seen1 Hash c6371e6c1beba4edf568b17ac5cfb087 21aa27608b3badb28b829c56f76ad383f4e16516 6841075021558f385c25178192ca8774b9f82dac0291c3715bdb38c8426fe3b6 Loading...

	netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/js/validate.js	4.7 kB	2023-03-07	2024-04-13
Pretty URL netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/js/validate.js IP 63.250.43.10 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:41:06 Last Seen2024-04-13 06:38:46 Times Seen82 Hash 265dfcedc60a24b17890b6e25cc69e83 c7d22c3465a4ab56993faf512588ecb80d069c52 1a7a952ba172de712135a4e4a692dd86b5342524056f7edb7f76b6bf5d1dd6fb Loading...

	unknown	0 B	2023-03-07	2024-04-24
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-24 11:26:29 Times Seen37037872 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.correoargentino.com.ar/MiCorreo/public/js/app.js	291 kB	2023-03-07	2024-03-23
Pretty URL www.correoargentino.com.ar/MiCorreo/public/js/app.js IP 190.139.111.3 ASN #7303 Telecom Argentina S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:40:58 Last Seen2024-03-23 05:08:59 Times Seen7 Hash 20eb22d13b4f96dd7836c10645cd1ec5 056971e0733a777090f81bb9190ab2eb189fc8f2 fa57aabd28ed4c3f66eaa5dd3c8c2a7f05f02f7d0f55df078a0b3d47351807d4 Loading...

	netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/info.html	306 B	2023-03-10	2023-03-10
Pretty URL netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/info.html IP 63.250.43.10 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 13:30:49 Last Seen2023-03-10 14:08:15 Times Seen1 Hash 5d4503589f278785098885c1ecd7abc4 14096e4f4150e6ac900f1744ad8a9f3a66e7a973 492d8db8a59fe6b1def531f27f84d475e882ad8078e1d003cf814588df76b21f Loading...

	netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/js/main.js	19 kB	2023-03-07	2024-04-13
Pretty URL netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/js/main.js IP 63.250.43.10 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:41:06 Last Seen2024-04-13 06:38:46 Times Seen104 Hash 3812bc15449fbaa041dcbe7407d7b3b5 b71fb048f8c43b746b281db5c54aaa6055ace179 cccdd1c417e2fef1489bcba786e4ab788d62419a923bbf659d112539b2c91931 Loading...

	netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/payform.min.js	12 kB	2023-03-10	2023-08-14
Pretty URL netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/payform.min.js IP 63.250.43.10 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 13:30:49 Last Seen2023-08-14 19:40:33 Times Seen15 Hash 474038b21fc1fdeed190f7c8e5892528 835bca370645c5c8510e793d0d3b97bd7f414945 8f999b751f764a81e9c4ab2d7c692e8be437978c9996e740f50b6d10ee9a1dbb Loading...

	netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/cform.js	1.6 kB	2023-03-10	2023-03-10
Pretty URL netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/cform.js IP 63.250.43.10 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 13:30:49 Last Seen2023-03-10 14:08:15 Times Seen1 Hash f0d25df603f64d49ee2425be5d790b22 369e15944355f0e8653c6129cc2d03b49289e42a 1d4a7449d486936467f1189a8e117357710d1b9c502e5b795b5c258755fdc47d Loading...

	www.correoargentino.com.ar/MiCorreo/public/js/jquery.mask.js	23 kB	2023-03-10	2024-04-12
Pretty URL www.correoargentino.com.ar/MiCorreo/public/js/jquery.mask.js IP 190.139.111.3 ASN #7303 Telecom Argentina S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 13:30:49 Last Seen2024-04-12 08:06:00 Times Seen23 Hash be100aa966c72b3522697ba438f62011 93e9df2942121c3be2d0d41e45e61e69e8fbe786 e40e952fffd779db9077b2fa0928a825dbf8c95c00581159555b4b510ca5236e Loading...

	netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/	146 B	2023-03-10	2023-03-10
Pretty URL netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/ IP 63.250.43.10 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 13:30:49 Last Seen2023-03-10 15:06:46 Times Seen1 Hash ffc423d2123d6f6a818a9fbc9ea1a4c2 ad2a9a6fdb935fc9d8038c0fd8e861b99fcfffac a8c4cf1da295101d531d17274a1457d52db8965700248f51ceb784e409de62bc Loading...

	netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/	550 B	2023-03-10	2023-03-10
Pretty URL netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/ IP 63.250.43.10 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 13:30:49 Last Seen2023-03-10 14:08:15 Times Seen1 Hash d08490941dc682542a2f5b3ff92919be e63dceb03aba4fbe54cc14e1e58a31141f255ec6 5e40c837a4892941c9c8a0a4988ddcb8eb3c91165b8e85759dde623ce8fb39ac Loading...

	netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/	247 B	2023-03-07	2024-04-13
Pretty URL netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/ IP 63.250.43.10 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:41:06 Last Seen2024-04-13 06:38:46 Times Seen55 Hash 98e8bddb6e4d2c4b444d8ebb23d2a2ae e8f2fa3474db34541058638a54a6b1bf05bd7172 cf38abce445f2ddadcdbccde9acf63ace88c5fc97fe6370cb61e396bc44376e3 Loading...

	code.jquery.com/jquery-3.4.1.min.js	88 kB	2023-03-07	2024-04-24
Pretty URL code.jquery.com/jquery-3.4.1.min.js IP 69.16.175.10 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:34 Last Seen2024-04-24 11:09:29 Times Seen95410 Hash 220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Loading...

	netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/floating-label.js	3.4 kB	2023-03-10	2023-03-10
Pretty URL netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/floating-label.js IP 63.250.43.10 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 13:30:49 Last Seen2023-03-10 14:08:15 Times Seen1 Hash 1c43dbfdab264c6191965aa3ef90430b 7138122a538e7096138a824940ba99c3d70b1bf3 4e219f16b17399eade950e6db3ff1715a63e426025cd7e0083a0bb04489883cb Loading...

	www.correoargentino.com.ar/MiCorreo/public/js/bootstrap-datepicker.min.js	27 kB	2023-03-08	2024-01-08
Pretty URL www.correoargentino.com.ar/MiCorreo/public/js/bootstrap-datepicker.min.js IP 190.139.111.3 ASN #7303 Telecom Argentina S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:44:35 Last Seen2024-01-08 06:29:08 Times Seen92 Hash d7694dff0a49e477adc302d6bf64bf82 230c563bce1266516fa365132c45682798f8cc67 f27665c2262330b053834de014a9a1c58974195cae53210b00f190262583d234 Loading...

	www.correoargentino.com.ar/MiCorreo/public/css/bootstrap337/js/bootstrap.min.js	37 kB	2023-03-07	2024-04-24
Pretty URL www.correoargentino.com.ar/MiCorreo/public/css/bootstrap337/js/bootstrap.min.js IP 190.139.111.3 ASN #7303 Telecom Argentina S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:54 Last Seen2024-04-24 08:26:25 Times Seen54522 Hash 5869c96cc8f19086aee625d670d741f9 430a443d74830fe9be26efca431f448c1b3740f9 53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef Loading...

	netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/	619 B	2023-03-10	2023-11-06
Pretty URL netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/ IP 63.250.43.10 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 13:30:49 Last Seen2023-11-06 17:25:47 Times Seen2 Hash d2609643dbd5b206e37a91a59fccee42 ca34bc9a023fc9b09bdc6816aea36a46fca50b77 c4f3c432912112eb7abcb51352a614e90d33889902bed2a64d99a6bc56148bbe Loading...

HTTP Transactions (64)

URL IP Response Size

firefox.settings.services.mozilla.com/v1/

143.204.55.27

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.27:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bdb8b66c705a7b996496d780f50c00b5
403ae92039fcc933870f51f913f78ccaf9652256
c923ed2539f4ce9f4d43743c402fbb2060a52a4cbedbf14c5f5742ab718073d6

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 23 Oct 2022 21:52:52 GMT
Expires: Sun, 23 Oct 2022 22:33:34 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: rB0pNjz3udb14aXI9lVZkX2NO57O0smp6a-S68vp4PdLybr4eyI2Tw==
Age: 43

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
73c4166ca864f777db2cc1cd8658a7c2
c56b66b0b7c8516d4d5bfafe0c166711c78f3d25
310c633350812c064e159275b6dbbdba6d6a5991a54ccfcc23459320c6513572

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "310C633350812C064E159275B6DBBDBA6D6A5991A54CCFCC23459320C6513572"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3294
Expires: Sun, 23 Oct 2022 22:48:29 GMT
Date: Sun, 23 Oct 2022 21:53:35 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cecd3b2e0cd07173ee1fb63b0a744119
774e0935fffd5bb39799c040098e32c3dc88702f
78c2c60f2d752f572f1711e23aa3f82d5e5bce1940064405f6f989886f6315df

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "78C2C60F2D752F572F1711E23AA3F82D5E5BCE1940064405F6F989886F6315DF"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6661
Expires: Sun, 23 Oct 2022 23:44:36 GMT
Date: Sun, 23 Oct 2022 21:53:35 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: T4h1rnp4afS7iv1PLGh+3xYYaV4j0iKFhxxQTYcMIrE+hVpE3ucP4P7GDsPWk/mQBrmq8U2F01A=
x-amz-request-id: G5XV9GZ7T89AN4EM
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 23 Oct 2022 21:08:14 GMT
age: 2721
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 21:53:35 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
079cd18da8a3208de6de3d32aeb40fd1
9557eeaabe4857efbe9a4066c436f3243f852b07
25b198244a5a66bf1a6c17f9bddf3ac44c819457b089104fb6277535eef5d57d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 23 Oct 2022 21:53:35 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 22 Oct 2022 22:30:14 GMT
Expires: Sat, 29 Oct 2022 22:30:13 GMT
Etag: "9557eeaabe4857efbe9a4066c436f3243f852b07"
Cache-Control: max-age=519997,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75edb4d3fd01fac4-OSL

netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/

63.250.43.10

200 OK

3.1 kB

URL HTTP/2
netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
3.1 kB (3069 bytes)
Hash
8063a9172207befade0a8bd806999a24
1ee7c55790b65ac7049adc64c4b99f0feca576ad
aedb564cc24b38d51e82212918ed154a95b16108dda9e2480dd751fbfbe71dc8

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.
fortinet	Phishing

HTTP Headers

GET /wp-content/ass/En/ HTTP/1.1
Host: netoflix-bc7fae.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 21:20:07 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
content-encoding: gzip
x-cacheable: YES
age: 2008
x-cache: HIT
accept-ranges: bytes
content-length: 3069
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.27

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.27:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sun, 23 Oct 2022 21:43:40 GMT
Cache-Control: max-age=3600
Expires: Sun, 23 Oct 2022 21:46:36 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: VJeqTg0sHYPt_YaaWOr5ZlzFPO202Aul-R6EAXpyvUvrfPyfF1jz5g==
Age: 596

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
60d5d7cce6c32a6bdaf0d4c92ec93a1a
cd29edee660366b41749cfd206bdc08fb421449c
fb90c4cc44b32e4ca4a7d1533bbf4a2fd5c482dda5d232f1be2334f3cefbbb0e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3724
Cache-Control: max-age=126911
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 21:53:36 GMT
Etag: "6354f613-1d7"
Expires: Tue, 25 Oct 2022 09:08:47 GMT
Last-Modified: Sun, 23 Oct 2022 08:06:43 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

54.148.77.40

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.148.77.40:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 818GyDmLlh4q2SHfH7hhNg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Y4wKU7OpgjAf1/08DAg8D2icd9g=

netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/filess/patternfly.css

63.250.43.10

200 OK

34 kB

URL HTTP/2
netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/filess/patternfly.css
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (551)
Size
34 kB (34430 bytes)
Hash
6a4683a9ebeeb0bc563777922571adef
cdde97c1450c0d91b426117fbfa7ef50bbaa6a6f
a65eaa721be94d2efe9e3aad523beedc5a1a32dabdedc6a34f32cbe9164848b9

HTTP Headers

GET /wp-content/ass/En/filess/patternfly.css HTTP/1.1
Host: netoflix-bc7fae.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 21:17:23 GMT
last-modified: Sun, 04 Sep 2022 19:04:20 GMT
etag: "6314f6b4-364b5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: text/css
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 2172
x-cache: HIT
accept-ranges: bytes
content-length: 34430
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/filess/patternfly-additions.css

63.250.43.10

200 OK

34 kB

URL HTTP/2
netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/filess/patternfly-additions.css
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type
assembler source, Unicode text, UTF-8 text
Size
34 kB (34218 bytes)
Hash
e9aef5a9ee8ae002407558c82c9ce93f
6547df090599d049ade2f5ab279d904f4e652833
23c8fa6dd2a6bbdba5b4872cbe597c1bb7483945841cb7be96a4e994ffb35e5d

HTTP Headers

GET /wp-content/ass/En/filess/patternfly-additions.css HTTP/1.1
Host: netoflix-bc7fae.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 21:17:23 GMT
last-modified: Sun, 04 Sep 2022 19:04:20 GMT
etag: "6314f6b4-40270"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: text/css
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 2172
x-cache: HIT
accept-ranges: bytes
content-length: 34218
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/filess/styles.css

63.250.43.10

200 OK

4.5 kB

URL HTTP/2
netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/filess/styles.css
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text
Size
4.5 kB (4547 bytes)
Hash
ac85105a3dda6c9624131c015ab07ee2
6b3e1a4638f5ac39d030bd3119eafc4fe79964e3
be7b688dcf0b94f6a86611d9b70f7c763e212577d0d683c3678222b490df168a

HTTP Headers

GET /wp-content/ass/En/filess/styles.css HTTP/1.1
Host: netoflix-bc7fae.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 21:17:24 GMT
last-modified: Sun, 04 Sep 2022 19:04:20 GMT
etag: "6314f6b4-4b2a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: text/css
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 2170
x-cache: HIT
accept-ranges: bytes
content-length: 4547
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/filess/zocial.css

63.250.43.10

200 OK

23 kB

URL HTTP/2
netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/filess/zocial.css
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (23706)
Size
23 kB (22562 bytes)
Hash
ffd5f7d22ee395a24c7a92c0261c4f2e
411514986f9938693bf571b53213db03eca58849
da9c4ca34a43eb71cea4937b6fcc23ef8cd241eed422c40d14d2f09485848af5

HTTP Headers

GET /wp-content/ass/En/filess/zocial.css HTTP/1.1
Host: netoflix-bc7fae.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 21:17:24 GMT
last-modified: Sun, 04 Sep 2022 19:04:20 GMT
etag: "6314f6b4-aba9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: text/css
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 2171
x-cache: HIT
accept-ranges: bytes
content-length: 22562
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/filess/form.js.download

63.250.43.10

200 OK

8.2 kB

URL HTTP/2
netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/filess/form.js.download
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text
Size
8.2 kB (8199 bytes)
Hash
7e0a24e7e5823f8cd1cef0b4f3a65b17
191e08da8d85eb41a14d72cb742aa910c7b074c5
29c53456705cbf1b52b290088c5e76edb1cc4a8c37db3a554a2c956bb11986df

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/ass/En/filess/form.js.download HTTP/1.1
Host: netoflix-bc7fae.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 21:17:25 GMT
last-modified: Sun, 04 Sep 2022 19:04:20 GMT
etag: "6314f6b4-2007"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
content-type: application/octet-stream
content-length: 8199
x-cacheable: YES
age: 2170
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/filess/tc.js.download

63.250.43.10

200 OK

967 B

URL HTTP/2
netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/filess/tc.js.download
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text
Size
967 B (967 bytes)
Hash
6f939ebaf543e9c5d19583b204a12f9d
4605cdfdfcd143e84e872c8188be0a042d1078ab
903b9bd64fb98f2a6f348e1a88ad3e9369bd48bcb3544d4026a1d54db88d49e7

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/ass/En/filess/tc.js.download HTTP/1.1
Host: netoflix-bc7fae.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 21:17:25 GMT
last-modified: Sun, 04 Sep 2022 19:04:22 GMT
etag: "6314f6b6-3c7"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
content-type: application/octet-stream
content-length: 967
x-cacheable: YES
age: 2170
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/me.png

63.250.43.10

200 OK

3.9 kB

URL HTTP/2
netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/me.png
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type
PNG image data, 201 x 28, 8-bit/color RGBA, non-interlaced\012- data
Size
3.9 kB (3856 bytes)
Hash
4b4a3c3c4a9f3d52d819ab29503b4b75
bb5de975e580cbe8ef29af40f8620e83a95208be
cbeb166afbf26b9a5fee0e6784a17c52227a67dcabf89489927a68392c061136

HTTP Headers

GET /wp-content/ass/En/files/me.png HTTP/1.1
Host: netoflix-bc7fae.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 21:26:08 GMT
last-modified: Sun, 04 Sep 2022 13:25:20 GMT
etag: "6314a740-f10"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: image/png
content-length: 3856
x-cacheable: YES
age: 1647
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/js/main.js

63.250.43.10

200 OK

3.6 kB

URL HTTP/2
netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/js/main.js
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (448), with CRLF line terminators
Size
3.6 kB (3633 bytes)
Hash
6422806282f6f15fb97d09116165c823
102fdd744c7027db8697383ef3bc216b2692c800
3144872be0fc6680393a6a028767c54f7e4dfc024d2123fc45490aca8b478d5c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/ass/En/js/main.js HTTP/1.1
Host: netoflix-bc7fae.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 21:17:28 GMT
last-modified: Fri, 29 Apr 2022 07:49:28 GMT
etag: "626b9888-4a96"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: application/javascript
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 2167
x-cache: HIT
accept-ranges: bytes
content-length: 3633
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/js/validate.js

63.250.43.10

200 OK

1.3 kB

URL HTTP/2
netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/js/validate.js
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with CRLF line terminators
Size
1.3 kB (1271 bytes)
Hash
624a15a3f4a7b887bb405f71d655209c
f4d35b321542634c222086a299165dec1da0a348
5d4ada32f54a5b7894fc27735a1243841530ba9aa395d330130c38387bb3715e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/ass/En/js/validate.js HTTP/1.1
Host: netoflix-bc7fae.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 21:17:29 GMT
last-modified: Tue, 14 Jun 2022 19:46:22 GMT
etag: "62a8e58e-125b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: application/javascript
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 2166
x-cache: HIT
accept-ranges: bytes
content-length: 1271
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

status.geotrust.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
status.geotrust.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
60092dfd94e97be383377ec220861004
54bcdc14b293f5a4aaf9479a937de78e1be6b10c
7af16277a67be8505b2e8cc6cc1e197bf93a177e3798d24324abb8500a613837

HTTP Headers

POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=146578
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 21:53:36 GMT
Etag: "63555172-1d7"
Expires: Tue, 25 Oct 2022 14:36:34 GMT
Last-Modified: Sun, 23 Oct 2022 14:36:34 GMT
Server: nginx
Content-Length: 471

status.geotrust.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
status.geotrust.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
60092dfd94e97be383377ec220861004
54bcdc14b293f5a4aaf9479a937de78e1be6b10c
7af16277a67be8505b2e8cc6cc1e197bf93a177e3798d24324abb8500a613837

HTTP Headers

POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=146578
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 21:53:36 GMT
Etag: "63555172-1d7"
Expires: Tue, 25 Oct 2022 14:36:34 GMT
Last-Modified: Sun, 23 Oct 2022 14:36:34 GMT
Server: nginx
Content-Length: 471

status.geotrust.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
status.geotrust.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
60092dfd94e97be383377ec220861004
54bcdc14b293f5a4aaf9479a937de78e1be6b10c
7af16277a67be8505b2e8cc6cc1e197bf93a177e3798d24324abb8500a613837

HTTP Headers

POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=146578
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 21:53:36 GMT
Etag: "63555172-1d7"
Expires: Tue, 25 Oct 2022 14:36:34 GMT
Last-Modified: Sun, 23 Oct 2022 14:36:34 GMT
Server: nginx
Content-Length: 471

status.geotrust.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
status.geotrust.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
60092dfd94e97be383377ec220861004
54bcdc14b293f5a4aaf9479a937de78e1be6b10c
7af16277a67be8505b2e8cc6cc1e197bf93a177e3798d24324abb8500a613837

HTTP Headers

POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=146578
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 21:53:36 GMT
Etag: "63555172-1d7"
Expires: Tue, 25 Oct 2022 14:36:34 GMT
Last-Modified: Sun, 23 Oct 2022 14:36:34 GMT
Server: nginx
Content-Length: 471

status.geotrust.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
status.geotrust.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
60092dfd94e97be383377ec220861004
54bcdc14b293f5a4aaf9479a937de78e1be6b10c
7af16277a67be8505b2e8cc6cc1e197bf93a177e3798d24324abb8500a613837

HTTP Headers

POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=146578
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 21:53:36 GMT
Etag: "63555172-1d7"
Expires: Tue, 25 Oct 2022 14:36:34 GMT
Last-Modified: Sun, 23 Oct 2022 14:36:34 GMT
Server: nginx
Content-Length: 471

netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/filess/tc.js.download

63.250.43.10

200 OK

967 B

URL HTTP/2
netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/filess/tc.js.download
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text
Size
967 B (967 bytes)
Hash
6f939ebaf543e9c5d19583b204a12f9d
4605cdfdfcd143e84e872c8188be0a042d1078ab
903b9bd64fb98f2a6f348e1a88ad3e9369bd48bcb3544d4026a1d54db88d49e7

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/ass/En/filess/tc.js.download HTTP/1.1
Host: netoflix-bc7fae.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 21:17:25 GMT
last-modified: Sun, 04 Sep 2022 19:04:22 GMT
etag: "6314f6b6-3c7"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
content-type: application/octet-stream
content-length: 967
x-cacheable: YES
age: 2171
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

www.correoargentino.com.ar/MiCorreo/public/js/jquery.mask.js

190.139.111.3

200 OK

23 kB

URL HTTP/1.1
www.correoargentino.com.ar/MiCorreo/public/js/jquery.mask.js
IP
190.139.111.3:0
ASN
#7303 Telecom Argentina S.A.

File type
ASCII text
Size
23 kB (22803 bytes)
Hash
be100aa966c72b3522697ba438f62011
93e9df2942121c3be2d0d41e45e61e69e8fbe786
e40e952fffd779db9077b2fa0928a825dbf8c95c00581159555b4b510ca5236e

HTTP Headers

GET /MiCorreo/public/js/jquery.mask.js HTTP/1.1
Host: www.correoargentino.com.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://netoflix-bc7fae.ingress-baronn.ewp.live/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 21:53:31 GMT
Content-Type: application/javascript
Last-Modified: Tue, 10 Apr 2018 13:18:20 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin
Accept-Ranges: bytes
Set-Cookie: Path=/; HttpOnly; Secure
BIGipServerPL_PROD_MiCorreo=3691774218.47873.0000; path=/; Httponly; Secure
Transfer-Encoding: chunked

www.correoargentino.com.ar/MiCorreo/public/js/bootstrap-datepicker.min.js

190.139.111.3

200 OK

27 kB

URL HTTP/1.1
www.correoargentino.com.ar/MiCorreo/public/js/bootstrap-datepicker.min.js
IP
190.139.111.3:0
ASN
#7303 Telecom Argentina S.A.

File type
ASCII text, with very long lines (26799), with no line terminators
Size
27 kB (26799 bytes)
Hash
d7694dff0a49e477adc302d6bf64bf82
230c563bce1266516fa365132c45682798f8cc67
f27665c2262330b053834de014a9a1c58974195cae53210b00f190262583d234

HTTP Headers

GET /MiCorreo/public/js/bootstrap-datepicker.min.js HTTP/1.1
Host: www.correoargentino.com.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://netoflix-bc7fae.ingress-baronn.ewp.live/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 21:53:31 GMT
Content-Type: application/javascript
Last-Modified: Tue, 10 Apr 2018 13:18:20 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin
Accept-Ranges: bytes
Set-Cookie: Path=/; HttpOnly; Secure
BIGipServerPL_PROD_MiCorreo=3691774218.47873.0000; path=/; Httponly; Secure
Transfer-Encoding: chunked

www.correoargentino.com.ar/MiCorreo/public/css/extras.css

190.139.111.3

200 OK

41 kB

URL HTTP/1.1
www.correoargentino.com.ar/MiCorreo/public/css/extras.css
IP
190.139.111.3:0
ASN
#7303 Telecom Argentina S.A.

File type
ISO-8859 text
Size
41 kB (41441 bytes)
Hash
fb64287ed1c4c2e999c52d0f4277c182
28821f302b441d5d81e3ff83436bde42b0cb7805
693711b23d6dd246ec7eaa135a3250437fe0681f4e66c7f5c92d6ae096fa19bc

HTTP Headers

GET /MiCorreo/public/css/extras.css HTTP/1.1
Host: www.correoargentino.com.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://netoflix-bc7fae.ingress-baronn.ewp.live/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 21:53:31 GMT
Content-Type: text/css
Last-Modified: Thu, 16 Jul 2020 10:39:22 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin
Accept-Ranges: bytes
Set-Cookie: Path=/; HttpOnly; Secure
BIGipServerPL_PROD_MiCorreo=3691774218.47873.0000; path=/; Httponly; Secure
Transfer-Encoding: chunked

www.correoargentino.com.ar/MiCorreo/public/css/bootstrap337/js/bootstrap.min.js

190.139.111.3

200 OK

37 kB

URL HTTP/1.1
www.correoargentino.com.ar/MiCorreo/public/css/bootstrap337/js/bootstrap.min.js
IP
190.139.111.3:0
ASN
#7303 Telecom Argentina S.A.

File type
ASCII text, with very long lines (32033)
Size
37 kB (37045 bytes)
Hash
5869c96cc8f19086aee625d670d741f9
430a443d74830fe9be26efca431f448c1b3740f9
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

HTTP Headers

GET /MiCorreo/public/css/bootstrap337/js/bootstrap.min.js HTTP/1.1
Host: www.correoargentino.com.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://netoflix-bc7fae.ingress-baronn.ewp.live/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 21:53:31 GMT
Content-Type: application/javascript
Last-Modified: Tue, 10 Apr 2018 13:18:57 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin
Accept-Ranges: bytes
Set-Cookie: Path=/; HttpOnly; Secure
BIGipServerPL_PROD_MiCorreo=3691774218.47873.0000; path=/; Httponly; Secure
Transfer-Encoding: chunked

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4c236f4ca13cd8fafc580bceb0995642
b6a7de7a8d994ed2cfb5ac74b6d7703de515ecdb
671228953eba5b2678df03acebb493e411752c6f5f72ff7f1e485032241d4aeb

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 21:53:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4c236f4ca13cd8fafc580bceb0995642
b6a7de7a8d994ed2cfb5ac74b6d7703de515ecdb
671228953eba5b2678df03acebb493e411752c6f5f72ff7f1e485032241d4aeb

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 21:53:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.googleapis.com/css?family=Cabin

142.250.74.10

200 OK

899 B

URL HTTP/2
fonts.googleapis.com/css?family=Cabin
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type
data
Size
899 B (899 bytes)
Hash
4e679923ac823f08c1620a7a83d4714e
372463567e679b5011f1af0d0d4c86ceade06126
25f9ce01f967497d21bc9044771e6516561da765c9636eb096e3e32bee073f83

HTTP Headers

GET /css?family=Cabin HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.correoargentino.com.ar/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 23 Oct 2022 21:53:37 GMT
date: Sun, 23 Oct 2022 21:53:37 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bed68ee568e74be152402c71cbf26510
38092ae53739e8ee13362c84df108bad734c4b64
26cd9ff2fb48cc7fb7c83cc325f4cb4713fc442cc4842baa728c570081be0445

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "26CD9FF2FB48CC7FB7C83CC325F4CB4713FC442CC4842BAA728C570081BE0445"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12994
Expires: Mon, 24 Oct 2022 01:30:11 GMT
Date: Sun, 23 Oct 2022 21:53:37 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bed68ee568e74be152402c71cbf26510
38092ae53739e8ee13362c84df108bad734c4b64
26cd9ff2fb48cc7fb7c83cc325f4cb4713fc442cc4842baa728c570081be0445

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "26CD9FF2FB48CC7FB7C83CC325F4CB4713FC442CC4842BAA728C570081BE0445"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12994
Expires: Mon, 24 Oct 2022 01:30:11 GMT
Date: Sun, 23 Oct 2022 21:53:37 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bed68ee568e74be152402c71cbf26510
38092ae53739e8ee13362c84df108bad734c4b64
26cd9ff2fb48cc7fb7c83cc325f4cb4713fc442cc4842baa728c570081be0445

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "26CD9FF2FB48CC7FB7C83CC325F4CB4713FC442CC4842BAA728C570081BE0445"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12994
Expires: Mon, 24 Oct 2022 01:30:11 GMT
Date: Sun, 23 Oct 2022 21:53:37 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bed68ee568e74be152402c71cbf26510
38092ae53739e8ee13362c84df108bad734c4b64
26cd9ff2fb48cc7fb7c83cc325f4cb4713fc442cc4842baa728c570081be0445

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "26CD9FF2FB48CC7FB7C83CC325F4CB4713FC442CC4842BAA728C570081BE0445"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12994
Expires: Mon, 24 Oct 2022 01:30:11 GMT
Date: Sun, 23 Oct 2022 21:53:37 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2aa538fb-7cd1-41f1-aacd-b9ff42991b8b.jpeg

34.120.237.76

200 OK

8.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2aa538fb-7cd1-41f1-aacd-b9ff42991b8b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.4 kB (8361 bytes)
Hash
72d843f94f06a00091ded227a40f24f7
7becba083c646f4715513e07d297ebc56f9d22ab
407d2ea28f44456af3f0f7b7f594703b08d15a5d682756bcad17de85dce65cd7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2aa538fb-7cd1-41f1-aacd-b9ff42991b8b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8361
x-amzn-requestid: 23942897-d28e-4661-b941-1c8eb5ae9735
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aelO4E4BIAMFcpw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6355b592-4df057fb403df49841961951;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 21:43:46 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Ybm5nbcEOMZT4vaC5dx7ji-VXg11O3AUZFfE42y418bv-QU0ntK_MQ==
via: 1.1 b637bd7696854d7acbf96132dcf53200.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 21:46:36 GMT
age: 421
etag: "7becba083c646f4715513e07d297ebc56f9d22ab"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e44a0c5-308b-4a3c-a704-fed082e5c701.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10639 bytes)
Hash
f1a2e95e4cdae92b60d0fde61c6c8312
fa110a433705597d1384e6d5dd0e757090dbe366
bfa8bc3faf60272c250c0b7d220c90bcf9f01267907dd81465ed0a6a4fda8fdc

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e44a0c5-308b-4a3c-a704-fed082e5c701.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10639
x-amzn-requestid: 983ddbdb-f97d-44dc-b502-6a555f50217f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aelDaEkBoAMFcRg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6355b548-351c26ae42c01c94616d04b4;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 21:42:32 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 05znhcULmL8iPplTvsxxMD0wy4YUADkAs0t2T_AhTUBf1pBKAcc0EA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 21:46:36 GMT
age: 421
etag: "fa110a433705597d1384e6d5dd0e757090dbe366"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7361cd7-8ea8-4a4b-8e5a-6e3ef375eb7e.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.2 kB (7185 bytes)
Hash
c16ee3c480c8ee5b51b7dd88375649ae
885e2070d3ea7973fd978e1e9c247ce248afdbbb
4086d5476b9f3b6c06535fc588784c19a52008178cbdeccbff4c98497bd8e428

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7361cd7-8ea8-4a4b-8e5a-6e3ef375eb7e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7185
x-amzn-requestid: 5bbcd9f1-fa0a-4591-a38c-b472e2ef148f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aelC7EZ4oAMFmvA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6355b545-754aa64e1249811f2c019641;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 21:42:29 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: qkk3lDqVtpedvxCxGrNyJVjGIW6-VJqpMgBxHjaRatILglKJ96Tfvg==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 21:46:36 GMT
age: 421
etag: "885e2070d3ea7973fd978e1e9c247ce248afdbbb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F888df8db-5e36-4530-9f02-09268aefe1af.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (12770 bytes)
Hash
9896b15d25725efe19642f3e70ec9103
9f030fdc38125b6b523b0d12571d666907a83f4d
88a74f5fd7e694aa473ff0b1a2cc7f2328738dc9acf5c61f2501877dc72ec9bb

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F888df8db-5e36-4530-9f02-09268aefe1af.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12770
x-amzn-requestid: c40e1251-15f4-486c-8744-af05d80ff14e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aelkxERXoAMFdvw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6355b61e-1bb648e9150a5cb95d69b3c5;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 21:46:06 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: sTJGU6qqr-QIRMcYv4KRrL8_lHTZlQ8nteOgwApR9yaf77wYX3LqFg==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 21:46:36 GMT
age: 421
etag: "9f030fdc38125b6b523b0d12571d666907a83f4d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13985f97-93f1-44be-8be0-92fb128d3c51.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11927 bytes)
Hash
5516af00c2c5dcb5a8c873b6f61ea0df
088236fab64197c530ba85242bf798f13669179e
c7a99982b8af0e2b28bab9cf5b24fc75b50ae172d5c529efec9161c7d436ff90

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13985f97-93f1-44be-8be0-92fb128d3c51.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11927
x-amzn-requestid: 78067be5-c9cf-4ee0-a5b0-86fd32baca38
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aelCxGiFIAMFWHw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6355b544-5df3064a5b15f2ee370e4016;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 21:42:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: tzYdJmmDsOLwZBBJ2z_RXL17am3WgRC372zZQ3Va8hBlsEC5bLvjdw==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 21:46:36 GMT
age: 421
etag: "088236fab64197c530ba85242bf798f13669179e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff75bf2c3-b1dc-465c-ba9a-30b41f6f5cac.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.6 kB (9568 bytes)
Hash
c9b1a13676d3fac304595806959135a2
9c16b23d37594b041cf8678399e6eaeb690346a9
7bc8f67670709caae6b39435fdaa3e5c71b9b30db76c006cc2c841300291a246

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff75bf2c3-b1dc-465c-ba9a-30b41f6f5cac.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9568
x-amzn-requestid: 0a162a3c-1723-4926-8651-7d22ecade080
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aelN4EVKoAMFWnw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6355b58b-10dae6262d730d1f12c50a20;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 21:43:39 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: e6PyqYG1xwBqFI9Xgbwto7aYrv_0Mu4OKyRfuLUFWberMEF00Qo5QA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 21:46:36 GMT
age: 421
etag: "9c16b23d37594b041cf8678399e6eaeb690346a9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.correoargentino.com.ar/MiCorreo/public/css/styles.css

190.139.111.3

200 OK

189 kB

URL HTTP/1.1
www.correoargentino.com.ar/MiCorreo/public/css/styles.css
IP
190.139.111.3:0
ASN
#7303 Telecom Argentina S.A.

File type
ASCII text, with very long lines (540), with CRLF line terminators
Size
189 kB (188951 bytes)
Hash
62e92ac931d49a8ecfb047ac3078c974
0cc027d6ac10a2b63a22a79f9c9569fcaecb701c
223a0eb8aba9e50fff40b715f278d1c63c0b76a5119fdaf9d3cee225dc3ca9c7

HTTP Headers

GET /MiCorreo/public/css/styles.css HTTP/1.1
Host: www.correoargentino.com.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://netoflix-bc7fae.ingress-baronn.ewp.live/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 21:53:31 GMT
Content-Type: text/css
Last-Modified: Mon, 11 Jan 2021 16:40:39 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin
Accept-Ranges: bytes
Set-Cookie: Path=/; HttpOnly; Secure
BIGipServerPL_PROD_MiCorreo=3691774218.47873.0000; path=/; Httponly; Secure
Transfer-Encoding: chunked

www.correoargentino.com.ar/MiCorreo/public/js/app.js

190.139.111.3

200 OK

291 kB

URL HTTP/1.1
www.correoargentino.com.ar/MiCorreo/public/js/app.js
IP
190.139.111.3:0
ASN
#7303 Telecom Argentina S.A.

File type
ASCII text, with very long lines (36909)
Size
291 kB (290862 bytes)
Hash
20eb22d13b4f96dd7836c10645cd1ec5
056971e0733a777090f81bb9190ab2eb189fc8f2
fa57aabd28ed4c3f66eaa5dd3c8c2a7f05f02f7d0f55df078a0b3d47351807d4

HTTP Headers

GET /MiCorreo/public/js/app.js HTTP/1.1
Host: www.correoargentino.com.ar
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://netoflix-bc7fae.ingress-baronn.ewp.live/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 21:53:31 GMT
Content-Type: application/javascript
Last-Modified: Tue, 10 Apr 2018 13:18:20 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin
Accept-Ranges: bytes
Set-Cookie: Path=/; HttpOnly; Secure
BIGipServerPL_PROD_MiCorreo=3691774218.47873.0000; path=/; Httponly; Secure
Transfer-Encoding: chunked

netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/info.html

63.250.43.10

200 OK

3.4 kB

URL HTTP/2
netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/info.html
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (313)
Size
3.4 kB (3374 bytes)
Hash
a1911c91520c8de1fba7bbbf61cf6493
47cb36fa9f80746db4a71142e68b761cb5544b81
9b13070334e9b34ab93482a8f0e774218b923d7569e8d104f9179d071ee206e8

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/ass/En/info.html HTTP/1.1
Host: netoflix-bc7fae.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 21:23:16 GMT
last-modified: Sun, 04 Sep 2022 17:55:28 GMT
etag: "6314e690-28be"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
content-type: text/html
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 1821
x-cache: HIT
accept-ranges: bytes
content-length: 3374
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/fonts/Delivery_W_Bd.woff

63.250.43.10

404 Not Found

146 B

URL HTTP/2
netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/fonts/Delivery_W_Bd.woff
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/ass/En/fonts/Delivery_W_Bd.woff HTTP/1.1
Host: netoflix-bc7fae.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/filess/styles.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Sun, 23 Oct 2022 21:53:38 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.4.1.min.js

69.16.175.10

200 OK

31 kB

URL HTTP/2
code.jquery.com/jquery-3.4.1.min.js
IP
69.16.175.10:0
ASN
#20446 STACKPATH-CDN

File type
ASCII text, with very long lines (65451)
Size
31 kB (30638 bytes)
Hash
9abb42735168ac9e960b770179b642aa
11475bf8c7244af7a820108b7762e7a3f95aa52c
df53c09a6546b3d23dc0b2d0d92c39808c5663a75f4bf1f8d035fd11b7c81243

HTTP Headers

GET /jquery-3.4.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://netoflix-bc7fae.ingress-baronn.ewp.live/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 23 Oct 2022 21:53:38 GMT
content-encoding: gzip
content-length: 30638
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-15851"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1666562018.dop229.sk1.t,1666562018.cds250.sk1.hn,1666562018.cds201.sk1.c
X-Firefox-Spdy: h2

netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/none.css

63.250.43.10

200 OK

18 kB

URL HTTP/2
netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/none.css
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
18 kB (17870 bytes)
Hash
c5b2663f94fe051868ebcb5c5dabc91f
bfeac944c483d2667cc646b840a3e48c589adfce
f059b40789b72a53bbcd74c880305bf87dae234bd6033220ae215084d8480256

HTTP Headers

GET /wp-content/ass/En/files/none.css HTTP/1.1
Host: netoflix-bc7fae.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/info.html
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 21:23:17 GMT
last-modified: Mon, 03 Jul 2017 02:59:46 GMT
etag: "5959b322-1a8d8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: text/css
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 1821
x-cache: HIT
accept-ranges: bytes
content-length: 17870
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/ccli-app.css

63.250.43.10

200 OK

13 kB

URL HTTP/2
netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/ccli-app.css
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type
Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Size
13 kB (12663 bytes)
Hash
5706e668950d8659a1d4684b8430f626
33fb14acf6f9877ee1f9a9eede321d60dd3756a6
9b92b0e5b3db15597ef90f1f3d7fc2b6a13a4f579c69efc16c7822c426ce22f7

HTTP Headers

GET /wp-content/ass/En/files/ccli-app.css HTTP/1.1
Host: netoflix-bc7fae.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/info.html
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 21:23:18 GMT
last-modified: Fri, 20 Nov 2020 19:27:46 GMT
etag: "5fb818b2-184cb"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: text/css
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 1820
x-cache: HIT
accept-ranges: bytes
content-length: 12663
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/styles.css

63.250.43.10

200 OK

1.4 kB

URL HTTP/2
netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/styles.css
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text
Size
1.4 kB (1396 bytes)
Hash
27a297dd90d7654ccb08a312bbc3d746
3241218d1b35fbeff05e608e37ec98e451a4e2a6
6c595847427248bf1734b6b28bb165c0b8f75580747262654af583c5b5adb59e

HTTP Headers

GET /wp-content/ass/En/files/styles.css HTTP/1.1
Host: netoflix-bc7fae.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/info.html
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 21:23:19 GMT
last-modified: Fri, 13 Nov 2020 21:44:36 GMT
etag: "5faefe44-1093"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: text/css
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 1819
x-cache: HIT
accept-ranges: bytes
content-length: 1396
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/pygment_trac.css

63.250.43.10

200 OK

873 B

URL HTTP/2
netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/pygment_trac.css
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type
assembler source, ASCII text
Size
873 B (873 bytes)
Hash
8275db9714d2d32698082248a99e64a4
7ec45d45424b26be9dc5dbc4e9cfdebb1f965575
a9be03db51e0924005f250907e86af5532a1598dbcf451d2d093a731d3ed49a6

HTTP Headers

GET /wp-content/ass/En/files/pygment_trac.css HTTP/1.1
Host: netoflix-bc7fae.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/info.html
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 21:23:19 GMT
last-modified: Fri, 13 Nov 2020 02:11:38 GMT
etag: "5fadeb5a-1048"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: text/css
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 1819
x-cache: HIT
accept-ranges: bytes
content-length: 873
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/ico/null.png

63.250.43.10

200 OK

2.5 kB

URL HTTP/2
netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/ico/null.png
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type
PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Size
2.5 kB (2476 bytes)
Hash
5edeb54f6d96c503c8137273994f5697
2853f0d8707eb61004942b204779417cf71dd85b
b13b83b70039114ae4c7b5669b5915415ad033f03302149c494c970d81fef94e

HTTP Headers

GET /wp-content/ass/En/files/ico/null.png HTTP/1.1
Host: netoflix-bc7fae.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/info.html
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 21:26:08 GMT
last-modified: Fri, 13 Nov 2020 02:11:38 GMT
etag: "5fadeb5a-9ac"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: image/png
content-length: 2476
x-cacheable: YES
age: 1649
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/ico/cvc.png

63.250.43.10

200 OK

3.3 kB

URL HTTP/2
netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/ico/cvc.png
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type
PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced\012- data
Size
3.3 kB (3306 bytes)
Hash
c9894f2078b07a48349a604f690fd2cf
371ae0a9d314be613073d3030835b585027bca46
e93c3274bc247568e2f6572e69f9348f5966220d58b98e8e2c2ae635bc99a5e9

HTTP Headers

GET /wp-content/ass/En/files/ico/cvc.png HTTP/1.1
Host: netoflix-bc7fae.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/info.html
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 21:26:08 GMT
last-modified: Fri, 13 Nov 2020 02:11:38 GMT
etag: "5fadeb5a-cea"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: image/png
content-length: 3306
x-cacheable: YES
age: 1649
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/payform.min.js

63.250.43.10

200 OK

3.2 kB

URL HTTP/2
netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/payform.min.js
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type
Unicode text, UTF-8 text, with very long lines (12007), with no line terminators
Size
3.2 kB (3223 bytes)
Hash
c8280ed293452e72a5c0e2c8ac8aa7f1
babaa13492f283aebd92faf5e689eb8e55c391dc
454832433c64e9e930f4e5b3b7328114400ed3ffea936523455e477f458cf020

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/ass/En/files/payform.min.js HTTP/1.1
Host: netoflix-bc7fae.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/info.html
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 21:23:21 GMT
last-modified: Fri, 13 Nov 2020 02:11:38 GMT
etag: "5fadeb5a-2efb"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: application/javascript
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 1817
x-cache: HIT
accept-ranges: bytes
content-length: 3223
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/cform.js

63.250.43.10

200 OK

599 B

URL HTTP/2
netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/cform.js
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type
Algol 68 source text\012- Pascal source, ASCII text
Size
599 B (599 bytes)
Hash
0d283bc2b4f8b061450987ea90cd58c1
55bdcf006e4610ead17b23e784f49d38d5340258
d3ed8110228e568c5b55704107bcde9c4c31598268c4ae3d698a2c188d0efb4f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/ass/En/files/cform.js HTTP/1.1
Host: netoflix-bc7fae.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/info.html
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 21:23:22 GMT
last-modified: Fri, 20 Nov 2020 19:45:58 GMT
etag: "5fb81cf6-63e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: application/javascript
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 1816
x-cache: HIT
accept-ranges: bytes
content-length: 599
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/floating-label.js

63.250.43.10

200 OK

1.0 kB

URL HTTP/2
netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/floating-label.js
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text
Size
1.0 kB (1017 bytes)
Hash
dac0d28743f7db7c94974cc0ac7e4274
786c3731693981c6cb70fc5af09bdffed3985055
66b853c8fd82d5e18af27e9240b1136acf4492de0570160bd5a7bfccadbbe4d4

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/ass/En/files/floating-label.js HTTP/1.1
Host: netoflix-bc7fae.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/info.html
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 21:23:22 GMT
last-modified: Sun, 15 Nov 2020 05:09:04 GMT
etag: "5fb0b7f0-d21"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: application/javascript
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 1816
x-cache: HIT
accept-ranges: bytes
content-length: 1017
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/TelefonicaWeb-Regular.woff

63.250.43.10

404 Not Found

146 B

URL HTTP/2
netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/TelefonicaWeb-Regular.woff
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/ass/En/files/TelefonicaWeb-Regular.woff HTTP/1.1
Host: netoflix-bc7fae.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/ccli-app.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Sun, 23 Oct 2022 21:53:39 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
ffbfbd6d5d1e91af3c02313339eed0d0
df6457b655ac278fe32f3015bba4cff22dae5b2d
1991ca3e854e53f89b92ce93e01e6094f815b1d2c7c31e664481760211ac200a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 21:53:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh7USSwiPGQ.woff2

216.58.207.195

200 OK

23 kB

URL HTTP/2
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh7USSwiPGQ.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 23236, version 1.0\012- data
Size
23 kB (23236 bytes)
Hash
716309aab2bca045f9627f63ad79d0bf
38804233a29aaf975d557fe14e762c627bef76e0
115f6a626ca115d4ad5581b59275327e0e860b30330a52b0f785561332dd2429

HTTP Headers

GET /s/lato/v23/S6u9w4BMUTPHh7USSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://netoflix-bc7fae.ingress-baronn.ewp.live
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 18 Oct 2022 17:17:26 GMT
expires: Wed, 18 Oct 2023 17:17:26 GMT
cache-control: public, max-age=31536000
age: 448573
last-modified: Tue, 26 Apr 2022 16:04:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/favicon.ico

63.250.43.10

200 OK

325 B

URL HTTP/2
netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/favicon.ico
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
325 B (325 bytes)
Hash
f63e141923d43d11aab30a4030edafe7
cdfb041e7965052d227fe433ef58df954a4bc861
3ef098bcfadd875ac72907c1bba9c780f5e2e49ece436b94883525055aa32023

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - DHL

HTTP Headers

GET /wp-content/ass/En/files/favicon.ico HTTP/1.1
Host: netoflix-bc7fae.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 21:23:03 GMT
last-modified: Sun, 04 Sep 2022 12:32:56 GMT
etag: "63149af8-47e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: image/x-icon
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 1835
x-cache: HIT
accept-ranges: bytes
content-length: 325
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
ffbfbd6d5d1e91af3c02313339eed0d0
df6457b655ac278fe32f3015bba4cff22dae5b2d
1991ca3e854e53f89b92ce93e01e6094f815b1d2c7c31e664481760211ac200a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 21:53:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/TelefonicaWeb-Regular.ttf

63.250.43.10

404 Not Found

146 B

URL HTTP/2
netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/TelefonicaWeb-Regular.ttf
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/ass/En/files/TelefonicaWeb-Regular.ttf HTTP/1.1
Host: netoflix-bc7fae.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/files/ccli-app.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Sun, 23 Oct 2022 21:53:39 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/filess/ruxitagentjs_ICA27Vfjqrux_10247220811100421.js.download

63.250.43.10

200 OK

0 B

URL HTTP/2
netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/filess/ruxitagentjs_ICA27Vfjqrux_10247220811100421.js.download
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/ass/En/filess/ruxitagentjs_ICA27Vfjqrux_10247220811100421.js.download HTTP/1.1
Host: netoflix-bc7fae.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://netoflix-bc7fae.ingress-baronn.ewp.live/wp-content/ass/En/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 21:23:05 GMT
last-modified: Sun, 04 Sep 2022 19:04:20 GMT
etag: "6314f6b4-366b8"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
content-type: application/octet-stream
content-length: 222904
x-cacheable: YES
age: 1830
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Cabin+Condensed

142.250.74.10

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Cabin+Condensed
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Cabin+Condensed HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.correoargentino.com.ar/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 23 Oct 2022 21:53:37 GMT
date: Sun, 23 Oct 2022 21:53:37 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (17)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP