Report - ontarioinvestigatortraining.ca/blog/index.php?entryid=241

Report Overview

Submitted URL
ontarioinvestigatortraining.ca/blog/index.php?entryid=241
IP
173.254.104.65
ASN
#46606 UNIFIEDLAYER-AS-1
Submitted
2022-10-02 18:41:48
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
24

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.1 kB	32 kB	216.58.207.195
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	54 kB	34.120.237.76
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	3.5 kB	23.36.76.226
ontarioinvestigatortraining.ca	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	14 kB	1.5 MB	173.254.104.65
i.imgur.com	5110	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	696 B	18 kB	151.101.84.193
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	3.5 kB	142.250.74.3
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	797 B	39 kB	142.250.74.10
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	18.165.201.83
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	108.156.28.102
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-10-02	medium	ontarioinvestigatortraining.ca/blog/index.php?entryid=241	Phishing
2022-10-02	medium	ontarioinvestigatortraining.ca/lib/javascript.php/1597201510/lib/requirejs/require.min.js	Phishing
2022-10-02	medium	ontarioinvestigatortraining.ca/lib/javascript.php/1597201510/lib/mdn-polyfills/polyfill.js	Phishing
2022-10-02	medium	ontarioinvestigatortraining.ca/lib/javascript.php/1597201510/lib/javascript-static.js	Phishing
2022-10-02	medium	ontarioinvestigatortraining.ca/theme/jquery.php/core/jquery-3.4.1.js	Phishing
2022-10-02	medium	ontarioinvestigatortraining.ca/lib/javascript.php/1597201510/lib/babel-polyfill/polyfill.min.js	Phishing
2022-10-02	medium	ontarioinvestigatortraining.ca/theme/javascript.php/edumy/1597332595/head	Phishing
2022-10-02	medium	ontarioinvestigatortraining.ca/theme/styles.php/edumy/1597332595_1/all	Phishing
2022-10-02	medium	ontarioinvestigatortraining.ca/theme/edumy/fonts/Flaticon.woff2	Phishing
2022-10-02	medium	ontarioinvestigatortraining.ca/lib/javascript.php/1597201510/comment/comment.js	Phishing
2022-10-02	medium	ontarioinvestigatortraining.ca/lib/requirejs.php/1597201510/core/first.js	Phishing
2022-10-02	medium	ontarioinvestigatortraining.ca/lib/javascript.php/1597201510/lib/jquery/jquery-3.4.1.min.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (21)

	URL	Size	First Seen	Last Seen
	ontarioinvestigatortraining.ca/lib/javascript.php/1597201510/lib/babel-polyfill/polyfill.min.js	96 kB	2023-03-07	2024-04-06
Pretty URL ontarioinvestigatortraining.ca/lib/javascript.php/1597201510/lib/babel-polyfill/polyfill.min.js IP 173.254.104.65 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:43:49 Last Seen2024-04-06 13:34:59 Times Seen192 Hash 169b64486b9acd57b4c8b3744a80a3e2 03f6b54f5cd791c7b4e82eccfa8859303f859d80 859a26b9f8233b3ddce1f2a0cd365528ea0341c4687a30c7dee00ad94189bd61 Loading...

	ontarioinvestigatortraining.ca/blog/index.php?entryid=241	5.4 kB	2023-03-08	2023-03-08
Pretty URL ontarioinvestigatortraining.ca/blog/index.php?entryid=241 IP 173.254.104.65 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:44:25 Last Seen2023-03-08 04:44:25 Times Seen1 Hash 81549befaf0716a9c0c5bf452ca8990f 8417b488ee3fd2835d36946c39449770fcd46bc7 5cec5b9174e1fed73af8c74aaf37ee2113a5fb58f5091ae15ac1264c0df5d440 Loading...

	ontarioinvestigatortraining.ca/blog/index.php?entryid=241	1.4 kB	2023-03-08	2023-09-17
Pretty URL ontarioinvestigatortraining.ca/blog/index.php?entryid=241 IP 173.254.104.65 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:44:25 Last Seen2023-09-17 18:57:41 Times Seen7 Hash ad2f231f27675f6ee0b1f7b8ec94823d a62a97b714c39fe1e9927d7325ca62b3e45f5106 172694add7b45e355fef525ddcd7fc349f5ffae18faa4b76e233cea943ff5fd1 Loading...

	ontarioinvestigatortraining.ca/blog/index.php?entryid=241	2.3 kB	2023-03-08	2023-03-08
Pretty URL ontarioinvestigatortraining.ca/blog/index.php?entryid=241 IP 173.254.104.65 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:44:25 Last Seen2023-03-08 04:44:25 Times Seen1 Hash 3a59136de3f5564e9f873940d75907a0 7c7b7750a2fbf9fb16310d50c2e33918177b5396 eaf6e8fa4db8d4b7585ff570b655535336a89f5d7858cf9a06a807d59e0b2bbd Loading...

	ontarioinvestigatortraining.ca/lib/javascript.php/1597201510/lib/requirejs/require.min.js	18 kB	2023-03-07	2024-04-17
Pretty URL ontarioinvestigatortraining.ca/lib/javascript.php/1597201510/lib/requirejs/require.min.js IP 173.254.104.65 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:30 Last Seen2024-04-17 03:43:17 Times Seen1594 Hash 1f53ac504f7e69a6df96140eed2d4df2 da00136dd3fd0ccab626d7555ccb5fdf1c096fad 9ce0dbd6a1df9332653e27d1ddc505c5b78fd82b4112de0ec63840c3fbe0b8c2 Loading...

	ontarioinvestigatortraining.ca/theme/yui_combo.php?m/1597201510/core/event/event-debug.js&m/1597201510/filter_mathjaxloader/loader/loader-debug.js	8.8 kB	2023-03-08	2024-04-06
Pretty URL ontarioinvestigatortraining.ca/theme/yui_combo.php?m/1597201510/core/event/event-debug.js&m/1597201510/filter_mathjaxloader/loader/loader-debug.js IP 173.254.104.65 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:44:25 Last Seen2024-04-06 13:34:59 Times Seen83 Hash bdfc704f9e02d95ef914c349c00a2bbf 154cc79139e5bfa638e03152d3bb05af0057d6c3 8b144241a7cda1841963daf5472aca7ee57ec3d0eda5531530b80d4255863aaf Loading...

	ontarioinvestigatortraining.ca/theme/yui_combo.php?3.17.2/json-stringify/json-stringify.js&2in3/2.9.0/build/yui2-animation/yui2-animation.js	53 kB	2023-03-08	2023-09-17
Pretty URL ontarioinvestigatortraining.ca/theme/yui_combo.php?3.17.2/json-stringify/json-stringify.js&2in3/2.9.0/build/yui2-animation/yui2-animation.js IP 173.254.104.65 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:44:25 Last Seen2023-09-17 18:57:42 Times Seen10 Hash eb62db86c66d54282b1125c2b8c9f227 cd67ea5d0bc3ec766289ce7b9ec31173427c8568 83e443914dd3cc675471dfb32d45a670ea786df92f5c865692815df953bb292a Loading...

	ontarioinvestigatortraining.ca/lib/requirejs.php/1597201510/core/first.js	1.1 MB	2023-03-08	2023-03-08
Pretty URL ontarioinvestigatortraining.ca/lib/requirejs.php/1597201510/core/first.js IP 173.254.104.65 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:44:25 Last Seen2023-03-08 04:44:25 Times Seen1 Hash f0022ff9ab39c2163730fbd2bd18740d a6cd948772acd629cb6d66d54c7c73ed3b9ee19a 41d08f1093ba0731ab356080b2e335fc070b23c0b8eb7849dd8b3d77a8911fdc Loading...

	ontarioinvestigatortraining.ca/theme/yui_combo.php?3.17.2/event-mousewheel/event-mousewheel.js&3.17.2/event-resize/event-resize.js&3.17.2/event-hover/event-hover.js&3.17.2/event-touch/event-touch.js&3.17.2/event-move/event-move.js&3.17.2/event-flick/event-flick.js&3.17.2/event-valuechange/event-valuechange.js&3.17.2/event-tap/event-tap.js	68 kB	2023-03-07	2024-04-06
Pretty URL ontarioinvestigatortraining.ca/theme/yui_combo.php?3.17.2/event-mousewheel/event-mousewheel.js&3.17.2/event-resize/event-resize.js&3.17.2/event-hover/event-hover.js&3.17.2/event-touch/event-touch.js&3.17.2/event-move/event-move.js&3.17.2/event-flick/event-flick.js&3.17.2/event-valuechange/event-valuechange.js&3.17.2/event-tap/event-tap.js IP 173.254.104.65 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:19:52 Last Seen2024-04-06 13:34:59 Times Seen164 Hash 407c52e64f57585b649f5b6253ce4066 957c027fdb09756be43dbb6b0a1e7da333411d4d 256bec25b9af2d719477bdceb5e24291a3e928e19970e7f639843323f9a8729c Loading...

	unknown	0 B	2023-03-07	2024-04-26
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-26 09:20:10 Times Seen37088300 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	ontarioinvestigatortraining.ca/theme/javascript.php/edumy/1597332595/head	660 kB	2023-03-08	2023-09-17
Pretty URL ontarioinvestigatortraining.ca/theme/javascript.php/edumy/1597332595/head IP 173.254.104.65 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:44:25 Last Seen2023-09-17 09:49:33 Times Seen5 Hash a196d21ac68dfbad6b44a46d91cf9c5f 2b733d4031762e69acfd4cccd08d6d4f5263b5b9 ebeba8b7ba8d1613c56688801148865d940ce9dbce407cb16cf9495b58f4071f Loading...

	ontarioinvestigatortraining.ca/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple.js	1.3 MB	2023-03-07	2024-04-06
Pretty URL ontarioinvestigatortraining.ca/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple.js IP 173.254.104.65 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:19:52 Last Seen2024-04-06 13:34:59 Times Seen145 Hash f88b9753190e8ad76ec376f8ae5e171b ec024191a3b3a18d7526b2a6ea6386f18624dab9 11e41b878cb1c39486d94957eb80b2091c5ff2e2d92ac6561269575e568c19cb Loading...

	ontarioinvestigatortraining.ca/blog/index.php?entryid=241	13 kB	2023-03-08	2023-03-08
Pretty URL ontarioinvestigatortraining.ca/blog/index.php?entryid=241 IP 173.254.104.65 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:44:25 Last Seen2023-03-08 04:44:25 Times Seen1 Hash bd4f7ec9b7ec3d9558897e3996e12791 8d1c9eaeae0d58ee830781c40d16562f26f252c1 76acc5c94a06c488cbe1de810c52a2de37c12818ec413e1637bb30d8b4b196e5 Loading...

	ontarioinvestigatortraining.ca/theme/yui_combo.php?2in3/2.9.0/build/yui2-yahoo/yui2-yahoo.js&2in3/2.9.0/build/yui2-dom/yui2-dom.js&2in3/2.9.0/build/yui2-event/yui2-event.js	199 kB	2023-03-08	2023-09-17
Pretty URL ontarioinvestigatortraining.ca/theme/yui_combo.php?2in3/2.9.0/build/yui2-yahoo/yui2-yahoo.js&2in3/2.9.0/build/yui2-dom/yui2-dom.js&2in3/2.9.0/build/yui2-event/yui2-event.js IP 173.254.104.65 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:44:25 Last Seen2023-09-17 18:57:42 Times Seen11 Hash bcdce6a90d0c4f93e271614edff79c50 b96c2b3ed42247fd9c17c05d42c6e50d68b2eba3 1421968a02ee7c808f046841fc90a7e56a1ccc5ac53981b78286058061a6c190 Loading...

	ontarioinvestigatortraining.ca/lib/javascript.php/1597201510/lib/javascript-static.js	21 kB	2023-03-07	2024-04-08
Pretty URL ontarioinvestigatortraining.ca/lib/javascript.php/1597201510/lib/javascript-static.js IP 173.254.104.65 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:30 Last Seen2024-04-08 13:09:10 Times Seen939 Hash ac7f47cc5271b4115ac489f7a0d70737 bb091a4de18f4ffce0ba80668ed0427ae03001d0 ec9d65cb26cade9adcf9c012734551cf8c86c49a1ff45fef12662ae42f312e3f Loading...

	ontarioinvestigatortraining.ca/blog/index.php?entryid=241	60 B	2023-03-07	2024-04-25
Pretty URL ontarioinvestigatortraining.ca/blog/index.php?entryid=241 IP 173.254.104.65 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:30 Last Seen2024-04-25 17:44:38 Times Seen1130 Hash dba70bf9335863dea2696ca9da069b01 adfc079c12684d419766c7732c35da693517a7f8 05f515ab150c8852191afb40be55373b5b5337d89d513e48b802293123361798 Loading...

	ontarioinvestigatortraining.ca/blog/index.php?entryid=241	1.2 kB	2023-03-08	2023-03-08
Pretty URL ontarioinvestigatortraining.ca/blog/index.php?entryid=241 IP 173.254.104.65 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:44:25 Last Seen2023-03-08 04:44:25 Times Seen1 Hash 8df907020092fd20ce7cf9ddb497b1be 8983e9cb694f1f577b60aa9b6a2a88192761e6bd 221c6120300a199975a55eccf228298a96cb6f153b19148920f4d716d0574a23 Loading...

	ontarioinvestigatortraining.ca/blog/index.php?entryid=241	267 B	2023-03-08	2023-03-08
Pretty URL ontarioinvestigatortraining.ca/blog/index.php?entryid=241 IP 173.254.104.65 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:44:25 Last Seen2023-03-08 04:44:25 Times Seen1 Hash 8f04e799f63522a929116d7ced5041ca 79b1c8f232e3befbea44d4b99b16f72db7b6286c 5461480757eaebfe182a1a326557c373251c9a1bb007e35506c365ee7b7bcfec Loading...

	ontarioinvestigatortraining.ca/lib/javascript.php/1597201510/comment/comment.js	10 kB	2023-03-08	2023-09-20
Pretty URL ontarioinvestigatortraining.ca/lib/javascript.php/1597201510/comment/comment.js IP 173.254.104.65 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:44:25 Last Seen2023-09-20 03:46:36 Times Seen14 Hash c8d59f87df668aecc1b28186dee36e1e 50e3ca67ed2d17419da43c71c30652bd27b4c126 10cc75ce2e949a03657c15af8662fd49d1864cd41d84728368ee39eff8c06d3f Loading...

	ontarioinvestigatortraining.ca/lib/javascript.php/1597201510/lib/jquery/jquery-3.4.1.min.js	88 kB	2023-03-07	2024-04-08
Pretty URL ontarioinvestigatortraining.ca/lib/javascript.php/1597201510/lib/jquery/jquery-3.4.1.min.js IP 173.254.104.65 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:43:49 Last Seen2024-04-08 13:09:10 Times Seen422 Hash bebd549d68e85f6f38a6807a693d018d 1b79ede0b4d00d9142b2ce3cb9f98201e59b58cb 76033adbf3f2858078c77c078677aa57ae48e98fd2de3ebb71baf646a110909e Loading...

	ontarioinvestigatortraining.ca/lib/javascript.php/1597201510/lib/mdn-polyfills/polyfill.js	11 kB	2023-03-07	2024-04-06
Pretty URL ontarioinvestigatortraining.ca/lib/javascript.php/1597201510/lib/mdn-polyfills/polyfill.js IP 173.254.104.65 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:43:48 Last Seen2024-04-06 13:34:59 Times Seen93 Hash e2824a0716865c025b85af21439edc02 e4833935b6c9439dfd75c09e406e62586e313b57 2880303a4a199ba8f4ed39e151448d5cafc07a1bb8d993f90cb9c2dbfee2c3d1 Loading...

HTTP Transactions (57)

URL IP Response Size

firefox.settings.services.mozilla.com/v1/

18.165.201.83

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
18.165.201.83:0
ASN
#0

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 02 Oct 2022 18:03:12 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 aa2f611dc578ba7eecb9a39cb23b1b70.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: rImysdWn_J8xDyFwa8QjQTG3dcvtsr_FlXWBt1FSjtLsEM6KdR2Baw==
Age: 2305

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
60e4edea7b5f4d19f3547a3bb2d5df57
3ee076bab4da3416c2c5808f730cb316c28baef7
763e2dadfdd286a51327cd2000ca335e30cd0b9b7267875d22ca33f7556ba200

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763E2DADFDD286A51327CD2000CA335E30CD0B9B7267875D22CA33F7556BA200"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10429
Expires: Sun, 02 Oct 2022 21:35:26 GMT
Date: Sun, 02 Oct 2022 18:41:37 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

108.156.28.102

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
108.156.28.102:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 02 Oct 2022 03:33:17 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 0014cc5ed6f7d7422fe78da5a10aa120.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: t4neeNAZCnWsub0UY_mLR3PNtPA2PlJuNCkArGGSFqXKxJVWeeGg_w==
age: 54501
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 02 Oct 2022 18:41:37 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ontarioinvestigatortraining.ca/blog/index.php?entryid=241

173.254.104.65

200 OK

19 kB

URL HTTP/1.1
ontarioinvestigatortraining.ca/blog/index.php?entryid=241
IP
173.254.104.65:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (12135), with CRLF, LF line terminators
Size
19 kB (19084 bytes)
Hash
c8948d15b9f00ae8fe293a47c87cbf46
73bba54c7d335274748b1e0a5462fd7b5993806e
d9fb2c297924621225993d8333769d5777517a494086de14e6213a9f37b1b694

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /blog/index.php?entryid=241 HTTP/1.1
Host: ontarioinvestigatortraining.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 18:41:37 GMT
Server: Apache
Content-Language: en
Content-Script-Type: text/javascript
Content-Style-Type: text/css
X-UA-Compatible: IE=edge
Cache-Control: private, pre-check=0, post-check=0, max-age=0, no-transform
Pragma: no-cache
Expires: 
X-Frame-Options: sameorigin
Set-Cookie: MoodleSession=f9dfd556f4f0da87f3698a3509c1c2e6; path=/
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Accept-Ranges: none, none
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

ontarioinvestigatortraining.ca/lib/javascript.php/1597201510/lib/requirejs/require.min.js

173.254.104.65

200 OK

6.7 kB

URL HTTP/1.1
ontarioinvestigatortraining.ca/lib/javascript.php/1597201510/lib/requirejs/require.min.js
IP
173.254.104.65:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (17535)
Size
6.7 kB (6662 bytes)
Hash
d52d474e00d80d4373cf714f60707c21
74b5d832a55bf81a1b2fd875f83f022c5ffc7c3b
4f1792c3aac9ca2058376a43582f0d1fad13e602a5aeec4a1a6fb1803719ba99

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /lib/javascript.php/1597201510/lib/requirejs/require.min.js HTTP/1.1
Host: ontarioinvestigatortraining.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ontarioinvestigatortraining.ca/blog/index.php?entryid=241
Cookie: MoodleSession=f9dfd556f4f0da87f3698a3509c1c2e6

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 18:41:38 GMT
Server: Apache
Content-Disposition: inline; filename="javascript.php"
Expires: Sat, 31 Dec 2022 18:41:38 GMT
Pragma: 
Cache-Control: public, max-age=7776000, immutable
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Wed, 12 Aug 2020 03:05:20 GMT
Accept-Ranges: none, none
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=utf-8

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

18.165.201.83

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
18.165.201.83:0
ASN
#0

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Date: Sun, 02 Oct 2022 18:32:57 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Sun, 02 Oct 2022 18:33:30 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 3ffc494014d1d1ba7644f6707a2cf696.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: dj92tfkgSC9tLURlB1xbHv0EymPwrHgkgjFaq-EB0N_ojxCG-kG0Qw==
Age: 525

ontarioinvestigatortraining.ca/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple.css

173.254.104.65

200 OK

1.0 kB

URL HTTP/1.1
ontarioinvestigatortraining.ca/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple.css
IP
173.254.104.65:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (1965)
Size
1.0 kB (1031 bytes)
Hash
954717f56656e687295097c986703269
eacac549df0a6f873918b09c167f67683363484f
3736a081935aebfecde262efb24be923f7019e02c8719e12e8867bb581a84ebe

HTTP Headers

GET /theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple.css HTTP/1.1
Host: ontarioinvestigatortraining.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ontarioinvestigatortraining.ca/blog/index.php?entryid=241
Cookie: MoodleSession=f9dfd556f4f0da87f3698a3509c1c2e6

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 18:41:38 GMT
Server: Apache
Content-Disposition: inline; filename="combo"
Expires: Wed, 27 Sep 2023 18:41:38 GMT
Pragma: 
Cache-Control: public, max-age=31104000, immutable
Content-Encoding: gzip
Vary: Accept-Encoding
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 03 Jan 2020 03:25:08 GMT
Accept-Ranges: none, none
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: text/css;charset=UTF-8

ontarioinvestigatortraining.ca/lib/javascript.php/1597201510/lib/mdn-polyfills/polyfill.js

173.254.104.65

200 OK

3.4 kB

URL HTTP/1.1
ontarioinvestigatortraining.ca/lib/javascript.php/1597201510/lib/mdn-polyfills/polyfill.js
IP
173.254.104.65:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (11332), with no line terminators
Size
3.4 kB (3416 bytes)
Hash
8cc3d769d481d78ececf598ee76d689d
92a54279127cfc3b4a94a0b8b104aa646c9e7d77
104f8dcc25063cae328a049cbfcd5ce52e69a19f779cea9be6331d528bc4c981

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /lib/javascript.php/1597201510/lib/mdn-polyfills/polyfill.js HTTP/1.1
Host: ontarioinvestigatortraining.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ontarioinvestigatortraining.ca/blog/index.php?entryid=241
Cookie: MoodleSession=f9dfd556f4f0da87f3698a3509c1c2e6

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 18:41:38 GMT
Server: Apache
Content-Disposition: inline; filename="javascript.php"
Expires: Sat, 31 Dec 2022 18:41:38 GMT
Pragma: 
Cache-Control: public, max-age=7776000, immutable
Content-Encoding: gzip
Vary: Accept-Encoding
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Wed, 12 Aug 2020 03:06:09 GMT
Accept-Ranges: none, none
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=utf-8

ontarioinvestigatortraining.ca/lib/javascript.php/1597201510/lib/javascript-static.js

173.254.104.65

200 OK

6.8 kB

URL HTTP/1.1
ontarioinvestigatortraining.ca/lib/javascript.php/1597201510/lib/javascript-static.js
IP
173.254.104.65:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document, ASCII text, with very long lines (1875)
Size
6.8 kB (6777 bytes)
Hash
9a4c20372f0c53bc61ac3c90d203776a
05879d8f0e082b0663c76e1c81ff2e368d8a09ae
b64e57b396514a45e7680e661271d0d86d880765c8faaf5655c6a19940bae6d5

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /lib/javascript.php/1597201510/lib/javascript-static.js HTTP/1.1
Host: ontarioinvestigatortraining.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ontarioinvestigatortraining.ca/blog/index.php?entryid=241
Cookie: MoodleSession=f9dfd556f4f0da87f3698a3509c1c2e6

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 18:41:38 GMT
Server: Apache
Content-Disposition: inline; filename="javascript.php"
Expires: Sat, 31 Dec 2022 18:41:38 GMT
Pragma: 
Cache-Control: public, max-age=7776000, immutable
Content-Encoding: gzip
Vary: Accept-Encoding
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Wed, 12 Aug 2020 03:06:10 GMT
Accept-Ranges: none, none
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=utf-8

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
4eb30b4a4234809cf7d5f89fa1f6ceeb
797242aab2f13c820050aa9accd11b7b950cd177
ce9d833a0ac321a908184b655d6632c481f758a04a9c936a7c303bb253444146

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6182
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 18:41:38 GMT
Last-Modified: Sun, 02 Oct 2022 16:58:36 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

ontarioinvestigatortraining.ca/theme/jquery.php/core/jquery-3.4.1.js

173.254.104.65

200 OK

83 kB

URL HTTP/1.1
ontarioinvestigatortraining.ca/theme/jquery.php/core/jquery-3.4.1.js
IP
173.254.104.65:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text
Size
83 kB (83282 bytes)
Hash
887e7aa43b9a5ad68077980977e33cb5
4ce78ac7e666a5476dc1679b47fef09e05c9f7e9
65a47a99884d21a84db009e89dc65f24724f722fc437034c74130c4732a6f776

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /theme/jquery.php/core/jquery-3.4.1.js HTTP/1.1
Host: ontarioinvestigatortraining.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ontarioinvestigatortraining.ca/blog/index.php?entryid=241
Cookie: MoodleSession=f9dfd556f4f0da87f3698a3509c1c2e6

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 18:41:38 GMT
Server: Apache
Content-Disposition: inline; filename="jquery-3.4.1.js"
Expires: Sat, 31 Dec 2022 18:41:38 GMT
Pragma: 
Cache-Control: public, max-age=7776000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 03 Jan 2020 03:25:08 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: application/javascript

ontarioinvestigatortraining.ca/lib/javascript.php/1597201510/lib/babel-polyfill/polyfill.min.js

173.254.104.65

200 OK

33 kB

URL HTTP/1.1
ontarioinvestigatortraining.ca/lib/javascript.php/1597201510/lib/babel-polyfill/polyfill.min.js
IP
173.254.104.65:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
Unicode text, UTF-8 text, with very long lines (33914), with NEL line terminators
Size
33 kB (32862 bytes)
Hash
f90bc17b61d0f35a492bc3955990ad52
f7fac0829ccdb23a8cf4bcbba81bdac5c9f6e6b8
fab5c59b4c9264e2478ed4e7455503e0aaac37b89104bb08fae91fb7b2720513

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /lib/javascript.php/1597201510/lib/babel-polyfill/polyfill.min.js HTTP/1.1
Host: ontarioinvestigatortraining.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ontarioinvestigatortraining.ca/blog/index.php?entryid=241
Cookie: MoodleSession=f9dfd556f4f0da87f3698a3509c1c2e6

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 18:41:38 GMT
Server: Apache
Content-Disposition: inline; filename="javascript.php"
Expires: Sat, 31 Dec 2022 18:41:38 GMT
Pragma: 
Cache-Control: public, max-age=7776000, immutable
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Wed, 12 Aug 2020 03:06:08 GMT
Accept-Ranges: none, none
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=utf-8

ontarioinvestigatortraining.ca/theme/javascript.php/edumy/1597332595/head

173.254.104.65

200 OK

186 kB

URL HTTP/1.1
ontarioinvestigatortraining.ca/theme/javascript.php/edumy/1597332595/head
IP
173.254.104.65:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
Unicode text, UTF-8 text, with very long lines (37109)
Size
186 kB (186314 bytes)
Hash
b137c1e0cfa77553ae532526d116ad98
d083ad69e43649d34844adacdf9c47c3a64e3eed
dbeecd086d51268761f41a0e58b38cda53e02cf6a2af8f3cf1b3ede7673e576e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /theme/javascript.php/edumy/1597332595/head HTTP/1.1
Host: ontarioinvestigatortraining.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ontarioinvestigatortraining.ca/blog/index.php?entryid=241
Cookie: MoodleSession=f9dfd556f4f0da87f3698a3509c1c2e6

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 18:41:38 GMT
Server: Apache
Content-Disposition: inline; filename="javascript.php"
Expires: Sat, 31 Dec 2022 18:41:38 GMT
Pragma: 
Cache-Control: public, max-age=7776000, immutable
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Thu, 13 Aug 2020 15:30:01 GMT
Accept-Ranges: none, none
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=utf-8

ontarioinvestigatortraining.ca/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple.js

173.254.104.65

200 OK

289 kB

URL HTTP/1.1
ontarioinvestigatortraining.ca/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple.js
IP
173.254.104.65:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document, ASCII text
Size
289 kB (288720 bytes)
Hash
c8181f03171c4047651484fc206f8b4a
67369e1b7821d80094ad6e9e62ccd5e1fa85ef89
1d7d3f01e0909dce2ae3ec3659f0f5bf180d71fd60762e6198dca69a9667eddb

HTTP Headers

GET /theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple.js HTTP/1.1
Host: ontarioinvestigatortraining.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ontarioinvestigatortraining.ca/blog/index.php?entryid=241
Cookie: MoodleSession=f9dfd556f4f0da87f3698a3509c1c2e6

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 18:41:38 GMT
Server: Apache
Content-Disposition: inline; filename="combo"
Expires: Wed, 27 Sep 2023 18:41:38 GMT
Pragma: 
Cache-Control: public, max-age=31104000, immutable
Content-Encoding: gzip
Vary: Accept-Encoding
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 03 Jan 2020 03:25:08 GMT
Accept-Ranges: none, none
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: application/javascript

ontarioinvestigatortraining.ca/theme/styles.php/edumy/1597332595_1/all

173.254.104.65

200 OK

297 kB

URL HTTP/1.1
ontarioinvestigatortraining.ca/theme/styles.php/edumy/1597332595_1/all
IP
173.254.104.65:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Size
297 kB (297394 bytes)
Hash
8c104254a58a39b7685a306b4edaa32c
f62375e7bdc93943edbb68750b4f79f69bc0f495
102302d8e7210c3ec1a31ef502c20abbbe60df4eb87d26163c31e22aaf0bf640

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /theme/styles.php/edumy/1597332595_1/all HTTP/1.1
Host: ontarioinvestigatortraining.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ontarioinvestigatortraining.ca/blog/index.php?entryid=241
Cookie: MoodleSession=f9dfd556f4f0da87f3698a3509c1c2e6

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 18:41:38 GMT
Server: Apache
Content-Disposition: inline; filename="styles.php"
Expires: Sat, 31 Dec 2022 18:41:38 GMT
Pragma: 
Cache-Control: public, max-age=7776000, immutable
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Thu, 13 Aug 2020 15:30:13 GMT
Accept-Ranges: none, none
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css; charset=utf-8

i.imgur.com/euewsTY.jpg

151.101.84.193

301 Moved Permanently

0 B

URL HTTP/1.1
i.imgur.com/euewsTY.jpg
IP
151.101.84.193:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /euewsTY.jpg HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ontarioinvestigatortraining.ca/

HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Retry-After: 0
Location: https://i.imgur.com/euewsTY.jpg
Accept-Ranges: bytes
Date: Sun, 02 Oct 2022 18:41:39 GMT
X-Served-By: cache-bma1632-BMA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1664736099.396643,VS0,VE0
Strict-Transport-Security: max-age=300
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: *
Server: cat factory 1.0

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
83f9407574c75ca600c57af0637cb200
4ebabbc1900b8f575e90186e2024e48097b0c8d2
1e166ac737e5c3c015e0dc0c68115ebc5eeb53958682a9b77928ddb647137ac1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 18:41:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
83f9407574c75ca600c57af0637cb200
4ebabbc1900b8f575e90186e2024e48097b0c8d2
1e166ac737e5c3c015e0dc0c68115ebc5eeb53958682a9b77928ddb647137ac1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 18:41:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

i.imgur.com/euewsTY.jpg

151.101.84.193

200 OK

17 kB

URL HTTP/2
i.imgur.com/euewsTY.jpg
IP
151.101.84.193:0
ASN
#54113 FASTLY

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 390x275, components 3\012- data
Size
17 kB (17062 bytes)
Hash
ed514fdf7496ead29bf47418e3c14273
dffc7e308a919da181c3e0d0166867726c4d7600
81f2f96bb8c2df5f0179a0b762137b06413bf6678ef08f095ef5cf11eaa1073c

HTTP Headers

GET /euewsTY.jpg HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ontarioinvestigatortraining.ca/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 04 Jan 2016 20:44:18 GMT
etag: "ed514fdf7496ead29bf47418e3c14273"
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sun, 02 Oct 2022 18:41:39 GMT
age: 372268
x-served-by: cache-iad-kiad7000046-IAD, cache-bma1666-BMA
x-cache: HIT, HIT
x-cache-hits: 8, 1
x-timer: S1664736099.459617,VS0,VE1
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 17062
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Nunito:400,500,600,700

142.250.74.10

200 OK

1.0 kB

URL HTTP/2
fonts.googleapis.com/css?family=Nunito:400,500,600,700
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type
data
Size
1.0 kB (1041 bytes)
Hash
a3806b5c0229aaf0b3c704895eaff811
cb9012053cdf1ec39387c0882ca5c442b7f3859c
a9aa3e06631d805dbe5bee225279cd88b2ace6a9fd878926941b39f4778b3339

HTTP Headers

GET /css?family=Nunito:400,500,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ontarioinvestigatortraining.ca/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 02 Oct 2022 18:41:39 GMT
date: Sun, 02 Oct 2022 18:41:39 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ontarioinvestigatortraining.ca/pluginfile.php/1/theme_edumy/headerlogo2/1597332595/pi.png

173.254.104.65

200 OK

2.3 kB

URL HTTP/1.1
ontarioinvestigatortraining.ca/pluginfile.php/1/theme_edumy/headerlogo2/1597332595/pi.png
IP
173.254.104.65:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 117 x 95, 8-bit/color RGBA, non-interlaced\012- data
Size
2.3 kB (2310 bytes)
Hash
ef466ab9a76f879d1fad4ee76d75bb9c
14163093ef19372b7f058e3c916923c402f219a1
c6227743ed442d789672adb465f08ab1e45c0b731bd0d980fdf8146e73abe1d6

HTTP Headers

GET /pluginfile.php/1/theme_edumy/headerlogo2/1597332595/pi.png HTTP/1.1
Host: ontarioinvestigatortraining.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ontarioinvestigatortraining.ca/blog/index.php?entryid=241
Cookie: MoodleSession=f9dfd556f4f0da87f3698a3509c1c2e6

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 18:41:39 GMT
Server: Apache
Content-Disposition: inline; filename="pi.png"
Cache-Control: public, max-age=5184000, no-transform
Expires: Thu, 01 Dec 2022 18:41:39 GMT
Pragma: 
Accept-Ranges: bytes
Last-Modified: Wed, 12 Aug 2020 04:00:27 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Content-Length: 2310
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: image/png

ontarioinvestigatortraining.ca/pluginfile.php/1/theme_edumy/footerlogo1/1597332595/pi.png

173.254.104.65

200 OK

2.3 kB

URL HTTP/1.1
ontarioinvestigatortraining.ca/pluginfile.php/1/theme_edumy/footerlogo1/1597332595/pi.png
IP
173.254.104.65:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 117 x 95, 8-bit/color RGBA, non-interlaced\012- data
Size
2.3 kB (2310 bytes)
Hash
ef466ab9a76f879d1fad4ee76d75bb9c
14163093ef19372b7f058e3c916923c402f219a1
c6227743ed442d789672adb465f08ab1e45c0b731bd0d980fdf8146e73abe1d6

HTTP Headers

GET /pluginfile.php/1/theme_edumy/footerlogo1/1597332595/pi.png HTTP/1.1
Host: ontarioinvestigatortraining.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ontarioinvestigatortraining.ca/blog/index.php?entryid=241
Cookie: MoodleSession=f9dfd556f4f0da87f3698a3509c1c2e6

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 18:41:39 GMT
Server: Apache
Content-Disposition: inline; filename="pi.png"
Cache-Control: public, max-age=5184000, no-transform
Expires: Thu, 01 Dec 2022 18:41:39 GMT
Pragma: 
Accept-Ranges: bytes
Last-Modified: Wed, 12 Aug 2020 04:00:27 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Content-Length: 2310
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/png

ontarioinvestigatortraining.ca/pluginfile.php/1/theme_edumy/headerlogo_mobile/1597332595/pi.png

173.254.104.65

200 OK

2.3 kB

URL HTTP/1.1
ontarioinvestigatortraining.ca/pluginfile.php/1/theme_edumy/headerlogo_mobile/1597332595/pi.png
IP
173.254.104.65:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 117 x 95, 8-bit/color RGBA, non-interlaced\012- data
Size
2.3 kB (2310 bytes)
Hash
ef466ab9a76f879d1fad4ee76d75bb9c
14163093ef19372b7f058e3c916923c402f219a1
c6227743ed442d789672adb465f08ab1e45c0b731bd0d980fdf8146e73abe1d6

HTTP Headers

GET /pluginfile.php/1/theme_edumy/headerlogo_mobile/1597332595/pi.png HTTP/1.1
Host: ontarioinvestigatortraining.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ontarioinvestigatortraining.ca/blog/index.php?entryid=241
Cookie: MoodleSession=f9dfd556f4f0da87f3698a3509c1c2e6

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 18:41:39 GMT
Server: Apache
Content-Disposition: inline; filename="pi.png"
Cache-Control: public, max-age=5184000, no-transform
Expires: Thu, 01 Dec 2022 18:41:39 GMT
Pragma: 
Accept-Ranges: bytes
Last-Modified: Wed, 12 Aug 2020 04:00:27 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Content-Length: 2310
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: image/png

ontarioinvestigatortraining.ca/pluginfile.php/251/block_cocoon_featured_posts/slides/3/2.jpg

173.254.104.65

200 OK

1.1 kB

URL HTTP/1.1
ontarioinvestigatortraining.ca/pluginfile.php/251/block_cocoon_featured_posts/slides/3/2.jpg
IP
173.254.104.65:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=PhotoScape], baseline, precision 8, 306x450, components 3\012- data
Size
1.1 kB (1089 bytes)
Hash
90ba77f56fbe98d6315a2a56f400aede
abf4e8e8860363fee33cfe4a8d121a354c6ea375
56965b2a2fce504a3f5a22e02d4b3db11915235e12b34880e521686512971bf4

HTTP Headers

GET /pluginfile.php/251/block_cocoon_featured_posts/slides/3/2.jpg HTTP/1.1
Host: ontarioinvestigatortraining.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ontarioinvestigatortraining.ca/blog/index.php?entryid=241
Cookie: MoodleSession=f9dfd556f4f0da87f3698a3509c1c2e6

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 18:41:39 GMT
Server: Apache
Content-Disposition: inline; filename="2.jpg"
Cache-Control: public, max-age=21600, no-transform
Expires: Mon, 03 Oct 2022 00:41:39 GMT
Pragma: 
Accept-Ranges: bytes
Last-Modified: Fri, 03 Jan 2020 03:04:06 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Content-Length: 1089
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/jpeg

ontarioinvestigatortraining.ca/pluginfile.php/251/block_cocoon_featured_posts/slides/4/3.jpg

173.254.104.65

200 OK

1.1 kB

URL HTTP/1.1
ontarioinvestigatortraining.ca/pluginfile.php/251/block_cocoon_featured_posts/slides/4/3.jpg
IP
173.254.104.65:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=PhotoScape], baseline, precision 8, 306x450, components 3\012- data
Size
1.1 kB (1091 bytes)
Hash
92d910d6c59c22a07b1fd3b5c3b456fb
82bd96a2e6c8cda52bd1c4ed9d615b0608b62cf9
6895d875de23a380dabaeabb877ef5177ec937fed4098a41b477cbd4c5f0eb99

HTTP Headers

GET /pluginfile.php/251/block_cocoon_featured_posts/slides/4/3.jpg HTTP/1.1
Host: ontarioinvestigatortraining.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ontarioinvestigatortraining.ca/blog/index.php?entryid=241
Cookie: MoodleSession=f9dfd556f4f0da87f3698a3509c1c2e6

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 18:41:39 GMT
Server: Apache
Content-Disposition: inline; filename="3.jpg"
Cache-Control: public, max-age=21600, no-transform
Expires: Mon, 03 Oct 2022 00:41:39 GMT
Pragma: 
Accept-Ranges: bytes
Last-Modified: Fri, 03 Jan 2020 03:04:07 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Content-Length: 1091
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: image/jpeg

ontarioinvestigatortraining.ca/pluginfile.php/251/block_cocoon_featured_posts/slides/1/2a.jpg

173.254.104.65

200 OK

447 B

URL HTTP/1.1
ontarioinvestigatortraining.ca/pluginfile.php/251/block_cocoon_featured_posts/slides/1/2a.jpg
IP
173.254.104.65:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 306x450, components 3\012- data
Size
447 B (447 bytes)
Hash
aba113092c8fe9a5d2b132996530569f
931ba8e0a0e80168c5d3a4557a3be8487ccbfd04
d733f5ff86543b95a5809d1627fd32b79d91f42e11eecc1a2df4e5a38b631f04

HTTP Headers

GET /pluginfile.php/251/block_cocoon_featured_posts/slides/1/2a.jpg HTTP/1.1
Host: ontarioinvestigatortraining.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ontarioinvestigatortraining.ca/blog/index.php?entryid=241
Cookie: MoodleSession=f9dfd556f4f0da87f3698a3509c1c2e6

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 18:41:39 GMT
Server: Apache
Content-Disposition: inline; filename="2a.jpg"
Cache-Control: public, max-age=21600, no-transform
Expires: Mon, 03 Oct 2022 00:41:39 GMT
Pragma: 
Accept-Ranges: bytes
Last-Modified: Fri, 03 Jan 2020 03:04:06 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Content-Length: 447
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/jpeg

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
63ee7e605da25dbf1d62eea30a1ef246
c86b43b61afc5926ee7bc124cc30598d37ceb661
cb737283476421b6ce93b2909cf5277e82a7adbc3001f66946ff59ad6fabfdb2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 18:41:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
63ee7e605da25dbf1d62eea30a1ef246
c86b43b61afc5926ee7bc124cc30598d37ceb661
cb737283476421b6ce93b2909cf5277e82a7adbc3001f66946ff59ad6fabfdb2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 18:41:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ontarioinvestigatortraining.ca/pluginfile.php/1/theme_edumy/headerlogo1/1597332595/pi.png

173.254.104.65

200 OK

2.3 kB

URL HTTP/1.1
ontarioinvestigatortraining.ca/pluginfile.php/1/theme_edumy/headerlogo1/1597332595/pi.png
IP
173.254.104.65:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 117 x 95, 8-bit/color RGBA, non-interlaced\012- data
Size
2.3 kB (2310 bytes)
Hash
ef466ab9a76f879d1fad4ee76d75bb9c
14163093ef19372b7f058e3c916923c402f219a1
c6227743ed442d789672adb465f08ab1e45c0b731bd0d980fdf8146e73abe1d6

HTTP Headers

GET /pluginfile.php/1/theme_edumy/headerlogo1/1597332595/pi.png HTTP/1.1
Host: ontarioinvestigatortraining.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ontarioinvestigatortraining.ca/blog/index.php?entryid=241
Cookie: MoodleSession=f9dfd556f4f0da87f3698a3509c1c2e6

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 18:41:39 GMT
Server: Apache
Content-Disposition: inline; filename="pi.png"
Cache-Control: public, max-age=5184000, no-transform
Expires: Thu, 01 Dec 2022 18:41:39 GMT
Pragma: 
Accept-Ranges: bytes
Last-Modified: Wed, 12 Aug 2020 03:56:07 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Content-Length: 2310
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: image/png

ontarioinvestigatortraining.ca/pluginfile.php/251/block_cocoon_featured_posts/slides/2/3a.jpg

173.254.104.65

200 OK

447 B

URL HTTP/1.1
ontarioinvestigatortraining.ca/pluginfile.php/251/block_cocoon_featured_posts/slides/2/3a.jpg
IP
173.254.104.65:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 306x450, components 3\012- data
Size
447 B (447 bytes)
Hash
aba113092c8fe9a5d2b132996530569f
931ba8e0a0e80168c5d3a4557a3be8487ccbfd04
d733f5ff86543b95a5809d1627fd32b79d91f42e11eecc1a2df4e5a38b631f04

HTTP Headers

GET /pluginfile.php/251/block_cocoon_featured_posts/slides/2/3a.jpg HTTP/1.1
Host: ontarioinvestigatortraining.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ontarioinvestigatortraining.ca/blog/index.php?entryid=241
Cookie: MoodleSession=f9dfd556f4f0da87f3698a3509c1c2e6

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 18:41:39 GMT
Server: Apache
Content-Disposition: inline; filename="3a.jpg"
Cache-Control: public, max-age=21600, no-transform
Expires: Mon, 03 Oct 2022 00:41:39 GMT
Pragma: 
Accept-Ranges: bytes
Last-Modified: Fri, 03 Jan 2020 03:04:07 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Content-Length: 447
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: image/jpeg

fonts.googleapis.com/css?family=Open+Sans

142.250.74.10

200 OK

36 kB

URL HTTP/2
fonts.googleapis.com/css?family=Open+Sans
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type
data
Size
36 kB (36506 bytes)
Hash
026f186481f7c781fbd54d081a9a3bd1
ca0e2074b31e6d01a6457d1403c67cb0b8941f64
a5bf39d96455fcd2f5ab297560f283331a7009c3712b97aacb7a15076cfe0178

HTTP Headers

GET /css?family=Open+Sans HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ontarioinvestigatortraining.ca/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 02 Oct 2022 18:41:39 GMT
date: Sun, 02 Oct 2022 18:41:39 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2

216.58.207.195

200 OK

17 kB

URL HTTP/2
fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 16740, version 1.0\012- data
Size
17 kB (16740 bytes)
Hash
e43b535855a4ae53bd5b07a6eeb3bf67
6507312d9491156036316484bf8dc41e8b52ddd9
b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681

HTTP Headers

GET /s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://ontarioinvestigatortraining.ca
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 26 Sep 2022 18:53:39 GMT
expires: Tue, 26 Sep 2023 18:53:39 GMT
cache-control: public, max-age=31536000
age: 517680
last-modified: Mon, 15 Aug 2022 18:14:44 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
eb2de1a6c4c76b62bd9b5844ac8f0711
205f8666f86cf5f699ed5c8252c46004492fa88e
d0f5a54640474e3d0383d5302a9899e8060456287379906d2359925c6d36c46b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 18:41:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ontarioinvestigatortraining.ca/theme/edumy/images/preloader.gif

173.254.104.65

200 OK

52 kB

URL HTTP/1.1
ontarioinvestigatortraining.ca/theme/edumy/images/preloader.gif
IP
173.254.104.65:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
GIF image data, version 89a, 80 x 80\012- data
Size
52 kB (51822 bytes)
Hash
fbf81d06486b2016fc03f155828f0a0c
d93cd00dbf602acab7cb206f024ef10d7688e0ad
3fcb7b4a60293148e6d64b74387dd8659cf37f5816bcafbe58adc0edd5489c04

HTTP Headers

GET /theme/edumy/images/preloader.gif HTTP/1.1
Host: ontarioinvestigatortraining.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ontarioinvestigatortraining.ca/theme/styles.php/edumy/1597332595_1/all
Cookie: MoodleSession=f9dfd556f4f0da87f3698a3509c1c2e6

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 18:41:39 GMT
Server: Apache
Last-Modified: Mon, 09 Sep 2019 09:06:24 GMT
Accept-Ranges: bytes
Content-Length: 51822
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: image/gif

ontarioinvestigatortraining.ca/theme/edumy/images/background/inner-pagebg.jpg

173.254.104.65

200 OK

13 kB

URL HTTP/1.1
ontarioinvestigatortraining.ca/theme/edumy/images/background/inner-pagebg.jpg
IP
173.254.104.65:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1920x400, components 3\012- data
Size
13 kB (12625 bytes)
Hash
8b3728ae10572b548a503003b2dff6f1
beddea29eda2574314fbabe5e256caa5c30f55bf
677518a3625543f2bd453c0932ba0dde700e2e32491090fc75ad52f9d6a23f05

HTTP Headers

GET /theme/edumy/images/background/inner-pagebg.jpg HTTP/1.1
Host: ontarioinvestigatortraining.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ontarioinvestigatortraining.ca/theme/styles.php/edumy/1597332595_1/all
Cookie: MoodleSession=f9dfd556f4f0da87f3698a3509c1c2e6

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 18:41:39 GMT
Server: Apache
Last-Modified: Fri, 03 Jan 2020 02:03:32 GMT
Accept-Ranges: bytes
Content-Length: 12625
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: image/jpeg

ontarioinvestigatortraining.ca/theme/edumy/fonts/Flaticon.woff2

173.254.104.65

200 OK

22 kB

URL HTTP/1.1
ontarioinvestigatortraining.ca/theme/edumy/fonts/Flaticon.woff2
IP
173.254.104.65:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
Web Open Font Format (Version 2), TrueType, length 22384, version 1.0\012- data
Size
22 kB (22384 bytes)
Hash
efbadf6e3830c51cc205052fd6ec6fa2
f9f0868e8ba51ad43d34f3125d80c67f3d34ceba
f68edb389aa33705485beb09f0395a2514f36dce4491d95d4baf7ec1bef4d2d2

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /theme/edumy/fonts/Flaticon.woff2 HTTP/1.1
Host: ontarioinvestigatortraining.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://ontarioinvestigatortraining.ca/theme/styles.php/edumy/1597332595_1/all
Cookie: MoodleSession=f9dfd556f4f0da87f3698a3509c1c2e6

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 18:41:39 GMT
Server: Apache
Last-Modified: Mon, 09 Sep 2019 08:06:12 GMT
Accept-Ranges: bytes
Content-Length: 22384
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: font/woff2

fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4uaVIGxA.woff2

216.58.207.195

200 OK

13 kB

URL HTTP/2
fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4uaVIGxA.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 12972, version 1.0\012- data
Size
13 kB (12972 bytes)
Hash
f155ae6c5a655f05edb86445bd7e8d76
23115e9e59853e36044ae725d809759b7e8fa5f2
140ef34d138412106d0dc0bf060ba49acf6eaa6610c5bab642b182ddd0d68c8a

HTTP Headers

GET /s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4uaVIGxA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://ontarioinvestigatortraining.ca
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12972
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 26 Sep 2022 19:07:14 GMT
expires: Tue, 26 Sep 2023 19:07:14 GMT
cache-control: public, max-age=31536000
age: 516865
last-modified: Mon, 15 Aug 2022 18:15:57 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ontarioinvestigatortraining.ca/theme/edumy/fonts/fontawesome-webfont.woff2?v=4.7.0

173.254.104.65

200 OK

77 kB

URL HTTP/1.1
ontarioinvestigatortraining.ca/theme/edumy/fonts/fontawesome-webfont.woff2?v=4.7.0
IP
173.254.104.65:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Size
77 kB (77160 bytes)
Hash
af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

HTTP Headers

GET /theme/edumy/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: ontarioinvestigatortraining.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://ontarioinvestigatortraining.ca/theme/styles.php/edumy/1597332595_1/all
Cookie: MoodleSession=f9dfd556f4f0da87f3698a3509c1c2e6

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 18:41:39 GMT
Server: Apache
Last-Modified: Mon, 09 Sep 2019 08:06:28 GMT
Accept-Ranges: bytes
Content-Length: 77160
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: font/woff2

ontarioinvestigatortraining.ca/theme/yui_combo.php?m/1597201510/core/event/event-debug.js&m/1597201510/filter_mathjaxloader/loader/loader-debug.js

173.254.104.65

200 OK

2.8 kB

URL HTTP/1.1
ontarioinvestigatortraining.ca/theme/yui_combo.php?m/1597201510/core/event/event-debug.js&m/1597201510/filter_mathjaxloader/loader/loader-debug.js
IP
173.254.104.65:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text
Size
2.8 kB (2827 bytes)
Hash
241dbe55902ab21afd141026a201f6f8
7969d51307fdd8d059b63cbbde094c723a5b6f98
ba8938a2d70faeaff6c28593d8c576ce1cc05cb69d2295bbbdb1db13a4a0d599

HTTP Headers

GET /theme/yui_combo.php?m/1597201510/core/event/event-debug.js&m/1597201510/filter_mathjaxloader/loader/loader-debug.js HTTP/1.1
Host: ontarioinvestigatortraining.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ontarioinvestigatortraining.ca/blog/index.php?entryid=241
Cookie: MoodleSession=f9dfd556f4f0da87f3698a3509c1c2e6

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 18:41:39 GMT
Server: Apache
Content-Disposition: inline; filename="combo"
Expires: Wed, 27 Sep 2023 18:41:39 GMT
Pragma: 
Cache-Control: public, max-age=31104000, immutable
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Fri, 03 Jan 2020 03:25:08 GMT
Accept-Ranges: none, none
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8d59ee7b197f347e30ac793231158927
3316937f84c08ad1857d2f663dca353e250815f0
c17a343ceb786a421f8c3abfffae350e12c92271a69fc88eb8e8bab568877d6b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8555
Expires: Sun, 02 Oct 2022 21:04:15 GMT
Date: Sun, 02 Oct 2022 18:41:40 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8d59ee7b197f347e30ac793231158927
3316937f84c08ad1857d2f663dca353e250815f0
c17a343ceb786a421f8c3abfffae350e12c92271a69fc88eb8e8bab568877d6b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8555
Expires: Sun, 02 Oct 2022 21:04:15 GMT
Date: Sun, 02 Oct 2022 18:41:40 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8d59ee7b197f347e30ac793231158927
3316937f84c08ad1857d2f663dca353e250815f0
c17a343ceb786a421f8c3abfffae350e12c92271a69fc88eb8e8bab568877d6b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8555
Expires: Sun, 02 Oct 2022 21:04:15 GMT
Date: Sun, 02 Oct 2022 18:41:40 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d657f8a-70bc-42c6-9aae-1127c4403047.jpeg

34.120.237.76

200 OK

8.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d657f8a-70bc-42c6-9aae-1127c4403047.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.6 kB (8602 bytes)
Hash
94d82ad8d70761f6ee1384b4183335f3
5d3389a965cfa45dab2202d89b40264368674e8a
ad495dc0ede3bfcbaebfd3bf2eb55fc5596cd7643a539e030ccce0b8a3bcf8dd

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d657f8a-70bc-42c6-9aae-1127c4403047.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8602
x-amzn-requestid: 89329169-bc7a-46b1-85fc-20383a85cae8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWDf9GxzoAMFg0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b2cc-27952f8357fa25c956b1cd72;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:36:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: YDfn3Xd8m6jaBrj_M9hs4dePku_eEhJbYv3NJSHjCdAWifhBkiKUhw==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 22:21:15 GMT
age: 73225
etag: "5d3389a965cfa45dab2202d89b40264368674e8a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccb5f775-a073-47ba-b076-ad1c96659b64.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11083 bytes)
Hash
edded48f558f739287a040151349ef67
d63b6ba630736d32c364b0e6a369274b2389b7ff
33b4a459df0ba7b36b907ba96d74e08660cc75640c42a5748b97d18ec2e9d533

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccb5f775-a073-47ba-b076-ad1c96659b64.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11083
x-amzn-requestid: 53e2c961-bcc0-4977-8648-ee3c1aed9cde
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWEHRFWfIAMFhlA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b3c7-070212d7386d5efa1b4aa8d3;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:40:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Z1KmxHJh9QNfg5x0enkqOjbmiqHvg7nlQiMnuDuCRNWQUBFEiKELbw==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:48:36 GMT
etag: "d63b6ba630736d32c364b0e6a369274b2389b7ff"
content-type: image/jpeg
age: 75184
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd7a6e7d5-efdf-4904-b660-ffb0d8ffd4d3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.1 kB (6101 bytes)
Hash
e711c6bf0d0808f0b5c57b80916eba4d
36c8dcdfdc2c59246ba9d999ddffd5387f68155e
e252f3c857e18ddaea7059bfb19826ac5e47c694ce57068d85f60bd1ac5f6c25

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd7a6e7d5-efdf-4904-b660-ffb0d8ffd4d3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6101
x-amzn-requestid: 0edbc5d1-324f-4b4f-a55c-b9333f2bb6a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWDpnFumIAMFoEg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b30a-1422f70670e89174415c1aba;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:37:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: hG5L6pTNHLcM-nBovmH6kFuFK5oXJuxVWsnaffj6L8bDlGnpFVJFKg==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 22:17:57 GMT
age: 73423
etag: "36c8dcdfdc2c59246ba9d999ddffd5387f68155e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ae1e7d3-41cb-4400-8cae-870baa006b86.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.8 kB (7777 bytes)
Hash
5a137925cb6116c46ce21c6e27933c44
2973e908318c68489bba9b4242254769a4f3d1ba
737bf9c3d2906a937ed0b082c8830982163be90acf8dd01dacc7ec80c5c8bcd1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ae1e7d3-41cb-4400-8cae-870baa006b86.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7777
x-amzn-requestid: d035ce80-1700-4e69-8b75-e0bf47ca9ddf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZDCWCFw4oAMFVDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63311759-0412900d669b5381058ec9a2;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 03:07:05 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Qjg6qPJNIehAnTLi-hWNzXTtp0q6Jnw82sOKKZJvTznFmNihUcNgJw==
via: 1.1 73b60e9a9fd08eae9e034cedba707280.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sun, 02 Oct 2022 18:22:17 GMT
age: 1163
etag: "2973e908318c68489bba9b4242254769a4f3d1ba"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18b1ba6d-ca56-4474-afa8-cd3b53cce28e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.3 kB (9340 bytes)
Hash
6047192460abf4afd600948abb5e6ee1
6d6d52fb5024e7772dd45dd459bfe3ec90cb5ce4
d1fd21a5913f6831d2128c8e9e84767d9730bf9e779da5395dc31b82a10e32e9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18b1ba6d-ca56-4474-afa8-cd3b53cce28e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9340
x-amzn-requestid: e892265e-836d-4638-871f-0548eda57745
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWDf8FCEoAMFyow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b2cc-7f39bb92066a75a90868dd03;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:36:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Sk1Dahp1gliiBIghSCZselE7-Fy45svrCk7TdmunOwNefSNqY1P1jA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:48:34 GMT
etag: "6d6d52fb5024e7772dd45dd459bfe3ec90cb5ce4"
content-type: image/jpeg
age: 75186
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59054e54-a013-42c5-98a5-abe2b6af4fc6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.0 kB (4987 bytes)
Hash
463bdcfbec5426e18ecef83b1c373b71
2e533332ee5c49143e58dad32ee3717a39179532
2c40befd28781482b9be249a792571612d68d7045324083d2c832fa5ec42f04b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59054e54-a013-42c5-98a5-abe2b6af4fc6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4987
x-amzn-requestid: 763edd04-7f8d-42ae-8864-482be3549958
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWEHpFs4oAMFbqg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b3ca-2f7b67e85aa83b69183e62b5;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:40:26 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 2Zoggf30lA-Kvt5QYa-IdhGePHCNiphR7pfFiOaFvL8ZkWZIaiK4pA==
via: 1.1 f4367b41311e3e9a490d7461b7b85490.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:48:37 GMT
etag: "2e533332ee5c49143e58dad32ee3717a39179532"
content-type: image/jpeg
age: 75183
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ontarioinvestigatortraining.ca/theme/edumy/pix/favicon.ico

173.254.104.65

200 OK

6.8 kB

URL HTTP/1.1
ontarioinvestigatortraining.ca/theme/edumy/pix/favicon.ico
IP
173.254.104.65:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced\012- data
Size
6.8 kB (6842 bytes)
Hash
fa157a3679a601e2b265da00cdfd994a
0acbd8353eb90fd403ff4db8f8547c2bfc29ff6b
dd64e10d49d19caddcc479a2c4865b119059cff47233ca486cfefb38960ccb45

HTTP Headers

GET /theme/edumy/pix/favicon.ico HTTP/1.1
Host: ontarioinvestigatortraining.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ontarioinvestigatortraining.ca/blog/index.php?entryid=241
Cookie: MoodleSession=f9dfd556f4f0da87f3698a3509c1c2e6

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 18:41:40 GMT
Server: Apache
Last-Modified: Thu, 14 Jun 2018 02:01:16 GMT
Accept-Ranges: bytes
Content-Length: 6842
Cache-Control: max-age=604800
Expires: Sun, 09 Oct 2022 18:41:40 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: image/x-icon

ontarioinvestigatortraining.ca/lib/javascript.php/1597201510/comment/comment.js

173.254.104.65

200 OK

3.1 kB

URL HTTP/1.1
ontarioinvestigatortraining.ca/lib/javascript.php/1597201510/comment/comment.js
IP
173.254.104.65:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document, ASCII text, with very long lines (1140)
Size
3.1 kB (3144 bytes)
Hash
08ccd032a4c9d47c622ce557499198e1
4fc51279e0b1a9c98dae46e96741e46c0fe67c6c
119791a3380febefb96481794d6f0f3a020be2ef3d2a382eead9a2a5cbbf58d4

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /lib/javascript.php/1597201510/comment/comment.js HTTP/1.1
Host: ontarioinvestigatortraining.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ontarioinvestigatortraining.ca/blog/index.php?entryid=241
Cookie: MoodleSession=f9dfd556f4f0da87f3698a3509c1c2e6

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 18:41:40 GMT
Server: Apache
Content-Disposition: inline; filename="javascript.php"
Expires: Sat, 31 Dec 2022 18:41:40 GMT
Pragma: 
Cache-Control: public, max-age=7776000, immutable
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Thu, 13 Aug 2020 02:44:53 GMT
Accept-Ranges: none, none
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=utf-8

ontarioinvestigatortraining.ca/theme/yui_combo.php?3.17.2/json-stringify/json-stringify.js&2in3/2.9.0/build/yui2-animation/yui2-animation.js

173.254.104.65

200 OK

12 kB

URL HTTP/1.1
ontarioinvestigatortraining.ca/theme/yui_combo.php?3.17.2/json-stringify/json-stringify.js&2in3/2.9.0/build/yui2-animation/yui2-animation.js
IP
173.254.104.65:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (754)
Size
12 kB (11540 bytes)
Hash
190e5fb0850bc3822bb3d75c43820909
c2fa569e03c492a97ff81d30fa149971d76908c4
30a1758ce0379bcdacb8e4514c5b61b38b259a743082380e3eac290dbae07d56

HTTP Headers

GET /theme/yui_combo.php?3.17.2/json-stringify/json-stringify.js&2in3/2.9.0/build/yui2-animation/yui2-animation.js HTTP/1.1
Host: ontarioinvestigatortraining.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ontarioinvestigatortraining.ca/blog/index.php?entryid=241
Cookie: MoodleSession=f9dfd556f4f0da87f3698a3509c1c2e6

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 18:41:40 GMT
Server: Apache
Content-Disposition: inline; filename="combo"
Expires: Wed, 27 Sep 2023 18:41:40 GMT
Pragma: 
Cache-Control: public, max-age=31104000, immutable
Accept-Ranges: none
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Fri, 03 Jan 2020 03:25:08 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript

ontarioinvestigatortraining.ca/theme/yui_combo.php?2in3/2.9.0/build/yui2-yahoo/yui2-yahoo.js&2in3/2.9.0/build/yui2-dom/yui2-dom.js&2in3/2.9.0/build/yui2-event/yui2-event.js

173.254.104.65

200 OK

43 kB

URL HTTP/1.1
ontarioinvestigatortraining.ca/theme/yui_combo.php?2in3/2.9.0/build/yui2-yahoo/yui2-yahoo.js&2in3/2.9.0/build/yui2-dom/yui2-dom.js&2in3/2.9.0/build/yui2-event/yui2-event.js
IP
173.254.104.65:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document, ASCII text
Size
43 kB (42801 bytes)
Hash
5df05e4a058948cb6d36950e53fe26e1
baf3dc1a61995487c3b017b7cca09a2adad44d7d
203bfec1c1732d996709e2494d14917d44ac3de7b963d0949e45bf85b34812e5

HTTP Headers

GET /theme/yui_combo.php?2in3/2.9.0/build/yui2-yahoo/yui2-yahoo.js&2in3/2.9.0/build/yui2-dom/yui2-dom.js&2in3/2.9.0/build/yui2-event/yui2-event.js HTTP/1.1
Host: ontarioinvestigatortraining.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ontarioinvestigatortraining.ca/blog/index.php?entryid=241
Cookie: MoodleSession=f9dfd556f4f0da87f3698a3509c1c2e6

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 18:41:40 GMT
Server: Apache
Content-Disposition: inline; filename="combo"
Expires: Wed, 27 Sep 2023 18:41:40 GMT
Pragma: 
Cache-Control: public, max-age=31104000, immutable
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Fri, 03 Jan 2020 03:25:08 GMT
Accept-Ranges: none, none
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript

ontarioinvestigatortraining.ca/lib/requirejs.php/1597201510/core/first.js

173.254.104.65

200 OK

263 kB

URL HTTP/1.1
ontarioinvestigatortraining.ca/lib/requirejs.php/1597201510/core/first.js
IP
173.254.104.65:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (18223)
Size
263 kB (263081 bytes)
Hash
725c8c92cf55190a8e373386073ae5d8
3c59a80f2236307a8967a10016d6713559bc1cea
5152b3a3b8c7cbdcb1b88f18b01b9352f0499a12e5dfd4ab125e242863db2914

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /lib/requirejs.php/1597201510/core/first.js HTTP/1.1
Host: ontarioinvestigatortraining.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ontarioinvestigatortraining.ca/blog/index.php?entryid=241
Cookie: MoodleSession=f9dfd556f4f0da87f3698a3509c1c2e6

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 18:41:40 GMT
Server: Apache
Content-Disposition: inline; filename="requirejs.php"
Expires: Sat, 31 Dec 2022 18:41:40 GMT
Pragma: 
Cache-Control: public, max-age=7776000, immutable
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Wed, 12 Aug 2020 03:05:28 GMT
Accept-Ranges: none, none
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=utf-8

ontarioinvestigatortraining.ca/lib/javascript.php/1597201510/lib/jquery/jquery-3.4.1.min.js

173.254.104.65

200 OK

31 kB

URL HTTP/1.1
ontarioinvestigatortraining.ca/lib/javascript.php/1597201510/lib/jquery/jquery-3.4.1.min.js
IP
173.254.104.65:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (65451)
Size
31 kB (30681 bytes)
Hash
f93e3ed042f71e5f7fe68859936b38ef
69461b9374414ecdaa736061a4b302e81f0c7c89
24b2b2bb2c54222c3db2276e9989b6a027fa0d0469993b4b9332c68ce5c3e469

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /lib/javascript.php/1597201510/lib/jquery/jquery-3.4.1.min.js HTTP/1.1
Host: ontarioinvestigatortraining.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ontarioinvestigatortraining.ca/blog/index.php?entryid=241
Cookie: MoodleSession=f9dfd556f4f0da87f3698a3509c1c2e6

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 18:41:41 GMT
Server: Apache
Content-Disposition: inline; filename="javascript.php"
Expires: Sat, 31 Dec 2022 18:41:41 GMT
Pragma: 
Cache-Control: public, max-age=7776000, immutable
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Wed, 12 Aug 2020 03:05:30 GMT
Accept-Ranges: none, none
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=utf-8

ontarioinvestigatortraining.ca/theme/yui_combo.php?3.17.2/event-mousewheel/event-mousewheel.js&3.17.2/event-resize/event-resize.js&3.17.2/event-hover/event-hover.js&3.17.2/event-touch/event-touch.js&3.17.2/event-move/event-move.js&3.17.2/event-flick/event-flick.js&3.17.2/event-valuechange/event-valuechange.js&3.17.2/event-tap/event-tap.js

173.254.104.65

200 OK

15 kB

URL HTTP/1.1
ontarioinvestigatortraining.ca/theme/yui_combo.php?3.17.2/event-mousewheel/event-mousewheel.js&3.17.2/event-resize/event-resize.js&3.17.2/event-hover/event-hover.js&3.17.2/event-touch/event-touch.js&3.17.2/event-move/event-move.js&3.17.2/event-flick/event-flick.js&3.17.2/event-valuechange/event-valuechange.js&3.17.2/event-tap/event-tap.js
IP
173.254.104.65:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (437)
Size
15 kB (14987 bytes)
Hash
968eef4e2bfe69b5bc52caa8093f624e
6b5916393ef4dec25be5533835ca64136183c411
8b242bd66a81b1ffbbd99008ad2a728e32675385f535b6d9c76498e15eb6b9d5

HTTP Headers

GET /theme/yui_combo.php?3.17.2/event-mousewheel/event-mousewheel.js&3.17.2/event-resize/event-resize.js&3.17.2/event-hover/event-hover.js&3.17.2/event-touch/event-touch.js&3.17.2/event-move/event-move.js&3.17.2/event-flick/event-flick.js&3.17.2/event-valuechange/event-valuechange.js&3.17.2/event-tap/event-tap.js HTTP/1.1
Host: ontarioinvestigatortraining.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ontarioinvestigatortraining.ca/blog/index.php?entryid=241
Cookie: MoodleSession=f9dfd556f4f0da87f3698a3509c1c2e6

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 18:41:41 GMT
Server: Apache
Content-Disposition: inline; filename="combo"
Expires: Wed, 27 Sep 2023 18:41:41 GMT
Pragma: 
Cache-Control: public, max-age=31104000, immutable
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Fri, 03 Jan 2020 03:25:08 GMT
Accept-Ranges: none, none
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript

ontarioinvestigatortraining.ca/lib/ajax/service.php?sesskey=tr6PA2umn1&info=core_fetch_notifications

173.254.104.65

200 OK

372 B

URL HTTP/1.1
ontarioinvestigatortraining.ca/lib/ajax/service.php?sesskey=tr6PA2umn1&info=core_fetch_notifications
IP
173.254.104.65:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
JSON data\012- , ASCII text, with very long lines (719), with no line terminators
Size
372 B (372 bytes)
Hash
c04a798f28e93f838975c7ce9d3106f4
54ac38755e940dca6286afde784a2628ed73b48c
af6f941e5cb6b93c4580e2b3cf807a925744c6e4dfd16a63b71bfc0ec687c5a5

HTTP Headers

POST /lib/ajax/service.php?sesskey=tr6PA2umn1&info=core_fetch_notifications HTTP/1.1
Host: ontarioinvestigatortraining.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Content-Length: 78
Origin: http://ontarioinvestigatortraining.ca
Connection: keep-alive
Referer: http://ontarioinvestigatortraining.ca/blog/index.php?entryid=241
Cookie: MoodleSession=f9dfd556f4f0da87f3698a3509c1c2e6

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 18:41:41 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Content-Length: 372
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: application/json; charset=utf-8

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (21)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations