r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a9f1d4d98705c281fed3b60343463200
db6f8aa98d2eda4e5473b116a222c3055568bb78
164d11173045b569cafb32e300e4c1ec6d6ab177fd34d0414cc40c541268779f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "164D11173045B569CAFB32E300E4C1EC6D6AB177FD34D0414CC40C541268779F"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6386
Expires: Sun, 27 Nov 2022 00:11:57 GMT
Date: Sat, 26 Nov 2022 22:25:31 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash 15b59d5e62caedb4bec3ba6724906c1e
960f801e608a56fdd11449f4face29f62cad2b21
8c72a45737c2eeddf328b0ed3236f3243551d904e94ec9dd7254972ebfb9229e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1568
Cache-Control: max-age=131505
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 22:25:31 GMT
Etag: "6381eaec-1d7"
Expires: Mon, 28 Nov 2022 10:57:16 GMT
Last-Modified: Sat, 26 Nov 2022 10:31:08 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 260e9998c20d831b66f1029c8f47aac9
716d630f647c54dc69a7f9c63a6cac294b3df7f7
c9951a909f354174f0075a01c01c3c3aa6960983040e328bfbbbea81aeb405c2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C9951A909F354174F0075A01C01C3C3AA6960983040E328BFBBBEA81AEB405C2"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7307
Expires: Sun, 27 Nov 2022 00:27:18 GMT
Date: Sat, 26 Nov 2022 22:25:31 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 26 Nov 2022 22:17:33 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 478
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Xi0yQfO5V2Mx58yrfIjsvdOYWKZY/m+NfpjnRi4v2WLPAXcIGwNRHaw/lMTU781j300q9wMZEOI=
x-amz-request-id: HCHZJDVZ6JJVQDAQ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 26 Nov 2022 21:41:22 GMT
age: 2649
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 22:25:31 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
discount-banks.com/
200 OK 2.5 kB IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (425)
Hash c19c75eb94140232266e4823b57a2d01
1340d6d729b8e7d7bf6077138febaa9202f4fd66
fa6590d31fe08aa4b920df47d95bcd00d7b173eed380333cfaeb5ff0a7700988
Analyzer Verdict Alert openphish Generic/Spear Phishing
fortinet Phishing
GET / HTTP/1.1
Host: discount-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 22:25:31 GMT
Server: Apache
Last-Modified: Fri, 25 Nov 2022 12:10:54 GMT
Accept-Ranges: bytes
Content-Length: 2499
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 26 Nov 2022 22:08:54 GMT
cache-control: public,max-age=3600
age: 998
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
discount-banks.com/js/runtime.04f78f22239251e1.js
200 OK 5.0 kB URL HTTP/1.1 discount-banks.com/js/runtime.04f78f22239251e1.js
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (961), with CRLF line terminators
Hash 60db4801dc3116809a61d4eb1fbf5412
984762a5ea8c74f5f4856fa74ea808a5d09227c5
686651c3565af55b848991810a11642a3c012adac4f34a449c6343b1d891b48d
Analyzer Verdict Alert openphish Generic/Spear Phishing
fortinet Phishing
GET /js/runtime.04f78f22239251e1.js HTTP/1.1
Host: discount-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 22:25:32 GMT
Server: Apache
Last-Modified: Wed, 16 Nov 2022 12:43:54 GMT
Accept-Ranges: bytes
Content-Length: 4962
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
ocsp.digicert.com/
200 OK 471 B IP
Hash d3df71aab146eefc49acb608796aab63
8401892995193919376dfcd798b09c8261579454
a616c1e54e896576601e6107c1814adbebf35364d8ed807cdd89ac36b8200c88
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5169
Cache-Control: max-age=130048
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 22:25:32 GMT
Etag: "6381d72b-1d7"
Expires: Mon, 28 Nov 2022 10:33:00 GMT
Last-Modified: Sat, 26 Nov 2022 09:06:51 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash 5c7e9efc358d05e81f128a29e314fb01
f836295a4b6a26ffeb25831baf3545632d2e9e56
5826705e8f694c4376e60ce3a22bf218d804ab2bac85679b3f171b3657a05fbb
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 26 Nov 2022 22:25:32 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 26 Nov 2022 19:41:01 GMT
Expires: Sun, 27 Nov 2022 19:41:01 GMT
ETag: "f836295a4b6a26ffeb25831baf3545632d2e9e56"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash 5c7e9efc358d05e81f128a29e314fb01
f836295a4b6a26ffeb25831baf3545632d2e9e56
5826705e8f694c4376e60ce3a22bf218d804ab2bac85679b3f171b3657a05fbb
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 26 Nov 2022 22:25:32 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 26 Nov 2022 19:41:01 GMT
Expires: Sun, 27 Nov 2022 19:41:01 GMT
ETag: "f836295a4b6a26ffeb25831baf3545632d2e9e56"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
api.telegram.org/bot5817482971:AAHzPGhjSpXW3tCWeODSkluv2HK7ZBRk5Gg/sendMessage
204 No Content 0 B URL HTTP/2 api.telegram.org/bot5817482971:AAHzPGhjSpXW3tCWeODSkluv2HK7ZBRk5Gg/sendMessage
IP
ASN #62041 Telegram Messenger Inc
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /bot5817482971:AAHzPGhjSpXW3tCWeODSkluv2HK7ZBRk5Gg/sendMessage HTTP/1.1
Host: api.telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://discount-banks.com/
Origin: http://discount-banks.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx/1.18.0
date: Sat, 26 Nov 2022 22:25:32 GMT
access-control-max-age: 86400
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: content-type
access-control-expose-headers: Content-Length,Content-Type,Date,Server,Connection
X-Firefox-Spdy: h2
discount-banks.com/images/page_loader.gif
200 OK 14 kB URL HTTP/1.1 discount-banks.com/images/page_loader.gif
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 160 x 50\012- data
Hash 15578324668cdd2ac72266007e353c2b
89c5cda1e602c53c1e4788e197074ac54633ff57
5aee346f86ec6f8657ed0ee2f55ed00701cba9af0e02771e55bacadb041884ff
Analyzer Verdict Alert openphish Generic/Spear Phishing
GET /images/page_loader.gif HTTP/1.1
Host: discount-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 22:25:32 GMT
Server: Apache
Last-Modified: Wed, 16 Nov 2022 10:40:36 GMT
Accept-Ranges: bytes
Content-Length: 14388
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif
discount-banks.com/css/styles.3aa76272f469279a.css
200 OK 219 B URL HTTP/1.1 discount-banks.com/css/styles.3aa76272f469279a.css
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash 3fdb948cce53b0c337dbdef0cd95b61e
a0f4a6d2e14c90fbea4687c35a85e6aa7074e5ec
d6d1904dd9ecb4083f7c4cee6f23e10dda0bcc83788e083a3ff9aad3fc093a76
Analyzer Verdict Alert openphish Generic/Spear Phishing
GET /css/styles.3aa76272f469279a.css HTTP/1.1
Host: discount-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 22:25:32 GMT
Server: Apache
Last-Modified: Wed, 16 Nov 2022 10:40:36 GMT
Accept-Ranges: bytes
Content-Length: 219
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
api.telegram.org/bot5817482971:AAHzPGhjSpXW3tCWeODSkluv2HK7ZBRk5Gg/sendMessage
200 OK 279 B URL HTTP/2 api.telegram.org/bot5817482971:AAHzPGhjSpXW3tCWeODSkluv2HK7ZBRk5Gg/sendMessage
IP
ASN #62041 Telegram Messenger Inc
File type JSON data\012- , ASCII text, with no line terminators
Hash c8064e27df9897b561c86d77587735db
c9e0e44c10c9156bd221d075607b2d1c2627fbb2
2c9b4e5347baf4fe0e62940c9e6a5eaa7d60941e0bf180bda87606b0b77f82b0
POST /bot5817482971:AAHzPGhjSpXW3tCWeODSkluv2HK7ZBRk5Gg/sendMessage HTTP/1.1
Host: api.telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/json; charset=UTF-8
Content-Length: 56
Origin: http://discount-banks.com
Connection: keep-alive
Referer: http://discount-banks.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 26 Nov 2022 22:25:32 GMT
content-type: application/json
content-length: 279
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-expose-headers: Content-Length,Content-Type,Date,Server,Connection
X-Firefox-Spdy: h2
discount-banks.com/js/polyfills.bc4c3aa24e3abbc9.js
200 OK 36 kB URL HTTP/1.1 discount-banks.com/js/polyfills.bc4c3aa24e3abbc9.js
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (10201)
Hash f195324aac354f765affd981445ec615
46cc799b53685c1360fab2932425c4fb19461437
fc8854a13ee0cbee1942f854f577bce908453d33322d6e5984ab4ea502f7578f
Analyzer Verdict Alert openphish Generic/Spear Phishing
fortinet Phishing
GET /js/polyfills.bc4c3aa24e3abbc9.js HTTP/1.1
Host: discount-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 22:25:32 GMT
Server: Apache
Last-Modified: Wed, 16 Nov 2022 10:41:00 GMT
Accept-Ranges: bytes
Content-Length: 36170
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: HAiVwgj4OkJxzBFpkhk2GA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: /dOXat+ASgSW9CnW9itkSM1x2aU=
discount-banks.com/js/main.80f5228faf91c411d.js
200 OK 970 kB URL HTTP/1.1 discount-banks.com/js/main.80f5228faf91c411d.js
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (65536), with no line terminators
Size 970 kB (969614 bytes)
Hash 0d84fd62f95a9e3618fb761ad766a899
2db31eb30acd5f9fe24a7c2aa26ff174d796210e
523ad9a676ed2874e3f7d2e0f6c246cd5d653acce375252377b1fc36bbea77a3
Analyzer Verdict Alert openphish Generic/Spear Phishing
fortinet Phishing
GET /js/main.80f5228faf91c411d.js HTTP/1.1
Host: discount-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 22:25:32 GMT
Server: Apache
Last-Modified: Thu, 17 Nov 2022 19:04:18 GMT
Accept-Ranges: bytes
Content-Length: 969614
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
discount-banks.com/i18n/lobby/kit/he.json
200 OK 2.4 kB URL HTTP/1.1 discount-banks.com/i18n/lobby/kit/he.json
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JSON data\012- , Unicode text, UTF-8 text, with CRLF line terminators
Hash 01f59824bc68e0bcf65c87f8056436bf
3d3d968ae3c66f5f6d97b2433b7adcf90a50ca2a
441ea0e2b859175a4ee99d8db3a63e67696e7225330e22d1674b3e1ce851b932
Analyzer Verdict Alert openphish Generic/Spear Phishing
fortinet Phishing
GET /i18n/lobby/kit/he.json HTTP/1.1
Host: discount-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/
Cookie: cssName=discount; language=HEBREW; pageKey=home; t=P; f=; mybank=; caller=internet; newRetail=0
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 22:25:33 GMT
Server: Apache
Last-Modified: Thu, 17 Nov 2022 18:31:30 GMT
Accept-Ranges: bytes
Content-Length: 2401
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/json
discount-banks.com/DB/sites/salt.discount.co.il/files/graphics/apolllo_files/alljsqprivacyandgtm.js?cb=1669501533235
404 Not Found 315 B URL HTTP/1.1 discount-banks.com/DB/sites/salt.discount.co.il/files/graphics/apolllo_files/alljsqprivacyandgtm.js?cb=1669501533235
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert openphish Generic/Spear Phishing
fortinet Phishing
GET /DB/sites/salt.discount.co.il/files/graphics/apolllo_files/alljsqprivacyandgtm.js?cb=1669501533235 HTTP/1.1
Host: discount-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/
Cookie: cssName=discount; language=HEBREW; pageKey=home; t=P; f=; mybank=; caller=internet; newRetail=0
HTTP/1.1 404 Not Found
Date: Sat, 26 Nov 2022 22:25:33 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
discount-banks.com/detector-dom.min.js
404 Not Found 315 B URL HTTP/1.1 discount-banks.com/detector-dom.min.js
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert openphish Generic/Spear Phishing
fortinet Phishing
GET /detector-dom.min.js HTTP/1.1
Host: discount-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/
Cookie: cssName=discount; language=HEBREW; pageKey=home; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14
HTTP/1.1 404 Not Found
Date: Sat, 26 Nov 2022 22:25:33 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
discount-banks.com/i18n/lobby/countryCodes/he.json
200 OK 18 kB URL HTTP/1.1 discount-banks.com/i18n/lobby/countryCodes/he.json
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JSON data\012- , Unicode text, UTF-8 text, with CRLF line terminators
Hash cafda2f9f98606d1089c44b32b5cceba
ccaabb839d050406434c7e25fa6e651db0ffc4c7
2c19896a3b0fc0586e3d01505daa2846c6d9781e36dfceb557a092dd40cd3930
Analyzer Verdict Alert openphish Generic/Spear Phishing
fortinet Phishing
GET /i18n/lobby/countryCodes/he.json HTTP/1.1
Host: discount-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/
Cookie: cssName=discount; language=HEBREW; pageKey=home; t=P; f=; mybank=; caller=internet; newRetail=0
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 22:25:33 GMT
Server: Apache
Last-Modified: Thu, 17 Nov 2022 18:31:06 GMT
Accept-Ranges: bytes
Content-Length: 17622
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/json
discount-banks.com/modules/login-retail-module.b440cfbad1ae70a3.js
200 OK 26 kB URL HTTP/1.1 discount-banks.com/modules/login-retail-module.b440cfbad1ae70a3.js
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (1963), with CRLF line terminators
Hash c9da49a16b67cba4ddec69cd6a1cae2a
193e12c9b6922e8d3c457d79123b44a0d4a944d9
6024682d6e52aad6c4c431e825dac0902d35c29c275a654aa0ab95a0bd3ef98c
Analyzer Verdict Alert openphish Generic/Spear Phishing
fortinet Phishing
GET /modules/login-retail-module.b440cfbad1ae70a3.js HTTP/1.1
Host: discount-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/
Cookie: cssName=discount; language=HEBREW; pageKey=home; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 22:25:33 GMT
Server: Apache
Last-Modified: Fri, 25 Nov 2022 12:11:10 GMT
Accept-Ranges: bytes
Content-Length: 26195
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15901
Expires: Sun, 27 Nov 2022 02:50:34 GMT
Date: Sat, 26 Nov 2022 22:25:33 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15901
Expires: Sun, 27 Nov 2022 02:50:34 GMT
Date: Sat, 26 Nov 2022 22:25:33 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15901
Expires: Sun, 27 Nov 2022 02:50:34 GMT
Date: Sat, 26 Nov 2022 22:25:33 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F297e7532-86f8-4631-9062-cdd6a291b40b.jpeg
200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F297e7532-86f8-4631-9062-cdd6a291b40b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 433875a1b1fef34e45f2d8ac344c07e3
f2129466436cbbdd58abe42a47fb7af19eba58e6
ab1e7b46f3804640c7dd94d70c8c31ec2dfc3e2f0f015a8556d04d9d9089c450
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F297e7532-86f8-4631-9062-cdd6a291b40b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5099
x-amzn-requestid: 57648043-7820-453d-9549-0f743b6c2557
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4jFBvoAMFl1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-53b59d607b82c264180f469d;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: VsdLWuh4rCawI5V0YYGaHxEMl2YEVNgsbjfCwzDsrnCZhRK2FkCkVw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:51:41 GMT
age: 2032
etag: "f2129466436cbbdd58abe42a47fb7af19eba58e6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
discount-banks.com/favicon.ico
200 OK 1.2 kB URL HTTP/1.1 discount-banks.com/favicon.ico
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash bf64fade54ddf037c3e3cef51dc59d39
be398e317062b48de427c2e01575db30ae78ffaf
293db1d55f3c76144baa11713c94303fb4d8140649153a909d9cf8eedf338b4d
Analyzer Verdict Alert openphish Generic/Spear Phishing
GET /favicon.ico HTTP/1.1
Host: discount-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/
Cookie: cssName=discount; language=HEBREW; pageKey=home; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 22:25:33 GMT
Server: Apache
Last-Modified: Wed, 16 Nov 2022 10:40:36 GMT
Accept-Ranges: bytes
Content-Length: 1150
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/x-icon
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde03fed4-26de-4471-bc0e-a0c0483636ce.jpeg
200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde03fed4-26de-4471-bc0e-a0c0483636ce.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6ee5071a31d351c552aa651e40b16189
6fca9136030ea6f67be44e428ea39c34ff3e28e7
8d52f14267b8bd47119954796ff6c5d54eb6aa5d23c6e8bbd246108a5b89c1d9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde03fed4-26de-4471-bc0e-a0c0483636ce.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8254
x-amzn-requestid: e12624ea-58c6-4f39-826c-8a1d87ebc5ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cFySQGegIAMF-HA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637efda7-2c5e216a0d8a1502615186a8;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 05:14:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0Ylris3tg94-66p8L5kYl2zgnVZ4mCc04ju96DslaB97Dfr-6nTyfA==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:52:26 GMT
age: 1987
etag: "6fca9136030ea6f67be44e428ea39c34ff3e28e7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b2959f-9d1d-41c7-a7c1-b9f52a7766ac.jpeg
200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b2959f-9d1d-41c7-a7c1-b9f52a7766ac.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 76c00eceed956377d7469ef58b0815cb
97a135335f5b1b042adeb385718f8808cb78528b
81fb72ab752b2eb39ab6ee015055304490b3b6c3259968703fd07c2a2eed1e61
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b2959f-9d1d-41c7-a7c1-b9f52a7766ac.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7380
x-amzn-requestid: 18589644-299c-4a39-9376-db1bd1472009
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iEegIAMFeuQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-23990acc0fdc599a75a534e3;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: RqsZxAtbOkWBGbXJ3sZHxcS-ZvWOw7Yg2Qd4zj0QLhrp3wAXC8w6jA==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:50:08 GMT
age: 2125
etag: "97a135335f5b1b042adeb385718f8808cb78528b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cc0a257323f882caff067adb86d906e4
cedf2f21be7cd366bd46055b62b5513db3011dfc
c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4803
x-amzn-requestid: 80f7f1c8-0316-4181-83ac-2787b1ae825f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iFHoIAMF2-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-2c0a081b07e0785b4350c10c;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: AVwDLlKoy5pc9NNuR_OakMB0ONGAoO-k2AKwV--b2sjiaqYSKAWlZg==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:51:37 GMT
age: 2036
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
stats.telebank.co.il/2188301/discload.js?dt=home&r=0.5608842164043029
200 OK 22 kB URL HTTP/1.1 stats.telebank.co.il/2188301/discload.js?dt=home&r=0.5608842164043029
IP
Hash 7c8f5a50a342470206ff093234c3c185
8bd24b09709774ea8c6f42fb4ac27952393b0cac
8e1dd6cd307d148b5ed441cf3bdf3d78fdf8763a280e76b43c4f902dfc632bd6
GET /2188301/discload.js?dt=home&r=0.5608842164043029 HTTP/1.1
Host: stats.telebank.co.il
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://discount-banks.com
Connection: keep-alive
Referer: http://discount-banks.com/
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 22:25:33 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: haile
Strict-Transport-Security: max-age=86400
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Encoding: gzip
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg
200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 741ddfb19764ac9a77509e7e87cfbfb2
308c08784ce4a0757cbd112807555b83e17a1d56
e9271a76da94d8b655860c3b00d111396c5d3a227fd2f19e0ef400fd5e84d87e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8817
x-amzn-requestid: 31bd21c7-1d75-4159-af51-52035da16da4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-krGE6AIAMF2Kg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637c1b13-32a7b9c6642592c70783a0cf;Sampled=0
x-amzn-remapped-date: Tue, 22 Nov 2022 00:42:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6v42KU65wdKKPvjE7TRA3Li3o2dvrdPH7oGVDZGPPsAepqFFjQJkkA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 16:15:20 GMT
age: 22213
etag: "308c08784ce4a0757cbd112807555b83e17a1d56"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
discount-banks.com/i18n/lobby/login/he.json
200 OK 22 kB URL HTTP/1.1 discount-banks.com/i18n/lobby/login/he.json
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JSON data\012- , Unicode text, UTF-8 text, with CRLF line terminators
Hash 8532b1e5d61d64c8beed07b23cf57f29
a096784909a1ec783c49c47c17cac8574dcbb863
a9008c90d34ee38415e1ea47e195513133926c1e79f3d346edfba41ff4955089
Analyzer Verdict Alert openphish Generic/Spear Phishing
fortinet Phishing
GET /i18n/lobby/login/he.json HTTP/1.1
Host: discount-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/
Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 22:25:33 GMT
Server: Apache
Last-Modified: Thu, 17 Nov 2022 18:31:50 GMT
Accept-Ranges: bytes
Content-Length: 21666
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/json
discount-banks.com/media/Global/page_loader.gif
200 OK 14 kB URL HTTP/1.1 discount-banks.com/media/Global/page_loader.gif
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 160 x 50\012- data
Hash 15578324668cdd2ac72266007e353c2b
89c5cda1e602c53c1e4788e197074ac54633ff57
5aee346f86ec6f8657ed0ee2f55ed00701cba9af0e02771e55bacadb041884ff
Analyzer Verdict Alert openphish Generic/Spear Phishing
GET /media/Global/page_loader.gif HTTP/1.1
Host: discount-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/
Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 22:25:34 GMT
Server: Apache
Last-Modified: Thu, 17 Nov 2022 18:39:30 GMT
Accept-Ranges: bytes
Content-Length: 14388
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/gif
discount-banks.com/i18n/lobby/errors/he.json
200 OK 12 kB URL HTTP/1.1 discount-banks.com/i18n/lobby/errors/he.json
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JSON data\012- , Unicode text, UTF-8 text
Hash 6b616baeecd6cbad74c494c100d66db5
cd07c57dc1b3c09c343a848018b8442b5c34f356
a9776749884b44fa3e76de4ba23b237d1154056782e9a6c30a08e63e66e2df8a
Analyzer Verdict Alert openphish Generic/Spear Phishing
fortinet Phishing
GET /i18n/lobby/errors/he.json HTTP/1.1
Host: discount-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/
Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 22:25:34 GMT
Server: Apache
Last-Modified: Thu, 17 Nov 2022 17:56:40 GMT
Accept-Ranges: bytes
Content-Length: 12519
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/json
discount-banks.com/csLobby.he.css?id=1669501533945
200 OK 528 kB URL HTTP/1.1 discount-banks.com/csLobby.he.css?id=1669501533945
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (65536), with no line terminators
Size 528 kB (527560 bytes)
Hash 5588df03500e4b1b36535a2f83c7fcd2
063a8e2837d69a020186b62c5e7cc5b0c0235124
d02d4f8456f884b03c30f9affdfacd6ac566d87d404334c23a1afb1915189019
Analyzer Verdict Alert openphish Generic/Spear Phishing
fortinet Phishing
GET /csLobby.he.css?id=1669501533945 HTTP/1.1
Host: discount-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/
Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 22:25:34 GMT
Server: Apache
Last-Modified: Thu, 17 Nov 2022 18:34:40 GMT
Accept-Ranges: bytes
Content-Length: 527560
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
discount-banks.com/login/media/logo/Discount_Logo_he.png
200 OK 2.6 kB URL HTTP/1.1 discount-banks.com/login/media/logo/Discount_Logo_he.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 235 x 53, 8-bit/color RGBA, non-interlaced\012- data
Hash 6386133c7e3c9faa41f70a836947e3f8
425c17a21795f7e0db4fa1601c24b1e833e024e5
939794d00339ab5df4e320d56f0c1a2743ec7b0cfa52919570b4f5374255d626
Analyzer Verdict Alert openphish Generic/Spear Phishing
GET /login/media/logo/Discount_Logo_he.png HTTP/1.1
Host: discount-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/csLobby.he.css?id=1669501533945
Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home; site=retail
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 22:25:34 GMT
Server: Apache
Last-Modified: Thu, 17 Nov 2022 18:38:58 GMT
Accept-Ranges: bytes
Content-Length: 2626
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
discount-banks.com/login/media/images/safe.png
200 OK 3.8 kB URL HTTP/1.1 discount-banks.com/login/media/images/safe.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 54 x 76, 8-bit/color RGBA, non-interlaced\012- data
Hash cc836cf1de4d39e2980aca82e050ebd5
b852759c9c0eeca884c6df40b9ebd9e64bd79e8e
293d10344fb62547302e9616e8310cae04bef8dfccfceaa482f8a9dc58586888
Analyzer Verdict Alert openphish Generic/Spear Phishing
GET /login/media/images/safe.png HTTP/1.1
Host: discount-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/csLobby.he.css?id=1669501533945
Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home; site=retail
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 22:25:34 GMT
Server: Apache
Last-Modified: Thu, 17 Nov 2022 18:39:36 GMT
Accept-Ranges: bytes
Content-Length: 3848
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
discount-banks.com/login/media/images/join.png
200 OK 5.5 kB URL HTTP/1.1 discount-banks.com/login/media/images/join.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 74 x 76, 8-bit/color RGBA, non-interlaced\012- data
Hash 3fc7da9f692a73e960f09134dfa1fcc1
d2432dc1813ca634064eb0b5a8deffa0206e2d1a
dc0cfba031238f4598a28cdd7ffe4425b9c075023703a33ff34222345beead56
Analyzer Verdict Alert openphish Generic/Spear Phishing
GET /login/media/images/join.png HTTP/1.1
Host: discount-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/csLobby.he.css?id=1669501533945
Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home; site=retail
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 22:25:34 GMT
Server: Apache
Last-Modified: Thu, 17 Nov 2022 18:39:08 GMT
Accept-Ranges: bytes
Content-Length: 5488
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
discount-banks.com/login/media/icons/arrow_down_black.png
200 OK 16 kB URL HTTP/1.1 discount-banks.com/login/media/icons/arrow_down_black.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 14 x 9, 8-bit/color RGBA, non-interlaced\012- data
Hash 8310f5381e485979dd44b47bc8633928
28168c9befe02ba5d3583ed73257683e7f322ae9
800ae0b7f74e86644ed8202c49bb0fce9ad5a99ff4d2a4e79df069402f95a962
Analyzer Verdict Alert openphish Generic/Spear Phishing
GET /login/media/icons/arrow_down_black.png HTTP/1.1
Host: discount-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/csLobby.he.css?id=1669501533945
Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home; site=retail
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 22:25:34 GMT
Server: Apache
Last-Modified: Thu, 17 Nov 2022 18:38:44 GMT
Accept-Ranges: bytes
Content-Length: 15744
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
discount-banks.com/login/media/fonts/arimo/Arimo.woff
200 OK 235 kB URL HTTP/1.1 discount-banks.com/login/media/fonts/arimo/Arimo.woff
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Web Open Font Format, TrueType, length 234900, version 0.0\012- data
Size 235 kB (234900 bytes)
Hash c4393ab5112468e47a9c5d06931c712d
47f65a9341bf6ebacbffd18f3b3e0802f5ef05e9
5dbd9011ef91f68e5418268b19580f492a5b4e66db4cbf644a0a4b55c0e8f39f
Analyzer Verdict Alert openphish Generic/Spear Phishing
fortinet Phishing
GET /login/media/fonts/arimo/Arimo.woff HTTP/1.1
Host: discount-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://discount-banks.com/csLobby.he.css?id=1669501533945
Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home; site=retail
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 22:25:35 GMT
Server: Apache
Last-Modified: Thu, 17 Nov 2022 18:49:40 GMT
Accept-Ranges: bytes
Content-Length: 234900
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: font/woff
discount-banks.com/login/media/images/open_count.png
200 OK 4.3 kB URL HTTP/1.1 discount-banks.com/login/media/images/open_count.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 76 x 60, 8-bit/color RGBA, non-interlaced\012- data
Hash 6632b3e229ae7c3c9da6e84f2e825f90
51f8a493f2e05b5dd92cf5f42c135ebfa5285a2c
5080ab3669ac9bddc0e2c4eae806f4d1f06fe9d7d2fb218a0226dcb5b5b2febd
Analyzer Verdict Alert openphish Generic/Spear Phishing
GET /login/media/images/open_count.png HTTP/1.1
Host: discount-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/csLobby.he.css?id=1669501533945
Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home; site=retail
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 22:25:35 GMT
Server: Apache
Last-Modified: Thu, 17 Nov 2022 18:39:24 GMT
Accept-Ranges: bytes
Content-Length: 4270
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
discount-banks.com/login/media/images/support.png
200 OK 5.8 kB URL HTTP/1.1 discount-banks.com/login/media/images/support.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 52 x 78, 8-bit/color RGBA, non-interlaced\012- data
Hash 08596f4128584fdc5630fe9d2d93230c
2d16653da531cc8c7cf066c6b4106093cb2367fd
c17820b689791acec68299e0befa055aea5da67dfc68d4fcc380910093ef815b
Analyzer Verdict Alert openphish Generic/Spear Phishing
GET /login/media/images/support.png HTTP/1.1
Host: discount-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/csLobby.he.css?id=1669501533945
Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home; site=retail
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 22:25:35 GMT
Server: Apache
Last-Modified: Thu, 17 Nov 2022 18:39:40 GMT
Accept-Ranges: bytes
Content-Length: 5752
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
discount-banks.com/login/media/images/like.png
200 OK 5.0 kB URL HTTP/1.1 discount-banks.com/login/media/images/like.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 69 x 76, 8-bit/color RGBA, non-interlaced\012- data
Hash 9c5c377b34aea492082d4a77befe22cf
b89ca9558b767ec56feb381c0be0c21fbc479da4
d2a5673c47b22d9ae0053c70533b3bbb9b54944f7f87eea881fb341442459776
Analyzer Verdict Alert openphish Generic/Spear Phishing
GET /login/media/images/like.png HTTP/1.1
Host: discount-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/csLobby.he.css?id=1669501533945
Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home; site=retail
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 22:25:35 GMT
Server: Apache
Last-Modified: Thu, 17 Nov 2022 18:39:12 GMT
Accept-Ranges: bytes
Content-Length: 4958
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png
discount-banks.com/login/media/icons/arrow_right_gray.png
200 OK 15 kB URL HTTP/1.1 discount-banks.com/login/media/icons/arrow_right_gray.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 9 x 14, 8-bit/color RGBA, non-interlaced\012- data
Hash 420bc0d40e6bd02588697613d6298d66
ba7034643ef92763809725f1c1f903fbcec656c7
59de5b367bbc38f02ac39ff4428337415cc01e0afc1ebc57e316e29c4a8b14ce
Analyzer Verdict Alert openphish Generic/Spear Phishing
GET /login/media/icons/arrow_right_gray.png HTTP/1.1
Host: discount-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/csLobby.he.css?id=1669501533945
Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home; site=retail
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 22:25:35 GMT
Server: Apache
Last-Modified: Thu, 17 Nov 2022 18:38:52 GMT
Accept-Ranges: bytes
Content-Length: 15316
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
discount-banks.com/login/media/images/login_d_bg.png
200 OK 1.1 MB URL HTTP/1.1 discount-banks.com/login/media/images/login_d_bg.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 2577 x 802, 8-bit/color RGBA, interlaced\012- data
Size 1.1 MB (1100284 bytes)
Hash 364780bfc722998b0532f9b754284f20
406327b73a982688e32255b158179a73142dcfdc
cdc03c1e4551599b5cacdc95a8b582ea3275ddc0b6c592fad37de70555ef9982
Analyzer Verdict Alert openphish Generic/Spear Phishing
GET /login/media/images/login_d_bg.png HTTP/1.1
Host: discount-banks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/csLobby.he.css?id=1669501533945
Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home; site=retail
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 22:25:34 GMT
Server: Apache
Last-Modified: Thu, 17 Nov 2022 18:39:18 GMT
Accept-Ranges: bytes
Content-Length: 1100284
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
20.173.112.11
149.154.167.220
18.196.175.21
23.36.76.226