sfe-login-eng.com/
172.67.222.23302 Found 0 B IP 172.67.222.23:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish HM Revenue & Customs
fortinet Phishing
GET / HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Sun, 25 Sep 2022 10:36:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc; path=/
Location: login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XwiPGpEHGl8UPZs31R1kkKYlnFWpeeW2t7HIa8F6KBKau5h4j5OlBIMeHNmZVnR0P3c6pNGzt08r%2Fuc%2BKWsNBrUptTyhJJ4A%2FWy46lMy87GjhWb%2BrFqgDWCTa0ELzvHlTVOGtg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75031dfcddd5b4f4-OSL
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 25 Sep 2022 10:14:55 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: fDQtcRdIzlZgLlBIGEuuk0H1YvjpeaSGjIcbS4ke1KE2BApBLVP8zA==
Age: 1274
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 09a973de929ab7452edc342c780d3668
3f14f6e0a36f76863c0aea6fb561c266404a7ea3
e82ca5f310e37267fbf792427747e65c2bb35e684d3f629c0aa302f688bc4f80
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4244
Expires: Sun, 25 Sep 2022 11:46:53 GMT
Date: Sun, 25 Sep 2022 10:36:09 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.110200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.110:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 25 Sep 2022 04:35:15 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ucxHvRqQAGRpGn1oJpC6C9w09-hDc5JkLaIrdG3y4Bwdl9CVsskmyw==
age: 21655
X-Firefox-Spdy: h2
sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa
172.67.222.23200 OK 5.9 kB URL HTTP/1.1 sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa
IP 172.67.222.23:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2046)
Hash 173fd06299b5aaf618013fe997d3f479
990a1316270b885fc62b78f33748eecec60527b3
418367a8e93c78982280b617a24c21e50fd6065a8e64487fd87f61c8c1b5213a
Analyzer Verdict Alert openphish HM Revenue & Customs
fortinet Phishing
GET /login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wfil3YieX0tCWUNpHYcZT3%2FYbVOVP2bGg4tRhMS%2F4pfTz1d%2B2zhaxoYq6y%2F5amXd4NfhJbThO9ub%2Fo8mfBlP8ATmyLJxN4NznjwzpXcYNlKeMmgo7tuRlnWaS6mqLQ%2FqHneCAg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75031dfe7fc5b4f4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 25 Sep 2022 10:36:09 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
sfe-login-eng.com/login_files/analytics.js.download
172.67.222.23200 OK 20 kB URL HTTP/1.1 sfe-login-eng.com/login_files/analytics.js.download
IP 172.67.222.23:0
File type ASCII text, with very long lines (1325)
Hash ed215b3e4d263399c3397b6276beaca2
4004064c48cfbf5409bfbb0c107af88172ed5d45
955f454db2de03a1a9d6114192414491d075bd0c80af95d3215b81c2c782ca86
Analyzer Verdict Alert openphish HM Revenue & Customs
fortinet Phishing
GET /login_files/analytics.js.download HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc
HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2022 03:01:42 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gD7sJtB2yScdEN6%2B%2FbRQh2Rs1j7FkoglFonzLXvRrnglgdSSEx8c7umqPdm1yQ8hBNObBqyaplXc2dva8tpl8taofgxJ%2BKJEbJ9oLThPS2Ybo6mUSiJy8RuuIBBtz5xjTapB6A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75031dffa974b4f4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
sfe-login-eng.com/login_files/queueclient.min.js.download
172.67.222.23200 OK 4.1 kB URL HTTP/1.1 sfe-login-eng.com/login_files/queueclient.min.js.download
IP 172.67.222.23:0
File type ASCII text, with very long lines (13593), with no line terminators
Hash 8705e7237d593338cd3d0c548283120e
9944f5eab3fbaabbd351449a69ed05f41b48ab0e
05cd1149e996b35fce3bd9ffee68c934b84598df922e5473fcc556a73af39f93
Analyzer Verdict Alert openphish HM Revenue & Customs
fortinet Phishing
GET /login_files/queueclient.min.js.download HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc
HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2022 03:01:42 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DT6e9Igq9baRihZ3v%2BY3fcso1GB7hw8agrRfZer52w8IGpABrC%2BHOucwcYiNdyEE24i7MfmcAAa3ka2ohpxTMCt4KwetjaNfwywefxC9a6J1P5bAveQ8QfsXDhdexnUptO%2B5gg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75031dffae58b4fd-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
sfe-login-eng.com/login_files/slc_browser.js.download
172.67.222.23200 OK 744 B URL HTTP/1.1 sfe-login-eng.com/login_files/slc_browser.js.download
IP 172.67.222.23:0
Hash 9230846b5f611c2093423ac9cc75332a
127cd8180bc39f7222ec93cc87dae2b8713930d0
7de891cc319ea5f9b37b1c83537e5d149237fa9626c7bfc3d6e734c8b018f61d
Analyzer Verdict Alert openphish HM Revenue & Customs
fortinet Phishing
GET /login_files/slc_browser.js.download HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc
HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2022 03:01:42 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gPK068QOKlqqDKrCUYkfA%2FSjHc3923s9pYRBnqPKb76fjcvPlF6JCRTsPE6got%2B8yGjqio7djhuuutz%2BOK85wqGlqj2llSSMDi9r8IyDFaHSlH5v47KlFoIv%2FulZQ3txWQDWhg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75031dffa952b51d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
sfe-login-eng.com/login_files/queueclientConfig.js.download
172.67.222.23200 OK 830 B URL HTTP/1.1 sfe-login-eng.com/login_files/queueclientConfig.js.download
IP 172.67.222.23:0
File type ASCII text, with very long lines (10363), with no line terminators
Hash 5e0fcfdf5bfe43df6479a3a7b2601a62
0ea8a78e4bd8e661dde13a06a40eaa964ff35adc
a991319d7912e20b846d0546b874171c1fc2ba91afea2f4cbe96b0062daeeb03
Analyzer Verdict Alert openphish HM Revenue & Customs
fortinet Phishing
GET /login_files/queueclientConfig.js.download HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc
HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2022 03:01:42 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BDDASEepwPI1aDrC689kicpgjapeHbXU0MoAu314WUR9uFfEBo46ES7dq61td3tDdrUc5EuE554u8JZNwqT9FsCg77CINVklX85zngasLTyt1A16oQIwENLG0hZa9ktc4nuAuA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75031dffadd10b31-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
sfe-login-eng.com/login_files/jquery.simplemodal-1.4.4.js.download
172.67.222.23200 OK 7.0 kB URL HTTP/1.1 sfe-login-eng.com/login_files/jquery.simplemodal-1.4.4.js.download
IP 172.67.222.23:0
Hash 84281f6bd85e1c6f42da029d30ec317b
c42a4969eefcda49988aa09119a2e0bb2d6ccb6e
b1e005f595b1a63a7802553f91a45808b873f5f686dbfac01d7f8c046f7ffe78
Analyzer Verdict Alert openphish HM Revenue & Customs
fortinet Phishing
GET /login_files/jquery.simplemodal-1.4.4.js.download HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc
HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2022 03:01:42 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gpNoPA%2BLTZtEjnW00A1r7ZhiWM7u%2F5xnYdoi9CVbbNWIZLUqk0DKPUZt9ER4hZl4POJ%2F7bcetkwrDFkuR7mv4V6fBejucvkfwB1D2r6Ar22L22K5FROau9p3puBY9BPMT%2FIhMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75031e0029fdb4f4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
sfe-login-eng.com/login_files/queueconfigloader.min.js.download
172.67.222.23200 OK 6.1 kB URL HTTP/1.1 sfe-login-eng.com/login_files/queueconfigloader.min.js.download
IP 172.67.222.23:0
File type C source, ASCII text, with very long lines (24106), with no line terminators
Hash 3c59f995d932c8eb118f085aa55a5858
bab0a5faf4a543c698f38b656adcf481d7e918b4
9230ecad923baf43c1e399cb33484e08cc5bccecf866620fcf018759fce72f05
Analyzer Verdict Alert openphish HM Revenue & Customs
fortinet Phishing
GET /login_files/queueconfigloader.min.js.download HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc
HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2022 03:01:42 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MnnYsxq2s9eeOfIlxMiNdxo%2BUkMb0G9aIVLFUzqMaxeLaFnjPnqiporPakibssDAtYp%2BUiWcSlNzpJADChK%2FOcxXmyRirwreu1IlAafeW90LFBG25WEa%2BT4jdeN4LVYPXSLYNg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75031dffa99eb51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
sfe-login-eng.com/login_files/loading_button.js.download
172.67.222.23200 OK 1.6 kB URL HTTP/1.1 sfe-login-eng.com/login_files/loading_button.js.download
IP 172.67.222.23:0
File type HTML document, ASCII text
Hash 76c97ae21997f8513ae144b8a8eaa748
02f13762089a3945d3a7b250731705e1af6c2529
b86b3d033c8898aa27699ccd7e60ea8772d6ba1a869ca56db7e01b4adc6cbfdc
Analyzer Verdict Alert openphish HM Revenue & Customs
fortinet Phishing
GET /login_files/loading_button.js.download HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc
HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2022 03:01:42 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IkDQfUpLNTaag4Bv3zIj2l0KHe766a88rBq2%2FYEHV%2F91qlTgvhqjHWpBUDcAmPxGK%2BDVKR%2FOIZ2%2F8bh6IWO03b5pWzScvFP6QM0S6jvvyrVRyLaeLGKZEMMx5g6uWesZ9gZMFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75031e0039e7b51d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
sfe-login-eng.com/login_files/slc_analytics.js.download
172.67.222.23200 OK 2.4 kB URL HTTP/1.1 sfe-login-eng.com/login_files/slc_analytics.js.download
IP 172.67.222.23:0
Hash f93d7991a444e4103897d30af0804545
1e6093dbfcfde002cceeb90d5a332c4341e8549b
d288fae4dd048cefc133831a8917f7749b3db5c9a18bd2080d891c5de1e0a52c
Analyzer Verdict Alert openphish HM Revenue & Customs
fortinet Phishing
GET /login_files/slc_analytics.js.download HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc
HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2022 03:01:42 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BEmf8Rl16HPSNgAcPBeWArdTwPbQI0zE%2BChQy16wRIrZDod2GXv9HTTqMzT3D4DhbEsU8oKZLp9uovhA8neVH4Q91o6FZDB6xvvJ6NTBVpn6oYGoHTlN81E1rctihq2Lte9F1A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75031e003f0fb4fd-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
sfe-login-eng.com/login_files/jquery-3.6.0.js.download
172.67.222.23200 OK 31 kB URL HTTP/1.1 sfe-login-eng.com/login_files/jquery-3.6.0.js.download
IP 172.67.222.23:0
File type ASCII text, with very long lines (65447)
Hash 04f89677944a235b28ac9ec015c289b5
dd6bc80f8c2b85a5d1268598e161b548d271b984
2235e216b8e4fd98555d7c960b3486b692c6a16f82aac2573872f4346fc68978
Analyzer Verdict Alert openphish HM Revenue & Customs
fortinet Phishing
GET /login_files/jquery-3.6.0.js.download HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc
HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2022 03:01:42 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J2rfPxb932WVbZTto7CPB4gvkneI5HtxpCRJwBNWeMeygWemXi6WkjydzxMFBrQH7gfYLhm12CllJZQvUnAiOMSjHe9SPYeWcKvoz8Qcf%2FGaahSCk7Xwbbn6MvlXNrwNtelSDg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75031dffabe50b61-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
sfe-login-eng.com/login_files/govuk-frontend-3.7.0.min.css
172.67.222.23200 OK 11 kB URL HTTP/1.1 sfe-login-eng.com/login_files/govuk-frontend-3.7.0.min.css
IP 172.67.222.23:0
File type ASCII text, with very long lines (65410)
Hash 8e08fb2038bed0bcf2525b37e818a7be
6413782cfd44abad90e947b3b3ff69d4e29881fe
2662e5a6a7efca8b20e74f17d55e5f7bdb6bb60a6af844dfb6e1ae93e34d75ab
Analyzer Verdict Alert openphish HM Revenue & Customs
GET /login_files/govuk-frontend-3.7.0.min.css HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc
HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:09 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2022 03:02:54 GMT
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bSxzLk1%2FHLX4aBA0dN8rchtfrLEQVFmPBO2OEBAuviBYGFIdEXK2Gyhjj3cXE9XI0crSJh9OYxWDF7v%2FlbyQ8kWOHx%2BeA%2FI7PcSaiM2XeUerIMyp2F8FdW3Fk%2FK13gyOGrYBaA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75031e003e410b31-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
sfe-login-eng.com/login_files/govuk-frontend-3.7.0.min.js.download
172.67.222.23200 OK 8.7 kB URL HTTP/1.1 sfe-login-eng.com/login_files/govuk-frontend-3.7.0.min.js.download
IP 172.67.222.23:0
File type ASCII text, with very long lines (32869)
Hash 0d2cda97d24bd51d07ab2b3a72bbdd32
eefe86115b4f0e2c490b56f5270019e48d66c413
1e56535b64f14d230bc568ac34152fda123871231c1af3ac64b2f064b422b0ee
Analyzer Verdict Alert openphish HM Revenue & Customs
fortinet Phishing
GET /login_files/govuk-frontend-3.7.0.min.js.download HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc
HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2022 03:01:42 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wYW%2B3KywSLikYEnv8dxOgsEKJwO7uueVIxe3P1leR7tuMHZOvhgvU9PeCLzX5C4BgsZL6wgn0dsmQbGDt6Zcjg6atihMNUy6IAJodtlN7%2FvQDruADQYw1yKMoVwMQhW9mes%2FeA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75031e00acb20b61-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
assets.queue-it.net/slc/integrationconfig/javascript/queueclientConfig.js?versionTimestamp=20220925101007
54.230.111.46200 OK 1.2 kB URL HTTP/2 assets.queue-it.net/slc/integrationconfig/javascript/queueclientConfig.js?versionTimestamp=20220925101007
IP 54.230.111.46:0
Hash 7c3891f6d7d42e1564b9c38d2c81d522
c5188819e2c4a22be5fcd8b0b629c75e8e47948d
31c785097718e89f998d3f50f27952969f2e70cb1b5f03f2999016267cef3525
GET /slc/integrationconfig/javascript/queueclientConfig.js?versionTimestamp=20220925101007 HTTP/1.1
Host: assets.queue-it.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sfe-login-eng.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
x-amz-replication-status: COMPLETED
last-modified: Sun, 13 Feb 2022 14:21:58 GMT
x-amz-version-id: UQp6oy5nOY_gOUuQj4hNIGRGjmCx3dDn
server: AmazonS3
content-encoding: gzip
date: Sun, 25 Sep 2022 10:36:10 GMT
cache-control: max-age=300
etag: W/"8df1c2c546fe89b7b7c38e3198d976d9"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: YakGNB2-7D-ndEgV16DhwIaFeomKGRg1v1r8vuU0sjGd-17ukDa4Xg==
X-Firefox-Spdy: h2
sfe-login-eng.com/login_files/override-govuk-frontend-3.7.0.min.css
172.67.222.23200 OK 739 B URL HTTP/1.1 sfe-login-eng.com/login_files/override-govuk-frontend-3.7.0.min.css
IP 172.67.222.23:0
Hash a1296a6eecefa7f0e35a162e91a66af3
40928ac0692ca52cc5830e18fdcf711f114a6e10
1920b4a9390ea64053baaf0cc680a6f3da55022f6e1caecc99e02104919b8fa2
Analyzer Verdict Alert openphish HM Revenue & Customs
GET /login_files/override-govuk-frontend-3.7.0.min.css HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc
HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:10 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2022 03:01:42 GMT
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jReHvWW977lgFy%2BJLlC2mAJ%2B8txXLjpcJgwm63CwvZBzBEfMHiDl57sUksWkXDp9ttw9TUnuudmLTazut5KZ6TB1yYM7e9xm0kSJtZHjd2p8jJnGhEGxm4goZEKSQS6V2Q60BA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75031e006a76b4f4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fd3b36dc2b620b48de491a8d9ba00fc0
be67ba7db5215dcb7c9225876e35a5e0a5005c9e
28205ee62c77b1caad6cc24c1ce98ddb92d26f67d41270f7d5278208a907c62f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5711
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 10:36:10 GMT
Last-Modified: Sun, 25 Sep 2022 09:00:59 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
sfe-login-eng.com/login_files/sfe.css
172.67.222.23200 OK 231 B URL HTTP/1.1 sfe-login-eng.com/login_files/sfe.css
IP 172.67.222.23:0
Hash cc7789c9ba5dde3f4fdca5618704ffb5
2c59facbc31d8ed3eb5352e8c188bf06df7da085
ede7f4d7a1e4e8ce7eee84e127827e5556ed5af121dacb99a7214c699cd72ec3
Analyzer Verdict Alert openphish HM Revenue & Customs
GET /login_files/sfe.css HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc
HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:10 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2022 03:01:42 GMT
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xlqsz4EiZm%2BVvkdyCWcHV3fXWFl5i0qTCLwzcPN1PLodc%2F1gAWclq5b7WyzUQUg0ner5ROepFIfxytIFiUZRjN%2FWlYkpF42wYX%2FQyovmebdsdp%2BD7ZBMivQgRV12n8xlOU%2B%2BBw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75031e006a84b51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
push.services.mozilla.com/
52.36.24.174101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.36.24.174:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: uh8Gs0h6uP2h2yMAYP8pYg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: m4HQoe2G5UzDcAY+YoovWAuW/p4=
sfe-login-eng.com/login_files/modal.css
172.67.222.23200 OK 2.3 kB URL HTTP/1.1 sfe-login-eng.com/login_files/modal.css
IP 172.67.222.23:0
Hash af67add2151f32126f356527782f94d1
bb4c8eeede47cc6075eb263c7f8d8287ff2e6cd1
d23565a4878458750087a505e39b7e946fa0c63c9336409f124aa13ec7229f6f
Analyzer Verdict Alert openphish HM Revenue & Customs
GET /login_files/modal.css HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc
HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:10 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2022 03:01:42 GMT
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1kFPRgfDqLn9HlobUBCb9p%2BIdP4m8l2Opt3ajVQY%2FfsIjJ8tbiujyYTcaUtcPB%2BYYTrKugdxF0AuszoicT4PxvzZ8yszQyNg1zTbsGhfexOwhyzzgB6KrQsb6bdhy0N4X98eGg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75031e008a30b51d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8106
Expires: Sun, 25 Sep 2022 12:51:17 GMT
Date: Sun, 25 Sep 2022 10:36:11 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8106
Expires: Sun, 25 Sep 2022 12:51:17 GMT
Date: Sun, 25 Sep 2022 10:36:11 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8106
Expires: Sun, 25 Sep 2022 12:51:17 GMT
Date: Sun, 25 Sep 2022 10:36:11 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F254286e1-1c63-4609-9dfb-0eb4b9096238.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F254286e1-1c63-4609-9dfb-0eb4b9096238.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 714af732a9aa1db2b13ffb62810fd532
358e74de395352a9529ff1c17856daf8900888c5
1d2035cfcd283560ebe8494f9438e52f8d96cd092dd41cb0eb899a3f905c1e05
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F254286e1-1c63-4609-9dfb-0eb4b9096238.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6199
x-amzn-requestid: d26f22d9-4e9b-4764-8c96-2e1c7ce36340
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y--OKHowoAMFbQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f7727-7adb7c4925e6e50e13889544;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:31:19 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3_xkH-s3Fzz3CRHux4j3hergFHWBmOFF9vMBCoN1rJrjrCkeSEp0qQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 22:01:16 GMT
age: 45295
etag: "358e74de395352a9529ff1c17856daf8900888c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30df3bb6-8eae-49ae-ba75-f6dd462463ac.jpeg
34.120.237.76200 OK 4.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30df3bb6-8eae-49ae-ba75-f6dd462463ac.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8abddb2cad9c262667f358ecb9b084ae
2d97861b35e3d0ffe6a614037e4ff7946018b4ef
9b4878cf451b7bc5c7467d1e35e2fa12f54e516c878dd54d0293a4ef4947ba5b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30df3bb6-8eae-49ae-ba75-f6dd462463ac.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4237
x-amzn-requestid: ae2729cb-a956-4214-b3be-b510a3f62698
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y9FNDGu7oAMF7oQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632eb586-097d52637dc131002d4ac57d;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 07:45:10 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: TUT-wNEcMOArWarvrWvtkVVf4ZfrTv6CtG7a_aBZN9mZ6L-GawZkZA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 01:14:25 GMT
age: 33706
etag: "2d97861b35e3d0ffe6a614037e4ff7946018b4ef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9c4875ff-4140-470a-943a-bc27f68957a5.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9c4875ff-4140-470a-943a-bc27f68957a5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 00c09f267aacde9465a329542463b9e5
1534aa8a5158dfa9592d65e6fb761b41c0852c58
276ff24598159f62fd7333992575834f901eea7c75a228b9c12d1c049f1df558
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9c4875ff-4140-470a-943a-bc27f68957a5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7642
x-amzn-requestid: b0fc9bea-7735-43c0-a176-eae4d5000a6e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y2ZPtHajIAMF8zQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632c08ca-391092bd30ae5bf9692e93ba;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 07:03:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: JHbRgCQOZp244YWkU4o78m9HhC77v7LOWAvwnc2eRTW2vHnv99ygaA==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 06:00:25 GMT
age: 16546
etag: "1534aa8a5158dfa9592d65e6fb761b41c0852c58"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda26d83a-84d6-497f-974b-e97994a82e1c.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda26d83a-84d6-497f-974b-e97994a82e1c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 12b4e62eeac0a002ce34d748230878ca
47585668611fadb8bd8fa65e5e330bd3ed2f60b6
e871981eec0c113d0ccda82fabdc84d1881828f7cba1d76c50063c22d528a85e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda26d83a-84d6-497f-974b-e97994a82e1c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7855
x-amzn-requestid: f3230dd3-8d7c-41e7-bf32-83376fd77eb6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YpOJQGNaIAMF57Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6326c3d4-4aa0826f4b7d59d9651ad763;Sampled=0
x-amzn-remapped-date: Sun, 18 Sep 2022 07:08:04 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: xrsq6kYGG5mhvI-Xkxspuum-g0G7LBLfxVPayM611E-PiT71_ZsD2g==
via: 1.1 58f9a50682bb94842197f3e957919c60.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 01:03:58 GMT
age: 34333
etag: "47585668611fadb8bd8fa65e5e330bd3ed2f60b6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78aaf154-de5d-4fec-94c5-4e185b4c0cc1.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78aaf154-de5d-4fec-94c5-4e185b4c0cc1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7eba9d4ed7413abb8e8824cc86071b50
1ec47b0f11a2b1173a1dcd32d541e5680b0088b1
399622d6099137974fa30a332c145b45182a7be272523a325418c63bfe70e5a1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78aaf154-de5d-4fec-94c5-4e185b4c0cc1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4320
x-amzn-requestid: 72d102a6-8552-473f-b3f8-99450722017d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y--PmHEgIAMFXvA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f7730-7e4789b1723913e2500ea5f2;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:31:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Pai6CsC8F_VDgt6BkP9aRekL5WzUkwNdrvetIijRKlGByWm6skpb6w==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 22:01:14 GMT
age: 45297
etag: "1ec47b0f11a2b1173a1dcd32d541e5680b0088b1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 3-257, spot sensor temperature 0.000000, unit celsius, color scheme 0, show scale bar, calibration: offset 0.000000, slope 241253891388563521536.000000\012- data
Hash b3a72e81317074689a71dac7059e4b6a
b6d56333d7f1ea7ddc8838d84de498ff913c5464
e665a8821b5e7b2e78787647a08d629bf70cbf4cbfee2057c8601cf0565154a1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12826
x-amzn-requestid: f075cf62-acfc-4bc1-be14-7c3dafb7aaed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YfVRNFP-oAMFgrA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6322cf3a-184b678042d64ac9266b1128;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 07:07:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: W6ZD1652Yn1xqZG7ehDcirlYoG8Hcsrdj11Fzfgj7zb-OiU8xHj1gw==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:37:32 GMT
age: 46719
etag: "b6d56333d7f1ea7ddc8838d84de498ff913c5464"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
sfe-login-eng.com/login_files/cookie-banner.css
172.67.222.23200 OK 506 B URL HTTP/1.1 sfe-login-eng.com/login_files/cookie-banner.css
IP 172.67.222.23:0
Hash 29f219935f5790b8685036a10fa8c44a
5e05eee1567a282e424c87f6e53627f602822e08
6be8dfc8a82df36d2f6d5be44d0c8af0ec92ee0fe634bb02df8ba356a0cfdb3b
Analyzer Verdict Alert openphish HM Revenue & Customs
GET /login_files/cookie-banner.css HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc
HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:11 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2022 03:01:42 GMT
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uURDyRcj1K4SqEEEpsY%2FOfQ%2BC62NrSiemKje3LuL%2BqzEbbvPiFFfFXSVs8a%2BTv9PbOeMXnEQqvfOfoVuBpYEHBK428wvfgE%2BlYeMTtVKmqVcCJ3dfIxCoXzFCmENXxCJXrrQbA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75031e008f51b4fd-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
sfe-login-eng.com/login_files/sfe_logo.png
172.67.222.23200 OK 2.9 kB URL HTTP/1.1 sfe-login-eng.com/login_files/sfe_logo.png
IP 172.67.222.23:0
File type PNG image data, 248 x 31, 8-bit/color RGBA, non-interlaced\012- data
Hash 57b87dea4ae2b416a63600df56b41c9f
262d7b5a812f48a11a5b6f1c75ad7d96ad89bcf4
f3c14820d452cf53db3283d280fd0c14da7e1424595bd4a56a537af9b3b88cb1
Analyzer Verdict Alert openphish HM Revenue & Customs
GET /login_files/sfe_logo.png HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sfe-login-eng.com/login.php?cookies=none;browsing-time=1233435;auth-id=IsblVoP5HG8lOG9UkCsvTgFTq8mZOMct1OPJlDnOhwrDa
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc
HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:11 GMT
Content-Type: image/png
Content-Length: 2945
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2022 03:01:42 GMT
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GZjJWCh3gcz0wy%2FXWMB1O1xCqDlApIQp%2BJ5YVKXoTVjrQNU%2BTA0jF7wbuTJsC7hAtiEpkxjDH0ENjxVQ4x5D9PnS6zv6mhNSpSt71dBiFihZVx6p9IvFhpMuhAFa1R2kNwVkHg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75031e0b2f350b61-OSL
alt-svc: h2=":443"; ma=60
sfe-login-eng.com/assets/images/govuk-crest.png
172.67.222.23404 Not Found 238 B URL HTTP/1.1 sfe-login-eng.com/assets/images/govuk-crest.png
IP 172.67.222.23:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash f5945c4d5e4298d818d50d70865f2857
f35c3593933af2db1933093809ef78f45b9b7144
d2a3f46998410a6fa09375f2813da63aa04bbc6caae20e770da12530ba881b38
Analyzer Verdict Alert openphish HM Revenue & Customs
GET /assets/images/govuk-crest.png HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sfe-login-eng.com/login_files/govuk-frontend-3.7.0.min.css
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc
HTTP/1.1 404 Not Found
Date: Sun, 25 Sep 2022 10:36:11 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8YLtZ%2BEZsD70bVavoaNjr%2BkwnspBvBPU4JAriDtK3p6I21%2FjSU6C%2FsZlGYRt7LBF4JxSML7mdkCJzUGllbBICUlZZAkyLS4m4rUqwuW3szFhwRvYT%2F3tVKG8zcX0M4jAVXJTkw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75031e0b4eb0b51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
sfe-login-eng.com/login_files/light-94a07e06a1-v2.woff2
172.67.222.23200 OK 33 kB URL HTTP/1.1 sfe-login-eng.com/login_files/light-94a07e06a1-v2.woff2
IP 172.67.222.23:0
File type Web Open Font Format (Version 2), TrueType, length 33382, version 1.131\012- data
Hash 94a07e06a104e76fe40583f74b204aee
3202361735eb0c59277c2140c34dd77879df43de
eedfb3c2f7945caebd0b15522b59d6c7f01be17fecd6102fd76452ad4042f7b0
Analyzer Verdict Alert openphish HM Revenue & Customs
fortinet Phishing
GET /login_files/light-94a07e06a1-v2.woff2 HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://sfe-login-eng.com/login_files/govuk-frontend-3.7.0.min.css
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc
HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:11 GMT
Content-Type: font/woff2
Content-Length: 33382
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2022 03:02:18 GMT
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lu88szgx57Rj3sGojZzHQvIuExmBxLaTIzrvwKIvUtFggs6CKwFDL8F3omVjZsoFoYGYW9kFq03HyOMRUklnj4CrjmpDE%2FVlYJETXusmlmacv4nzRFD23FWoUuofnvSklQ3AKw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75031e0b3fd60b31-OSL
alt-svc: h2=":443"; ma=60
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/1.1 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sfe-login-eng.com/
HTTP/1.1 200 OK
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 19826
Date: Sun, 25 Sep 2022 10:20:50 GMT
Expires: Sun, 25 Sep 2022 12:20:50 GMT
Cache-Control: public, max-age=7200
Age: 921
Last-Modified: Sun, 11 Sep 2022 13:50:09 GMT
Content-Type: text/javascript
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 5d8eadfbcdacb2dd46e7635282f876c6
42b388b8338e9a94c71dc77def90489db6f89798
4f5c89bc5bc8501a035ed4be3453a390e70756cf1566adf9a0b51d5d53b49a7f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2465
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 10:36:12 GMT
Last-Modified: Sun, 25 Sep 2022 09:55:07 GMT
Server: ECS (amb/6BA9)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 5d8eadfbcdacb2dd46e7635282f876c6
42b388b8338e9a94c71dc77def90489db6f89798
4f5c89bc5bc8501a035ed4be3453a390e70756cf1566adf9a0b51d5d53b49a7f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 10:36:12 GMT
Server: ECS (amb/6B8D)
Content-Length: 471
sfe-login-eng.com/login_files/bold-b542beb274-v2.woff2
172.67.222.23200 OK 32 kB URL HTTP/1.1 sfe-login-eng.com/login_files/bold-b542beb274-v2.woff2
IP 172.67.222.23:0
File type Web Open Font Format (Version 2), TrueType, length 31480, version 1.0\012- data
Hash b542beb2746ca0e4a5a9aa7ea7767df7
edd7531eb22a9e4c7c17045d9ba5ec87e4c731d2
06eba01b1af0f4014b484c711771fef1db30becbf0edf481498da1e4958d3d47
Analyzer Verdict Alert openphish HM Revenue & Customs
fortinet Phishing
GET /login_files/bold-b542beb274-v2.woff2 HTTP/1.1
Host: sfe-login-eng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://sfe-login-eng.com/login_files/govuk-frontend-3.7.0.min.css
Cookie: PHPSESSID=c7f73c29f1fd8185227c561dd594b8fc
HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:12 GMT
Content-Type: font/woff2
Content-Length: 31480
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2022 03:02:18 GMT
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VWjbchMP68kLtOSd0IOZbMoS%2B0zltFy1Qp9vbWPk%2FLR6gUYFUmAU1CVHPNMlkJtm%2FT2sVJfI7reTBtfE6yQsPeyeD9b2v0MZEemmAnFypJJPB53WlgHgjsdQtE0wkYQlouXolg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75031e0b4c65b4fd-OSL
alt-svc: h2=":443"; ma=60
logon.slc.co.uk/welcome/assets/images/govuk-apple-touch-icon-180x180.png
62.255.142.225200 OK 3.5 kB URL HTTP/1.1 logon.slc.co.uk/welcome/assets/images/govuk-apple-touch-icon-180x180.png
IP 62.255.142.225:0
ASN #32787 PROLEXIC-TECHNOLOGIES-DDOS-MITIGATION-NETWORK
File type PNG image data, 180 x 180, 8-bit colormap, non-interlaced\012- data
Hash a0f7e1b728a42016b247dc54ee40d055
f02b551f1af5d4ef5bc4aee07da9a6e36a3f9037
ea1cbb1cbbeddfff275dfa6e8e46b84cd530892df79dc4882a8f99b802b49a90
GET /welcome/assets/images/govuk-apple-touch-icon-180x180.png HTTP/1.1
Host: logon.slc.co.uk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sfe-login-eng.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:12 GMT
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
Content-Security-Policy: default-src'self';""
X-Application-Context: application:live:8080
Last-Modified: Fri, 05 Aug 2022 11:28:42 GMT
Accept-Ranges: bytes
X-Content-Type-Options: nosniff, nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
Content-Type: image/png
Content-Length: 3503
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Set-Cookie: JSESSIONID=E-qnyFuijBBDPFjBoHDsU4rP.d2lvapcppe02-a; Path=/welcome; Secure; HttpOnly
TS01473ab4=01957163403092df4ac16dfc38fffc9c73c008697b5db94e8d2508015d17d77b4a354226799fd0f645e79b9cb858eb6f2c73c414f4; Path=/; Secure; HTTPOnly
TS01519ec9=019571634085fb8526144e798cd1e0c8ce2fdec9f55db94e8d2508015d17d77b4a35422679203ff3bd2b4d879d4570dad51e227aae8a3173ecf37d2c7c2f7bf45e57544485; path=/welcome; HTTPonly; Secure
logon.slc.co.uk/welcome/assets/images/favicon.ico
62.255.142.225200 OK 2.6 kB URL HTTP/1.1 logon.slc.co.uk/welcome/assets/images/favicon.ico
IP 62.255.142.225:0
ASN #32787 PROLEXIC-TECHNOLOGIES-DDOS-MITIGATION-NETWORK
File type MS Windows icon resource - 3 icons, 16x16, 4 bits/pixel, 32x32, 8 bits/pixel\012- data
Hash 80f3f9105e006160875191b33abd2e31
a42c29dc6248375facb8d06050272d68b735e110
3149d8582af2522b397998ce214e04d8bd8f037d82a1dcd9ec36cf8bb79db609
GET /welcome/assets/images/favicon.ico HTTP/1.1
Host: logon.slc.co.uk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sfe-login-eng.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 10:36:13 GMT
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
Content-Security-Policy: default-src'self';""
X-Application-Context: application:live:8080
Last-Modified: Fri, 05 Aug 2022 11:28:42 GMT
Accept-Ranges: bytes
X-Content-Type-Options: nosniff, nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
Content-Type: application/octet-stream
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Set-Cookie: JSESSIONID=XePhUrQ2SxZX9SvliXcZNCJi.d2lvapcppe05-a; Path=/welcome; Secure; HttpOnly
TS01473ab4=01957163403d91ae6b00bf8e6fe2a8e6d895193fc6cc0ee53a2669bd26958bef16da4da23815651767e60479dbd35ecd5c7a2d4e07; Path=/; Secure; HTTPOnly
TS01519ec9=019571634030843a711fa464ca44a24afe9060d530cc0ee53a2669bd26958bef16da4da238602b932fb60defe4b2e640ebab399f73d95b4fc7ea00508472a9e8f81c7bd62a; path=/welcome; HTTPonly; Secure
Transfer-Encoding: chunked
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ff2e4f2-f486-42c3-8a19-b33169da91f3.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ff2e4f2-f486-42c3-8a19-b33169da91f3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 14f002009f65f578b930d04203ba700a
7191af2da71fc0c7e3ca17b9f0b0132fc3cdc5b5
fafe43cbdfc56b72318d77bd5d30886bc4370a3f087df3bbbcb61b18ea0bbf81
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ff2e4f2-f486-42c3-8a19-b33169da91f3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 10627
x-amzn-requestid: f765ace2-73b4-493e-bf09-de605d64f283
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y-_Z3EfXoAMFRFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f790b-564393940c6453de719f30a0;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:39:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zYwkYYb6vxPU2kAKvbKNpWkil9OsWKTDOgSlI79kR4Ysvo5BE6PTlw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:56:29 GMT
age: 45589
etag: "7191af2da71fc0c7e3ca17b9f0b0132fc3cdc5b5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2