Report - sfe-login-eng.com/

Report Overview

Submitted URL
sfe-login-eng.com/
IP
104.21.91.144
ASN
#13335 CLOUDFLARENET
Submitted
2022-09-25 10:36:20
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
70

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.7 kB	61 kB	34.120.237.76
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	3.5 kB	23.36.76.226
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
assets.queue-it.net	12773	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	429 B	1.7 kB	54.230.111.46
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	52.36.24.174
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	280 B	20 kB	142.250.74.174
logon.slc.co.uk	691057	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	811 B	8.2 kB	62.255.142.225
sfe-login-eng.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	9.4 kB	185 kB	172.67.222.23
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	325 B	1.5 kB	143.204.55.36
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.110
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	987 B	2.1 kB	93.184.220.29

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-09-24	medium	sfe-login-eng.com/	HM Revenue & Customs
2022-09-24	medium	sfe-login-eng.com/	HM Revenue & Customs
2022-09-24	medium	sfe-login-eng.com/	HM Revenue & Customs
2022-09-24	medium	sfe-login-eng.com/	HM Revenue & Customs
2022-09-24	medium	sfe-login-eng.com/	HM Revenue & Customs
2022-09-24	medium	sfe-login-eng.com/	HM Revenue & Customs
2022-09-24	medium	sfe-login-eng.com/	HM Revenue & Customs
2022-09-24	medium	sfe-login-eng.com/	HM Revenue & Customs
2022-09-24	medium	sfe-login-eng.com/	HM Revenue & Customs
2022-09-24	medium	sfe-login-eng.com/	HM Revenue & Customs
2022-09-24	medium	sfe-login-eng.com/	HM Revenue & Customs
2022-09-24	medium	sfe-login-eng.com/	HM Revenue & Customs
2022-09-24	medium	sfe-login-eng.com/	HM Revenue & Customs
2022-09-24	medium	sfe-login-eng.com/	HM Revenue & Customs
2022-09-24	medium	sfe-login-eng.com/	HM Revenue & Customs
2022-09-24	medium	sfe-login-eng.com/	HM Revenue & Customs
2022-09-24	medium	sfe-login-eng.com/	HM Revenue & Customs
2022-09-24	medium	sfe-login-eng.com/	HM Revenue & Customs
2022-09-24	medium	sfe-login-eng.com/	HM Revenue & Customs
2022-09-24	medium	sfe-login-eng.com/	HM Revenue & Customs
2022-09-24	medium	sfe-login-eng.com/	HM Revenue & Customs

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-25	medium	sfe-login-eng.com/	Phishing
2022-09-25	medium	sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa	Phishing
2022-09-25	medium	sfe-login-eng.com/login_files/analytics.js.download	Phishing
2022-09-25	medium	sfe-login-eng.com/login_files/queueclient.min.js.download	Phishing
2022-09-25	medium	sfe-login-eng.com/login_files/slc_browser.js.download	Phishing
2022-09-25	medium	sfe-login-eng.com/login_files/queueclientConfig.js.download	Phishing
2022-09-25	medium	sfe-login-eng.com/login_files/jquery.simplemodal-1.4.4.js.download	Phishing
2022-09-25	medium	sfe-login-eng.com/login_files/queueconfigloader.min.js.download	Phishing
2022-09-25	medium	sfe-login-eng.com/login_files/loading_button.js.download	Phishing
2022-09-25	medium	sfe-login-eng.com/login_files/slc_analytics.js.download	Phishing
2022-09-25	medium	sfe-login-eng.com/login_files/jquery-3.6.0.js.download	Phishing
2022-09-25	medium	sfe-login-eng.com/login_files/govuk-frontend-3.7.0.min.js.download	Phishing
2022-09-25	medium	sfe-login-eng.com/login_files/light-94a07e06a1-v2.woff2	Phishing
2022-09-25	medium	sfe-login-eng.com/login_files/bold-b542beb274-v2.woff2	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (17)

	URL	Size	First Seen	Last Seen
	sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa	1.8 kB	2023-03-07	2023-05-05
Pretty URL sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa IP 172.67.222.23 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:59:46 Last Seen2023-05-05 19:26:02 Times Seen2 Hash eb43b1f51e4a0e24020521400ef32453 832f754c5535c5228d3ee61c2b3298aec630e92d 88beacd7825aa101d64c3d1008bfebff7f9882e5032d99124236cd1fdf8d1b84 Loading...

	sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa	748 B	2023-03-07	2023-05-05
Pretty URL sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa IP 172.67.222.23 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:59:46 Last Seen2023-05-05 19:26:02 Times Seen2 Hash e4fadd6da0e51b0bd1e876066f7d542a 3041274b79593574e4bf64f6bf22eea1dc44e873 9d5622d811ed0fca70fe3653a95a961281f8ac3d3b7e74da8c1f3a96c9b6028a Loading...

	sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa	373 B	2023-03-07	2023-05-05
Pretty URL sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa IP 172.67.222.23 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:59:46 Last Seen2023-05-05 19:26:02 Times Seen2 Hash 71d884c651dc2d68e0dce2201fcd0c85 b27d1a481d46c693636899d1b6262bd180306089 a75012bd3dd0cc8c8d9f8cf1ed57321b3e5b3edef73825586889e4f86e5453ae Loading...

	sfe-login-eng.com/login_files/queueclient.min.js.download	14 kB	2023-03-07	2024-03-28
Pretty URL sfe-login-eng.com/login_files/queueclient.min.js.download IP 172.67.222.23 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:59:46 Last Seen2024-03-28 10:22:05 Times Seen236 Hash 58074f881862f661a074ef91b00cf15f 1d1d75ec68cd2b91384b43cd1722441f8ace9986 944ab414abd7379509535f0f7422544deaf2a4d19b9fbee4ef9bd1b6b02b3dcd Loading...

	sfe-login-eng.com/login_files/govuk-frontend-3.7.0.min.js.download	33 kB	2023-03-07	2023-05-05
Pretty URL sfe-login-eng.com/login_files/govuk-frontend-3.7.0.min.js.download IP 172.67.222.23 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:59:46 Last Seen2023-05-05 19:26:03 Times Seen3 Hash f64dc2d967fc1da011d3d7e260ffbc9d 40ce8cea04a32fe6bd80799b1a1b0ebe9e1e8e7d 2a4da2d0b0a27b6a41b90a420c63ada536a30785944fd5a406955742f2574631 Loading...

	sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa	30 B	2023-03-07	2024-04-16
Pretty URL sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa IP 172.67.222.23 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:59:46 Last Seen2024-04-16 19:09:10 Times Seen16 Hash f288f5351057110456ec1b2b5da2c22b 3706e5bf0c7aa24c1e024def7cc8e8af486861b8 9757935522bc0d39caf3eca5a2e77bc1952a16b2346ad568e95942e8f26f61a4 Loading...

	sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa	117 B	2023-03-07	2023-05-05
Pretty URL sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa IP 172.67.222.23 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:59:46 Last Seen2023-05-05 19:26:02 Times Seen2 Hash d9cfe43c5b6cd1bb4fc095ee18bebc58 3f5baccb1120e586c756a660d47942e56697fa62 ac55102acc1f82446692b05cd58ce96c850df9e3d23d61dd4995fa066436cfe1 Loading...

	sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa	116 B	2023-03-07	2023-05-05
Pretty URL sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa IP 172.67.222.23 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:59:46 Last Seen2023-05-05 19:26:02 Times Seen2 Hash 480d3652311dc6de08381257a0a1a952 bd9b9e47967c6bca59abd95f8e6dc4b7322d10e3 2115e47ad0afab3455d8ead54f691c1281c3e908f0944617d11cd4f5652f4a3a Loading...

	sfe-login-eng.com/login_files/queueclientConfig.js.download	10 kB	2023-03-07	2023-05-05
Pretty URL sfe-login-eng.com/login_files/queueclientConfig.js.download IP 172.67.222.23 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:59:46 Last Seen2023-05-05 19:26:03 Times Seen3 Hash 8df1c2c546fe89b7b7c38e3198d976d9 51c9b5d46327c9b003081a41ca59d7fbd1592a16 c69a948d6d1117a1f34b482f471c2d12ed08a63bd3dee2a952a011050b381d07 Loading...

	sfe-login-eng.com/login_files/jquery.simplemodal-1.4.4.js.download	23 kB	2023-03-07	2023-05-05
Pretty URL sfe-login-eng.com/login_files/jquery.simplemodal-1.4.4.js.download IP 172.67.222.23 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:59:46 Last Seen2023-05-05 19:26:03 Times Seen3 Hash 1e10002e42fa1098df4586850ecb1ebb e2efd87730cd7628ac9ff6402f1b38221654acd7 994eff206ee34a7b0a7a52952440d0bb9d8d631f1fdf12c16253a0bfa52ed5c5 Loading...

	sfe-login-eng.com/login_files/slc_browser.js.download	2.8 kB	2023-03-07	2023-05-05
Pretty URL sfe-login-eng.com/login_files/slc_browser.js.download IP 172.67.222.23 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:59:46 Last Seen2023-05-05 19:26:03 Times Seen3 Hash 756647c46248a8ad4d3e6caae36b2d41 c3c42671c31f558a1b10a01e4f6032955ecce055 327ab2d6cbcab55ecaed23f5f76c0a034777843b403807d18223c890fffd296a Loading...

	sfe-login-eng.com/login_files/loading_button.js.download	4.9 kB	2023-03-07	2023-05-05
Pretty URL sfe-login-eng.com/login_files/loading_button.js.download IP 172.67.222.23 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:59:46 Last Seen2023-05-05 19:26:03 Times Seen3 Hash 896ad79ccb7bd7c42625dfebde1de585 48c739b5e518de33c3d25bfb6b3820b4f1620ac6 f3a66bec06cf40daa6b2e8f257172b19066bc0c0020c119c26bbfe3f747b163d Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-07	2024-01-06
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 18:05:31 Last Seen2024-01-06 17:39:53 Times Seen66 Hash 99ba52a15d2da967b023016d1af58cbd 5c2246049c43834d17113877b4731bd4f9803d55 9e25469f734732205f33dd80ff8ca12080406c18d2fa99a1f368103e51f7999f Loading...

	sfe-login-eng.com/login_files/analytics.js.download	50 kB	2023-03-07	2024-04-18
Pretty URL sfe-login-eng.com/login_files/analytics.js.download IP 172.67.222.23 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-18 21:14:10 Times Seen840 Hash d40531c5e99a6f84e42535859476fe35 a901817d77b2fe5259c298c91bc65c54d7f8a1a9 a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210 Loading...

	sfe-login-eng.com/login_files/queueconfigloader.min.js.download	24 kB	2023-03-07	2024-03-28
Pretty URL sfe-login-eng.com/login_files/queueconfigloader.min.js.download IP 172.67.222.23 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:59:46 Last Seen2024-03-28 10:22:09 Times Seen207 Hash eee5cc1b5a9d83bc08cac904c6172a69 336299f23d05fbb5ded5678126873908e4b52c51 7157deb8ebe872e9ad11477112493ef6d3175123c43073bbbc81954295049f08 Loading...

	sfe-login-eng.com/login_files/slc_analytics.js.download	7.7 kB	2023-03-07	2023-05-05
Pretty URL sfe-login-eng.com/login_files/slc_analytics.js.download IP 172.67.222.23 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:59:46 Last Seen2023-05-05 19:26:03 Times Seen3 Hash 1298e8857e931956ff0bb94bcdf9f9ec 4430e343dcb2541977b7c1eefb0441bdfa5fded9 b659e5b92cb8821dea59d702acb8f74a4abc7b72ffef328a3496b440d4555a87 Loading...

	sfe-login-eng.com/login_files/jquery-3.6.0.js.download	90 kB	2023-03-07	2024-04-24
Pretty URL sfe-login-eng.com/login_files/jquery-3.6.0.js.download IP 172.67.222.23 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:20 Last Seen2024-04-24 17:52:42 Times Seen4223 Hash 7c14a783dfeb3d238ccd3edd840d82ee ad886e472b3557f3dc7dfa2bc43468ab8d1cef5b 80f04717f32ea0320c5e8618fbacedd1fee3a8775ad8292140a6113551d4b5b0 Loading...

HTTP Transactions (43)

URL IP Response Size

sfe-login-eng.com/

172.67.222.23

302 Found

0 B

URL HTTP/1.1
sfe-login-eng.com/
IP
172.67.222.23:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	HM Revenue & Customs
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Date: Sun, 25 Sep 2022 10:36:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc; path=/
Location: login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XwiPGpEHGl8UPZs31R1kkKYlnFWpeeW2t7HIa8F6KBKau5h4j5OlBIMeHNmZVnR0P3c6pNGzt08r%2Fuc%2BKWsNBrUptTyhJJ4A%2FWy46lMy87GjhWb%2BrFqgDWCTa0ELzvHlTVOGtg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75031dfcddd5b4f4-OSL
alt-svc: h2=":443"; ma=60

firefox.settings.services.mozilla.com/v1/

143.204.55.36

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 25 Sep 2022 10:14:55 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: fDQtcRdIzlZgLlBIGEuuk0H1YvjpeaSGjIcbS4ke1KE2BApBLVP8zA==
Age: 1274

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
09a973de929ab7452edc342c780d3668
3f14f6e0a36f76863c0aea6fb561c266404a7ea3
e82ca5f310e37267fbf792427747e65c2bb35e684d3f629c0aa302f688bc4f80

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4244
Expires: Sun, 25 Sep 2022 11:46:53 GMT
Date: Sun, 25 Sep 2022 10:36:09 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

143.204.55.110

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
143.204.55.110:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 25 Sep 2022 04:35:15 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ucxHvRqQAGRpGn1oJpC6C9w09-hDc5JkLaIrdG3y4Bwdl9CVsskmyw==
age: 21655
X-Firefox-Spdy: h2

sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa

172.67.222.23

200 OK

5.9 kB

URL HTTP/1.1
sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa
IP
172.67.222.23:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2046)
Size
5.9 kB (5851 bytes)
Hash
173fd06299b5aaf618013fe997d3f479
990a1316270b885fc62b78f33748eecec60527b3
418367a8e93c78982280b617a24c21e50fd6065a8e64487fd87f61c8c1b5213a

Detections

Analyzer	Verdict	Alert
openphish	HM Revenue & Customs
fortinet	Phishing

HTTP Headers

GET /login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wfil3YieX0tCWUNpHYcZT3%2FYbVOVP2bGg4tRhMS%2F4pfTz1d%2B2zhaxoYq6y%2F5amXd4NfhJbThO9ub%2Fo8mfBlP8ATmyLJxN4NznjwzpXcYNlKeMmgo7tuRlnWaS6mqLQ%2FqHneCAg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75031dfe7fc5b4f4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 25 Sep 2022 10:36:09 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

sfe-login-eng.com/login_files/analytics.js.download

172.67.222.23

200 OK

20 kB

URL HTTP/1.1
sfe-login-eng.com/login_files/analytics.js.download
IP
172.67.222.23:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (1325)
Size
20 kB (20123 bytes)
Hash
ed215b3e4d263399c3397b6276beaca2
4004064c48cfbf5409bfbb0c107af88172ed5d45
955f454db2de03a1a9d6114192414491d075bd0c80af95d3215b81c2c782ca86

Detections

Analyzer	Verdict	Alert
openphish	HM Revenue & Customs
fortinet	Phishing

HTTP Headers

GET /login_files/analytics.js.download HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc

HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2022 03:01:42 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gD7sJtB2yScdEN6%2B%2FbRQh2Rs1j7FkoglFonzLXvRrnglgdSSEx8c7umqPdm1yQ8hBNObBqyaplXc2dva8tpl8taofgxJ%2BKJEbJ9oLThPS2Ybo6mUSiJy8RuuIBBtz5xjTapB6A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75031dffa974b4f4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

sfe-login-eng.com/login_files/queueclient.min.js.download

172.67.222.23

200 OK

4.1 kB

URL HTTP/1.1
sfe-login-eng.com/login_files/queueclient.min.js.download
IP
172.67.222.23:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (13593), with no line terminators
Size
4.1 kB (4067 bytes)
Hash
8705e7237d593338cd3d0c548283120e
9944f5eab3fbaabbd351449a69ed05f41b48ab0e
05cd1149e996b35fce3bd9ffee68c934b84598df922e5473fcc556a73af39f93

Detections

Analyzer	Verdict	Alert
openphish	HM Revenue & Customs
fortinet	Phishing

HTTP Headers

GET /login_files/queueclient.min.js.download HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc

HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2022 03:01:42 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DT6e9Igq9baRihZ3v%2BY3fcso1GB7hw8agrRfZer52w8IGpABrC%2BHOucwcYiNdyEE24i7MfmcAAa3ka2ohpxTMCt4KwetjaNfwywefxC9a6J1P5bAveQ8QfsXDhdexnUptO%2B5gg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75031dffae58b4fd-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

sfe-login-eng.com/login_files/slc_browser.js.download

172.67.222.23

200 OK

744 B

URL HTTP/1.1
sfe-login-eng.com/login_files/slc_browser.js.download
IP
172.67.222.23:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
744 B (744 bytes)
Hash
9230846b5f611c2093423ac9cc75332a
127cd8180bc39f7222ec93cc87dae2b8713930d0
7de891cc319ea5f9b37b1c83537e5d149237fa9626c7bfc3d6e734c8b018f61d

Detections

Analyzer	Verdict	Alert
openphish	HM Revenue & Customs
fortinet	Phishing

HTTP Headers

GET /login_files/slc_browser.js.download HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc

HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2022 03:01:42 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gPK068QOKlqqDKrCUYkfA%2FSjHc3923s9pYRBnqPKb76fjcvPlF6JCRTsPE6got%2B8yGjqio7djhuuutz%2BOK85wqGlqj2llSSMDi9r8IyDFaHSlH5v47KlFoIv%2FulZQ3txWQDWhg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75031dffa952b51d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

sfe-login-eng.com/login_files/queueclientConfig.js.download

172.67.222.23

200 OK

830 B

URL HTTP/1.1
sfe-login-eng.com/login_files/queueclientConfig.js.download
IP
172.67.222.23:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (10363), with no line terminators
Size
830 B (830 bytes)
Hash
5e0fcfdf5bfe43df6479a3a7b2601a62
0ea8a78e4bd8e661dde13a06a40eaa964ff35adc
a991319d7912e20b846d0546b874171c1fc2ba91afea2f4cbe96b0062daeeb03

Detections

Analyzer	Verdict	Alert
openphish	HM Revenue & Customs
fortinet	Phishing

HTTP Headers

GET /login_files/queueclientConfig.js.download HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc

HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2022 03:01:42 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BDDASEepwPI1aDrC689kicpgjapeHbXU0MoAu314WUR9uFfEBo46ES7dq61td3tDdrUc5EuE554u8JZNwqT9FsCg77CINVklX85zngasLTyt1A16oQIwENLG0hZa9ktc4nuAuA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75031dffadd10b31-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

sfe-login-eng.com/login_files/jquery.simplemodal-1.4.4.js.download

172.67.222.23

200 OK

7.0 kB

URL HTTP/1.1
sfe-login-eng.com/login_files/jquery.simplemodal-1.4.4.js.download
IP
172.67.222.23:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
7.0 kB (6955 bytes)
Hash
84281f6bd85e1c6f42da029d30ec317b
c42a4969eefcda49988aa09119a2e0bb2d6ccb6e
b1e005f595b1a63a7802553f91a45808b873f5f686dbfac01d7f8c046f7ffe78

Detections

Analyzer	Verdict	Alert
openphish	HM Revenue & Customs
fortinet	Phishing

HTTP Headers

GET /login_files/jquery.simplemodal-1.4.4.js.download HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc

HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2022 03:01:42 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gpNoPA%2BLTZtEjnW00A1r7ZhiWM7u%2F5xnYdoi9CVbbNWIZLUqk0DKPUZt9ER4hZl4POJ%2F7bcetkwrDFkuR7mv4V6fBejucvkfwB1D2r6Ar22L22K5FROau9p3puBY9BPMT%2FIhMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75031e0029fdb4f4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

sfe-login-eng.com/login_files/queueconfigloader.min.js.download

172.67.222.23

200 OK

6.1 kB

URL HTTP/1.1
sfe-login-eng.com/login_files/queueconfigloader.min.js.download
IP
172.67.222.23:0
ASN
#13335 CLOUDFLARENET

File type
C source, ASCII text, with very long lines (24106), with no line terminators
Size
6.1 kB (6091 bytes)
Hash
3c59f995d932c8eb118f085aa55a5858
bab0a5faf4a543c698f38b656adcf481d7e918b4
9230ecad923baf43c1e399cb33484e08cc5bccecf866620fcf018759fce72f05

Detections

Analyzer	Verdict	Alert
openphish	HM Revenue & Customs
fortinet	Phishing

HTTP Headers

GET /login_files/queueconfigloader.min.js.download HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc

HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2022 03:01:42 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MnnYsxq2s9eeOfIlxMiNdxo%2BUkMb0G9aIVLFUzqMaxeLaFnjPnqiporPakibssDAtYp%2BUiWcSlNzpJADChK%2FOcxXmyRirwreu1IlAafeW90LFBG25WEa%2BT4jdeN4LVYPXSLYNg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75031dffa99eb51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

sfe-login-eng.com/login_files/loading_button.js.download

172.67.222.23

200 OK

1.6 kB

URL HTTP/1.1
sfe-login-eng.com/login_files/loading_button.js.download
IP
172.67.222.23:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text
Size
1.6 kB (1575 bytes)
Hash
76c97ae21997f8513ae144b8a8eaa748
02f13762089a3945d3a7b250731705e1af6c2529
b86b3d033c8898aa27699ccd7e60ea8772d6ba1a869ca56db7e01b4adc6cbfdc

Detections

Analyzer	Verdict	Alert
openphish	HM Revenue & Customs
fortinet	Phishing

HTTP Headers

GET /login_files/loading_button.js.download HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc

HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2022 03:01:42 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IkDQfUpLNTaag4Bv3zIj2l0KHe766a88rBq2%2FYEHV%2F91qlTgvhqjHWpBUDcAmPxGK%2BDVKR%2FOIZ2%2F8bh6IWO03b5pWzScvFP6QM0S6jvvyrVRyLaeLGKZEMMx5g6uWesZ9gZMFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75031e0039e7b51d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

sfe-login-eng.com/login_files/slc_analytics.js.download

172.67.222.23

200 OK

2.4 kB

URL HTTP/1.1
sfe-login-eng.com/login_files/slc_analytics.js.download
IP
172.67.222.23:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
2.4 kB (2423 bytes)
Hash
f93d7991a444e4103897d30af0804545
1e6093dbfcfde002cceeb90d5a332c4341e8549b
d288fae4dd048cefc133831a8917f7749b3db5c9a18bd2080d891c5de1e0a52c

Detections

Analyzer	Verdict	Alert
openphish	HM Revenue & Customs
fortinet	Phishing

HTTP Headers

GET /login_files/slc_analytics.js.download HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc

HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2022 03:01:42 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BEmf8Rl16HPSNgAcPBeWArdTwPbQI0zE%2BChQy16wRIrZDod2GXv9HTTqMzT3D4DhbEsU8oKZLp9uovhA8neVH4Q91o6FZDB6xvvJ6NTBVpn6oYGoHTlN81E1rctihq2Lte9F1A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75031e003f0fb4fd-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

sfe-login-eng.com/login_files/jquery-3.6.0.js.download

172.67.222.23

200 OK

31 kB

URL HTTP/1.1
sfe-login-eng.com/login_files/jquery-3.6.0.js.download
IP
172.67.222.23:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65447)
Size
31 kB (30998 bytes)
Hash
04f89677944a235b28ac9ec015c289b5
dd6bc80f8c2b85a5d1268598e161b548d271b984
2235e216b8e4fd98555d7c960b3486b692c6a16f82aac2573872f4346fc68978

Detections

Analyzer	Verdict	Alert
openphish	HM Revenue & Customs
fortinet	Phishing

HTTP Headers

GET /login_files/jquery-3.6.0.js.download HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc

HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2022 03:01:42 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J2rfPxb932WVbZTto7CPB4gvkneI5HtxpCRJwBNWeMeygWemXi6WkjydzxMFBrQH7gfYLhm12CllJZQvUnAiOMSjHe9SPYeWcKvoz8Qcf%2FGaahSCk7Xwbbn6MvlXNrwNtelSDg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75031dffabe50b61-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

sfe-login-eng.com/login_files/govuk-frontend-3.7.0.min.css

172.67.222.23

200 OK

11 kB

URL HTTP/1.1
sfe-login-eng.com/login_files/govuk-frontend-3.7.0.min.css
IP
172.67.222.23:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65410)
Size
11 kB (10705 bytes)
Hash
8e08fb2038bed0bcf2525b37e818a7be
6413782cfd44abad90e947b3b3ff69d4e29881fe
2662e5a6a7efca8b20e74f17d55e5f7bdb6bb60a6af844dfb6e1ae93e34d75ab

Detections

Analyzer	Verdict	Alert
openphish	HM Revenue & Customs

HTTP Headers

GET /login_files/govuk-frontend-3.7.0.min.css HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc

HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:09 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2022 03:02:54 GMT
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bSxzLk1%2FHLX4aBA0dN8rchtfrLEQVFmPBO2OEBAuviBYGFIdEXK2Gyhjj3cXE9XI0crSJh9OYxWDF7v%2FlbyQ8kWOHx%2BeA%2FI7PcSaiM2XeUerIMyp2F8FdW3Fk%2FK13gyOGrYBaA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75031e003e410b31-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

sfe-login-eng.com/login_files/govuk-frontend-3.7.0.min.js.download

172.67.222.23

200 OK

8.7 kB

URL HTTP/1.1
sfe-login-eng.com/login_files/govuk-frontend-3.7.0.min.js.download
IP
172.67.222.23:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (32869)
Size
8.7 kB (8665 bytes)
Hash
0d2cda97d24bd51d07ab2b3a72bbdd32
eefe86115b4f0e2c490b56f5270019e48d66c413
1e56535b64f14d230bc568ac34152fda123871231c1af3ac64b2f064b422b0ee

Detections

Analyzer	Verdict	Alert
openphish	HM Revenue & Customs
fortinet	Phishing

HTTP Headers

GET /login_files/govuk-frontend-3.7.0.min.js.download HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc

HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2022 03:01:42 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wYW%2B3KywSLikYEnv8dxOgsEKJwO7uueVIxe3P1leR7tuMHZOvhgvU9PeCLzX5C4BgsZL6wgn0dsmQbGDt6Zcjg6atihMNUy6IAJodtlN7%2FvQDruADQYw1yKMoVwMQhW9mes%2FeA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75031e00acb20b61-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

assets.queue-it.net/slc/integrationconfig/javascript/queueclientConfig.js?versionTimestamp=20220925101007

54.230.111.46

200 OK

1.2 kB

URL HTTP/2
assets.queue-it.net/slc/integrationconfig/javascript/queueclientConfig.js?versionTimestamp=20220925101007
IP
54.230.111.46:0
ASN
#16509 AMAZON-02

File type
data
Size
1.2 kB (1152 bytes)
Hash
7c3891f6d7d42e1564b9c38d2c81d522
c5188819e2c4a22be5fcd8b0b629c75e8e47948d
31c785097718e89f998d3f50f27952969f2e70cb1b5f03f2999016267cef3525

HTTP Headers

GET /slc/integrationconfig/javascript/queueclientConfig.js?versionTimestamp=20220925101007 HTTP/1.1
Host: assets.queue-it.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sfe-login-eng.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript
x-amz-replication-status: COMPLETED
last-modified: Sun, 13 Feb 2022 14:21:58 GMT
x-amz-version-id: UQp6oy5nOY_gOUuQj4hNIGRGjmCx3dDn
server: AmazonS3
content-encoding: gzip
date: Sun, 25 Sep 2022 10:36:10 GMT
cache-control: max-age=300
etag: W/"8df1c2c546fe89b7b7c38e3198d976d9"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: YakGNB2-7D-ndEgV16DhwIaFeomKGRg1v1r8vuU0sjGd-17ukDa4Xg==
X-Firefox-Spdy: h2

sfe-login-eng.com/login_files/override-govuk-frontend-3.7.0.min.css

172.67.222.23

200 OK

739 B

URL HTTP/1.1
sfe-login-eng.com/login_files/override-govuk-frontend-3.7.0.min.css
IP
172.67.222.23:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
739 B (739 bytes)
Hash
a1296a6eecefa7f0e35a162e91a66af3
40928ac0692ca52cc5830e18fdcf711f114a6e10
1920b4a9390ea64053baaf0cc680a6f3da55022f6e1caecc99e02104919b8fa2

Detections

Analyzer	Verdict	Alert
openphish	HM Revenue & Customs

HTTP Headers

GET /login_files/override-govuk-frontend-3.7.0.min.css HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc

HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:10 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2022 03:01:42 GMT
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jReHvWW977lgFy%2BJLlC2mAJ%2B8txXLjpcJgwm63CwvZBzBEfMHiDl57sUksWkXDp9ttw9TUnuudmLTazut5KZ6TB1yYM7e9xm0kSJtZHjd2p8jJnGhEGxm4goZEKSQS6V2Q60BA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75031e006a76b4f4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
fd3b36dc2b620b48de491a8d9ba00fc0
be67ba7db5215dcb7c9225876e35a5e0a5005c9e
28205ee62c77b1caad6cc24c1ce98ddb92d26f67d41270f7d5278208a907c62f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5711
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 10:36:10 GMT
Last-Modified: Sun, 25 Sep 2022 09:00:59 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471

sfe-login-eng.com/login_files/sfe.css

172.67.222.23

200 OK

231 B

URL HTTP/1.1
sfe-login-eng.com/login_files/sfe.css
IP
172.67.222.23:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
231 B (231 bytes)
Hash
cc7789c9ba5dde3f4fdca5618704ffb5
2c59facbc31d8ed3eb5352e8c188bf06df7da085
ede7f4d7a1e4e8ce7eee84e127827e5556ed5af121dacb99a7214c699cd72ec3

Detections

Analyzer	Verdict	Alert
openphish	HM Revenue & Customs

HTTP Headers

GET /login_files/sfe.css HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc

HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:10 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2022 03:01:42 GMT
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xlqsz4EiZm%2BVvkdyCWcHV3fXWFl5i0qTCLwzcPN1PLodc%2F1gAWclq5b7WyzUQUg0ner5ROepFIfxytIFiUZRjN%2FWlYkpF42wYX%2FQyovmebdsdp%2BD7ZBMivQgRV12n8xlOU%2B%2BBw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75031e006a84b51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

push.services.mozilla.com/

52.36.24.174

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.36.24.174:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: uh8Gs0h6uP2h2yMAYP8pYg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: m4HQoe2G5UzDcAY+YoovWAuW/p4=

sfe-login-eng.com/login_files/modal.css

172.67.222.23

200 OK

2.3 kB

URL HTTP/1.1
sfe-login-eng.com/login_files/modal.css
IP
172.67.222.23:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
2.3 kB (2333 bytes)
Hash
af67add2151f32126f356527782f94d1
bb4c8eeede47cc6075eb263c7f8d8287ff2e6cd1
d23565a4878458750087a505e39b7e946fa0c63c9336409f124aa13ec7229f6f

Detections

Analyzer	Verdict	Alert
openphish	HM Revenue & Customs

HTTP Headers

GET /login_files/modal.css HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc

HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:10 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2022 03:01:42 GMT
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1kFPRgfDqLn9HlobUBCb9p%2BIdP4m8l2Opt3ajVQY%2FfsIjJ8tbiujyYTcaUtcPB%2BYYTrKugdxF0AuszoicT4PxvzZ8yszQyNg1zTbsGhfexOwhyzzgB6KrQsb6bdhy0N4X98eGg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75031e008a30b51d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8106
Expires: Sun, 25 Sep 2022 12:51:17 GMT
Date: Sun, 25 Sep 2022 10:36:11 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8106
Expires: Sun, 25 Sep 2022 12:51:17 GMT
Date: Sun, 25 Sep 2022 10:36:11 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8106
Expires: Sun, 25 Sep 2022 12:51:17 GMT
Date: Sun, 25 Sep 2022 10:36:11 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F254286e1-1c63-4609-9dfb-0eb4b9096238.jpeg

34.120.237.76

200 OK

6.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F254286e1-1c63-4609-9dfb-0eb4b9096238.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.2 kB (6199 bytes)
Hash
714af732a9aa1db2b13ffb62810fd532
358e74de395352a9529ff1c17856daf8900888c5
1d2035cfcd283560ebe8494f9438e52f8d96cd092dd41cb0eb899a3f905c1e05

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F254286e1-1c63-4609-9dfb-0eb4b9096238.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6199
x-amzn-requestid: d26f22d9-4e9b-4764-8c96-2e1c7ce36340
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y--OKHowoAMFbQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f7727-7adb7c4925e6e50e13889544;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:31:19 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3_xkH-s3Fzz3CRHux4j3hergFHWBmOFF9vMBCoN1rJrjrCkeSEp0qQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 22:01:16 GMT
age: 45295
etag: "358e74de395352a9529ff1c17856daf8900888c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30df3bb6-8eae-49ae-ba75-f6dd462463ac.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.2 kB (4237 bytes)
Hash
8abddb2cad9c262667f358ecb9b084ae
2d97861b35e3d0ffe6a614037e4ff7946018b4ef
9b4878cf451b7bc5c7467d1e35e2fa12f54e516c878dd54d0293a4ef4947ba5b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30df3bb6-8eae-49ae-ba75-f6dd462463ac.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4237
x-amzn-requestid: ae2729cb-a956-4214-b3be-b510a3f62698
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y9FNDGu7oAMF7oQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632eb586-097d52637dc131002d4ac57d;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 07:45:10 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: TUT-wNEcMOArWarvrWvtkVVf4ZfrTv6CtG7a_aBZN9mZ6L-GawZkZA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 01:14:25 GMT
age: 33706
etag: "2d97861b35e3d0ffe6a614037e4ff7946018b4ef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9c4875ff-4140-470a-943a-bc27f68957a5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7642 bytes)
Hash
00c09f267aacde9465a329542463b9e5
1534aa8a5158dfa9592d65e6fb761b41c0852c58
276ff24598159f62fd7333992575834f901eea7c75a228b9c12d1c049f1df558

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9c4875ff-4140-470a-943a-bc27f68957a5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7642
x-amzn-requestid: b0fc9bea-7735-43c0-a176-eae4d5000a6e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y2ZPtHajIAMF8zQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632c08ca-391092bd30ae5bf9692e93ba;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 07:03:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: JHbRgCQOZp244YWkU4o78m9HhC77v7LOWAvwnc2eRTW2vHnv99ygaA==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 06:00:25 GMT
age: 16546
etag: "1534aa8a5158dfa9592d65e6fb761b41c0852c58"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda26d83a-84d6-497f-974b-e97994a82e1c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.9 kB (7855 bytes)
Hash
12b4e62eeac0a002ce34d748230878ca
47585668611fadb8bd8fa65e5e330bd3ed2f60b6
e871981eec0c113d0ccda82fabdc84d1881828f7cba1d76c50063c22d528a85e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda26d83a-84d6-497f-974b-e97994a82e1c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7855
x-amzn-requestid: f3230dd3-8d7c-41e7-bf32-83376fd77eb6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YpOJQGNaIAMF57Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6326c3d4-4aa0826f4b7d59d9651ad763;Sampled=0
x-amzn-remapped-date: Sun, 18 Sep 2022 07:08:04 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: xrsq6kYGG5mhvI-Xkxspuum-g0G7LBLfxVPayM611E-PiT71_ZsD2g==
via: 1.1 58f9a50682bb94842197f3e957919c60.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 01:03:58 GMT
age: 34333
etag: "47585668611fadb8bd8fa65e5e330bd3ed2f60b6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78aaf154-de5d-4fec-94c5-4e185b4c0cc1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.3 kB (4320 bytes)
Hash
7eba9d4ed7413abb8e8824cc86071b50
1ec47b0f11a2b1173a1dcd32d541e5680b0088b1
399622d6099137974fa30a332c145b45182a7be272523a325418c63bfe70e5a1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78aaf154-de5d-4fec-94c5-4e185b4c0cc1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4320
x-amzn-requestid: 72d102a6-8552-473f-b3f8-99450722017d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y--PmHEgIAMFXvA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f7730-7e4789b1723913e2500ea5f2;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:31:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Pai6CsC8F_VDgt6BkP9aRekL5WzUkwNdrvetIijRKlGByWm6skpb6w==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 22:01:14 GMT
age: 45297
etag: "1ec47b0f11a2b1173a1dcd32d541e5680b0088b1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 3-257, spot sensor temperature 0.000000, unit celsius, color scheme 0, show scale bar, calibration: offset 0.000000, slope 241253891388563521536.000000\012- data
Size
13 kB (12826 bytes)
Hash
b3a72e81317074689a71dac7059e4b6a
b6d56333d7f1ea7ddc8838d84de498ff913c5464
e665a8821b5e7b2e78787647a08d629bf70cbf4cbfee2057c8601cf0565154a1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12826
x-amzn-requestid: f075cf62-acfc-4bc1-be14-7c3dafb7aaed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YfVRNFP-oAMFgrA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6322cf3a-184b678042d64ac9266b1128;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 07:07:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: W6ZD1652Yn1xqZG7ehDcirlYoG8Hcsrdj11Fzfgj7zb-OiU8xHj1gw==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:37:32 GMT
age: 46719
etag: "b6d56333d7f1ea7ddc8838d84de498ff913c5464"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

sfe-login-eng.com/login_files/cookie-banner.css

172.67.222.23

200 OK

506 B

URL HTTP/1.1
sfe-login-eng.com/login_files/cookie-banner.css
IP
172.67.222.23:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
506 B (506 bytes)
Hash
29f219935f5790b8685036a10fa8c44a
5e05eee1567a282e424c87f6e53627f602822e08
6be8dfc8a82df36d2f6d5be44d0c8af0ec92ee0fe634bb02df8ba356a0cfdb3b

Detections

Analyzer	Verdict	Alert
openphish	HM Revenue & Customs

HTTP Headers

GET /login_files/cookie-banner.css HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc

HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:11 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2022 03:01:42 GMT
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uURDyRcj1K4SqEEEpsY%2FOfQ%2BC62NrSiemKje3LuL%2BqzEbbvPiFFfFXSVs8a%2BTv9PbOeMXnEQqvfOfoVuBpYEHBK428wvfgE%2BlYeMTtVKmqVcCJ3dfIxCoXzFCmENXxCJXrrQbA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75031e008f51b4fd-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

sfe-login-eng.com/login_files/sfe_logo.png

172.67.222.23

200 OK

2.9 kB

URL HTTP/1.1
sfe-login-eng.com/login_files/sfe_logo.png
IP
172.67.222.23:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 248 x 31, 8-bit/color RGBA, non-interlaced\012- data
Size
2.9 kB (2945 bytes)
Hash
57b87dea4ae2b416a63600df56b41c9f
262d7b5a812f48a11a5b6f1c75ad7d96ad89bcf4
f3c14820d452cf53db3283d280fd0c14da7e1424595bd4a56a537af9b3b88cb1

Detections

Analyzer	Verdict	Alert
openphish	HM Revenue & Customs

HTTP Headers

GET /login_files/sfe_logo.png HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc

HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:11 GMT
Content-Type: image/png
Content-Length: 2945
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2022 03:01:42 GMT
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GZjJWCh3gcz0wy%2FXWMB1O1xCqDlApIQp%2BJ5YVKXoTVjrQNU%2BTA0jF7wbuTJsC7hAtiEpkxjDH0ENjxVQ4x5D9PnS6zv6mhNSpSt71dBiFihZVx6p9IvFhpMuhAFa1R2kNwVkHg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75031e0b2f350b61-OSL
alt-svc: h2=":443"; ma=60

sfe-login-eng.com/assets/images/govuk-crest.png

172.67.222.23

404 Not Found

238 B

URL HTTP/1.1
sfe-login-eng.com/assets/images/govuk-crest.png
IP
172.67.222.23:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
238 B (238 bytes)
Hash
f5945c4d5e4298d818d50d70865f2857
f35c3593933af2db1933093809ef78f45b9b7144
d2a3f46998410a6fa09375f2813da63aa04bbc6caae20e770da12530ba881b38

Detections

Analyzer	Verdict	Alert
openphish	HM Revenue & Customs

HTTP Headers

GET /assets/images/govuk-crest.png HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sfe-login-eng.com/login_files/govuk-frontend-3.7.0.min.css
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc

HTTP/1.1 404 Not Found
Date: Sun, 25 Sep 2022 10:36:11 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8YLtZ%2BEZsD70bVavoaNjr%2BkwnspBvBPU4JAriDtK3p6I21%2FjSU6C%2FsZlGYRt7LBF4JxSML7mdkCJzUGllbBICUlZZAkyLS4m4rUqwuW3szFhwRvYT%2F3tVKG8zcX0M4jAVXJTkw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75031e0b4eb0b51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

sfe-login-eng.com/login_files/light-94a07e06a1-v2.woff2

172.67.222.23

200 OK

33 kB

URL HTTP/1.1
sfe-login-eng.com/login_files/light-94a07e06a1-v2.woff2
IP
172.67.222.23:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 33382, version 1.131\012- data
Size
33 kB (33382 bytes)
Hash
94a07e06a104e76fe40583f74b204aee
3202361735eb0c59277c2140c34dd77879df43de
eedfb3c2f7945caebd0b15522b59d6c7f01be17fecd6102fd76452ad4042f7b0

Detections

Analyzer	Verdict	Alert
openphish	HM Revenue & Customs
fortinet	Phishing

HTTP Headers

GET /login_files/light-94a07e06a1-v2.woff2 HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://sfe-login-eng.com/login_files/govuk-frontend-3.7.0.min.css
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc

HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:11 GMT
Content-Type: font/woff2
Content-Length: 33382
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2022 03:02:18 GMT
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lu88szgx57Rj3sGojZzHQvIuExmBxLaTIzrvwKIvUtFggs6CKwFDL8F3omVjZsoFoYGYW9kFq03HyOMRUklnj4CrjmpDE%2FVlYJETXusmlmacv4nzRFD23FWoUuofnvSklQ3AKw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75031e0b3fd60b31-OSL
alt-svc: h2=":443"; ma=60

www.google-analytics.com/analytics.js

142.250.74.174

200 OK

20 kB

URL HTTP/1.1
www.google-analytics.com/analytics.js
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1325)
Size
20 kB (19826 bytes)
Hash
cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sfe-login-eng.com/

HTTP/1.1 200 OK
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 19826
Date: Sun, 25 Sep 2022 10:20:50 GMT
Expires: Sun, 25 Sep 2022 12:20:50 GMT
Cache-Control: public, max-age=7200
Age: 921
Last-Modified: Sun, 11 Sep 2022 13:50:09 GMT
Content-Type: text/javascript

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
5d8eadfbcdacb2dd46e7635282f876c6
42b388b8338e9a94c71dc77def90489db6f89798
4f5c89bc5bc8501a035ed4be3453a390e70756cf1566adf9a0b51d5d53b49a7f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2465
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 10:36:12 GMT
Last-Modified: Sun, 25 Sep 2022 09:55:07 GMT
Server: ECS (amb/6BA9)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
5d8eadfbcdacb2dd46e7635282f876c6
42b388b8338e9a94c71dc77def90489db6f89798
4f5c89bc5bc8501a035ed4be3453a390e70756cf1566adf9a0b51d5d53b49a7f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 10:36:12 GMT
Server: ECS (amb/6B8D)
Content-Length: 471

sfe-login-eng.com/login_files/bold-b542beb274-v2.woff2

172.67.222.23

200 OK

32 kB

URL HTTP/1.1
sfe-login-eng.com/login_files/bold-b542beb274-v2.woff2
IP
172.67.222.23:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 31480, version 1.0\012- data
Size
32 kB (31480 bytes)
Hash
b542beb2746ca0e4a5a9aa7ea7767df7
edd7531eb22a9e4c7c17045d9ba5ec87e4c731d2
06eba01b1af0f4014b484c711771fef1db30becbf0edf481498da1e4958d3d47

Detections

Analyzer	Verdict	Alert
openphish	HM Revenue & Customs
fortinet	Phishing

HTTP Headers

GET /login_files/bold-b542beb274-v2.woff2 HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://sfe-login-eng.com/login_files/govuk-frontend-3.7.0.min.css
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc

HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:12 GMT
Content-Type: font/woff2
Content-Length: 31480
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2022 03:02:18 GMT
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VWjbchMP68kLtOSd0IOZbMoS%2B0zltFy1Qp9vbWPk%2FLR6gUYFUmAU1CVHPNMlkJtm%2FT2sVJfI7reTBtfE6yQsPeyeD9b2v0MZEemmAnFypJJPB53WlgHgjsdQtE0wkYQlouXolg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75031e0b4c65b4fd-OSL
alt-svc: h2=":443"; ma=60

logon.slc.co.uk/welcome/assets/images/govuk-apple-touch-icon-180x180.png

62.255.142.225

200 OK

3.5 kB

URL HTTP/1.1
logon.slc.co.uk/welcome/assets/images/govuk-apple-touch-icon-180x180.png
IP
62.255.142.225:0
ASN
#32787 PROLEXIC-TECHNOLOGIES-DDOS-MITIGATION-NETWORK

File type
PNG image data, 180 x 180, 8-bit colormap, non-interlaced\012- data
Size
3.5 kB (3503 bytes)
Hash
a0f7e1b728a42016b247dc54ee40d055
f02b551f1af5d4ef5bc4aee07da9a6e36a3f9037
ea1cbb1cbbeddfff275dfa6e8e46b84cd530892df79dc4882a8f99b802b49a90

HTTP Headers

GET /welcome/assets/images/govuk-apple-touch-icon-180x180.png HTTP/1.1
Host: logon.slc.co.uk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sfe-login-eng.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:12 GMT
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
Content-Security-Policy: default-src'self';""
X-Application-Context: application:live:8080
Last-Modified: Fri, 05 Aug 2022 11:28:42 GMT
Accept-Ranges: bytes
X-Content-Type-Options: nosniff, nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
Content-Type: image/png
Content-Length: 3503
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Set-Cookie: JSESSIONID=E-qnyFuijBBDPFjBoHDsU4rP.d2lvapcppe02-a; Path=/welcome; Secure; HttpOnly
TS01473ab4=01957163403092df4ac16dfc38fffc9c73c008697b5db94e8d2508015d17d77b4a354226799fd0f645e79b9cb858eb6f2c73c414f4; Path=/; Secure; HTTPOnly
TS01519ec9=019571634085fb8526144e798cd1e0c8ce2fdec9f55db94e8d2508015d17d77b4a35422679203ff3bd2b4d879d4570dad51e227aae8a3173ecf37d2c7c2f7bf45e57544485; path=/welcome; HTTPonly; Secure

logon.slc.co.uk/welcome/assets/images/favicon.ico

62.255.142.225

200 OK

2.6 kB

URL HTTP/1.1
logon.slc.co.uk/welcome/assets/images/favicon.ico
IP
62.255.142.225:0
ASN
#32787 PROLEXIC-TECHNOLOGIES-DDOS-MITIGATION-NETWORK

File type
MS Windows icon resource - 3 icons, 16x16, 4 bits/pixel, 32x32, 8 bits/pixel\012- data
Size
2.6 kB (2579 bytes)
Hash
80f3f9105e006160875191b33abd2e31
a42c29dc6248375facb8d06050272d68b735e110
3149d8582af2522b397998ce214e04d8bd8f037d82a1dcd9ec36cf8bb79db609

HTTP Headers

GET /welcome/assets/images/favicon.ico HTTP/1.1
Host: logon.slc.co.uk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sfe-login-eng.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:13 GMT
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
Content-Security-Policy: default-src'self';""
X-Application-Context: application:live:8080
Last-Modified: Fri, 05 Aug 2022 11:28:42 GMT
Accept-Ranges: bytes
X-Content-Type-Options: nosniff, nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
Content-Type: application/octet-stream
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Set-Cookie: JSESSIONID=XePhUrQ2SxZX9SvliXcZNCJi.d2lvapcppe05-a; Path=/welcome; Secure; HttpOnly
TS01473ab4=01957163403d91ae6b00bf8e6fe2a8e6d895193fc6cc0ee53a2669bd26958bef16da4da23815651767e60479dbd35ecd5c7a2d4e07; Path=/; Secure; HTTPOnly
TS01519ec9=019571634030843a711fa464ca44a24afe9060d530cc0ee53a2669bd26958bef16da4da238602b932fb60defe4b2e640ebab399f73d95b4fc7ea00508472a9e8f81c7bd62a; path=/welcome; HTTPonly; Secure
Transfer-Encoding: chunked

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ff2e4f2-f486-42c3-8a19-b33169da91f3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10627 bytes)
Hash
14f002009f65f578b930d04203ba700a
7191af2da71fc0c7e3ca17b9f0b0132fc3cdc5b5
fafe43cbdfc56b72318d77bd5d30886bc4370a3f087df3bbbcb61b18ea0bbf81

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ff2e4f2-f486-42c3-8a19-b33169da91f3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 10627
x-amzn-requestid: f765ace2-73b4-493e-bf09-de605d64f283
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y-_Z3EfXoAMFRFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f790b-564393940c6453de719f30a0;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:39:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zYwkYYb6vxPU2kAKvbKNpWkil9OsWKTDOgSlI79kR4Ysvo5BE6PTlw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:56:29 GMT
age: 45589
etag: "7191af2da71fc0c7e3ca17b9f0b0132fc3cdc5b5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (17)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations