urlquery - report: discount-banks.com/

Fully Qualifying Domain Name	Rank	First Seen	Last Seen	IP	Comment
firefox.settings.services.mozilla.com (2)	867	2020-06-04 20:08:41 UTC	2022-11-26 05:33:20 UTC	34.102.187.140
contile.services.mozilla.com (1)	1114	2021-05-27 18:32:35 UTC	2022-11-26 05:33:16 UTC	34.117.237.239
discount-banks.com (26)	0	2022-11-26 15:59:16 UTC	2022-11-26 18:10:08 UTC	20.173.112.11	Unknown ranking
api.telegram.org (2)	38509	2015-06-25 10:09:00 UTC	2022-11-26 17:59:51 UTC	149.154.167.220
push.services.mozilla.com (1)	2140	2014-10-24 08:27:06 UTC	2020-05-03 10:09:39 UTC	54.149.219.22
img-getpocket.cdn.mozilla.net (5)	1631	2018-06-21 23:36:00 UTC	2020-02-19 04:43:25 UTC	34.120.237.76
r3.o.lencr.org (5)	344	No data	No data	23.36.76.226
content-signature-2.cdn.mozilla.net (1)	1152	No data	No data	34.160.144.191
ocsp.godaddy.com (2)	698	2012-05-20 19:28:57 UTC	2020-05-02 20:58:10 UTC	192.124.249.24
stats.telebank.co.il (1)	818415	2018-10-24 14:02:19 UTC	2019-09-14 22:38:46 UTC	18.196.175.21
ocsp.digicert.com (2)	86	2012-05-21 07:02:23 UTC	2020-05-02 20:58:10 UTC	93.184.220.29

Scan Date	Severity	Indicator	Comment
2022-11-26	2	discount-banks.com/	Generic/Spear Phishing
2022-11-26	2	discount-banks.com/	Generic/Spear Phishing
2022-11-26	2	discount-banks.com/	Generic/Spear Phishing
2022-11-26	2	discount-banks.com/	Generic/Spear Phishing
2022-11-26	2	discount-banks.com/	Generic/Spear Phishing
2022-11-26	2	discount-banks.com/	Generic/Spear Phishing
2022-11-26	2	discount-banks.com/	Generic/Spear Phishing
2022-11-26	2	discount-banks.com/	Generic/Spear Phishing
2022-11-26	2	discount-banks.com/	Generic/Spear Phishing
2022-11-26	2	discount-banks.com/	Generic/Spear Phishing
2022-11-26	2	discount-banks.com/	Generic/Spear Phishing
2022-11-26	2	discount-banks.com/	Generic/Spear Phishing
2022-11-26	2	discount-banks.com/	Generic/Spear Phishing
2022-11-26	2	discount-banks.com/	Generic/Spear Phishing
2022-11-26	2	discount-banks.com/	Generic/Spear Phishing
2022-11-26	2	discount-banks.com/	Generic/Spear Phishing
2022-11-26	2	discount-banks.com/	Generic/Spear Phishing
2022-11-26	2	discount-banks.com/	Generic/Spear Phishing
2022-11-26	2	discount-banks.com/	Generic/Spear Phishing
2022-11-26	2	discount-banks.com/	Generic/Spear Phishing
2022-11-26	2	discount-banks.com/	Generic/Spear Phishing
2022-11-26	2	discount-banks.com/	Generic/Spear Phishing
2022-11-26	2	discount-banks.com/	Generic/Spear Phishing
2022-11-26	2	discount-banks.com/	Generic/Spear Phishing
2022-11-26	2	discount-banks.com/	Generic/Spear Phishing
2022-11-26	2	discount-banks.com/	Generic/Spear Phishing

Scan Date	Severity	Indicator	Comment
2022-11-26	2	discount-banks.com/	Phishing
2022-11-26	2	discount-banks.com/js/runtime.04f78f22239251e1.js	Phishing
2022-11-26	2	discount-banks.com/js/polyfills.bc4c3aa24e3abbc9.js	Phishing
2022-11-26	2	discount-banks.com/js/main.80f5228faf91c411d.js	Phishing
2022-11-26	2	discount-banks.com/i18n/lobby/kit/he.json	Phishing
2022-11-26	2	discount-banks.com/DB/sites/salt.discount.co.il/files/graphics/apolllo_file (...)	Phishing
2022-11-26	2	discount-banks.com/detector-dom.min.js	Phishing
2022-11-26	2	discount-banks.com/i18n/lobby/countryCodes/he.json	Phishing
2022-11-26	2	discount-banks.com/modules/login-retail-module.b440cfbad1ae70a3.js	Phishing
2022-11-26	2	discount-banks.com/i18n/lobby/login/he.json	Phishing
2022-11-26	2	discount-banks.com/i18n/lobby/errors/he.json	Phishing
2022-11-26	2	discount-banks.com/csLobby.he.css?id=1669501533945	Phishing
2022-11-26	2	discount-banks.com/login/media/fonts/arimo/Arimo.woff	Phishing

Date	UQ / IDS / BL	URL	IP
2022-11-26 22:25:43 +0000	0 - 0 - 39	discount-banks.com/	20.173.112.11

Date	UQ / IDS / BL	URL	IP
2023-02-08 16:01:59 +0000	0 - 0 - 11	9490w89439238945823983298.azurefd.net/	13.107.237.53
2023-02-08 15:49:54 +0000	0 - 0 - 2	20.214.201.166	20.214.201.166
2023-02-08 15:41:11 +0000	0 - 0 - 19	ameligov.com/login.php	20.199.177.26
2023-02-08 15:37:06 +0000	11 - 0 - 27	www.coreos-tracking.es/sms-error.php	20.199.17.199
2023-02-08 15:36:29 +0000	0 - 0 - 0	nam10.safelinks.protection.outlook.com/?url=h (...)	104.47.70.28

Date	UQ / IDS / BL	URL	IP
2022-11-26 22:25:43 +0000	0 - 0 - 39	discount-banks.com/	20.173.112.11

HTTP Transactions (48)

Request	Response
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: 164d11173045b569cafb32e300e4c1ec6d6ab177fd34d0414cc40c541268779f 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "164D11173045B569CAFB32E300E4C1EC6D6AB177FD34D0414CC40C541268779F" Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=6386 Expires: Sun, 27 Nov 2022 00:11:57 GMT Date: Sat, 26 Nov 2022 22:25:31 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: a9f1d4d98705c281fed3b60343463200 Sha1: db6f8aa98d2eda4e5473b116a222c3055568bb78 Sha256: 164d11173045b569cafb32e300e4c1ec6d6ab177fd34d0414cc40c541268779f
POST / HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.digicert.com/ FQDN: ocsp.digicert.com IP: 93.184.220.29 HASH: 8c72a45737c2eeddf328b0ed3236f3243551d904e94ec9dd7254972ebfb9229e 93.184.220.29 HTTP/1.1 200 OK Content-Type: application/ocsp-response Accept-Ranges: bytes Age: 1568 Cache-Control: max-age=131505 Date: Sat, 26 Nov 2022 22:25:31 GMT Etag: "6381eaec-1d7" Expires: Mon, 28 Nov 2022 10:57:16 GMT Last-Modified: Sat, 26 Nov 2022 10:31:08 GMT Server: ECS (ska/F70A) X-Cache: HIT Content-Length: 471 --- Additional Info --- Magic: data Size: 471 Md5: 15b59d5e62caedb4bec3ba6724906c1e Sha1: 960f801e608a56fdd11449f4face29f62cad2b21 Sha256: 8c72a45737c2eeddf328b0ed3236f3243551d904e94ec9dd7254972ebfb9229e
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: c9951a909f354174f0075a01c01c3c3aa6960983040e328bfbbbea81aeb405c2 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "C9951A909F354174F0075A01C01C3C3AA6960983040E328BFBBBEA81AEB405C2" Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=7307 Expires: Sun, 27 Nov 2022 00:27:18 GMT Date: Sat, 26 Nov 2022 22:25:31 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 260e9998c20d831b66f1029c8f47aac9 Sha1: 716d630f647c54dc69a7f9c63a6cac294b3df7f7 Sha256: c9951a909f354174f0075a01c01c3c3aa6960983040e328bfbbbea81aeb405c2
GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: firefox.settings.services.mozilla.com/v1/ FQDN: firefox.settings.services.mozilla.com IP: 34.102.187.140 HASH: 0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c 34.102.187.140 HTTP/2 200 OK content-type: application/json access-control-allow-origin: * access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 939 via: 1.1 google date: Sat, 26 Nov 2022 22:17:33 GMT cache-control: public,max-age=3600 age: 478 alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (939), with no line terminators Size: 939 Md5: 4d7e4eed097b9c4e5d509419f1cfc85a Sha1: 290bb3d428a7c6330e2e3d73a952b16f820896c8 Sha256: 0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: content-signature-2.cdn.mozilla.net/chains/remote-setti (...) FQDN: content-signature-2.cdn.mozilla.net IP: 34.160.144.191 HASH: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5 34.160.144.191 HTTP/2 200 OK content-type: binary/octet-stream x-amz-id-2: Xi0yQfO5V2Mx58yrfIjsvdOYWKZY/m+NfpjnRi4v2WLPAXcIGwNRHaw/lMTU781j300q9wMZEOI= x-amz-request-id: HCHZJDVZ6JJVQDAQ content-disposition: attachment accept-ranges: bytes server: AmazonS3 content-length: 5348 via: 1.1 google date: Sat, 26 Nov 2022 21:41:22 GMT age: 2649 last-modified: Thu, 10 Nov 2022 09:21:27 GMT etag: "9ebddc2b260d081ebbefee47c037cb28" cache-control: public,max-age=3600 alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: PEM certificate\012- , ASCII text Size: 5348 Md5: 9ebddc2b260d081ebbefee47c037cb28 Sha1: 492bad62a7ca6a74738921ef5ae6f0be5edebf39 Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /v1/tiles HTTP/1.1 Host: contile.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: contile.services.mozilla.com/v1/tiles FQDN: contile.services.mozilla.com IP: 34.117.237.239 HASH: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3 34.117.237.239 HTTP/2 200 OK content-type: application/json server: nginx date: Sat, 26 Nov 2022 22:25:31 GMT content-length: 12 strict-transport-security: max-age=31536000 via: 1.1 google alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with no line terminators Size: 12 Md5: 23e88fb7b99543fb33315b29b1fad9d6 Sha1: a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET / HTTP/1.1 Host: discount-banks.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1	URL: discount-banks.com/ FQDN: discount-banks.com IP: 20.173.112.11 HASH: fa6590d31fe08aa4b920df47d95bcd00d7b173eed380333cfaeb5ff0a7700988 20.173.112.11 HTTP/1.1 200 OK Content-Type: text/html Date: Sat, 26 Nov 2022 22:25:31 GMT Server: Apache Last-Modified: Fri, 25 Nov 2022 12:10:54 GMT Accept-Ranges: bytes Content-Length: 2499 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (425) Size: 2499 Md5: c19c75eb94140232266e4823b57a2d01 Sha1: 1340d6d729b8e7d7bf6077138febaa9202f4fd66 Sha256: fa6590d31fe08aa4b920df47d95bcd00d7b173eed380333cfaeb5ff0a7700988 Alerts: Blocklists: - openphish: Generic/Spear Phishing - fortinet: Phishing
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: firefox.settings.services.mozilla.com/v1/buckets/main/c (...) FQDN: firefox.settings.services.mozilla.com IP: 34.102.187.140 HASH: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300 34.102.187.140 HTTP/2 200 OK content-type: application/json access-control-allow-origin: * access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 329 via: 1.1 google date: Sat, 26 Nov 2022 22:08:54 GMT cache-control: public,max-age=3600 age: 998 last-modified: Fri, 25 Mar 2022 17:45:46 GMT etag: "1648230346554" alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (329), with no line terminators Size: 329 Md5: 0333b0655111aa68de771adfcc4db243 Sha1: 63f295a144ac87a7c8e23417626724eeca68a7eb Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /js/runtime.04f78f22239251e1.js HTTP/1.1 Host: discount-banks.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://discount-banks.com/	URL: discount-banks.com/js/runtime.04f78f22239251e1.js FQDN: discount-banks.com IP: 20.173.112.11 HASH: 686651c3565af55b848991810a11642a3c012adac4f34a449c6343b1d891b48d 20.173.112.11 HTTP/1.1 200 OK Content-Type: application/javascript Date: Sat, 26 Nov 2022 22:25:32 GMT Server: Apache Last-Modified: Wed, 16 Nov 2022 12:43:54 GMT Accept-Ranges: bytes Content-Length: 4962 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive --- Additional Info --- Magic: ASCII text, with very long lines (961), with CRLF line terminators Size: 4962 Md5: 60db4801dc3116809a61d4eb1fbf5412 Sha1: 984762a5ea8c74f5f4856fa74ea808a5d09227c5 Sha256: 686651c3565af55b848991810a11642a3c012adac4f34a449c6343b1d891b48d Alerts: Blocklists: - openphish: Generic/Spear Phishing - fortinet: Phishing
POST / HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.digicert.com/ FQDN: ocsp.digicert.com IP: 93.184.220.29 HASH: a616c1e54e896576601e6107c1814adbebf35364d8ed807cdd89ac36b8200c88 93.184.220.29 HTTP/1.1 200 OK Content-Type: application/ocsp-response Accept-Ranges: bytes Age: 5169 Cache-Control: max-age=130048 Date: Sat, 26 Nov 2022 22:25:32 GMT Etag: "6381d72b-1d7" Expires: Mon, 28 Nov 2022 10:33:00 GMT Last-Modified: Sat, 26 Nov 2022 09:06:51 GMT Server: ECS (ska/F70A) X-Cache: HIT Content-Length: 471 --- Additional Info --- Magic: data Size: 471 Md5: d3df71aab146eefc49acb608796aab63 Sha1: 8401892995193919376dfcd798b09c8261579454 Sha256: a616c1e54e896576601e6107c1814adbebf35364d8ed807cdd89ac36b8200c88
POST / HTTP/1.1 Host: ocsp.godaddy.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 76 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.godaddy.com/ FQDN: ocsp.godaddy.com IP: 192.124.249.24 HASH: 5826705e8f694c4376e60ce3a22bf218d804ab2bac85679b3f171b3657a05fbb 192.124.249.24 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: Sucuri/Cloudproxy Date: Sat, 26 Nov 2022 22:25:32 GMT Content-Length: 1778 Connection: keep-alive X-Sucuri-ID: 19024 Content-Transfer-Encoding: Binary Cache-Control: public, no-transform, must-revalidate Last-Modified: Sat, 26 Nov 2022 19:41:01 GMT Expires: Sun, 27 Nov 2022 19:41:01 GMT ETag: "f836295a4b6a26ffeb25831baf3545632d2e9e56" P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA" --- Additional Info --- Magic: data Size: 1778 Md5: 5c7e9efc358d05e81f128a29e314fb01 Sha1: f836295a4b6a26ffeb25831baf3545632d2e9e56 Sha256: 5826705e8f694c4376e60ce3a22bf218d804ab2bac85679b3f171b3657a05fbb
POST / HTTP/1.1 Host: ocsp.godaddy.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 76 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.godaddy.com/ FQDN: ocsp.godaddy.com IP: 192.124.249.24 HASH: 5826705e8f694c4376e60ce3a22bf218d804ab2bac85679b3f171b3657a05fbb 192.124.249.24 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: Sucuri/Cloudproxy Date: Sat, 26 Nov 2022 22:25:32 GMT Content-Length: 1778 Connection: keep-alive X-Sucuri-ID: 19024 Content-Transfer-Encoding: Binary Cache-Control: public, no-transform, must-revalidate Last-Modified: Sat, 26 Nov 2022 19:41:01 GMT Expires: Sun, 27 Nov 2022 19:41:01 GMT ETag: "f836295a4b6a26ffeb25831baf3545632d2e9e56" P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA" --- Additional Info --- Magic: data Size: 1778 Md5: 5c7e9efc358d05e81f128a29e314fb01 Sha1: f836295a4b6a26ffeb25831baf3545632d2e9e56 Sha256: 5826705e8f694c4376e60ce3a22bf218d804ab2bac85679b3f171b3657a05fbb
OPTIONS /bot5817482971:AAHzPGhjSpXW3tCWeODSkluv2HK7ZBRk5Gg/sendMessage HTTP/1.1 Host: api.telegram.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type Referer: http://discount-banks.com/ Origin: http://discount-banks.com Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: api.telegram.org/bot5817482971:AAHzPGhjSpXW3tCWeODSkluv (...) FQDN: api.telegram.org IP: 149.154.167.220 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 149.154.167.220 HTTP/2 204 No Content server: nginx/1.18.0 date: Sat, 26 Nov 2022 22:25:32 GMT access-control-max-age: 86400 access-control-allow-origin: * access-control-allow-methods: GET, POST, OPTIONS access-control-allow-headers: content-type access-control-expose-headers: Content-Length,Content-Type,Date,Server,Connection X-Firefox-Spdy: h2 --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /images/page_loader.gif HTTP/1.1 Host: discount-banks.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://discount-banks.com/	URL: discount-banks.com/images/page_loader.gif FQDN: discount-banks.com IP: 20.173.112.11 HASH: 5aee346f86ec6f8657ed0ee2f55ed00701cba9af0e02771e55bacadb041884ff 20.173.112.11 HTTP/1.1 200 OK Content-Type: image/gif Date: Sat, 26 Nov 2022 22:25:32 GMT Server: Apache Last-Modified: Wed, 16 Nov 2022 10:40:36 GMT Accept-Ranges: bytes Content-Length: 14388 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive --- Additional Info --- Magic: GIF image data, version 89a, 160 x 50\012- data Size: 14388 Md5: 15578324668cdd2ac72266007e353c2b Sha1: 89c5cda1e602c53c1e4788e197074ac54633ff57 Sha256: 5aee346f86ec6f8657ed0ee2f55ed00701cba9af0e02771e55bacadb041884ff Alerts: Blocklists: - openphish: Generic/Spear Phishing
GET /css/styles.3aa76272f469279a.css HTTP/1.1 Host: discount-banks.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://discount-banks.com/	URL: discount-banks.com/css/styles.3aa76272f469279a.css FQDN: discount-banks.com IP: 20.173.112.11 HASH: d6d1904dd9ecb4083f7c4cee6f23e10dda0bcc83788e083a3ff9aad3fc093a76 20.173.112.11 HTTP/1.1 200 OK Content-Type: text/css Date: Sat, 26 Nov 2022 22:25:32 GMT Server: Apache Last-Modified: Wed, 16 Nov 2022 10:40:36 GMT Accept-Ranges: bytes Content-Length: 219 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive --- Additional Info --- Magic: ASCII text Size: 219 Md5: 3fdb948cce53b0c337dbdef0cd95b61e Sha1: a0f4a6d2e14c90fbea4687c35a85e6aa7074e5ec Sha256: d6d1904dd9ecb4083f7c4cee6f23e10dda0bcc83788e083a3ff9aad3fc093a76 Alerts: Blocklists: - openphish: Generic/Spear Phishing
POST /bot5817482971:AAHzPGhjSpXW3tCWeODSkluv2HK7ZBRk5Gg/sendMessage HTTP/1.1 Host: api.telegram.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-type: application/json; charset=UTF-8 Content-Length: 56 Origin: http://discount-banks.com Connection: keep-alive Referer: http://discount-banks.com/ Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site TE: trailers	URL: api.telegram.org/bot5817482971:AAHzPGhjSpXW3tCWeODSkluv (...) FQDN: api.telegram.org IP: 149.154.167.220 HASH: 2c9b4e5347baf4fe0e62940c9e6a5eaa7d60941e0bf180bda87606b0b77f82b0 149.154.167.220 HTTP/2 200 OK content-type: application/json server: nginx/1.18.0 date: Sat, 26 Nov 2022 22:25:32 GMT content-length: 279 strict-transport-security: max-age=31536000; includeSubDomains; preload access-control-allow-origin: * access-control-allow-methods: GET, POST, OPTIONS access-control-expose-headers: Content-Length,Content-Type,Date,Server,Connection X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with no line terminators Size: 279 Md5: c8064e27df9897b561c86d77587735db Sha1: c9e0e44c10c9156bd221d075607b2d1c2627fbb2 Sha256: 2c9b4e5347baf4fe0e62940c9e6a5eaa7d60941e0bf180bda87606b0b77f82b0
GET /js/polyfills.bc4c3aa24e3abbc9.js HTTP/1.1 Host: discount-banks.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://discount-banks.com/	URL: discount-banks.com/js/polyfills.bc4c3aa24e3abbc9.js FQDN: discount-banks.com IP: 20.173.112.11 HASH: fc8854a13ee0cbee1942f854f577bce908453d33322d6e5984ab4ea502f7578f 20.173.112.11 HTTP/1.1 200 OK Content-Type: application/javascript Date: Sat, 26 Nov 2022 22:25:32 GMT Server: Apache Last-Modified: Wed, 16 Nov 2022 10:41:00 GMT Accept-Ranges: bytes Content-Length: 36170 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive --- Additional Info --- Magic: ASCII text, with very long lines (10201) Size: 36170 Md5: f195324aac354f765affd981445ec615 Sha1: 46cc799b53685c1360fab2932425c4fb19461437 Sha256: fc8854a13ee0cbee1942f854f577bce908453d33322d6e5984ab4ea502f7578f Alerts: Blocklists: - openphish: Generic/Spear Phishing - fortinet: Phishing
GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: HAiVwgj4OkJxzBFpkhk2GA== Connection: keep-alive, Upgrade Sec-Fetch-Dest: websocket Sec-Fetch-Mode: websocket Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache Upgrade: websocket	URL: push.services.mozilla.com/ FQDN: push.services.mozilla.com IP: 54.149.219.22 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 54.149.219.22 HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept: /dOXat+ASgSW9CnW9itkSM1x2aU= --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /js/main.80f5228faf91c411d.js HTTP/1.1 Host: discount-banks.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://discount-banks.com/	URL: discount-banks.com/js/main.80f5228faf91c411d.js FQDN: discount-banks.com IP: 20.173.112.11 HASH: 523ad9a676ed2874e3f7d2e0f6c246cd5d653acce375252377b1fc36bbea77a3 20.173.112.11 HTTP/1.1 200 OK Content-Type: application/javascript Date: Sat, 26 Nov 2022 22:25:32 GMT Server: Apache Last-Modified: Thu, 17 Nov 2022 19:04:18 GMT Accept-Ranges: bytes Content-Length: 969614 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive --- Additional Info --- Magic: ASCII text, with very long lines (65536), with no line terminators Size: 969614 Md5: 0d84fd62f95a9e3618fb761ad766a899 Sha1: 2db31eb30acd5f9fe24a7c2aa26ff174d796210e Sha256: 523ad9a676ed2874e3f7d2e0f6c246cd5d653acce375252377b1fc36bbea77a3 Alerts: Blocklists: - openphish: Generic/Spear Phishing - fortinet: Phishing
GET /i18n/lobby/kit/he.json HTTP/1.1 Host: discount-banks.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/json, text/plain, / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://discount-banks.com/ Cookie: cssName=discount; language=HEBREW; pageKey=home; t=P; f=; mybank=; caller=internet; newRetail=0	URL: discount-banks.com/i18n/lobby/kit/he.json FQDN: discount-banks.com IP: 20.173.112.11 HASH: 441ea0e2b859175a4ee99d8db3a63e67696e7225330e22d1674b3e1ce851b932 20.173.112.11 HTTP/1.1 200 OK Content-Type: application/json Date: Sat, 26 Nov 2022 22:25:33 GMT Server: Apache Last-Modified: Thu, 17 Nov 2022 18:31:30 GMT Accept-Ranges: bytes Content-Length: 2401 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive --- Additional Info --- Magic: JSON data\012- , Unicode text, UTF-8 text, with CRLF line terminators Size: 2401 Md5: 01f59824bc68e0bcf65c87f8056436bf Sha1: 3d3d968ae3c66f5f6d97b2433b7adcf90a50ca2a Sha256: 441ea0e2b859175a4ee99d8db3a63e67696e7225330e22d1674b3e1ce851b932 Alerts: Blocklists: - openphish: Generic/Spear Phishing - fortinet: Phishing
GET /DB/sites/salt.discount.co.il/files/graphics/apolllo_files/alljsqprivacyandgtm.js?cb=1669501533235 HTTP/1.1 Host: discount-banks.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://discount-banks.com/ Cookie: cssName=discount; language=HEBREW; pageKey=home; t=P; f=; mybank=; caller=internet; newRetail=0	URL: discount-banks.com/DB/sites/salt.discount.co.il/files/g (...) FQDN: discount-banks.com IP: 20.173.112.11 HASH: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 20.173.112.11 HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 Date: Sat, 26 Nov 2022 22:25:33 GMT Server: Apache Content-Length: 315 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 315 Md5: a34ac19f4afae63adc5d2f7bc970c07f Sha1: a82190fc530c265aa40a045c21770d967f4767b8 Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 Alerts: Blocklists: - openphish: Generic/Spear Phishing - fortinet: Phishing
GET /detector-dom.min.js HTTP/1.1 Host: discount-banks.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://discount-banks.com/ Cookie: cssName=discount; language=HEBREW; pageKey=home; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14	URL: discount-banks.com/detector-dom.min.js FQDN: discount-banks.com IP: 20.173.112.11 HASH: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 20.173.112.11 HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 Date: Sat, 26 Nov 2022 22:25:33 GMT Server: Apache Content-Length: 315 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 315 Md5: a34ac19f4afae63adc5d2f7bc970c07f Sha1: a82190fc530c265aa40a045c21770d967f4767b8 Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 Alerts: Blocklists: - openphish: Generic/Spear Phishing - fortinet: Phishing
GET /i18n/lobby/countryCodes/he.json HTTP/1.1 Host: discount-banks.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/json, text/plain, / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://discount-banks.com/ Cookie: cssName=discount; language=HEBREW; pageKey=home; t=P; f=; mybank=; caller=internet; newRetail=0	URL: discount-banks.com/i18n/lobby/countryCodes/he.json FQDN: discount-banks.com IP: 20.173.112.11 HASH: 2c19896a3b0fc0586e3d01505daa2846c6d9781e36dfceb557a092dd40cd3930 20.173.112.11 HTTP/1.1 200 OK Content-Type: application/json Date: Sat, 26 Nov 2022 22:25:33 GMT Server: Apache Last-Modified: Thu, 17 Nov 2022 18:31:06 GMT Accept-Ranges: bytes Content-Length: 17622 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive --- Additional Info --- Magic: JSON data\012- , Unicode text, UTF-8 text, with CRLF line terminators Size: 17622 Md5: cafda2f9f98606d1089c44b32b5cceba Sha1: ccaabb839d050406434c7e25fa6e651db0ffc4c7 Sha256: 2c19896a3b0fc0586e3d01505daa2846c6d9781e36dfceb557a092dd40cd3930 Alerts: Blocklists: - openphish: Generic/Spear Phishing - fortinet: Phishing
GET /modules/login-retail-module.b440cfbad1ae70a3.js HTTP/1.1 Host: discount-banks.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://discount-banks.com/ Cookie: cssName=discount; language=HEBREW; pageKey=home; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14	URL: discount-banks.com/modules/login-retail-module.b440cfba (...) FQDN: discount-banks.com IP: 20.173.112.11 HASH: 6024682d6e52aad6c4c431e825dac0902d35c29c275a654aa0ab95a0bd3ef98c 20.173.112.11 HTTP/1.1 200 OK Content-Type: application/javascript Date: Sat, 26 Nov 2022 22:25:33 GMT Server: Apache Last-Modified: Fri, 25 Nov 2022 12:11:10 GMT Accept-Ranges: bytes Content-Length: 26195 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive --- Additional Info --- Magic: ASCII text, with very long lines (1963), with CRLF line terminators Size: 26195 Md5: c9da49a16b67cba4ddec69cd6a1cae2a Sha1: 193e12c9b6922e8d3c457d79123b44a0d4a944d9 Sha256: 6024682d6e52aad6c4c431e825dac0902d35c29c275a654aa0ab95a0bd3ef98c Alerts: Blocklists: - openphish: Generic/Spear Phishing - fortinet: Phishing
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: 0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9" Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=15901 Expires: Sun, 27 Nov 2022 02:50:34 GMT Date: Sat, 26 Nov 2022 22:25:33 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 6827d82f488045e02e40d6a2fdbae4b3 Sha1: 4944139a4b08769511ffc6aa913857d88a0db7bc Sha256: 0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: 0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9" Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=15901 Expires: Sun, 27 Nov 2022 02:50:34 GMT Date: Sat, 26 Nov 2022 22:25:33 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 6827d82f488045e02e40d6a2fdbae4b3 Sha1: 4944139a4b08769511ffc6aa913857d88a0db7bc Sha256: 0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: 0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9" Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=15901 Expires: Sun, 27 Nov 2022 02:50:34 GMT Date: Sat, 26 Nov 2022 22:25:33 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 6827d82f488045e02e40d6a2fdbae4b3 Sha1: 4944139a4b08769511ffc6aa913857d88a0db7bc Sha256: 0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F297e7532-86f8-4631-9062-cdd6a291b40b.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: ab1e7b46f3804640c7dd94d70c8c31ec2dfc3e2f0f015a8556d04d9d9089c450 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 5099 x-amzn-requestid: 57648043-7820-453d-9549-0f743b6c2557 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: cOo4jFBvoAMFl1w= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63828836-53b59d607b82c264180f469d;Sampled=0 x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: VsdLWuh4rCawI5V0YYGaHxEMl2YEVNgsbjfCwzDsrnCZhRK2FkCkVw== via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google date: Sat, 26 Nov 2022 21:51:41 GMT age: 2032 etag: "f2129466436cbbdd58abe42a47fb7af19eba58e6" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 5099 Md5: 433875a1b1fef34e45f2d8ac344c07e3 Sha1: f2129466436cbbdd58abe42a47fb7af19eba58e6 Sha256: ab1e7b46f3804640c7dd94d70c8c31ec2dfc3e2f0f015a8556d04d9d9089c450
GET /favicon.ico HTTP/1.1 Host: discount-banks.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://discount-banks.com/ Cookie: cssName=discount; language=HEBREW; pageKey=home; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14	URL: discount-banks.com/favicon.ico FQDN: discount-banks.com IP: 20.173.112.11 HASH: 293db1d55f3c76144baa11713c94303fb4d8140649153a909d9cf8eedf338b4d 20.173.112.11 HTTP/1.1 200 OK Content-Type: image/x-icon Date: Sat, 26 Nov 2022 22:25:33 GMT Server: Apache Last-Modified: Wed, 16 Nov 2022 10:40:36 GMT Accept-Ranges: bytes Content-Length: 1150 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive --- Additional Info --- Magic: MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data Size: 1150 Md5: bf64fade54ddf037c3e3cef51dc59d39 Sha1: be398e317062b48de427c2e01575db30ae78ffaf Sha256: 293db1d55f3c76144baa11713c94303fb4d8140649153a909d9cf8eedf338b4d Alerts: Blocklists: - openphish: Generic/Spear Phishing
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde03fed4-26de-4471-bc0e-a0c0483636ce.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 8d52f14267b8bd47119954796ff6c5d54eb6aa5d23c6e8bbd246108a5b89c1d9 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 8254 x-amzn-requestid: e12624ea-58c6-4f39-826c-8a1d87ebc5ba x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: cFySQGegIAMF-HA= x-content-type-options: nosniff x-amzn-trace-id: Root=1-637efda7-2c5e216a0d8a1502615186a8;Sampled=0 x-amzn-remapped-date: Thu, 24 Nov 2022 05:14:15 GMT x-amz-cf-pop: SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: 0Ylris3tg94-66p8L5kYl2zgnVZ4mCc04ju96DslaB97Dfr-6nTyfA== via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google date: Sat, 26 Nov 2022 21:52:26 GMT age: 1987 etag: "6fca9136030ea6f67be44e428ea39c34ff3e28e7" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 8254 Md5: 6ee5071a31d351c552aa651e40b16189 Sha1: 6fca9136030ea6f67be44e428ea39c34ff3e28e7 Sha256: 8d52f14267b8bd47119954796ff6c5d54eb6aa5d23c6e8bbd246108a5b89c1d9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b2959f-9d1d-41c7-a7c1-b9f52a7766ac.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 81fb72ab752b2eb39ab6ee015055304490b3b6c3259968703fd07c2a2eed1e61 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 7380 x-amzn-requestid: 18589644-299c-4a39-9376-db1bd1472009 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: cOo4iEegIAMFeuQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63828836-23990acc0fdc599a75a534e3;Sampled=0 x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: RqsZxAtbOkWBGbXJ3sZHxcS-ZvWOw7Yg2Qd4zj0QLhrp3wAXC8w6jA== via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google date: Sat, 26 Nov 2022 21:50:08 GMT age: 2125 etag: "97a135335f5b1b042adeb385718f8808cb78528b" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 7380 Md5: 76c00eceed956377d7469ef58b0815cb Sha1: 97a135335f5b1b042adeb385718f8808cb78528b Sha256: 81fb72ab752b2eb39ab6ee015055304490b3b6c3259968703fd07c2a2eed1e61
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 4803 x-amzn-requestid: 80f7f1c8-0316-4181-83ac-2787b1ae825f x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: cOo4iFHoIAMF2-g= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63828836-2c0a081b07e0785b4350c10c;Sampled=0 x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: AVwDLlKoy5pc9NNuR_OakMB0ONGAoO-k2AKwV--b2sjiaqYSKAWlZg== via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google date: Sat, 26 Nov 2022 21:51:37 GMT age: 2036 etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 4803 Md5: cc0a257323f882caff067adb86d906e4 Sha1: cedf2f21be7cd366bd46055b62b5513db3011dfc Sha256: c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0
GET /2188301/discload.js?dt=home&r=0.5608842164043029 HTTP/1.1 Host: stats.telebank.co.il User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Origin: http://discount-banks.com Connection: keep-alive Referer: http://discount-banks.com/	URL: stats.telebank.co.il/2188301/discload.js?dt=home&r=0.56 (...) FQDN: stats.telebank.co.il IP: 18.196.175.21 HASH: 8e1dd6cd307d148b5ed441cf3bdf3d78fdf8763a280e76b43c4f902dfc632bd6 18.196.175.21 HTTP/1.1 200 OK Content-Type: application/x-javascript Date: Sat, 26 Nov 2022 22:25:33 GMT Transfer-Encoding: chunked Connection: keep-alive Server: haile Strict-Transport-Security: max-age=86400 Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0)) P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM" Content-Encoding: gzip --- Additional Info --- Magic: data Size: 21664 Md5: 7c8f5a50a342470206ff093234c3c185 Sha1: 8bd24b09709774ea8c6f42fb4ac27952393b0cac Sha256: 8e1dd6cd307d148b5ed441cf3bdf3d78fdf8763a280e76b43c4f902dfc632bd6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: e9271a76da94d8b655860c3b00d111396c5d3a227fd2f19e0ef400fd5e84d87e 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 8817 x-amzn-requestid: 31bd21c7-1d75-4159-af51-52035da16da4 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: b-krGE6AIAMF2Kg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-637c1b13-32a7b9c6642592c70783a0cf;Sampled=0 x-amzn-remapped-date: Tue, 22 Nov 2022 00:42:59 GMT x-amz-cf-pop: SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: 6v42KU65wdKKPvjE7TRA3Li3o2dvrdPH7oGVDZGPPsAepqFFjQJkkA== via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google date: Sat, 26 Nov 2022 16:15:20 GMT age: 22213 etag: "308c08784ce4a0757cbd112807555b83e17a1d56" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 8817 Md5: 741ddfb19764ac9a77509e7e87cfbfb2 Sha1: 308c08784ce4a0757cbd112807555b83e17a1d56 Sha256: e9271a76da94d8b655860c3b00d111396c5d3a227fd2f19e0ef400fd5e84d87e
GET /i18n/lobby/login/he.json HTTP/1.1 Host: discount-banks.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/json, text/plain, / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://discount-banks.com/ Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home	URL: discount-banks.com/i18n/lobby/login/he.json FQDN: discount-banks.com IP: 20.173.112.11 HASH: a9008c90d34ee38415e1ea47e195513133926c1e79f3d346edfba41ff4955089 20.173.112.11 HTTP/1.1 200 OK Content-Type: application/json Date: Sat, 26 Nov 2022 22:25:33 GMT Server: Apache Last-Modified: Thu, 17 Nov 2022 18:31:50 GMT Accept-Ranges: bytes Content-Length: 21666 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive --- Additional Info --- Magic: JSON data\012- , Unicode text, UTF-8 text, with CRLF line terminators Size: 21666 Md5: 8532b1e5d61d64c8beed07b23cf57f29 Sha1: a096784909a1ec783c49c47c17cac8574dcbb863 Sha256: a9008c90d34ee38415e1ea47e195513133926c1e79f3d346edfba41ff4955089 Alerts: Blocklists: - openphish: Generic/Spear Phishing - fortinet: Phishing
GET /media/Global/page_loader.gif HTTP/1.1 Host: discount-banks.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://discount-banks.com/ Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home	URL: discount-banks.com/media/Global/page_loader.gif FQDN: discount-banks.com IP: 20.173.112.11 HASH: 5aee346f86ec6f8657ed0ee2f55ed00701cba9af0e02771e55bacadb041884ff 20.173.112.11 HTTP/1.1 200 OK Content-Type: image/gif Date: Sat, 26 Nov 2022 22:25:34 GMT Server: Apache Last-Modified: Thu, 17 Nov 2022 18:39:30 GMT Accept-Ranges: bytes Content-Length: 14388 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive --- Additional Info --- Magic: GIF image data, version 89a, 160 x 50\012- data Size: 14388 Md5: 15578324668cdd2ac72266007e353c2b Sha1: 89c5cda1e602c53c1e4788e197074ac54633ff57 Sha256: 5aee346f86ec6f8657ed0ee2f55ed00701cba9af0e02771e55bacadb041884ff Alerts: Blocklists: - openphish: Generic/Spear Phishing
GET /i18n/lobby/errors/he.json HTTP/1.1 Host: discount-banks.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/json, text/plain, / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://discount-banks.com/ Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home	URL: discount-banks.com/i18n/lobby/errors/he.json FQDN: discount-banks.com IP: 20.173.112.11 HASH: a9776749884b44fa3e76de4ba23b237d1154056782e9a6c30a08e63e66e2df8a 20.173.112.11 HTTP/1.1 200 OK Content-Type: application/json Date: Sat, 26 Nov 2022 22:25:34 GMT Server: Apache Last-Modified: Thu, 17 Nov 2022 17:56:40 GMT Accept-Ranges: bytes Content-Length: 12519 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive --- Additional Info --- Magic: JSON data\012- , Unicode text, UTF-8 text Size: 12519 Md5: 6b616baeecd6cbad74c494c100d66db5 Sha1: cd07c57dc1b3c09c343a848018b8442b5c34f356 Sha256: a9776749884b44fa3e76de4ba23b237d1154056782e9a6c30a08e63e66e2df8a Alerts: Blocklists: - openphish: Generic/Spear Phishing - fortinet: Phishing
GET /csLobby.he.css?id=1669501533945 HTTP/1.1 Host: discount-banks.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://discount-banks.com/ Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home	URL: discount-banks.com/csLobby.he.css?id=1669501533945 FQDN: discount-banks.com IP: 20.173.112.11 HASH: d02d4f8456f884b03c30f9affdfacd6ac566d87d404334c23a1afb1915189019 20.173.112.11 HTTP/1.1 200 OK Content-Type: text/css Date: Sat, 26 Nov 2022 22:25:34 GMT Server: Apache Last-Modified: Thu, 17 Nov 2022 18:34:40 GMT Accept-Ranges: bytes Content-Length: 527560 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive --- Additional Info --- Magic: ASCII text, with very long lines (65536), with no line terminators Size: 527560 Md5: 5588df03500e4b1b36535a2f83c7fcd2 Sha1: 063a8e2837d69a020186b62c5e7cc5b0c0235124 Sha256: d02d4f8456f884b03c30f9affdfacd6ac566d87d404334c23a1afb1915189019 Alerts: Blocklists: - openphish: Generic/Spear Phishing - fortinet: Phishing
GET /login/media/logo/Discount_Logo_he.png HTTP/1.1 Host: discount-banks.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://discount-banks.com/csLobby.he.css?id=1669501533945 Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home; site=retail	URL: discount-banks.com/login/media/logo/Discount_Logo_he.png FQDN: discount-banks.com IP: 20.173.112.11 HASH: 939794d00339ab5df4e320d56f0c1a2743ec7b0cfa52919570b4f5374255d626 20.173.112.11 HTTP/1.1 200 OK Content-Type: image/png Date: Sat, 26 Nov 2022 22:25:34 GMT Server: Apache Last-Modified: Thu, 17 Nov 2022 18:38:58 GMT Accept-Ranges: bytes Content-Length: 2626 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive --- Additional Info --- Magic: PNG image data, 235 x 53, 8-bit/color RGBA, non-interlaced\012- data Size: 2626 Md5: 6386133c7e3c9faa41f70a836947e3f8 Sha1: 425c17a21795f7e0db4fa1601c24b1e833e024e5 Sha256: 939794d00339ab5df4e320d56f0c1a2743ec7b0cfa52919570b4f5374255d626 Alerts: Blocklists: - openphish: Generic/Spear Phishing
GET /login/media/images/safe.png HTTP/1.1 Host: discount-banks.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://discount-banks.com/csLobby.he.css?id=1669501533945 Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home; site=retail	URL: discount-banks.com/login/media/images/safe.png FQDN: discount-banks.com IP: 20.173.112.11 HASH: 293d10344fb62547302e9616e8310cae04bef8dfccfceaa482f8a9dc58586888 20.173.112.11 HTTP/1.1 200 OK Content-Type: image/png Date: Sat, 26 Nov 2022 22:25:34 GMT Server: Apache Last-Modified: Thu, 17 Nov 2022 18:39:36 GMT Accept-Ranges: bytes Content-Length: 3848 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive --- Additional Info --- Magic: PNG image data, 54 x 76, 8-bit/color RGBA, non-interlaced\012- data Size: 3848 Md5: cc836cf1de4d39e2980aca82e050ebd5 Sha1: b852759c9c0eeca884c6df40b9ebd9e64bd79e8e Sha256: 293d10344fb62547302e9616e8310cae04bef8dfccfceaa482f8a9dc58586888 Alerts: Blocklists: - openphish: Generic/Spear Phishing
GET /login/media/images/join.png HTTP/1.1 Host: discount-banks.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://discount-banks.com/csLobby.he.css?id=1669501533945 Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home; site=retail	URL: discount-banks.com/login/media/images/join.png FQDN: discount-banks.com IP: 20.173.112.11 HASH: dc0cfba031238f4598a28cdd7ffe4425b9c075023703a33ff34222345beead56 20.173.112.11 HTTP/1.1 200 OK Content-Type: image/png Date: Sat, 26 Nov 2022 22:25:34 GMT Server: Apache Last-Modified: Thu, 17 Nov 2022 18:39:08 GMT Accept-Ranges: bytes Content-Length: 5488 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive --- Additional Info --- Magic: PNG image data, 74 x 76, 8-bit/color RGBA, non-interlaced\012- data Size: 5488 Md5: 3fc7da9f692a73e960f09134dfa1fcc1 Sha1: d2432dc1813ca634064eb0b5a8deffa0206e2d1a Sha256: dc0cfba031238f4598a28cdd7ffe4425b9c075023703a33ff34222345beead56 Alerts: Blocklists: - openphish: Generic/Spear Phishing
GET /login/media/icons/arrow_down_black.png HTTP/1.1 Host: discount-banks.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://discount-banks.com/csLobby.he.css?id=1669501533945 Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home; site=retail	URL: discount-banks.com/login/media/icons/arrow_down_black.png FQDN: discount-banks.com IP: 20.173.112.11 HASH: 800ae0b7f74e86644ed8202c49bb0fce9ad5a99ff4d2a4e79df069402f95a962 20.173.112.11 HTTP/1.1 200 OK Content-Type: image/png Date: Sat, 26 Nov 2022 22:25:34 GMT Server: Apache Last-Modified: Thu, 17 Nov 2022 18:38:44 GMT Accept-Ranges: bytes Content-Length: 15744 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive --- Additional Info --- Magic: PNG image data, 14 x 9, 8-bit/color RGBA, non-interlaced\012- data Size: 15744 Md5: 8310f5381e485979dd44b47bc8633928 Sha1: 28168c9befe02ba5d3583ed73257683e7f322ae9 Sha256: 800ae0b7f74e86644ed8202c49bb0fce9ad5a99ff4d2a4e79df069402f95a962 Alerts: Blocklists: - openphish: Generic/Spear Phishing
GET /login/media/fonts/arimo/Arimo.woff HTTP/1.1 Host: discount-banks.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Connection: keep-alive Referer: http://discount-banks.com/csLobby.he.css?id=1669501533945 Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home; site=retail	URL: discount-banks.com/login/media/fonts/arimo/Arimo.woff FQDN: discount-banks.com IP: 20.173.112.11 HASH: 5dbd9011ef91f68e5418268b19580f492a5b4e66db4cbf644a0a4b55c0e8f39f 20.173.112.11 HTTP/1.1 200 OK Content-Type: font/woff Date: Sat, 26 Nov 2022 22:25:35 GMT Server: Apache Last-Modified: Thu, 17 Nov 2022 18:49:40 GMT Accept-Ranges: bytes Content-Length: 234900 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive --- Additional Info --- Magic: Web Open Font Format, TrueType, length 234900, version 0.0\012- data Size: 234900 Md5: c4393ab5112468e47a9c5d06931c712d Sha1: 47f65a9341bf6ebacbffd18f3b3e0802f5ef05e9 Sha256: 5dbd9011ef91f68e5418268b19580f492a5b4e66db4cbf644a0a4b55c0e8f39f Alerts: Blocklists: - openphish: Generic/Spear Phishing - fortinet: Phishing
GET /login/media/images/open_count.png HTTP/1.1 Host: discount-banks.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://discount-banks.com/csLobby.he.css?id=1669501533945 Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home; site=retail	URL: discount-banks.com/login/media/images/open_count.png FQDN: discount-banks.com IP: 20.173.112.11 HASH: 5080ab3669ac9bddc0e2c4eae806f4d1f06fe9d7d2fb218a0226dcb5b5b2febd 20.173.112.11 HTTP/1.1 200 OK Content-Type: image/png Date: Sat, 26 Nov 2022 22:25:35 GMT Server: Apache Last-Modified: Thu, 17 Nov 2022 18:39:24 GMT Accept-Ranges: bytes Content-Length: 4270 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive --- Additional Info --- Magic: PNG image data, 76 x 60, 8-bit/color RGBA, non-interlaced\012- data Size: 4270 Md5: 6632b3e229ae7c3c9da6e84f2e825f90 Sha1: 51f8a493f2e05b5dd92cf5f42c135ebfa5285a2c Sha256: 5080ab3669ac9bddc0e2c4eae806f4d1f06fe9d7d2fb218a0226dcb5b5b2febd Alerts: Blocklists: - openphish: Generic/Spear Phishing
GET /login/media/images/support.png HTTP/1.1 Host: discount-banks.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://discount-banks.com/csLobby.he.css?id=1669501533945 Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home; site=retail	URL: discount-banks.com/login/media/images/support.png FQDN: discount-banks.com IP: 20.173.112.11 HASH: c17820b689791acec68299e0befa055aea5da67dfc68d4fcc380910093ef815b 20.173.112.11 HTTP/1.1 200 OK Content-Type: image/png Date: Sat, 26 Nov 2022 22:25:35 GMT Server: Apache Last-Modified: Thu, 17 Nov 2022 18:39:40 GMT Accept-Ranges: bytes Content-Length: 5752 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive --- Additional Info --- Magic: PNG image data, 52 x 78, 8-bit/color RGBA, non-interlaced\012- data Size: 5752 Md5: 08596f4128584fdc5630fe9d2d93230c Sha1: 2d16653da531cc8c7cf066c6b4106093cb2367fd Sha256: c17820b689791acec68299e0befa055aea5da67dfc68d4fcc380910093ef815b Alerts: Blocklists: - openphish: Generic/Spear Phishing
GET /login/media/images/like.png HTTP/1.1 Host: discount-banks.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://discount-banks.com/csLobby.he.css?id=1669501533945 Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home; site=retail	URL: discount-banks.com/login/media/images/like.png FQDN: discount-banks.com IP: 20.173.112.11 HASH: d2a5673c47b22d9ae0053c70533b3bbb9b54944f7f87eea881fb341442459776 20.173.112.11 HTTP/1.1 200 OK Content-Type: image/png Date: Sat, 26 Nov 2022 22:25:35 GMT Server: Apache Last-Modified: Thu, 17 Nov 2022 18:39:12 GMT Accept-Ranges: bytes Content-Length: 4958 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive --- Additional Info --- Magic: PNG image data, 69 x 76, 8-bit/color RGBA, non-interlaced\012- data Size: 4958 Md5: 9c5c377b34aea492082d4a77befe22cf Sha1: b89ca9558b767ec56feb381c0be0c21fbc479da4 Sha256: d2a5673c47b22d9ae0053c70533b3bbb9b54944f7f87eea881fb341442459776 Alerts: Blocklists: - openphish: Generic/Spear Phishing
GET /login/media/icons/arrow_right_gray.png HTTP/1.1 Host: discount-banks.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://discount-banks.com/csLobby.he.css?id=1669501533945 Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home; site=retail	URL: discount-banks.com/login/media/icons/arrow_right_gray.png FQDN: discount-banks.com IP: 20.173.112.11 HASH: 59de5b367bbc38f02ac39ff4428337415cc01e0afc1ebc57e316e29c4a8b14ce 20.173.112.11 HTTP/1.1 200 OK Content-Type: image/png Date: Sat, 26 Nov 2022 22:25:35 GMT Server: Apache Last-Modified: Thu, 17 Nov 2022 18:38:52 GMT Accept-Ranges: bytes Content-Length: 15316 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive --- Additional Info --- Magic: PNG image data, 9 x 14, 8-bit/color RGBA, non-interlaced\012- data Size: 15316 Md5: 420bc0d40e6bd02588697613d6298d66 Sha1: ba7034643ef92763809725f1c1f903fbcec656c7 Sha256: 59de5b367bbc38f02ac39ff4428337415cc01e0afc1ebc57e316e29c4a8b14ce Alerts: Blocklists: - openphish: Generic/Spear Phishing
GET /login/media/images/login_d_bg.png HTTP/1.1 Host: discount-banks.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://discount-banks.com/csLobby.he.css?id=1669501533945 Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home; site=retail	URL: discount-banks.com/login/media/images/login_d_bg.png FQDN: discount-banks.com IP: 20.173.112.11 HASH: cdc03c1e4551599b5cacdc95a8b582ea3275ddc0b6c592fad37de70555ef9982 20.173.112.11 HTTP/1.1 200 OK Content-Type: image/png Date: Sat, 26 Nov 2022 22:25:34 GMT Server: Apache Last-Modified: Thu, 17 Nov 2022 18:39:18 GMT Accept-Ranges: bytes Content-Length: 1100284 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive --- Additional Info --- Magic: PNG image data, 2577 x 802, 8-bit/color RGBA, interlaced\012- data Size: 1100284 Md5: 364780bfc722998b0532f9b754284f20 Sha1: 406327b73a982688e32255b158179a73142dcfdc Sha256: cdc03c1e4551599b5cacdc95a8b582ea3275ddc0b6c592fad37de70555ef9982 Alerts: Blocklists: - openphish: Generic/Spear Phishing

URL	discount-banks.com/
IP	20.173.112.11 (United States)
ASN	#8075 MICROSOFT-CORP-MSN-AS-BLOCK
UserAgent	Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed	2022-11-26 22:25:43 UTC
Status	Loading report..
IDS alerts	0
Blocklist alert	39
urlquery alerts	No alerts detected
Tags	None

Overview

Domain Summary (11)

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 1 reports on IP: 20.173.112.11

Last 5 reports on ASN: MICROSOFT-CORP-MSN-AS-BLOCK

Last 1 reports on domain: discount-banks.com

No other reports with similar screenshot

JavaScript

Executed Scripts (6)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (48)

Overview

Domain Summary (11)

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 1 reports on IP: 20.173.112.11

Last 5 reports on ASN: MICROSOFT-CORP-MSN-AS-BLOCK

Last 1 reports on domain: discount-banks.com

No other reports with similar screenshot

JavaScript

Executed Scripts (6)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (48)

Network Intrusion Detection Systems