Report - ulgroup.ca/simc.rnis/5/login.php

Report Overview

Submitted URL
ulgroup.ca/simc.rnis/5/login.php
IP
38.117.65.66
ASN
#12212 RAVAND
Submitted
2022-11-16 20:17:42
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
48

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-10T05:10:02Z	606 B	127 B	35.165.176.211
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-10T05:10:04Z	3.2 kB	56 kB	34.120.237.76
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-10T05:09:10Z	2.4 kB	6.2 kB	23.36.77.32
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-10T13:49:44Z	682 B	1.6 kB	93.184.220.29
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-10T05:10:00Z	782 B	2.4 kB	34.102.187.140
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-10T05:12:35Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-10T05:10:00Z	333 B	229 B	34.117.237.239
ulgroup.ca	unknown	2019-03-28T14:11:26Z	2023-03-04T00:42:22Z	10 kB	772 kB	38.117.65.66

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-16	medium	ulgroup.ca/simc.rnis/5/login.php	Phishing
2022-11-16	medium	ulgroup.ca/simc.rnis/5/media/jquery-2.2.3.js	Phishing
2022-11-16	medium	ulgroup.ca/simc.rnis/5/media/login-fast.svg	Phishing
2022-11-16	medium	ulgroup.ca/simc.rnis/5/media/login-easy.svg	Phishing
2022-11-16	medium	ulgroup.ca/simc.rnis/5/media/Error_Orange.svg	Phishing
2022-11-16	medium	ulgroup.ca/simc.rnis/5/media/GooglePlay.svg	Phishing
2022-11-16	medium	ulgroup.ca/simc.rnis/5/media/Experience.svg	Phishing
2022-11-16	medium	ulgroup.ca/simc.rnis/5/media/HuaweiStoreBadge.svg	Phishing
2022-11-16	medium	ulgroup.ca/simc.rnis/5/media/AppStoreBadge.svg	Phishing
2022-11-16	medium	ulgroup.ca/simc.rnis/5/media/login-secure.svg	Phishing
2022-11-16	medium	ulgroup.ca/simc.rnis/5/media/cookie-icon.svg	Phishing
2022-11-16	medium	ulgroup.ca/simc.rnis/5/media/icon-chat-thin.svg	Phishing
2022-11-16	medium	ulgroup.ca/simc.rnis/5/media/contact-blank-green.svg	Phishing
2022-11-16	medium	ulgroup.ca/simc.rnis/5/media/location-blank-green.svg	Phishing
2022-11-16	medium	ulgroup.ca/simc.rnis/5/media/cross-close-white.svg	Phishing
2022-11-16	medium	ulgroup.ca/simc.rnis/5/media/NedbankIcon.svg	Phishing
2022-11-16	medium	ulgroup.ca/simc.rnis/5/media/demo-icon.svg	Phishing
2022-11-16	medium	ulgroup.ca/simc.rnis/5/media/Arrow.svg	Phishing
2022-11-16	medium	ulgroup.ca/simc.rnis/5/media/outline-cheque.svg	Phishing
2022-11-16	medium	ulgroup.ca/simc.rnis/5/media/Eye-Show.svg	Phishing
2022-11-16	medium	ulgroup.ca/simc.rnis/5/media/close-gray.svg	Phishing
2022-11-16	medium	ulgroup.ca/simc.rnis/5/media/FontFont%20-%20MarkPro.otf	Phishing
2022-11-16	medium	ulgroup.ca/simc.rnis/5/media/FontFont%20-%20MarkPro-Bold.otf	Phishing
2022-11-16	medium	ulgroup.ca/simc.rnis/5/media/FontFont%20-%20MarkPro-Medium.otf	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (4)

	URL	Size	First Seen	Last Seen
	ulgroup.ca/simc.rnis/5/media/jquery-2.2.3.js	259 kB	2023-03-07	2024-04-17
Pretty URL ulgroup.ca/simc.rnis/5/media/jquery-2.2.3.js IP 38.117.65.66 ASN #12212 RAVAND Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:37:50 Last Seen2024-04-17 10:46:19 Times Seen485 Hash aacc43d6f308fa362ac85e3f4fb2b30c 09b2fbec3c6e662be486da501a913d4b93ad39eb 95a5d6b46c9da70a89f0903e5fdc769a2c266a22a19fcb5598e5448a044db4fe Loading...

	ulgroup.ca/simc.rnis/5/login.php	1.8 kB	2023-03-07	2023-10-01
Pretty URL ulgroup.ca/simc.rnis/5/login.php IP 38.117.65.66 ASN #12212 RAVAND Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:33 Last Seen2023-10-01 08:39:13 Times Seen193 Hash fb3d783083b0856ce7ba58de34d2fb74 c5844dedb192650c55f54dc339d1a18b565322c7 5d5f84b47ccb4116457faa26d0685b55de2d4c40cb5bf708dccc2a1e2d8cc2ac Loading...

	ulgroup.ca/simc.rnis/5/login.php	3 B	2023-03-07	2024-04-17
Pretty URL ulgroup.ca/simc.rnis/5/login.php IP 38.117.65.66 ASN #12212 RAVAND Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:33 Last Seen2024-04-17 12:06:40 Times Seen1188 Hash 2228e977ebea8966e27929f43e39cb67 7c338ed2840d2bf55f9f5e4eed04f66c80840eb3 6a3cf5192354f71615ac51034b3e97c20eda99643fcaf5bbe6d41ad59bd12167 Loading...

	ulgroup.ca/simc.rnis/5/login.php	80 B	2023-03-07	2023-10-01
Pretty URL ulgroup.ca/simc.rnis/5/login.php IP 38.117.65.66 ASN #12212 RAVAND Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:33 Last Seen2023-10-01 08:39:13 Times Seen194 Hash 6b876b9bd9e985d5892eec74d9322f5b 40d3992a9443b897bb1e4aeed0fba04e8639b269 87812ba706c5e46ed4209046b96d0d883c30d667c3fadc9381d2f288b435878a Loading...

HTTP Transactions (49)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ade0f92f30e7d68787598ca2b5fd30c7
fc7065ecb41bdfc5cbf0d8d568d335426c57f02f
1aac1c0926e545793d2040b114d2e064b175592a131ba27ff820fcd4aff4b4e3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1AAC1C0926E545793D2040B114D2E064B175592A131BA27FF820FCD4AFF4B4E3"
Last-Modified: Wed, 16 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2918
Expires: Wed, 16 Nov 2022 21:06:09 GMT
Date: Wed, 16 Nov 2022 20:17:31 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
9b4e6c72233070ef185ff980135e9555
2f14523a3f6f9532df3b872984fd23e156d2c465
5040e340e60b331b1569d52d66afcd5649a4121e2841d38cca0974e2a4c0af75

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2143
Cache-Control: max-age=139769
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 20:17:31 GMT
Etag: "6374bbf5-1d7"
Expires: Fri, 18 Nov 2022 11:07:00 GMT
Last-Modified: Wed, 16 Nov 2022 10:31:17 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 16 Nov 2022 19:44:48 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1963
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bb1b924b4c0c264304e9229e907092d8
cb1dcaeb8cb6ecc452338c0ee6fac0a32ce2da1e
78d38fd21510d859549a7df0c58c7f1f798e1bd83170dca30fa87f91c1f80846

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "78D38FD21510D859549A7DF0C58C7F1F798E1BD83170DCA30FA87F91C1F80846"
Last-Modified: Wed, 16 Nov 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5104
Expires: Wed, 16 Nov 2022 21:42:35 GMT
Date: Wed, 16 Nov 2022 20:17:31 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: rMcTefi4JCE7qMlLmkRZFe4utAPafy/NbEtAaGoY3ZFvPUk62kwqfEvn446BLQbpIVxGwVuRzS4=
x-amz-request-id: NGBT3NMCXCVV2G8E
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 16 Nov 2022 19:52:09 GMT
age: 1522
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 16 Nov 2022 20:17:31 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ulgroup.ca/simc.rnis/5/login.php

38.117.65.66

200 OK

6.0 kB

URL HTTP/1.1
ulgroup.ca/simc.rnis/5/login.php
IP
38.117.65.66:0
ASN
#12212 RAVAND

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1021), with CRLF line terminators
Size
6.0 kB (5978 bytes)
Hash
65be91aae4ebaaf320fcd5c69f7ff070
d92e06ae196f760e2682f8faf4bbed3b13fdc266
f6c764a40b594886e5c6006f25e025356f53f1da987356573356370a445f4600

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /simc.rnis/5/login.php HTTP/1.1
Host: ulgroup.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 16 Nov 2022 12:22:06 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 5978
Connection: keep-alive
X-Powered-By: PHP/5.6.40
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 16 Nov 2022 19:25:01 GMT
cache-control: public,max-age=3600
age: 3150
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ulgroup.ca/simc.rnis/5/media/style.css

38.117.65.66

200 OK

21 kB

URL HTTP/1.1
ulgroup.ca/simc.rnis/5/media/style.css
IP
38.117.65.66:0
ASN
#12212 RAVAND

File type
ASCII text, with very long lines (65536), with no line terminators
Size
21 kB (21381 bytes)
Hash
b5188b5b06ca8d23ef9a51f132fa882d
257bf6a4e64d69f4891fe5ad7e6b9293fc45ef3d
06eb1d608bf61bc856ea1f0d5b4bd2e2738cfeacf5f04de437d30f40b606a7dc

HTTP Headers

GET /simc.rnis/5/media/style.css HTTP/1.1
Host: ulgroup.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 16 Nov 2022 12:22:06 GMT
Content-Type: text/css
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-2369f"
Content-Encoding: gzip

ulgroup.ca/simc.rnis/5/media/styles.css

38.117.65.66

200 OK

53 kB

URL HTTP/1.1
ulgroup.ca/simc.rnis/5/media/styles.css
IP
38.117.65.66:0
ASN
#12212 RAVAND

File type
ASCII text, with very long lines (65352)
Size
53 kB (52635 bytes)
Hash
ad63180a938dc43960f04f3f8b47d7eb
ab94abbe9b498af48cf83d758b3eeeef9e9de367
f5e63608a6b1d6cd34cfa59788218c87ac2f5c742d9d3758dbff517e56d79886

HTTP Headers

GET /simc.rnis/5/media/styles.css HTTP/1.1
Host: ulgroup.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 16 Nov 2022 12:22:06 GMT
Content-Type: text/css
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-39f8a"
Content-Encoding: gzip

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
8345d8a2ca46c3b181a81d8626d0425f
5d9d088c5dca072bbc9ad23a15450e7af7829400
663b0e6c239177f35b5b48d4203ce95aabc0e5bab7911f5b1d9fb7624cac2e25

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5618
Cache-Control: max-age=138193
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 20:17:32 GMT
Etag: "6374a83b-1d7"
Expires: Fri, 18 Nov 2022 10:40:45 GMT
Last-Modified: Wed, 16 Nov 2022 09:07:07 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

ulgroup.ca/simc.rnis/5/media/jquery-2.2.3.js

38.117.65.66

200 OK

94 kB

URL HTTP/1.1
ulgroup.ca/simc.rnis/5/media/jquery-2.2.3.js
IP
38.117.65.66:0
ASN
#12212 RAVAND

File type
ASCII text
Size
94 kB (93794 bytes)
Hash
0ff6ba94a96b3e2e8f02ec12d29a904c
6cf88c954625211e2c19dc1ada39f1f74c0dc7c0
75cb579bf39bbec390f3729e86c4923da201cc54308d052abc6a48bd597888ea

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /simc.rnis/5/media/jquery-2.2.3.js HTTP/1.1
Host: ulgroup.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 16 Nov 2022 12:22:06 GMT
Content-Type: application/javascript
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-3f258"
Content-Encoding: gzip

ulgroup.ca/simc.rnis/5/media/login-fast.svg

38.117.65.66

200 OK

2.5 kB

URL HTTP/1.1
ulgroup.ca/simc.rnis/5/media/login-fast.svg
IP
38.117.65.66:0
ASN
#12212 RAVAND

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2974)
Size
2.5 kB (2475 bytes)
Hash
0d384279a848dfd5654fb54d6a869b84
2bb75d50842e3019fc40fd51846a5c57ac91284c
899133394d321325aaedeb7bbbede18c76b8ddb5b6e6f197a729da79501ba3d7

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /simc.rnis/5/media/login-fast.svg HTTP/1.1
Host: ulgroup.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 16 Nov 2022 12:22:06 GMT
Content-Type: image/svg+xml
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-14a6"
Content-Encoding: gzip

ulgroup.ca/simc.rnis/5/media/login-easy.svg

38.117.65.66

200 OK

1.8 kB

URL HTTP/1.1
ulgroup.ca/simc.rnis/5/media/login-easy.svg
IP
38.117.65.66:0
ASN
#12212 RAVAND

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2053)
Size
1.8 kB (1798 bytes)
Hash
f96d620f991988374cbe97a933ff0187
35dd3a848139ebc9b61243ff783660da2ecf4437
e14235d4433c6e0251fa11daa14738abf5502de00fd85ec19482e81d81f0b520

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /simc.rnis/5/media/login-easy.svg HTTP/1.1
Host: ulgroup.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 16 Nov 2022 12:22:06 GMT
Content-Type: image/svg+xml
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-1033"
Content-Encoding: gzip

ulgroup.ca/simc.rnis/5/media/Error_Orange.svg

38.117.65.66

200 OK

462 B

URL HTTP/1.1
ulgroup.ca/simc.rnis/5/media/Error_Orange.svg
IP
38.117.65.66:0
ASN
#12212 RAVAND

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (349)
Size
462 B (462 bytes)
Hash
3de5632446dbf4d0e5b7e3176811f452
4ec212b3aebbc8da7bddc001286e3a9aa1bc522c
9791e9ed5b7d4ed5b6f6140692a59e7ebb55617ed37c0e7912b7089c40a4b91d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /simc.rnis/5/media/Error_Orange.svg HTTP/1.1
Host: ulgroup.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 16 Nov 2022 12:22:06 GMT
Content-Type: image/svg+xml
Content-Length: 462
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
ETag: "3a5-5e6430645fa80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip

ulgroup.ca/simc.rnis/5/media/GooglePlay.svg

38.117.65.66

200 OK

5.8 kB

URL HTTP/1.1
ulgroup.ca/simc.rnis/5/media/GooglePlay.svg
IP
38.117.65.66:0
ASN
#12212 RAVAND

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text, with very long lines (2954)
Size
5.8 kB (5831 bytes)
Hash
6f9306d999c120a7380a44e131ebc63a
3b1f6485dc9368ad3406bb9d6fe45c4db0b58e2b
f11c50f836d019d30230f85f38c87be18e3eaf85d33d0a7ac756d0528d2644e7

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /simc.rnis/5/media/GooglePlay.svg HTTP/1.1
Host: ulgroup.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 16 Nov 2022 12:22:06 GMT
Content-Type: image/svg+xml
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-590b"
Content-Encoding: gzip

ulgroup.ca/simc.rnis/5/media/Experience.svg

38.117.65.66

200 OK

4.5 kB

URL HTTP/1.1
ulgroup.ca/simc.rnis/5/media/Experience.svg
IP
38.117.65.66:0
ASN
#12212 RAVAND

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (893)
Size
4.5 kB (4451 bytes)
Hash
d182506e6b418eef650c0ea77d68a7b5
7e4bc82dba6bbfbd36a1b2cc56a3bc1fb73c4320
2498b5e64bf150b72058d9072a7d3230e3f3f9511a61528506c0812d63b9437b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /simc.rnis/5/media/Experience.svg HTTP/1.1
Host: ulgroup.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 16 Nov 2022 12:22:06 GMT
Content-Type: image/svg+xml
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-3034"
Content-Encoding: gzip

push.services.mozilla.com/

35.165.176.211

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.165.176.211:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: l0xOmbn8cHVYEnNmYwiqeA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: fVZnLi/iQGlH7T+na1Nsy8nM0WY=

ulgroup.ca/simc.rnis/5/media/HuaweiStoreBadge.svg

38.117.65.66

200 OK

8.6 kB

URL HTTP/1.1
ulgroup.ca/simc.rnis/5/media/HuaweiStoreBadge.svg
IP
38.117.65.66:0
ASN
#12212 RAVAND

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1948)
Size
8.6 kB (8612 bytes)
Hash
cf2d46f56f90444cbeb3128aa8e233b5
96d87ebcaa7be9c399cc01ffdee50be61255d6c8
5086137be4cab31119da8f4e16b26c9b5c385446ec6cc461159fab154688cc62

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /simc.rnis/5/media/HuaweiStoreBadge.svg HTTP/1.1
Host: ulgroup.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 16 Nov 2022 12:22:06 GMT
Content-Type: image/svg+xml
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-59ae"
Content-Encoding: gzip

ulgroup.ca/simc.rnis/5/media/AppStoreBadge.svg

38.117.65.66

200 OK

5.1 kB

URL HTTP/1.1
ulgroup.ca/simc.rnis/5/media/AppStoreBadge.svg
IP
38.117.65.66:0
ASN
#12212 RAVAND

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
5.1 kB (5126 bytes)
Hash
b41c713588bc04c4675a0693e8eb0528
43cec9642140ae802a2d0c3934bd569f4abbf398
a96ac82ef408bb0a1cd2487568867f600d2c5f66132f29bc44cd1bb372aaca8f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /simc.rnis/5/media/AppStoreBadge.svg HTTP/1.1
Host: ulgroup.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 16 Nov 2022 12:22:06 GMT
Content-Type: image/svg+xml
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-2fc0"
Content-Encoding: gzip

ulgroup.ca/simc.rnis/5/media/login-secure.svg

38.117.65.66

200 OK

2.0 kB

URL HTTP/1.1
ulgroup.ca/simc.rnis/5/media/login-secure.svg
IP
38.117.65.66:0
ASN
#12212 RAVAND

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2575)
Size
2.0 kB (2016 bytes)
Hash
4ecdaba1868a077b158ceed2671340bf
b0052d8ea92c8b42e549f3d6377c96025b615c6e
d2b2e90200d45004ac62c0fe0e5a2363244139f3f094a34c1394790f1718b5ce

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /simc.rnis/5/media/login-secure.svg HTTP/1.1
Host: ulgroup.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 16 Nov 2022 12:22:06 GMT
Content-Type: image/svg+xml
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-1593"
Content-Encoding: gzip

ulgroup.ca/simc.rnis/5/media/entrust_site_seal_ssl.png

38.117.65.66

200 OK

19 kB

URL HTTP/1.1
ulgroup.ca/simc.rnis/5/media/entrust_site_seal_ssl.png
IP
38.117.65.66:0
ASN
#12212 RAVAND

File type
PNG image data, 350 x 350, 8-bit colormap, non-interlaced\012- data
Size
19 kB (18758 bytes)
Hash
e47461fd49a0426768698ade98b259e2
501132059c531265f3898e5b6d8646ac3886cfbb
203680b7945ca5c9f3697881f9af9c8ed160354675055d22fc34545910cd4d54

HTTP Headers

GET /simc.rnis/5/media/entrust_site_seal_ssl.png HTTP/1.1
Host: ulgroup.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 16 Nov 2022 12:22:06 GMT
Content-Type: image/png
Content-Length: 18758
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Connection: keep-alive
ETag: "62f9fd1a-4946"
Accept-Ranges: bytes

ulgroup.ca/simc.rnis/5/media/icon-512x512.png

38.117.65.66

200 OK

41 kB

URL HTTP/1.1
ulgroup.ca/simc.rnis/5/media/icon-512x512.png
IP
38.117.65.66:0
ASN
#12212 RAVAND

File type
PNG image data, 512 x 512, 8-bit/color RGBA, interlaced\012- data
Size
41 kB (40873 bytes)
Hash
45dc0d3ba9b11c9e0358ab3b418f7fcc
904740c7345e3770815dc35ab72b8f2e2b7b5ba1
fcb0dba575e2a3be211208f2a81a519c5d61109ebe399731d140ce5d87ed0920

HTTP Headers

GET /simc.rnis/5/media/icon-512x512.png HTTP/1.1
Host: ulgroup.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 16 Nov 2022 12:22:06 GMT
Content-Type: image/png
Content-Length: 40873
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Connection: keep-alive
ETag: "62f9fd1a-9fa9"
Accept-Ranges: bytes

ulgroup.ca/simc.rnis/5/media/favicon.ico

38.117.65.66

200 OK

1.4 kB

URL HTTP/1.1
ulgroup.ca/simc.rnis/5/media/favicon.ico
IP
38.117.65.66:0
ASN
#12212 RAVAND

File type
MS Windows icon resource - 1 icon, 18x18, 32 bits/pixel\012- data
Size
1.4 kB (1430 bytes)
Hash
68773d46f68cd092f7aac1b70d211e01
bbe705f043f03d491232a63d29e5b8b6befb031e
4fbd7df4e4d5012b82c14234382d58275c3fe42c98162c05bbb4bc98c79ef9f5

HTTP Headers

GET /simc.rnis/5/media/favicon.ico HTTP/1.1
Host: ulgroup.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/login.php

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 16 Nov 2022 12:22:06 GMT
Content-Type: image/x-icon
Content-Length: 1430
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Connection: keep-alive
ETag: "62f9fd1a-596"
Accept-Ranges: bytes

ulgroup.ca/simc.rnis/5/media/cookie-icon.svg

38.117.65.66

200 OK

795 B

URL HTTP/1.1
ulgroup.ca/simc.rnis/5/media/cookie-icon.svg
IP
38.117.65.66:0
ASN
#12212 RAVAND

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (534), with CRLF line terminators
Size
795 B (795 bytes)
Hash
341ba59e13695f65140ba2c0b6cf552e
47b71bac85c92805de1bd7abb2aca732f0f3766f
a17f7d9874e6e8f53352bc8efaf4c9368cf4415cc3268d7b468df7e421bf12d2

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /simc.rnis/5/media/cookie-icon.svg HTTP/1.1
Host: ulgroup.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/style.css

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 16 Nov 2022 12:22:07 GMT
Content-Type: image/svg+xml
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-776"
Content-Encoding: gzip

ulgroup.ca/simc.rnis/5/media/icon-chat-thin.svg

38.117.65.66

200 OK

358 B

URL HTTP/1.1
ulgroup.ca/simc.rnis/5/media/icon-chat-thin.svg
IP
38.117.65.66:0
ASN
#12212 RAVAND

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (447), with CRLF line terminators
Size
358 B (358 bytes)
Hash
cbff59d9b304ecda04af4aeec1c87077
5002a50582742d8eb351de8d06ada0143d807d53
57d0716b0c466e667e4032c0c9a33bb2208f5182803fdc92c66a20fc380d0149

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /simc.rnis/5/media/icon-chat-thin.svg HTTP/1.1
Host: ulgroup.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/style.css

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 16 Nov 2022 12:22:07 GMT
Content-Type: image/svg+xml
Content-Length: 358
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
ETag: "2e5-5e6430645fa80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip

ulgroup.ca/simc.rnis/5/media/contact-blank-green.svg

38.117.65.66

200 OK

602 B

URL HTTP/1.1
ulgroup.ca/simc.rnis/5/media/contact-blank-green.svg
IP
38.117.65.66:0
ASN
#12212 RAVAND

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
602 B (602 bytes)
Hash
036bb143d9dec72b24ddca9349849779
680aeed5606a0bf13f561291b9dcc4a497329b52
325c6412d286192945ab470594f44a06a8ba91a146c8d618aeefa654dc83f20e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /simc.rnis/5/media/contact-blank-green.svg HTTP/1.1
Host: ulgroup.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/style.css

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 16 Nov 2022 12:22:07 GMT
Content-Type: image/svg+xml
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-465"
Content-Encoding: gzip

ulgroup.ca/simc.rnis/5/media/location-blank-green.svg

38.117.65.66

200 OK

577 B

URL HTTP/1.1
ulgroup.ca/simc.rnis/5/media/location-blank-green.svg
IP
38.117.65.66:0
ASN
#12212 RAVAND

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (359), with CRLF line terminators
Size
577 B (577 bytes)
Hash
de0c4eb8dbb24cb6098aaf9c154aa209
1ae25829c1d608b1c4adbf5b897300e7977cd768
6592446a665a0e3184c2d6f3ed7905608e3cb98680ad30216e943af4e3a7ac36

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /simc.rnis/5/media/location-blank-green.svg HTTP/1.1
Host: ulgroup.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/style.css

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 16 Nov 2022 12:22:07 GMT
Content-Type: image/svg+xml
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-492"
Content-Encoding: gzip

ulgroup.ca/simc.rnis/5/media/cross-close-white.svg

38.117.65.66

200 OK

186 B

URL HTTP/1.1
ulgroup.ca/simc.rnis/5/media/cross-close-white.svg
IP
38.117.65.66:0
ASN
#12212 RAVAND

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with CRLF line terminators
Size
186 B (186 bytes)
Hash
389d99732e1cfb176793501951f2576a
77e077f72c00d36c547dd77f0c57101b9e9ff283
7bc32e2f613810c618a59b328db1042f44cc88c50d8850ab0afb52be90f0e87d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /simc.rnis/5/media/cross-close-white.svg HTTP/1.1
Host: ulgroup.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/style.css

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 16 Nov 2022 12:22:07 GMT
Content-Type: image/svg+xml
Content-Length: 186
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
ETag: "ed-5e6430645fa80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip

ulgroup.ca/simc.rnis/5/media/NedbankIcon.svg

38.117.65.66

200 OK

658 B

URL HTTP/1.1
ulgroup.ca/simc.rnis/5/media/NedbankIcon.svg
IP
38.117.65.66:0
ASN
#12212 RAVAND

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (483), with CRLF line terminators
Size
658 B (658 bytes)
Hash
83f2125a10d605cf4871442bee61ddc3
5fafb15c8df0aa1a4dc8636bab7af97174ff1372
59f03baf03daae2a3e6fa12e371ece06655ff1c1fc70f1661a659c0d1b231457

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /simc.rnis/5/media/NedbankIcon.svg HTTP/1.1
Host: ulgroup.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/style.css

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 16 Nov 2022 12:22:07 GMT
Content-Type: image/svg+xml
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-538"
Content-Encoding: gzip

ulgroup.ca/simc.rnis/5/media/demo-icon.svg

38.117.65.66

200 OK

774 B

URL HTTP/1.1
ulgroup.ca/simc.rnis/5/media/demo-icon.svg
IP
38.117.65.66:0
ASN
#12212 RAVAND

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1093), with CRLF line terminators
Size
774 B (774 bytes)
Hash
840c6c15da7dbd005113a9f0ccb7ff17
c332a2cab0a3ba0ef0b22ac18ba802b581e25ada
eff14453d8dc1b5a889d891bac2cd4735ce8b1ec90b4aa9c6b19ba15ba95e0d2

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /simc.rnis/5/media/demo-icon.svg HTTP/1.1
Host: ulgroup.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/style.css

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 16 Nov 2022 12:22:07 GMT
Content-Type: image/svg+xml
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62f9fd1a-65c"
Content-Encoding: gzip

ulgroup.ca/simc.rnis/5/media/Arrow.svg

38.117.65.66

200 OK

427 B

URL HTTP/1.1
ulgroup.ca/simc.rnis/5/media/Arrow.svg
IP
38.117.65.66:0
ASN
#12212 RAVAND

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
427 B (427 bytes)
Hash
687eb5a5b6e2ff89ec18c7468bde6ec8
f5d61bbc807fb7b7b2432c2f94a7f393b392d345
6ae9a93210ff3942f52f535c0ac65f6db593dc79d7a13997acca1cabb0c86e15

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /simc.rnis/5/media/Arrow.svg HTTP/1.1
Host: ulgroup.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/style.css

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 16 Nov 2022 12:22:07 GMT
Content-Type: image/svg+xml
Content-Length: 427
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
ETag: "2f9-5e6430645fa80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip

ulgroup.ca/simc.rnis/5/media/outline-cheque.svg

38.117.65.66

200 OK

207 B

URL HTTP/1.1
ulgroup.ca/simc.rnis/5/media/outline-cheque.svg
IP
38.117.65.66:0
ASN
#12212 RAVAND

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with CRLF line terminators
Size
207 B (207 bytes)
Hash
4627ff628b866efe7b47fe0e3b33c640
143a9d6efda181e89ac05923d80f1c18588d54c0
a58596eab5308ec50fa0ea4938c6950c5423f3aad60e640322b1406e283fded1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /simc.rnis/5/media/outline-cheque.svg HTTP/1.1
Host: ulgroup.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/style.css

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 16 Nov 2022 12:22:07 GMT
Content-Type: image/svg+xml
Content-Length: 207
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
ETag: "103-5e6430645fa80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip

ulgroup.ca/simc.rnis/5/media/Eye-Show.svg

38.117.65.66

200 OK

503 B

URL HTTP/1.1
ulgroup.ca/simc.rnis/5/media/Eye-Show.svg
IP
38.117.65.66:0
ASN
#12212 RAVAND

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
503 B (503 bytes)
Hash
d01c3aa1fe0b289a675358d5b88f14b2
03f88b409caa9e29495acfba2e0295bd508a2ad9
47199aa6dcbd0bdf7786f238869b25d25c19b29ad0efa08042aa406eb434f75c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /simc.rnis/5/media/Eye-Show.svg HTTP/1.1
Host: ulgroup.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/styles.css

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 16 Nov 2022 12:22:07 GMT
Content-Type: image/svg+xml
Content-Length: 503
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
ETag: "3c9-5e6430645fa80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip

ulgroup.ca/simc.rnis/5/media/close-gray.svg

38.117.65.66

500 Internal Server Error

0 B

URL HTTP/1.1
ulgroup.ca/simc.rnis/5/media/close-gray.svg
IP
38.117.65.66:0
ASN
#12212 RAVAND

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /simc.rnis/5/media/close-gray.svg HTTP/1.1
Host: ulgroup.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/style.css

HTTP/1.1 500 Internal Server Error
Server: nginx
Date: Wed, 16 Nov 2022 12:22:07 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
X-Powered-By: PHP/5.6.40
Vary: User-Agent

ulgroup.ca/simc.rnis/5/media/FontFont%20-%20MarkPro.otf

38.117.65.66

200 OK

165 kB

URL HTTP/1.1
ulgroup.ca/simc.rnis/5/media/FontFont%20-%20MarkPro.otf
IP
38.117.65.66:0
ASN
#12212 RAVAND

File type
OpenType font data\012- data
Size
165 kB (165396 bytes)
Hash
12d6724a254d3be629fc6b2871ae5a6a
d3a93c9ed090be9366b9513e5515e8e19ff48459
eaa561f9f8ef5b69bd39e15e332dc3700decacebf48e08b0640ad3a5d8711f65

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /simc.rnis/5/media/FontFont%20-%20MarkPro.otf HTTP/1.1
Host: ulgroup.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/styles.css

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 16 Nov 2022 12:22:07 GMT
Content-Type: application/x-font-otf
Content-Length: 165396
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Connection: keep-alive
ETag: "62f9fd1a-28614"
Accept-Ranges: bytes

ulgroup.ca/simc.rnis/5/media/FontFont%20-%20MarkPro-Bold.otf

38.117.65.66

200 OK

166 kB

URL HTTP/1.1
ulgroup.ca/simc.rnis/5/media/FontFont%20-%20MarkPro-Bold.otf
IP
38.117.65.66:0
ASN
#12212 RAVAND

File type
OpenType font data\012- data
Size
166 kB (165936 bytes)
Hash
476d44b0f6c8939bb8859c9ce7598310
cd8fb565970c2750a12b3b47b1869578f7a041fb
979af22174e46123e6fb3c96d96360ba0ea7a5dbd00ae97ab1ebefae9c284d37

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /simc.rnis/5/media/FontFont%20-%20MarkPro-Bold.otf HTTP/1.1
Host: ulgroup.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/styles.css

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 16 Nov 2022 12:22:07 GMT
Content-Type: application/x-font-otf
Content-Length: 165936
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Connection: keep-alive
ETag: "62f9fd1a-28830"
Accept-Ranges: bytes

ulgroup.ca/simc.rnis/5/media/FontFont%20-%20MarkPro-Medium.otf

38.117.65.66

200 OK

162 kB

URL HTTP/1.1
ulgroup.ca/simc.rnis/5/media/FontFont%20-%20MarkPro-Medium.otf
IP
38.117.65.66:0
ASN
#12212 RAVAND

File type
OpenType font data\012- data
Size
162 kB (162260 bytes)
Hash
8531ae94f5ad973be8b718f88e9660ed
a6d5635dcebab54c459a725da9a892017627a994
ad51841bf5cf5eb27ead0ae50f936f678eeb2d4e1be6035e83fce13b0e3b83bb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /simc.rnis/5/media/FontFont%20-%20MarkPro-Medium.otf HTTP/1.1
Host: ulgroup.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ulgroup.ca/simc.rnis/5/media/styles.css

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 16 Nov 2022 12:22:07 GMT
Content-Type: application/x-font-otf
Content-Length: 162260
Last-Modified: Mon, 15 Aug 2022 08:00:26 GMT
Connection: keep-alive
ETag: "62f9fd1a-279d4"
Accept-Ranges: bytes

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9426341bb128c1b6ba16e64df78152b4
08859a30ed6dee233cde4d77f2a04f058991502b
209a0520d5fb1eeb6dfa7d2f4c334a7109cc885cf4be8605bfe5a8f52232306d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "209A0520D5FB1EEB6DFA7D2F4C334A7109CC885CF4BE8605BFE5A8F52232306D"
Last-Modified: Tue, 15 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6448
Expires: Wed, 16 Nov 2022 22:05:01 GMT
Date: Wed, 16 Nov 2022 20:17:33 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9426341bb128c1b6ba16e64df78152b4
08859a30ed6dee233cde4d77f2a04f058991502b
209a0520d5fb1eeb6dfa7d2f4c334a7109cc885cf4be8605bfe5a8f52232306d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "209A0520D5FB1EEB6DFA7D2F4C334A7109CC885CF4BE8605BFE5A8F52232306D"
Last-Modified: Tue, 15 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6448
Expires: Wed, 16 Nov 2022 22:05:01 GMT
Date: Wed, 16 Nov 2022 20:17:33 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9426341bb128c1b6ba16e64df78152b4
08859a30ed6dee233cde4d77f2a04f058991502b
209a0520d5fb1eeb6dfa7d2f4c334a7109cc885cf4be8605bfe5a8f52232306d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "209A0520D5FB1EEB6DFA7D2F4C334A7109CC885CF4BE8605BFE5A8F52232306D"
Last-Modified: Tue, 15 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6448
Expires: Wed, 16 Nov 2022 22:05:01 GMT
Date: Wed, 16 Nov 2022 20:17:33 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9426341bb128c1b6ba16e64df78152b4
08859a30ed6dee233cde4d77f2a04f058991502b
209a0520d5fb1eeb6dfa7d2f4c334a7109cc885cf4be8605bfe5a8f52232306d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "209A0520D5FB1EEB6DFA7D2F4C334A7109CC885CF4BE8605BFE5A8F52232306D"
Last-Modified: Tue, 15 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6448
Expires: Wed, 16 Nov 2022 22:05:01 GMT
Date: Wed, 16 Nov 2022 20:17:33 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9426341bb128c1b6ba16e64df78152b4
08859a30ed6dee233cde4d77f2a04f058991502b
209a0520d5fb1eeb6dfa7d2f4c334a7109cc885cf4be8605bfe5a8f52232306d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "209A0520D5FB1EEB6DFA7D2F4C334A7109CC885CF4BE8605BFE5A8F52232306D"
Last-Modified: Tue, 15 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6448
Expires: Wed, 16 Nov 2022 22:05:01 GMT
Date: Wed, 16 Nov 2022 20:17:33 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18e399ef-c649-4728-84e9-6fea03ea9b5a.jpeg

34.120.237.76

200 OK

9.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18e399ef-c649-4728-84e9-6fea03ea9b5a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.6 kB (9625 bytes)
Hash
ae0ab55e0e77a4265808a6689f25cbc3
187e6b340b43eb1aa0c724b749db7c20a486706a
3881e5ad44b9b2fae82510794af43d14e304ce624f26f66523f85d58fea063dc

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18e399ef-c649-4728-84e9-6fea03ea9b5a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9625
x-amzn-requestid: 9bd72b4a-2ac0-423f-b0e2-73fd51e02e97
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bqYEBHTjIAMFvOQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637406e6-57f5412d5eca6d640a0f590d;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 21:38:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: UavYBt2WjF4WCRJGtM2zS-dZinNLgs_0HuyORwaVCSlj-32Qd6sNTQ==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 b23fb37cd7fff033ab21e3284f558a28.cloudfront.net (CloudFront), 1.1 google
date: Tue, 15 Nov 2022 22:09:56 GMT
age: 79657
etag: "187e6b340b43eb1aa0c724b749db7c20a486706a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0be1985-4e6e-4cc3-9b6e-2fc0d94bc02b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.7 kB (5749 bytes)
Hash
96b4478c098865b0d19738098db61d64
0e18a8c51596c8a4d84a142a57ffe376294833cc
9c9e433cf8f2167e4cfc3cff247eee85ebb9977e338e6e144acaea830db17c2c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0be1985-4e6e-4cc3-9b6e-2fc0d94bc02b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5749
x-amzn-requestid: c67c9352-e777-417e-afe1-003d7a072e86
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bkItcGfcoAMFzkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637187ef-670b63160b7d0cdf4a5b609e;Sampled=0
x-amzn-remapped-date: Mon, 14 Nov 2022 00:12:31 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: vFDS3_SNf5hbW8NAtNERJbS1jj29nWO0_GSIypgwlv7kymKieO8qNA==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Wed, 16 Nov 2022 08:43:09 GMT
age: 41664
etag: "0e18a8c51596c8a4d84a142a57ffe376294833cc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F520b9f3d-222d-4840-bd88-673cedf9b5fc.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.9 kB (4919 bytes)
Hash
a698bf97cc6c0c464ed1a2b2adb1c1d3
a3977e8cde4b6ad7ef2e75a477e71b7bbbec21f0
64d52d8983b2bf30b9b1f260b8d6534664024b8dfda0da273307ee510ed33aad

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F520b9f3d-222d-4840-bd88-673cedf9b5fc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4919
x-amzn-requestid: aae0d2da-e891-40a6-bd83-8942fc3ef0c0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bqYFFEnxoAMFdCQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637406ed-6ff1cc593aa1c934659030db;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 21:38:53 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: PhUSR2Y2GRZkB5UTrMma8vnIddc44pLJ2Sppk63xQyMC2imKLn-R4A==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Tue, 15 Nov 2022 21:47:46 GMT
age: 80987
etag: "a3977e8cde4b6ad7ef2e75a477e71b7bbbec21f0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af930b9-b854-4316-8425-07c6aa06477a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11715 bytes)
Hash
cd5bdc050716bb76afe8090fc81617e7
5109c156b180727767fc03c411190ccc0d3fb5fc
9b13e7838946c6654dda17886c2ca8d42de934acb93f4bddb1008dfa1bd1ea99

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af930b9-b854-4316-8425-07c6aa06477a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11715
x-amzn-requestid: 20e508bd-6568-4225-9bee-c683a49d44f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdMhUHkpIAMFfJg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec13b-7dc726b94a37fc667e2e6646;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:40:11 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: X3SUo1LP97TxraRav0ftskBhzWkTJInHaS44PW26yloF-dgD-bHBuA==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 15 Nov 2022 21:45:58 GMT
age: 81095
etag: "5109c156b180727767fc03c411190ccc0d3fb5fc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30efee28-35ab-4b55-b685-02cbd4c5c8c8.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.0 kB (8971 bytes)
Hash
b31091803f98744f4da3b311467300a7
d829c5d23a494bc901d925dd02b84c470a0de479
c1cb88b82d8b5a82019da970f812cd31e13086c2da8498a21a57e7238aa34fe8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30efee28-35ab-4b55-b685-02cbd4c5c8c8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8971
x-amzn-requestid: b5dd68c5-7146-4d31-a7fd-4ac4c474119a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bnb6bGeyoAMFV9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6372d9dc-2ca4003e65d69039389bc676;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 00:14:20 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8TqIvhJUq_yG_iMFds_btqtYsrNzoaZeIQgOP0-Kc60yuQFOPYEXRA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 16 Nov 2022 09:48:03 GMT
age: 37770
etag: "d829c5d23a494bc901d925dd02b84c470a0de479"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3b00960f-2d08-4518-83c0-1d7f0f3c973c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.0 kB (8990 bytes)
Hash
53d2d9380ba28ed0656b54c22bc56766
757f8e6306effbab70d99757c5672564cfc9f623
6d6c41527ae28cdce016470ec1eb87e0ed384f3ef721838724f29845f3bd8dac

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3b00960f-2d08-4518-83c0-1d7f0f3c973c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8990
x-amzn-requestid: cb142f4b-787e-4b3c-9d75-72579105db60
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bqYFOHi8IAMFpDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637406ee-504a14105d2be58b1ce71c18;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 21:38:54 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: GLJACvZUJjLdl3O2HUkWjgr7MqT_SRigTSdweSaTxUc-gTDULbYliA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 15 Nov 2022 22:14:18 GMT
age: 79395
etag: "757f8e6306effbab70d99757c5672564cfc9f623"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (49)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size