Overview

URLdiscount-banks.com/
IP 20.173.112.11 (United States)
ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-26 22:25:43 UTC
StatusLoading report..
IDS alerts0
Blocklist alert39
urlquery alerts No alerts detected
Tags None

Domain Summary (11)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-26 05:33:20 UTC 34.102.187.140
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-26 05:33:16 UTC 34.117.237.239
discount-banks.com (26) 0 2022-11-26 15:59:16 UTC 2022-11-26 18:10:08 UTC 20.173.112.11 Unknown ranking
api.telegram.org (2) 38509 2015-06-25 10:09:00 UTC 2022-11-26 17:59:51 UTC 149.154.167.220
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 54.149.219.22
img-getpocket.cdn.mozilla.net (5) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
r3.o.lencr.org (5) 344 No data No data 23.36.76.226
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
ocsp.godaddy.com (2) 698 2012-05-20 19:28:57 UTC 2020-05-02 20:58:10 UTC 192.124.249.24
stats.telebank.co.il (1) 818415 2018-10-24 14:02:19 UTC 2019-09-14 22:38:46 UTC 18.196.175.21
ocsp.digicert.com (2) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
Scan Date Severity Indicator Comment
2022-11-26 2 discount-banks.com/ Generic/Spear Phishing
2022-11-26 2 discount-banks.com/ Generic/Spear Phishing
2022-11-26 2 discount-banks.com/ Generic/Spear Phishing
2022-11-26 2 discount-banks.com/ Generic/Spear Phishing
2022-11-26 2 discount-banks.com/ Generic/Spear Phishing
2022-11-26 2 discount-banks.com/ Generic/Spear Phishing
2022-11-26 2 discount-banks.com/ Generic/Spear Phishing
2022-11-26 2 discount-banks.com/ Generic/Spear Phishing
2022-11-26 2 discount-banks.com/ Generic/Spear Phishing
2022-11-26 2 discount-banks.com/ Generic/Spear Phishing
2022-11-26 2 discount-banks.com/ Generic/Spear Phishing
2022-11-26 2 discount-banks.com/ Generic/Spear Phishing
2022-11-26 2 discount-banks.com/ Generic/Spear Phishing
2022-11-26 2 discount-banks.com/ Generic/Spear Phishing
2022-11-26 2 discount-banks.com/ Generic/Spear Phishing
2022-11-26 2 discount-banks.com/ Generic/Spear Phishing
2022-11-26 2 discount-banks.com/ Generic/Spear Phishing
2022-11-26 2 discount-banks.com/ Generic/Spear Phishing
2022-11-26 2 discount-banks.com/ Generic/Spear Phishing
2022-11-26 2 discount-banks.com/ Generic/Spear Phishing
2022-11-26 2 discount-banks.com/ Generic/Spear Phishing
2022-11-26 2 discount-banks.com/ Generic/Spear Phishing
2022-11-26 2 discount-banks.com/ Generic/Spear Phishing
2022-11-26 2 discount-banks.com/ Generic/Spear Phishing
2022-11-26 2 discount-banks.com/ Generic/Spear Phishing
2022-11-26 2 discount-banks.com/ Generic/Spear Phishing

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-26 2 discount-banks.com/ Phishing
2022-11-26 2 discount-banks.com/js/runtime.04f78f22239251e1.js Phishing
2022-11-26 2 discount-banks.com/js/polyfills.bc4c3aa24e3abbc9.js Phishing
2022-11-26 2 discount-banks.com/js/main.80f5228faf91c411d.js Phishing
2022-11-26 2 discount-banks.com/i18n/lobby/kit/he.json Phishing
2022-11-26 2 discount-banks.com/DB/sites/salt.discount.co.il/files/graphics/apolllo_file (...) Phishing
2022-11-26 2 discount-banks.com/detector-dom.min.js Phishing
2022-11-26 2 discount-banks.com/i18n/lobby/countryCodes/he.json Phishing
2022-11-26 2 discount-banks.com/modules/login-retail-module.b440cfbad1ae70a3.js Phishing
2022-11-26 2 discount-banks.com/i18n/lobby/login/he.json Phishing
2022-11-26 2 discount-banks.com/i18n/lobby/errors/he.json Phishing
2022-11-26 2 discount-banks.com/csLobby.he.css?id=1669501533945 Phishing
2022-11-26 2 discount-banks.com/login/media/fonts/arimo/Arimo.woff Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 1 reports on IP: 20.173.112.11
Date UQ / IDS / BL URL IP
2022-11-26 22:25:43 +0000 0 - 0 - 39 discount-banks.com/ 20.173.112.11


Last 5 reports on ASN: MICROSOFT-CORP-MSN-AS-BLOCK
Date UQ / IDS / BL URL IP
2023-02-08 16:01:59 +0000 0 - 0 - 11 9490w89439238945823983298.azurefd.net/ 13.107.237.53
2023-02-08 15:49:54 +0000 0 - 0 - 2 20.214.201.166 20.214.201.166
2023-02-08 15:41:11 +0000 0 - 0 - 19 ameligov.com/login.php 20.199.177.26
2023-02-08 15:37:06 +0000 11 - 0 - 27 www.coreos-tracking.es/sms-error.php 20.199.17.199
2023-02-08 15:36:29 +0000 0 - 0 - 0 nam10.safelinks.protection.outlook.com/?url=h (...) 104.47.70.28


Last 1 reports on domain: discount-banks.com
Date UQ / IDS / BL URL IP
2022-11-26 22:25:43 +0000 0 - 0 - 39 discount-banks.com/ 20.173.112.11


No other reports with similar screenshot

JavaScript

Executed Scripts (6)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (48)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "164D11173045B569CAFB32E300E4C1EC6D6AB177FD34D0414CC40C541268779F"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6386
Expires: Sun, 27 Nov 2022 00:11:57 GMT
Date: Sat, 26 Nov 2022 22:25:31 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1568
Cache-Control: max-age=131505
Date: Sat, 26 Nov 2022 22:25:31 GMT
Etag: "6381eaec-1d7"
Expires: Mon, 28 Nov 2022 10:57:16 GMT
Last-Modified: Sat, 26 Nov 2022 10:31:08 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C9951A909F354174F0075A01C01C3C3AA6960983040E328BFBBBEA81AEB405C2"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7307
Expires: Sun, 27 Nov 2022 00:27:18 GMT
Date: Sat, 26 Nov 2022 22:25:31 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 26 Nov 2022 22:17:33 GMT
cache-control: public,max-age=3600
age: 478
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    4d7e4eed097b9c4e5d509419f1cfc85a
Sha1:   290bb3d428a7c6330e2e3d73a952b16f820896c8
Sha256: 0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: Xi0yQfO5V2Mx58yrfIjsvdOYWKZY/m+NfpjnRi4v2WLPAXcIGwNRHaw/lMTU781j300q9wMZEOI=
x-amz-request-id: HCHZJDVZ6JJVQDAQ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 26 Nov 2022 21:41:22 GMT
age: 2649
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sat, 26 Nov 2022 22:25:31 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET / HTTP/1.1 
Host: discount-banks.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         20.173.112.11
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 26 Nov 2022 22:25:31 GMT
Server: Apache
Last-Modified: Fri, 25 Nov 2022 12:10:54 GMT
Accept-Ranges: bytes
Content-Length: 2499
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (425)
Size:   2499
Md5:    c19c75eb94140232266e4823b57a2d01
Sha1:   1340d6d729b8e7d7bf6077138febaa9202f4fd66
Sha256: fa6590d31fe08aa4b920df47d95bcd00d7b173eed380333cfaeb5ff0a7700988

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - fortinet: Phishing
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 26 Nov 2022 22:08:54 GMT
cache-control: public,max-age=3600
age: 998
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /js/runtime.04f78f22239251e1.js HTTP/1.1 
Host: discount-banks.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/

search
                                         20.173.112.11
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 26 Nov 2022 22:25:32 GMT
Server: Apache
Last-Modified: Wed, 16 Nov 2022 12:43:54 GMT
Accept-Ranges: bytes
Content-Length: 4962
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (961), with CRLF line terminators
Size:   4962
Md5:    60db4801dc3116809a61d4eb1fbf5412
Sha1:   984762a5ea8c74f5f4856fa74ea808a5d09227c5
Sha256: 686651c3565af55b848991810a11642a3c012adac4f34a449c6343b1d891b48d

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5169
Cache-Control: max-age=130048
Date: Sat, 26 Nov 2022 22:25:32 GMT
Etag: "6381d72b-1d7"
Expires: Mon, 28 Nov 2022 10:33:00 GMT
Last-Modified: Sat, 26 Nov 2022 09:06:51 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.godaddy.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         192.124.249.24
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Sucuri/Cloudproxy
Date: Sat, 26 Nov 2022 22:25:32 GMT
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 26 Nov 2022 19:41:01 GMT
Expires: Sun, 27 Nov 2022 19:41:01 GMT
ETag: "f836295a4b6a26ffeb25831baf3545632d2e9e56"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"


--- Additional Info ---
Magic:  data
Size:   1778
Md5:    5c7e9efc358d05e81f128a29e314fb01
Sha1:   f836295a4b6a26ffeb25831baf3545632d2e9e56
Sha256: 5826705e8f694c4376e60ce3a22bf218d804ab2bac85679b3f171b3657a05fbb
                                        
                                            POST / HTTP/1.1 
Host: ocsp.godaddy.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         192.124.249.24
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Sucuri/Cloudproxy
Date: Sat, 26 Nov 2022 22:25:32 GMT
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 26 Nov 2022 19:41:01 GMT
Expires: Sun, 27 Nov 2022 19:41:01 GMT
ETag: "f836295a4b6a26ffeb25831baf3545632d2e9e56"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"


--- Additional Info ---
Magic:  data
Size:   1778
Md5:    5c7e9efc358d05e81f128a29e314fb01
Sha1:   f836295a4b6a26ffeb25831baf3545632d2e9e56
Sha256: 5826705e8f694c4376e60ce3a22bf218d804ab2bac85679b3f171b3657a05fbb
                                        
                                            OPTIONS /bot5817482971:AAHzPGhjSpXW3tCWeODSkluv2HK7ZBRk5Gg/sendMessage HTTP/1.1 
Host: api.telegram.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://discount-banks.com/
Origin: http://discount-banks.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         149.154.167.220
HTTP/2 204 No Content
                                        
server: nginx/1.18.0
date: Sat, 26 Nov 2022 22:25:32 GMT
access-control-max-age: 86400
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: content-type
access-control-expose-headers: Content-Length,Content-Type,Date,Server,Connection
X-Firefox-Spdy: h2

                                        
                                            GET /images/page_loader.gif HTTP/1.1 
Host: discount-banks.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/

search
                                         20.173.112.11
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Sat, 26 Nov 2022 22:25:32 GMT
Server: Apache
Last-Modified: Wed, 16 Nov 2022 10:40:36 GMT
Accept-Ranges: bytes
Content-Length: 14388
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  GIF image data, version 89a, 160 x 50\012- data
Size:   14388
Md5:    15578324668cdd2ac72266007e353c2b
Sha1:   89c5cda1e602c53c1e4788e197074ac54633ff57
Sha256: 5aee346f86ec6f8657ed0ee2f55ed00701cba9af0e02771e55bacadb041884ff

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
                                        
                                            GET /css/styles.3aa76272f469279a.css HTTP/1.1 
Host: discount-banks.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/

search
                                         20.173.112.11
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sat, 26 Nov 2022 22:25:32 GMT
Server: Apache
Last-Modified: Wed, 16 Nov 2022 10:40:36 GMT
Accept-Ranges: bytes
Content-Length: 219
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   219
Md5:    3fdb948cce53b0c337dbdef0cd95b61e
Sha1:   a0f4a6d2e14c90fbea4687c35a85e6aa7074e5ec
Sha256: d6d1904dd9ecb4083f7c4cee6f23e10dda0bcc83788e083a3ff9aad3fc093a76

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
                                        
                                            POST /bot5817482971:AAHzPGhjSpXW3tCWeODSkluv2HK7ZBRk5Gg/sendMessage HTTP/1.1 
Host: api.telegram.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/json; charset=UTF-8
Content-Length: 56
Origin: http://discount-banks.com
Connection: keep-alive
Referer: http://discount-banks.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         149.154.167.220
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx/1.18.0
date: Sat, 26 Nov 2022 22:25:32 GMT
content-length: 279
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-expose-headers: Content-Length,Content-Type,Date,Server,Connection
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   279
Md5:    c8064e27df9897b561c86d77587735db
Sha1:   c9e0e44c10c9156bd221d075607b2d1c2627fbb2
Sha256: 2c9b4e5347baf4fe0e62940c9e6a5eaa7d60941e0bf180bda87606b0b77f82b0
                                        
                                            GET /js/polyfills.bc4c3aa24e3abbc9.js HTTP/1.1 
Host: discount-banks.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/

search
                                         20.173.112.11
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 26 Nov 2022 22:25:32 GMT
Server: Apache
Last-Modified: Wed, 16 Nov 2022 10:41:00 GMT
Accept-Ranges: bytes
Content-Length: 36170
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (10201)
Size:   36170
Md5:    f195324aac354f765affd981445ec615
Sha1:   46cc799b53685c1360fab2932425c4fb19461437
Sha256: fc8854a13ee0cbee1942f854f577bce908453d33322d6e5984ab4ea502f7578f

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - fortinet: Phishing
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: HAiVwgj4OkJxzBFpkhk2GA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         54.149.219.22
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: /dOXat+ASgSW9CnW9itkSM1x2aU=

                                        
                                            GET /js/main.80f5228faf91c411d.js HTTP/1.1 
Host: discount-banks.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/

search
                                         20.173.112.11
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 26 Nov 2022 22:25:32 GMT
Server: Apache
Last-Modified: Thu, 17 Nov 2022 19:04:18 GMT
Accept-Ranges: bytes
Content-Length: 969614
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   969614
Md5:    0d84fd62f95a9e3618fb761ad766a899
Sha1:   2db31eb30acd5f9fe24a7c2aa26ff174d796210e
Sha256: 523ad9a676ed2874e3f7d2e0f6c246cd5d653acce375252377b1fc36bbea77a3

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - fortinet: Phishing
                                        
                                            GET /i18n/lobby/kit/he.json HTTP/1.1 
Host: discount-banks.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/
Cookie: cssName=discount; language=HEBREW; pageKey=home; t=P; f=; mybank=; caller=internet; newRetail=0

search
                                         20.173.112.11
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Date: Sat, 26 Nov 2022 22:25:33 GMT
Server: Apache
Last-Modified: Thu, 17 Nov 2022 18:31:30 GMT
Accept-Ranges: bytes
Content-Length: 2401
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  JSON data\012- , Unicode text, UTF-8 text, with CRLF line terminators
Size:   2401
Md5:    01f59824bc68e0bcf65c87f8056436bf
Sha1:   3d3d968ae3c66f5f6d97b2433b7adcf90a50ca2a
Sha256: 441ea0e2b859175a4ee99d8db3a63e67696e7225330e22d1674b3e1ce851b932

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - fortinet: Phishing
                                        
                                            GET /DB/sites/salt.discount.co.il/files/graphics/apolllo_files/alljsqprivacyandgtm.js?cb=1669501533235 HTTP/1.1 
Host: discount-banks.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/
Cookie: cssName=discount; language=HEBREW; pageKey=home; t=P; f=; mybank=; caller=internet; newRetail=0

search
                                         20.173.112.11
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Sat, 26 Nov 2022 22:25:33 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   315
Md5:    a34ac19f4afae63adc5d2f7bc970c07f
Sha1:   a82190fc530c265aa40a045c21770d967f4767b8
Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - fortinet: Phishing
                                        
                                            GET /detector-dom.min.js HTTP/1.1 
Host: discount-banks.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/
Cookie: cssName=discount; language=HEBREW; pageKey=home; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14

search
                                         20.173.112.11
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Sat, 26 Nov 2022 22:25:33 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   315
Md5:    a34ac19f4afae63adc5d2f7bc970c07f
Sha1:   a82190fc530c265aa40a045c21770d967f4767b8
Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - fortinet: Phishing
                                        
                                            GET /i18n/lobby/countryCodes/he.json HTTP/1.1 
Host: discount-banks.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/
Cookie: cssName=discount; language=HEBREW; pageKey=home; t=P; f=; mybank=; caller=internet; newRetail=0

search
                                         20.173.112.11
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Date: Sat, 26 Nov 2022 22:25:33 GMT
Server: Apache
Last-Modified: Thu, 17 Nov 2022 18:31:06 GMT
Accept-Ranges: bytes
Content-Length: 17622
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  JSON data\012- , Unicode text, UTF-8 text, with CRLF line terminators
Size:   17622
Md5:    cafda2f9f98606d1089c44b32b5cceba
Sha1:   ccaabb839d050406434c7e25fa6e651db0ffc4c7
Sha256: 2c19896a3b0fc0586e3d01505daa2846c6d9781e36dfceb557a092dd40cd3930

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - fortinet: Phishing
                                        
                                            GET /modules/login-retail-module.b440cfbad1ae70a3.js HTTP/1.1 
Host: discount-banks.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/
Cookie: cssName=discount; language=HEBREW; pageKey=home; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14

search
                                         20.173.112.11
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 26 Nov 2022 22:25:33 GMT
Server: Apache
Last-Modified: Fri, 25 Nov 2022 12:11:10 GMT
Accept-Ranges: bytes
Content-Length: 26195
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (1963), with CRLF line terminators
Size:   26195
Md5:    c9da49a16b67cba4ddec69cd6a1cae2a
Sha1:   193e12c9b6922e8d3c457d79123b44a0d4a944d9
Sha256: 6024682d6e52aad6c4c431e825dac0902d35c29c275a654aa0ab95a0bd3ef98c

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15901
Expires: Sun, 27 Nov 2022 02:50:34 GMT
Date: Sat, 26 Nov 2022 22:25:33 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15901
Expires: Sun, 27 Nov 2022 02:50:34 GMT
Date: Sat, 26 Nov 2022 22:25:33 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15901
Expires: Sun, 27 Nov 2022 02:50:34 GMT
Date: Sat, 26 Nov 2022 22:25:33 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F297e7532-86f8-4631-9062-cdd6a291b40b.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5099
x-amzn-requestid: 57648043-7820-453d-9549-0f743b6c2557
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4jFBvoAMFl1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-53b59d607b82c264180f469d;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: VsdLWuh4rCawI5V0YYGaHxEMl2YEVNgsbjfCwzDsrnCZhRK2FkCkVw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:51:41 GMT
age: 2032
etag: "f2129466436cbbdd58abe42a47fb7af19eba58e6"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5099
Md5:    433875a1b1fef34e45f2d8ac344c07e3
Sha1:   f2129466436cbbdd58abe42a47fb7af19eba58e6
Sha256: ab1e7b46f3804640c7dd94d70c8c31ec2dfc3e2f0f015a8556d04d9d9089c450
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: discount-banks.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/
Cookie: cssName=discount; language=HEBREW; pageKey=home; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14

search
                                         20.173.112.11
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Date: Sat, 26 Nov 2022 22:25:33 GMT
Server: Apache
Last-Modified: Wed, 16 Nov 2022 10:40:36 GMT
Accept-Ranges: bytes
Content-Length: 1150
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size:   1150
Md5:    bf64fade54ddf037c3e3cef51dc59d39
Sha1:   be398e317062b48de427c2e01575db30ae78ffaf
Sha256: 293db1d55f3c76144baa11713c94303fb4d8140649153a909d9cf8eedf338b4d

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde03fed4-26de-4471-bc0e-a0c0483636ce.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8254
x-amzn-requestid: e12624ea-58c6-4f39-826c-8a1d87ebc5ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cFySQGegIAMF-HA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637efda7-2c5e216a0d8a1502615186a8;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 05:14:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0Ylris3tg94-66p8L5kYl2zgnVZ4mCc04ju96DslaB97Dfr-6nTyfA==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:52:26 GMT
age: 1987
etag: "6fca9136030ea6f67be44e428ea39c34ff3e28e7"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8254
Md5:    6ee5071a31d351c552aa651e40b16189
Sha1:   6fca9136030ea6f67be44e428ea39c34ff3e28e7
Sha256: 8d52f14267b8bd47119954796ff6c5d54eb6aa5d23c6e8bbd246108a5b89c1d9
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b2959f-9d1d-41c7-a7c1-b9f52a7766ac.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7380
x-amzn-requestid: 18589644-299c-4a39-9376-db1bd1472009
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iEegIAMFeuQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-23990acc0fdc599a75a534e3;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: RqsZxAtbOkWBGbXJ3sZHxcS-ZvWOw7Yg2Qd4zj0QLhrp3wAXC8w6jA==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:50:08 GMT
age: 2125
etag: "97a135335f5b1b042adeb385718f8808cb78528b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7380
Md5:    76c00eceed956377d7469ef58b0815cb
Sha1:   97a135335f5b1b042adeb385718f8808cb78528b
Sha256: 81fb72ab752b2eb39ab6ee015055304490b3b6c3259968703fd07c2a2eed1e61
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4803
x-amzn-requestid: 80f7f1c8-0316-4181-83ac-2787b1ae825f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iFHoIAMF2-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-2c0a081b07e0785b4350c10c;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: AVwDLlKoy5pc9NNuR_OakMB0ONGAoO-k2AKwV--b2sjiaqYSKAWlZg==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:51:37 GMT
age: 2036
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4803
Md5:    cc0a257323f882caff067adb86d906e4
Sha1:   cedf2f21be7cd366bd46055b62b5513db3011dfc
Sha256: c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0
                                        
                                            GET /2188301/discload.js?dt=home&r=0.5608842164043029 HTTP/1.1 
Host: stats.telebank.co.il
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://discount-banks.com
Connection: keep-alive
Referer: http://discount-banks.com/

search
                                         18.196.175.21
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Date: Sat, 26 Nov 2022 22:25:33 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Server: haile
Strict-Transport-Security: max-age=86400
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Encoding: gzip


--- Additional Info ---
Magic:  data
Size:   21664
Md5:    7c8f5a50a342470206ff093234c3c185
Sha1:   8bd24b09709774ea8c6f42fb4ac27952393b0cac
Sha256: 8e1dd6cd307d148b5ed441cf3bdf3d78fdf8763a280e76b43c4f902dfc632bd6
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8817
x-amzn-requestid: 31bd21c7-1d75-4159-af51-52035da16da4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-krGE6AIAMF2Kg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637c1b13-32a7b9c6642592c70783a0cf;Sampled=0
x-amzn-remapped-date: Tue, 22 Nov 2022 00:42:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6v42KU65wdKKPvjE7TRA3Li3o2dvrdPH7oGVDZGPPsAepqFFjQJkkA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 16:15:20 GMT
age: 22213
etag: "308c08784ce4a0757cbd112807555b83e17a1d56"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8817
Md5:    741ddfb19764ac9a77509e7e87cfbfb2
Sha1:   308c08784ce4a0757cbd112807555b83e17a1d56
Sha256: e9271a76da94d8b655860c3b00d111396c5d3a227fd2f19e0ef400fd5e84d87e
                                        
                                            GET /i18n/lobby/login/he.json HTTP/1.1 
Host: discount-banks.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/
Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home

search
                                         20.173.112.11
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Date: Sat, 26 Nov 2022 22:25:33 GMT
Server: Apache
Last-Modified: Thu, 17 Nov 2022 18:31:50 GMT
Accept-Ranges: bytes
Content-Length: 21666
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  JSON data\012- , Unicode text, UTF-8 text, with CRLF line terminators
Size:   21666
Md5:    8532b1e5d61d64c8beed07b23cf57f29
Sha1:   a096784909a1ec783c49c47c17cac8574dcbb863
Sha256: a9008c90d34ee38415e1ea47e195513133926c1e79f3d346edfba41ff4955089

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - fortinet: Phishing
                                        
                                            GET /media/Global/page_loader.gif HTTP/1.1 
Host: discount-banks.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/
Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home

search
                                         20.173.112.11
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Sat, 26 Nov 2022 22:25:34 GMT
Server: Apache
Last-Modified: Thu, 17 Nov 2022 18:39:30 GMT
Accept-Ranges: bytes
Content-Length: 14388
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  GIF image data, version 89a, 160 x 50\012- data
Size:   14388
Md5:    15578324668cdd2ac72266007e353c2b
Sha1:   89c5cda1e602c53c1e4788e197074ac54633ff57
Sha256: 5aee346f86ec6f8657ed0ee2f55ed00701cba9af0e02771e55bacadb041884ff

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
                                        
                                            GET /i18n/lobby/errors/he.json HTTP/1.1 
Host: discount-banks.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/
Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home

search
                                         20.173.112.11
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Date: Sat, 26 Nov 2022 22:25:34 GMT
Server: Apache
Last-Modified: Thu, 17 Nov 2022 17:56:40 GMT
Accept-Ranges: bytes
Content-Length: 12519
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  JSON data\012- , Unicode text, UTF-8 text
Size:   12519
Md5:    6b616baeecd6cbad74c494c100d66db5
Sha1:   cd07c57dc1b3c09c343a848018b8442b5c34f356
Sha256: a9776749884b44fa3e76de4ba23b237d1154056782e9a6c30a08e63e66e2df8a

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - fortinet: Phishing
                                        
                                            GET /csLobby.he.css?id=1669501533945 HTTP/1.1 
Host: discount-banks.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/
Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home

search
                                         20.173.112.11
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sat, 26 Nov 2022 22:25:34 GMT
Server: Apache
Last-Modified: Thu, 17 Nov 2022 18:34:40 GMT
Accept-Ranges: bytes
Content-Length: 527560
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   527560
Md5:    5588df03500e4b1b36535a2f83c7fcd2
Sha1:   063a8e2837d69a020186b62c5e7cc5b0c0235124
Sha256: d02d4f8456f884b03c30f9affdfacd6ac566d87d404334c23a1afb1915189019

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - fortinet: Phishing
                                        
                                            GET /login/media/logo/Discount_Logo_he.png HTTP/1.1 
Host: discount-banks.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/csLobby.he.css?id=1669501533945
Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home; site=retail

search
                                         20.173.112.11
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sat, 26 Nov 2022 22:25:34 GMT
Server: Apache
Last-Modified: Thu, 17 Nov 2022 18:38:58 GMT
Accept-Ranges: bytes
Content-Length: 2626
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 235 x 53, 8-bit/color RGBA, non-interlaced\012- data
Size:   2626
Md5:    6386133c7e3c9faa41f70a836947e3f8
Sha1:   425c17a21795f7e0db4fa1601c24b1e833e024e5
Sha256: 939794d00339ab5df4e320d56f0c1a2743ec7b0cfa52919570b4f5374255d626

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
                                        
                                            GET /login/media/images/safe.png HTTP/1.1 
Host: discount-banks.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/csLobby.he.css?id=1669501533945
Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home; site=retail

search
                                         20.173.112.11
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sat, 26 Nov 2022 22:25:34 GMT
Server: Apache
Last-Modified: Thu, 17 Nov 2022 18:39:36 GMT
Accept-Ranges: bytes
Content-Length: 3848
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 54 x 76, 8-bit/color RGBA, non-interlaced\012- data
Size:   3848
Md5:    cc836cf1de4d39e2980aca82e050ebd5
Sha1:   b852759c9c0eeca884c6df40b9ebd9e64bd79e8e
Sha256: 293d10344fb62547302e9616e8310cae04bef8dfccfceaa482f8a9dc58586888

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
                                        
                                            GET /login/media/images/join.png HTTP/1.1 
Host: discount-banks.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/csLobby.he.css?id=1669501533945
Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home; site=retail

search
                                         20.173.112.11
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sat, 26 Nov 2022 22:25:34 GMT
Server: Apache
Last-Modified: Thu, 17 Nov 2022 18:39:08 GMT
Accept-Ranges: bytes
Content-Length: 5488
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 74 x 76, 8-bit/color RGBA, non-interlaced\012- data
Size:   5488
Md5:    3fc7da9f692a73e960f09134dfa1fcc1
Sha1:   d2432dc1813ca634064eb0b5a8deffa0206e2d1a
Sha256: dc0cfba031238f4598a28cdd7ffe4425b9c075023703a33ff34222345beead56

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
                                        
                                            GET /login/media/icons/arrow_down_black.png HTTP/1.1 
Host: discount-banks.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/csLobby.he.css?id=1669501533945
Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home; site=retail

search
                                         20.173.112.11
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sat, 26 Nov 2022 22:25:34 GMT
Server: Apache
Last-Modified: Thu, 17 Nov 2022 18:38:44 GMT
Accept-Ranges: bytes
Content-Length: 15744
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 14 x 9, 8-bit/color RGBA, non-interlaced\012- data
Size:   15744
Md5:    8310f5381e485979dd44b47bc8633928
Sha1:   28168c9befe02ba5d3583ed73257683e7f322ae9
Sha256: 800ae0b7f74e86644ed8202c49bb0fce9ad5a99ff4d2a4e79df069402f95a962

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
                                        
                                            GET /login/media/fonts/arimo/Arimo.woff HTTP/1.1 
Host: discount-banks.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://discount-banks.com/csLobby.he.css?id=1669501533945
Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home; site=retail

search
                                         20.173.112.11
HTTP/1.1 200 OK
Content-Type: font/woff
                                        
Date: Sat, 26 Nov 2022 22:25:35 GMT
Server: Apache
Last-Modified: Thu, 17 Nov 2022 18:49:40 GMT
Accept-Ranges: bytes
Content-Length: 234900
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 234900, version 0.0\012- data
Size:   234900
Md5:    c4393ab5112468e47a9c5d06931c712d
Sha1:   47f65a9341bf6ebacbffd18f3b3e0802f5ef05e9
Sha256: 5dbd9011ef91f68e5418268b19580f492a5b4e66db4cbf644a0a4b55c0e8f39f

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
    - fortinet: Phishing
                                        
                                            GET /login/media/images/open_count.png HTTP/1.1 
Host: discount-banks.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/csLobby.he.css?id=1669501533945
Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home; site=retail

search
                                         20.173.112.11
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sat, 26 Nov 2022 22:25:35 GMT
Server: Apache
Last-Modified: Thu, 17 Nov 2022 18:39:24 GMT
Accept-Ranges: bytes
Content-Length: 4270
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 76 x 60, 8-bit/color RGBA, non-interlaced\012- data
Size:   4270
Md5:    6632b3e229ae7c3c9da6e84f2e825f90
Sha1:   51f8a493f2e05b5dd92cf5f42c135ebfa5285a2c
Sha256: 5080ab3669ac9bddc0e2c4eae806f4d1f06fe9d7d2fb218a0226dcb5b5b2febd

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
                                        
                                            GET /login/media/images/support.png HTTP/1.1 
Host: discount-banks.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/csLobby.he.css?id=1669501533945
Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home; site=retail

search
                                         20.173.112.11
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sat, 26 Nov 2022 22:25:35 GMT
Server: Apache
Last-Modified: Thu, 17 Nov 2022 18:39:40 GMT
Accept-Ranges: bytes
Content-Length: 5752
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 52 x 78, 8-bit/color RGBA, non-interlaced\012- data
Size:   5752
Md5:    08596f4128584fdc5630fe9d2d93230c
Sha1:   2d16653da531cc8c7cf066c6b4106093cb2367fd
Sha256: c17820b689791acec68299e0befa055aea5da67dfc68d4fcc380910093ef815b

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
                                        
                                            GET /login/media/images/like.png HTTP/1.1 
Host: discount-banks.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/csLobby.he.css?id=1669501533945
Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home; site=retail

search
                                         20.173.112.11
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sat, 26 Nov 2022 22:25:35 GMT
Server: Apache
Last-Modified: Thu, 17 Nov 2022 18:39:12 GMT
Accept-Ranges: bytes
Content-Length: 4958
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 69 x 76, 8-bit/color RGBA, non-interlaced\012- data
Size:   4958
Md5:    9c5c377b34aea492082d4a77befe22cf
Sha1:   b89ca9558b767ec56feb381c0be0c21fbc479da4
Sha256: d2a5673c47b22d9ae0053c70533b3bbb9b54944f7f87eea881fb341442459776

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
                                        
                                            GET /login/media/icons/arrow_right_gray.png HTTP/1.1 
Host: discount-banks.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/csLobby.he.css?id=1669501533945
Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home; site=retail

search
                                         20.173.112.11
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sat, 26 Nov 2022 22:25:35 GMT
Server: Apache
Last-Modified: Thu, 17 Nov 2022 18:38:52 GMT
Accept-Ranges: bytes
Content-Length: 15316
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 9 x 14, 8-bit/color RGBA, non-interlaced\012- data
Size:   15316
Md5:    420bc0d40e6bd02588697613d6298d66
Sha1:   ba7034643ef92763809725f1c1f903fbcec656c7
Sha256: 59de5b367bbc38f02ac39ff4428337415cc01e0afc1ebc57e316e29c4a8b14ce

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing
                                        
                                            GET /login/media/images/login_d_bg.png HTTP/1.1 
Host: discount-banks.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://discount-banks.com/csLobby.he.css?id=1669501533945
Cookie: cssName=discount; language=HEBREW; t=P; f=; mybank=; caller=internet; newRetail=0; CSID=1dd23d74-8ef4-46d0-909d-fa737a08ec14; pageKey=home; site=retail

search
                                         20.173.112.11
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sat, 26 Nov 2022 22:25:34 GMT
Server: Apache
Last-Modified: Thu, 17 Nov 2022 18:39:18 GMT
Accept-Ranges: bytes
Content-Length: 1100284
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 2577 x 802, 8-bit/color RGBA, interlaced\012- data
Size:   1100284
Md5:    364780bfc722998b0532f9b754284f20
Sha1:   406327b73a982688e32255b158179a73142dcfdc
Sha256: cdc03c1e4551599b5cacdc95a8b582ea3275ddc0b6c592fad37de70555ef9982

Alerts:
  Blocklists:
    - openphish: Generic/Spear Phishing