Report - challenge-eg.org/wp-content/vub/

Report Overview

Submitted URL
challenge-eg.org/wp-content/vub/
IP
192.254.234.51
ASN
#46606 UNIFIEDLAYER-AS-1
Submitted
2022-10-01 09:33:51
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
26

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
challenge-eg.org	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	7.2 kB	550 kB	192.254.234.51
ocsp.entrust.net	1208	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	656 B	3.9 kB	104.110.10.32
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	18.164.68.21
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.36.76.226
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.9 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	54.189.35.180
ib.vub.sk	836970	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	29 kB	193.227.213.42
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.7 kB	63 kB	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-09-30	medium	challenge-eg.org/wp-content/vub/	Intesa Sanpaolo

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-10-01	medium	challenge-eg.org/wp-content/vub/	Phishing
2022-10-01	medium	challenge-eg.org/wp-content/vub/page/2c994055703f0ed6d63ad4c1aaf893c9(3)	Phishing
2022-10-01	medium	challenge-eg.org/wp-content/vub/page/2c994055703f0ed6d63ad4c1aaf893c9(1)	Phishing
2022-10-01	medium	challenge-eg.org/wp-content/vub/page/2c994055703f0ed6d63ad4c1aaf893c9(2)	Phishing
2022-10-01	medium	challenge-eg.org/wp-content/vub/page/2c994055703f0ed6d63ad4c1aaf893c9(4)	Phishing
2022-10-01	medium	challenge-eg.org/wp-content/vub/page/1(1)	Phishing
2022-10-01	medium	challenge-eg.org/wp-content/vub/page/2c994055703f0ed6d63ad4c1aaf893c9	Phishing
2022-10-01	medium	challenge-eg.org/wp-content/vub/page/2c994055703f0ed6d63ad4c1aaf893c9(5)	Phishing
2022-10-01	medium	challenge-eg.org/wp-content/vub/page/92ddf6b1d7b9c73d1e800f5b79d5bea6.woff2	Phishing
2022-10-01	medium	challenge-eg.org/wp-content/vub/page/f5278935e5d452dabe1f3ea40ddb94f9.woff2	Phishing
2022-10-01	medium	challenge-eg.org/wp-content/vub/page/documents	Phishing
2022-10-01	medium	challenge-eg.org/wp-content/vub/page/94d37ef1dd0d7e7312a3d06bea4df36a.ttf	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (1)

	URL	Size	First Seen	Last Seen
	challenge-eg.org/wp-content/vub/	238 B	2023-03-08	2023-03-09
Pretty URL challenge-eg.org/wp-content/vub/ IP 192.254.234.51 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:09:53 Last Seen2023-03-09 01:22:15 Times Seen1 Hash f849b9c0d855390d5311c2979db09f80 ee879c796f5e1485842b055773cd08e6208175bb a790a72c29bc1708ad759d4d854681a68a6d9aaee4287a3e9997bd45736b518b Loading...

HTTP Transactions (41)

URL IP Response Size

firefox.settings.services.mozilla.com/v1/

18.164.68.21

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
18.164.68.21:0
ASN
#0

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 01 Oct 2022 09:02:27 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 7d9efc042e7adb5feec60cb3e228036c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: LKreab_6uTmp8g-JhFeM1uhevHLdnDw6Iv0kV-u1PlZrFYHRBGZPog==
Age: 1872

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6dd4587c98aef98ad0939030a6976a7f
92dc5966ac2deb0c3ac7fdd02bf8d28f9239801e
a382476d14b6ae14003333e7acdfbbd9ae8775d4c1a7d5c31116f33987043cff

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A382476D14B6AE14003333E7ACDFBBD9AE8775D4C1A7D5C31116F33987043CFF"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3618
Expires: Sat, 01 Oct 2022 10:33:57 GMT
Date: Sat, 01 Oct 2022 09:33:39 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4a22d2eb50abe339ba0b974642de3650
af15bc424a715a3b8d77e4948a9e152a3ba87ede
dff04734315b51fc11069e2d21b5be37b03d28ad01986e1ae2c96afc6ba31859

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DFF04734315B51FC11069E2D21B5BE37B03D28AD01986E1AE2C96AFC6BA31859"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11675
Expires: Sat, 01 Oct 2022 12:48:14 GMT
Date: Sat, 01 Oct 2022 09:33:39 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: s2cWsL1OWdXJWh3mYqTp3vjDD2Y4QMttCPffcfbZHJuK3RtzkBBVijMawWiJYeSNyVdpF1jHNcn8idrKzEPCMg==
x-amz-request-id: VSN2M74DHMGMR1N8
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 01 Oct 2022 08:49:07 GMT
age: 2672
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
etag: "6113f8408c59aebe188d6af273b90743"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 01 Oct 2022 09:33:39 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6260f4ea221d3766bf2e451fc5f1d677
d08a489ae5c629c91935bc41eea4bbf0d584e60e
0f9b72f015bbf3f4562e9cfaeace72822fc4b1309cc5f126ad998cd06df142af

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0F9B72F015BBF3F4562E9CFAEACE72822FC4B1309CC5F126AD998CD06DF142AF"
Last-Modified: Thu, 29 Sep 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21572
Expires: Sat, 01 Oct 2022 15:33:11 GMT
Date: Sat, 01 Oct 2022 09:33:39 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

18.164.68.21

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
18.164.68.21:0
ASN
#0

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Sat, 01 Oct 2022 09:12:07 GMT
Expires: Sat, 01 Oct 2022 09:24:50 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 86897b9f074001e33ff5cbec58c4bc02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: IpbLeicbmb0MFZV-EdKbKMEEHYzsrKLmVkfa2H2bnYgkGNPfQkAjcg==
Age: 1292

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
d1be374a29f94481ff2c021e35f4eaa0
e05e92d94b5e434e9935e560fd8dc33bdc393aea
37a5132d2183f5c3bfaac5c89df691fea72cac4423110df88bdeb231f430deee

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5680
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 01 Oct 2022 09:33:40 GMT
Last-Modified: Sat, 01 Oct 2022 07:59:00 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

54.189.35.180

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.189.35.180:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: pTrCIs3jZL2eLIcWa3Qdkw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: EoL1bSeHZIoD6KiGoh+cX6pfzgg=

challenge-eg.org/wp-content/vub/

192.254.234.51

200 OK

10 kB

URL HTTP/2
challenge-eg.org/wp-content/vub/
IP
192.254.234.51:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4722)
Size
10 kB (10107 bytes)
Hash
8aeec10c2dfea5b0c9ff6cbe629c36b3
91317d3c676387bc1ce0cd2450df668d3e81b87f
d71f762e5de6f103fe33e5cc45cdd4f285ef0addefa7f0bb076b55793fd5bd35

Detections

Analyzer	Verdict	Alert
openphish	Intesa Sanpaolo
fortinet	Phishing

HTTP Headers

GET /wp-content/vub/ HTTP/1.1
Host: challenge-eg.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Sat, 01 Oct 2022 09:33:40 GMT
server: Apache
content-type: text/html; charset=UTF-8
content-length: 10107
vary: Accept-Encoding
cache-control: max-age=0
expires: Sat, 01 Oct 2022 09:33:40 GMT
content-encoding: gzip
x-server-cache: true
x-proxy-cache: MISS
X-Firefox-Spdy: h2

challenge-eg.org/wp-content/vub/page/entrust_site_seal_xs.png

192.254.234.51

200 OK

2.4 kB

URL HTTP/2
challenge-eg.org/wp-content/vub/page/entrust_site_seal_xs.png
IP
192.254.234.51:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 52 x 52, 8-bit/color RGBA, interlaced\012- data
Size
2.4 kB (2371 bytes)
Hash
11e62d4b07a356b2efb2fc2cc0a4ad23
704ce5f8d6af20f3a6b8923d96ce7be89a70ce0f
a0df655a3bd1e698354e98709c2d10bce146ebfadbef75e95a8fc7c96ea79f40

HTTP Headers

GET /wp-content/vub/page/entrust_site_seal_xs.png HTTP/1.1
Host: challenge-eg.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://challenge-eg.org/wp-content/vub/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
vary: Accept-Encoding
last-modified: Mon, 26 Sep 2022 18:12:00 GMT
accept-ranges: bytes
content-length: 2371
cache-control: max-age=10368000, public
expires: Sun, 29 Jan 2023 09:33:41 GMT
content-type: image/png
date: Sat, 01 Oct 2022 09:33:41 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
8fe6517ab609f9917171de05ec47aa50
3b8cfa1447a304807353c2dc1ada12360d70f934
92d50188f319f2908744e8f43ca83a465c68d5912a1fe81a8c3ae8aabb98ec1e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "92D50188F319F2908744E8F43CA83A465C68D5912A1FE81A8C3AE8AABB98EC1E"
Last-Modified: Fri, 30 Sep 2022 23:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3483
Expires: Sat, 01 Oct 2022 10:31:44 GMT
Date: Sat, 01 Oct 2022 09:33:41 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1585 bytes)
Hash
5f9bfb8f9704197ee61ff560aba1df38
77c8273febfe913ef15f6a9fc0d20bb0500b2545
2b6507c606577886a50975f0a5cb658c40013c764572b5fb1caf9b14780c1976

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "2B6507C606577886A50975F0A5CB658C40013C764572B5FB1CAF9B14780C1976"
Last-Modified: Fri, 30 Sep 2022 21:00:00 UTC
Content-Length: 1585
Cache-Control: public, no-transform, must-revalidate, max-age=956
Expires: Sat, 01 Oct 2022 09:49:37 GMT
Date: Sat, 01 Oct 2022 09:33:41 GMT
Connection: keep-alive

ib.vub.sk/pmchc/in/e7f6f095126abacc08bb6ce05a488c80/8/2c994055703f0ed6d63ad4c1aaf893c9

193.227.213.42

200 OK

0 B

URL HTTP/1.1
ib.vub.sk/pmchc/in/e7f6f095126abacc08bb6ce05a488c80/8/2c994055703f0ed6d63ad4c1aaf893c9
IP
193.227.213.42:0
ASN
#13253 Intesa Sanpaolo S.p.A.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pmchc/in/e7f6f095126abacc08bb6ce05a488c80/8/2c994055703f0ed6d63ad4c1aaf893c9 HTTP/1.1
Host: ib.vub.sk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://challenge-eg.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 01 Oct 2022 09:33:41 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, proxy-revalidate, no-transform, must-revalidate
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding

challenge-eg.org/wp-content/vub/page/2c994055703f0ed6d63ad4c1aaf893c9(3)

192.254.234.51

200 OK

0 B

URL HTTP/2
challenge-eg.org/wp-content/vub/page/2c994055703f0ed6d63ad4c1aaf893c9(3)
IP
192.254.234.51:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/vub/page/2c994055703f0ed6d63ad4c1aaf893c9(3) HTTP/1.1
Host: challenge-eg.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://challenge-eg.org/wp-content/vub/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 01 Oct 2022 09:33:41 GMT
server: Apache
content-length: 0
vary: Accept-Encoding
last-modified: Mon, 26 Sep 2022 18:12:02 GMT
cache-control: max-age=2592000
expires: Sat, 29 Oct 2022 06:53:14 GMT
x-server-cache: true
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

challenge-eg.org/wp-content/vub/page/2c994055703f0ed6d63ad4c1aaf893c9(1)

192.254.234.51

200 OK

0 B

URL HTTP/2
challenge-eg.org/wp-content/vub/page/2c994055703f0ed6d63ad4c1aaf893c9(1)
IP
192.254.234.51:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/vub/page/2c994055703f0ed6d63ad4c1aaf893c9(1) HTTP/1.1
Host: challenge-eg.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://challenge-eg.org/wp-content/vub/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 01 Oct 2022 09:33:41 GMT
server: Apache
content-length: 0
vary: Accept-Encoding
last-modified: Mon, 26 Sep 2022 18:12:02 GMT
cache-control: max-age=2592000
expires: Sat, 29 Oct 2022 06:53:12 GMT
x-server-cache: true
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

challenge-eg.org/wp-content/vub/page/2c994055703f0ed6d63ad4c1aaf893c9(2)

192.254.234.51

200 OK

0 B

URL HTTP/2
challenge-eg.org/wp-content/vub/page/2c994055703f0ed6d63ad4c1aaf893c9(2)
IP
192.254.234.51:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/vub/page/2c994055703f0ed6d63ad4c1aaf893c9(2) HTTP/1.1
Host: challenge-eg.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://challenge-eg.org/wp-content/vub/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 01 Oct 2022 09:33:41 GMT
server: Apache
content-length: 0
vary: Accept-Encoding
last-modified: Mon, 26 Sep 2022 18:12:02 GMT
cache-control: max-age=2592000
expires: Sat, 29 Oct 2022 06:53:13 GMT
x-server-cache: true
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

challenge-eg.org/wp-content/vub/page/2c994055703f0ed6d63ad4c1aaf893c9(4)

192.254.234.51

200 OK

0 B

URL HTTP/2
challenge-eg.org/wp-content/vub/page/2c994055703f0ed6d63ad4c1aaf893c9(4)
IP
192.254.234.51:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/vub/page/2c994055703f0ed6d63ad4c1aaf893c9(4) HTTP/1.1
Host: challenge-eg.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://challenge-eg.org/wp-content/vub/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 01 Oct 2022 09:33:41 GMT
server: Apache
content-length: 0
vary: Accept-Encoding
last-modified: Mon, 26 Sep 2022 18:12:02 GMT
cache-control: max-age=2592000
expires: Sat, 29 Oct 2022 06:53:14 GMT
x-server-cache: true
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

challenge-eg.org/wp-content/vub/page/1(1)

192.254.234.51

200 OK

0 B

URL HTTP/2
challenge-eg.org/wp-content/vub/page/1(1)
IP
192.254.234.51:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/vub/page/1(1) HTTP/1.1
Host: challenge-eg.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://challenge-eg.org/wp-content/vub/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 01 Oct 2022 09:33:41 GMT
server: Apache
content-length: 0
vary: Accept-Encoding
last-modified: Mon, 26 Sep 2022 18:12:02 GMT
cache-control: max-age=2592000
expires: Sat, 29 Oct 2022 06:53:12 GMT
x-server-cache: true
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

challenge-eg.org/wp-content/vub/page/2c994055703f0ed6d63ad4c1aaf893c9

192.254.234.51

200 OK

0 B

URL HTTP/2
challenge-eg.org/wp-content/vub/page/2c994055703f0ed6d63ad4c1aaf893c9
IP
192.254.234.51:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/vub/page/2c994055703f0ed6d63ad4c1aaf893c9 HTTP/1.1
Host: challenge-eg.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://challenge-eg.org/wp-content/vub/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 01 Oct 2022 09:33:41 GMT
server: Apache
content-length: 0
vary: Accept-Encoding
last-modified: Mon, 26 Sep 2022 18:12:02 GMT
cache-control: max-age=2592000
expires: Sat, 29 Oct 2022 06:53:13 GMT
x-server-cache: true
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2161
Expires: Sat, 01 Oct 2022 10:09:42 GMT
Date: Sat, 01 Oct 2022 09:33:41 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2161
Expires: Sat, 01 Oct 2022 10:09:42 GMT
Date: Sat, 01 Oct 2022 09:33:41 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2161
Expires: Sat, 01 Oct 2022 10:09:42 GMT
Date: Sat, 01 Oct 2022 09:33:41 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ae73d97-d8e4-4f93-bf30-c175fc72b008.jpeg

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ae73d97-d8e4-4f93-bf30-c175fc72b008.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10201 bytes)
Hash
4be456dbe857580c7b4c7fca3936e04e
49798c4a15545a49f3870b2a16af78dbf8e168cc
23e42987d5e9939424d5f4e4fe0c38faf20a221732097927dd4a656199d9d315

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ae73d97-d8e4-4f93-bf30-c175fc72b008.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10201
x-amzn-requestid: 62562627-78a8-4c17-bf6c-b2c986b9ee8f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZSxLCFH3IAMFoFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63376246-69637d745165485171ca73b9;Sampled=0
x-amzn-remapped-date: Fri, 30 Sep 2022 21:40:22 GMT
x-amz-cf-pop: SEA73-P2, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 9wh9cCXRRlyQy8kXzSCNzMQSmac9iwgkRBrgyTtaMr6m2vXPRxVogg==
via: 1.1 6a63e853422f3197776fb098fab5a416.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 21:55:26 GMT
etag: "49798c4a15545a49f3870b2a16af78dbf8e168cc"
content-type: image/jpeg
age: 41895
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbd9802c-4973-4976-984a-910496eaf957.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.7 kB (5677 bytes)
Hash
13768189ef98789892981b6a2d5947e4
556f1ccaf585d2c3100a3cc58f27d8c2fa6ca689
09ca5624173c589b5e5db05b48a8822ec257f08395cb18ed635a771edcfc8af3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbd9802c-4973-4976-984a-910496eaf957.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5677
x-amzn-requestid: f37f77cd-dd19-4dec-809e-66a1fb604d88
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZASGLHDsIAMF1pw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632ffd5a-185f9b185ed35f7317b5c2d5;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 07:03:54 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: iB6v8A5GEnhmZTth__pkgsa2TNPDzUOOAA-c7RcujjWmfnEUbnHaAw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 02:26:53 GMT
age: 25608
etag: "556f1ccaf585d2c3100a3cc58f27d8c2fa6ca689"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fc3f7b5-4c80-4662-ba8b-7997bdbdb6a3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.3 kB (8299 bytes)
Hash
0d31a422078d02bda318c693c05a58dc
2df7db53629c7adda2c0a4dfe9c17791b73a75e1
a07fe4e135b52da6dfa9d8a55684f0a3bf5f5ce52c4064c8ab37836a939902a9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fc3f7b5-4c80-4662-ba8b-7997bdbdb6a3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8299
x-amzn-requestid: 91eed6b6-632f-472b-93d7-4192425fcdfd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZSxLDF0SoAMFWgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63376246-17bb04894cc786555d693ec3;Sampled=0
x-amzn-remapped-date: Fri, 30 Sep 2022 21:40:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: pt23XcORl063B99HGVhjQwBrS36T7GBIAQO7StLrEH8PKIc4edxQwQ==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 21:52:55 GMT
age: 42046
etag: "2df7db53629c7adda2c0a4dfe9c17791b73a75e1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.3 kB (6315 bytes)
Hash
206fb65e75dbadf119512f71e0b78402
58ff0bf8ce7528b303d28bab01a80ad721705569
56c8d5f3b3060ee54bf81995269b86c070855d8c33bf437161339a45b309703f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6315
x-amzn-requestid: f0791b53-3c5f-4d94-954d-992a529ebb60
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZPnunF35oAMFYbg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63361ff6-2adb303349153ced73ccecf6;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 22:45:10 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: GkrEHhw90BfTYztCLFogp4iElKd2AT8Cs0QdP16knk8cJrSNAES0Bw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 07:38:18 GMT
age: 6923
etag: "58ff0bf8ce7528b303d28bab01a80ad721705569"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc003298b-5703-480c-8a4c-fffa9abe5028.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.1 kB (8091 bytes)
Hash
9466667cfaaedbb374259e8fb8dd63e3
0cd9a66508c343b43b095ac7f550919ec35097d3
bb70996bea518ba4ddc2c269e9a7c9bea3a9c91fed124a29570828b89250764c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc003298b-5703-480c-8a4c-fffa9abe5028.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8091
x-amzn-requestid: 78ccaa77-230e-4aa1-a409-7b2a444df9ea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZSxLDF_OIAMFpdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63376246-0384396f2ed848bc1c17e1b7;Sampled=0
x-amzn-remapped-date: Fri, 30 Sep 2022 21:40:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: G75a-PITD4Wmlxxk_rrpRWNytSGNZlrL_JeoR4A_w6vshDkmRlouPw==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 21:52:58 GMT
age: 42043
etag: "0cd9a66508c343b43b095ac7f550919ec35097d3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7431248d-1154-4162-8551-6080a3be5e21.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.7 kB (9716 bytes)
Hash
fa789a3f6f7737f79d81cf0272d0e029
1de4a8e80053d98677350d7f01c9231d2d50e073
f5205ab8f8306a7822ed3d336649fb09738628fea1a92626e4e557f2d8c6d8e5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7431248d-1154-4162-8551-6080a3be5e21.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9716
x-amzn-requestid: 0b0313c3-739d-473e-a103-876770cb34d7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZJo02ElyoAMF4wQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6333bb52-48ec21e8776bd6cb1d2b0f2f;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 03:11:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PxYLSY-_PG8AgeAv1-LNj5d_7fIOEBSLA6HledS_RLR-j4IRkJC8Ew==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 05:13:25 GMT
age: 15616
etag: "1de4a8e80053d98677350d7f01c9231d2d50e073"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

challenge-eg.org/wp-content/vub/page/2c994055703f0ed6d63ad4c1aaf893c9(5)

192.254.234.51

200 OK

0 B

URL HTTP/2
challenge-eg.org/wp-content/vub/page/2c994055703f0ed6d63ad4c1aaf893c9(5)
IP
192.254.234.51:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/vub/page/2c994055703f0ed6d63ad4c1aaf893c9(5) HTTP/1.1
Host: challenge-eg.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://challenge-eg.org/wp-content/vub/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 01 Oct 2022 09:33:41 GMT
server: Apache
content-length: 0
vary: Accept-Encoding
last-modified: Mon, 26 Sep 2022 18:12:02 GMT
cache-control: max-age=2592000
expires: Sat, 29 Oct 2022 06:53:15 GMT
x-server-cache: true
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

ib.vub.sk/pmchc/in/e7f6f095126abacc08bb6ce05a488c80/8/2c994055703f0ed6d63ad4c1aaf893c9

193.227.213.42

200 OK

0 B

URL HTTP/1.1
ib.vub.sk/pmchc/in/e7f6f095126abacc08bb6ce05a488c80/8/2c994055703f0ed6d63ad4c1aaf893c9
IP
193.227.213.42:0
ASN
#13253 Intesa Sanpaolo S.p.A.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pmchc/in/e7f6f095126abacc08bb6ce05a488c80/8/2c994055703f0ed6d63ad4c1aaf893c9 HTTP/1.1
Host: ib.vub.sk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://challenge-eg.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 01 Oct 2022 09:33:42 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, proxy-revalidate, no-transform, must-revalidate
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding

challenge-eg.org/wp-content/vub/page/92ddf6b1d7b9c73d1e800f5b79d5bea6.woff2

192.254.234.51

200 OK

36 kB

URL HTTP/2
challenge-eg.org/wp-content/vub/page/92ddf6b1d7b9c73d1e800f5b79d5bea6.woff2
IP
192.254.234.51:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
Web Open Font Format (Version 2), TrueType, length 36484, version 1.655\012- data
Size
36 kB (36484 bytes)
Hash
92ddf6b1d7b9c73d1e800f5b79d5bea6
8a3750ebcccc551a69459d4c773901f8110e5a23
1a359520a00657c09d7a3ff7bfcd6cb0fbc131b3fa1b71910b6c174f9fc9895e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/vub/page/92ddf6b1d7b9c73d1e800f5b79d5bea6.woff2 HTTP/1.1
Host: challenge-eg.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://challenge-eg.org/wp-content/vub/page/vub.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 26 Sep 2022 18:30:06 GMT
accept-ranges: bytes
content-length: 36484
cache-control: max-age=10368000
expires: Sun, 29 Jan 2023 09:33:42 GMT
vary: Accept-Encoding
content-type: font/woff2
date: Sat, 01 Oct 2022 09:33:42 GMT
server: Apache
X-Firefox-Spdy: h2

challenge-eg.org/wp-content/vub/page/f5278935e5d452dabe1f3ea40ddb94f9.woff2

192.254.234.51

200 OK

47 kB

URL HTTP/2
challenge-eg.org/wp-content/vub/page/f5278935e5d452dabe1f3ea40ddb94f9.woff2
IP
192.254.234.51:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
Web Open Font Format (Version 2), TrueType, length 46616, version 1.655\012- data
Size
47 kB (46616 bytes)
Hash
f5278935e5d452dabe1f3ea40ddb94f9
4aa053946ae1cb540942cca71ca7ef584336136a
45f65ae82107427f1dbaf04abff5f997f8c6253409bad7e0db8f4d8be4feac85

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/vub/page/f5278935e5d452dabe1f3ea40ddb94f9.woff2 HTTP/1.1
Host: challenge-eg.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://challenge-eg.org/wp-content/vub/page/vub.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 26 Sep 2022 18:29:56 GMT
accept-ranges: bytes
content-length: 46616
cache-control: max-age=10368000
expires: Sun, 29 Jan 2023 09:33:42 GMT
vary: Accept-Encoding
content-type: font/woff2
date: Sat, 01 Oct 2022 09:33:42 GMT
server: Apache
X-Firefox-Spdy: h2

challenge-eg.org/wp-content/vub/page/326c5ad41f4fee17fbdffb7295f413ee.jpg

192.254.234.51

200 OK

450 kB

URL HTTP/2
challenge-eg.org/wp-content/vub/page/326c5ad41f4fee17fbdffb7295f413ee.jpg
IP
192.254.234.51:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x1080, components 3\012- data
Size
450 kB (449840 bytes)
Hash
326c5ad41f4fee17fbdffb7295f413ee
af65a1b362fcdf539c3eafa4166fa109d0c88923
9b6f2260eb186615573feee9a18482a1a8a48bea4d16998fb872a2f90eabe2d7

HTTP Headers

GET /wp-content/vub/page/326c5ad41f4fee17fbdffb7295f413ee.jpg HTTP/1.1
Host: challenge-eg.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://challenge-eg.org/wp-content/vub/page/vub.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
vary: Accept-Encoding
last-modified: Mon, 26 Sep 2022 18:29:46 GMT
accept-ranges: bytes
content-length: 449840
cache-control: max-age=10368000, public
expires: Sun, 29 Jan 2023 09:33:42 GMT
content-type: image/jpeg
date: Sat, 01 Oct 2022 09:33:42 GMT
server: Apache
X-Firefox-Spdy: h2

ib.vub.sk/nibr/public/45.5.0.53-181573/apple-touch-icon_vub.png

193.227.213.42

200 OK

25 kB

URL HTTP/1.1
ib.vub.sk/nibr/public/45.5.0.53-181573/apple-touch-icon_vub.png
IP
193.227.213.42:0
ASN
#13253 Intesa Sanpaolo S.p.A.

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size
25 kB (24965 bytes)
Hash
0dbf60ec3227ee81fef6e0328aaa1a84
d0df0db83f9500e702dd3f4b42ae5a9548ef58fc
604503fb474ceb86efac999e757f303c02b225bd9cbc68f9825f8b5ceef2a09b

HTTP Headers

GET /nibr/public/45.5.0.53-181573/apple-touch-icon_vub.png HTTP/1.1
Host: ib.vub.sk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://challenge-eg.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 01 Oct 2022 09:33:42 GMT
Last-Modified: Fri, 09 Sep 2022 09:20:58 GMT
ETag: "6185-5e83b1050d280"
Accept-Ranges: bytes
Content-Length: 24965
Cache-control: public,max-age=31536000
Vary: Accept-Encoding
Server-Timing: dtSInfo;desc="1"
Keep-Alive: timeout=30, max=1197
Connection: Keep-Alive
Content-Type: image/png
X-Frame-Options: Deny
Set-Cookie: dtCookie=v_4_srv_1_sn_759E587D872584DA086F7376FB060BDF_perc_100000_ol_0_mul_1_app-3A53f12d3afb172789_0; Path=/; Domain=.vub.sk
nib=rd4o00000000000000000000ffffc0a86626o443; path=/; Httponly; Secure
f5avraaaaaaaaaaaaaaaa_session_=JLCPAPBLOEOANDMOEGAFJAEFEBKINDEBDIGDIBNCBGDFPGFNNBBMJABDLLADKEEBMGKDMPGLFIDDNEGIGKEAIOBNJAGIAKMKAEOJFMLHCOMBFBJKMBIFBKIMGIPBNECO; HttpOnly; secure
TS019ac156=01a17e8488f40a2b8004215490916d8eced1f0b30a48724a939581a814814d4c2bed978b16f974292e882e582e83e142125552416fc633cdb3c5446bca2d2f147939ac925116c9a188885f2241a8618f7db8ba5033cd482cc51511cf8b3c5f94da66d043ac; Path=/; Domain=.ib.vub.sk; Expires=Sat, 01-Oct-2022 09:43:42 GMT

ib.vub.sk/nibr/public/45.5.0.53-181573/favicon_vub.ico

193.227.213.42

200 OK

1.4 kB

URL HTTP/1.1
ib.vub.sk/nibr/public/45.5.0.53-181573/favicon_vub.ico
IP
193.227.213.42:0
ASN
#13253 Intesa Sanpaolo S.p.A.

File type
MS Windows icon resource - 1 icon, 16x16, 8 bits/pixel\012- data
Size
1.4 kB (1406 bytes)
Hash
991223f12383607c4717de27c561180b
d52f5028319565bec36e729bf9d899b5e68e2c1d
bed01858c7ebdba86158e42179033eb53c1dcdf93d2967cce83d1f6e25d4f2a9

HTTP Headers

GET /nibr/public/45.5.0.53-181573/favicon_vub.ico HTTP/1.1
Host: ib.vub.sk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://challenge-eg.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 01 Oct 2022 09:33:42 GMT
Last-Modified: Fri, 09 Sep 2022 09:20:58 GMT
ETag: "57e-5e83b1050d280"
Accept-Ranges: bytes
Content-Length: 1406
Cache-control: public,max-age=31536000
Vary: Accept-Encoding
Server-Timing: dtSInfo;desc="1"
Keep-Alive: timeout=30, max=1192
Connection: Keep-Alive
Content-Type: image/x-icon
X-Frame-Options: Sameorigin
Set-Cookie: dtCookie=v_4_srv_1_sn_0D9B1E14E18734AF6F3D041D620CE317_perc_100000_ol_0_mul_1_app-3A53f12d3afb172789_1; Path=/; Domain=.vub.sk
nib=rd4o00000000000000000000ffffc0a86625o443; path=/; Httponly; Secure
f5avraaaaaaaaaaaaaaaa_session_=AENGMLJMKDDMEGGLBCFKLNOKOPGNNDHEFAFDPCOEDKENCDAKAKJHPFPENAOPFLIEFJKDLLIFFIJALLGFKLFAOJINJAIANCJEHDKHFILIDPFFDFEMMEJMJJAGKOGPKOGB; HttpOnly; secure
TS019ac156=01a17e84884bcc57a1506bacf4a488c9b8e4a65e7c4d383760add8ab971ce293dcd356498408c2870e6ac8702bdff7255485cfeb82f7129683a6eb98951195023e41c219aabec404c82ab46b454dfcfcdb04051ef35e4b89446856c8ba4a28921f8515f206; Path=/; Domain=.ib.vub.sk; Expires=Sat, 01-Oct-2022 09:43:42 GMT

34.120.237.76

200 OK

7.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b0d9d19-67ea-434c-8233-4ac3ec9e78e7.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.0 kB (6959 bytes)
Hash
21e55a6ca7350ed834993a486e138de1
c09ee0f2be578f0067b2ed0237d565a04438147e
124ca8ae6e3f7c7bb28f0d47fa693753884261ed61896eccf7bc13f249fc8960

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b0d9d19-67ea-434c-8233-4ac3ec9e78e7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 6959
x-amzn-requestid: eaf91f33-2fe3-4ed5-b89c-6199c2f17651
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZSxLCF6toAMFSDg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63376246-3b8c7f290ffda97b2d179433;Sampled=0
x-amzn-remapped-date: Fri, 30 Sep 2022 21:40:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qAOX_0r1sA_Bzn-UjQXmLObAYDyjiTU45aNSOPFt8ucUOyKfrw5ieg==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 21:52:59 GMT
age: 42049
etag: "c09ee0f2be578f0067b2ed0237d565a04438147e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

challenge-eg.org/wp-content/vub/page/vub.css

192.254.234.51

200 OK

0 B

URL HTTP/2
challenge-eg.org/wp-content/vub/page/vub.css
IP
192.254.234.51:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /wp-content/vub/page/vub.css HTTP/1.1
Host: challenge-eg.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://challenge-eg.org/wp-content/vub/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
vary: Accept-Encoding
last-modified: Tue, 27 Sep 2022 15:06:50 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Sun, 01 Oct 2023 09:33:41 GMT
content-encoding: gzip
content-type: text/css; charset=utf-8
date: Sat, 01 Oct 2022 09:33:41 GMT
server: Apache
X-Firefox-Spdy: h2

challenge-eg.org/wp-content/vub/page/documents

192.254.234.51

200 OK

0 B

URL HTTP/2
challenge-eg.org/wp-content/vub/page/documents
IP
192.254.234.51:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/vub/page/documents HTTP/1.1
Host: challenge-eg.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://challenge-eg.org/wp-content/vub/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 01 Oct 2022 09:33:41 GMT
server: Apache
vary: Accept-Encoding
last-modified: Mon, 26 Sep 2022 18:12:00 GMT
cache-control: max-age=2592000
expires: Sat, 29 Oct 2022 06:53:12 GMT
content-encoding: gzip
x-server-cache: true
x-proxy-cache: HIT
X-Firefox-Spdy: h2

challenge-eg.org/wp-content/vub/page/external.css

192.254.234.51

200 OK

0 B

URL HTTP/2
challenge-eg.org/wp-content/vub/page/external.css
IP
192.254.234.51:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /wp-content/vub/page/external.css HTTP/1.1
Host: challenge-eg.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://challenge-eg.org/wp-content/vub/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
vary: Accept-Encoding
last-modified: Mon, 26 Sep 2022 18:12:00 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Sun, 01 Oct 2023 09:33:41 GMT
content-encoding: gzip
content-type: text/css; charset=utf-8
date: Sat, 01 Oct 2022 09:33:41 GMT
server: Apache
X-Firefox-Spdy: h2

challenge-eg.org/wp-content/vub/page/94d37ef1dd0d7e7312a3d06bea4df36a.ttf

192.254.234.51

200 OK

0 B

URL HTTP/2
challenge-eg.org/wp-content/vub/page/94d37ef1dd0d7e7312a3d06bea4df36a.ttf
IP
192.254.234.51:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/vub/page/94d37ef1dd0d7e7312a3d06bea4df36a.ttf HTTP/1.1
Host: challenge-eg.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://challenge-eg.org/wp-content/vub/page/vub.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 01 Oct 2022 09:33:42 GMT
server: Apache
content-type: font/ttf
vary: Accept-Encoding
last-modified: Mon, 26 Sep 2022 18:30:20 GMT
cache-control: max-age=10368000, public
expires: Fri, 27 Jan 2023 06:53:14 GMT
content-encoding: gzip
x-server-cache: true
x-proxy-cache: HIT
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (41)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size