Report - advisory-narrative-notion-moisture.trycloudflare.com/otp.login.php

Report Overview

Submitted URL
advisory-narrative-notion-moisture.trycloudflare.com/otp.login.php
IP
104.17.124.55
ASN
#13335 CLOUDFLARENET
Submitted
2022-09-24 20:22:59
Access
Website Title
Final URL
Tags
None
urlquery detections
Phishing - Instagram

Detections

urlquery
12
Network Intrusion Detection
0
Threat Detection Systems
20

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	4.2 kB	93.184.220.29
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	13.224.132.78
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	34.210.107.213
advisory-narrative-notion-moisture.trycloudflare.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	8.3 kB	2.1 MB	104.17.124.55
www.facebook.com	99	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	662 B	373 B	157.240.200.35
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.36.76.226
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	13.224.132.85
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	59 kB	34.120.237.76
connect.facebook.net	139	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	398 B	28 kB	157.240.200.14
www.instagram.com	1096	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	449 B	35 kB	157.240.200.174

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-09-24	medium	advisory-narrative-notion-moisture.trycloudflare.com/otp.login.php	Instagram

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-24	medium	advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/96f2557117a2.js.download	Phishing
2022-09-24	medium	advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/b67d172d5783.js.download	Phishing
2022-09-24	medium	advisory-narrative-notion-moisture.trycloudflare.com/otp.login.php	Phishing
2022-09-24	medium	advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/fbevents.js.download	Phishing
2022-09-24	medium	advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/f9e5c0ca0804.js.download	Phishing
2022-09-24	medium	advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/b67d172d5783.js.download	Phishing
2022-09-24	medium	advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/d1f0f06b39df.js.download	Phishing
2022-09-24	medium	advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/b67d172d5783.js.download	Phishing
2022-09-24	medium	advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/lY4eZXm_YWu.html	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (14)

	URL	Size	First Seen	Last Seen
	advisory-narrative-notion-moisture.trycloudflare.com/otp.login.php	284 B	2023-03-07	2024-04-25
Pretty URL advisory-narrative-notion-moisture.trycloudflare.com/otp.login.php IP 104.17.124.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:30 Last Seen2024-04-25 07:57:58 Times Seen176 Hash d439d3159ea60f8f7e406dd5907e51f9 23820143e39cfa9a7f50fac69669976e6106c664 ec8315b1a8641ba123dccfed379a1e6b36867f8824592eeedaa2c721aa43dcbd Loading...

	advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/lY4eZXm_YWu.html	120 B	2023-03-07	2024-04-12
Pretty URL advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/lY4eZXm_YWu.html IP 104.17.124.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:06 Last Seen2024-04-12 07:06:55 Times Seen135 Hash f2a1489269335158f224000e6a3d92be c50ddbd1a445b4953eab370f707737ae67dab6c7 3fb8bd47db8a1cc794c542a8750c20fe1edffab82ffd82123d803dab286735c7 Loading...

	connect.facebook.net/signals/config/1425767024389221?v=2.9.83&r=stable	300 kB	2023-03-08	2023-03-08
Pretty URL connect.facebook.net/signals/config/1425767024389221?v=2.9.83&r=stable IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:38:01 Last Seen2023-03-08 00:38:02 Times Seen1 Hash e86209483976a29870660e1dc6b8aced 8d9590da793bc3a015aa0b709498e555929c5075 28530f79aec35d0686d0b33f035bae849682d458a32abc1e04241d297d2452f8 Loading...

	advisory-narrative-notion-moisture.trycloudflare.com/otp.login.php	2.1 kB	2023-03-07	2024-04-25
Pretty URL advisory-narrative-notion-moisture.trycloudflare.com/otp.login.php IP 104.17.124.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:06 Last Seen2024-04-25 07:57:58 Times Seen167 Hash b85b9458f28b695d08b94f4617d79d18 4a8ca52e6585fbad70f69208b2607c6cae390f79 dbb5022c8ab9a59d4a7261650526fe818bc52a6b47ca98f57259276c30157a33 Loading...

	advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/sdk.js.download	214 kB	2023-03-07	2024-03-25
Pretty URL advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/sdk.js.download IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:30 Last Seen2024-03-25 17:58:51 Times Seen139 Hash b8b2206fe50d0254816086113cf6df11 a565df8e1c4f0dad69635c4858736f6fdc9552f2 d385fa843e7ee41a3a0a65a0847c9382ba2de5ba6c2080cab595e21c4b87ab4f Loading...

	advisory-narrative-notion-moisture.trycloudflare.com/otp.login.php	414 B	2023-03-07	2024-04-25
Pretty URL advisory-narrative-notion-moisture.trycloudflare.com/otp.login.php IP 104.17.124.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:06 Last Seen2024-04-25 07:57:58 Times Seen171 Hash d1310309cf397381261be4a1d8a324dd 378e9804c9a05b846af859de55171142349263c4 4c3d4a4c8db3be18897b5647809ac78b72c2d77c3cd4cd06c76beab10a1599e0 Loading...

	advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/b67d172d5783.js.download	169 kB	2023-03-07	2024-04-22
Pretty URL advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/b67d172d5783.js.download IP 104.17.124.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:30 Last Seen2024-04-22 07:50:24 Times Seen355 Hash dda24fdc9d42618065b015e00633f9f0 4c744a39bb5bd381a9eace776bf351e8fbfdc90d 5d9a8c98591572b3cae2e15069e9d94bfb48caa3583ce85fcf8da9c095cf56ce Loading...

	advisory-narrative-notion-moisture.trycloudflare.com/otp.login.php	3.2 kB	2023-03-07	2024-04-25
Pretty URL advisory-narrative-notion-moisture.trycloudflare.com/otp.login.php IP 104.17.124.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:06 Last Seen2024-04-25 07:57:58 Times Seen165 Hash f3dbce1e783f08c022ac9671917b88e6 662afa0bdc25c475328cf169a5c8275179817663 2839e4584618ed9523df556d5e9871b1f54dbde740492f065e2da88ded79e2e2 Loading...

	connect.facebook.net/en_US/fbevents.js	103 kB	2023-03-07	2024-01-27
Pretty URL connect.facebook.net/en_US/fbevents.js IP 157.240.200.14 ASN #32934 FACEBOOK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:28:47 Last Seen2024-01-27 14:22:04 Times Seen5 Hash fceae2d2175dea188a051065cce78371 0df4721141635a5bceea1b8f801653c69e464d48 844bfb2ff3311ad9b5611b51d8c72e0c483a8ceafe7c625a5c321637f9277399 Loading...

	advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/96f2557117a2.js.download	62 kB	2023-03-07	2024-04-22
Pretty URL advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/96f2557117a2.js.download IP 104.17.124.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:30 Last Seen2024-04-22 07:50:24 Times Seen169 Hash afbda727651df4b6d1a87093be2f345f a3aaaf65c915ca33ac736c3fb3754c2a96b7954f 4be1a2d81e387502bbde143a158ee66d3146e7535e9d1b65cc2fb59d84f7e3fd Loading...

	advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/fbevents.js.download	129 kB	2023-03-07	2024-04-04
Pretty URL advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/fbevents.js.download IP 104.17.124.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:23 Last Seen2024-04-04 05:53:28 Times Seen63 Hash 9d939cad64375505e4dce7469a82e4ee c0d0919210cb8dc763acb3de97a6218020caaa8d 5a91c6d3e635c0bd1551a53cf0769328132151a7732039170280d500dbcb4685 Loading...

	advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/d1f0f06b39df.js.download	428 kB	2023-03-07	2024-04-22
Pretty URL advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/d1f0f06b39df.js.download IP 104.17.124.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:31 Last Seen2024-04-22 07:50:24 Times Seen136 Hash 01d42ef463b3a1d11f61052ad4f83590 27749ff279a5631d993cf0cd7c2f0e192518a736 7840c3d2426871bbe923b713761bdd3385cf4dc7e34b1e26a9aba078f4b6d769 Loading...

	advisory-narrative-notion-moisture.trycloudflare.com/otp.login.php	439 B	2023-03-07	2024-04-25
Pretty URL advisory-narrative-notion-moisture.trycloudflare.com/otp.login.php IP 104.17.124.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:30 Last Seen2024-04-25 07:57:58 Times Seen167 Hash df7e7ceeb2b6ff35f105522bddc42b4e 62d3ccb61459b0a4300e750e7bcfd00b7a341fb6 f993342d5cd18721230d5fc85c444af9cd94fd6ea5b391951f250663c8c9f4d5 Loading...

	advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/lY4eZXm_YWu.html	42 kB	2023-03-07	2024-03-01
Pretty URL advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/lY4eZXm_YWu.html IP 104.17.124.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:06 Last Seen2024-03-01 21:18:21 Times Seen70 Hash 9662425394516416f995475e1d96b18b 75f97c0cad1c8fea036dffccae182932987f31f3 34df5f23e68809b227337afc340c1084c217363716c563802fad1359e3f70c68 Loading...

HTTP Transactions (43)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
09a973de929ab7452edc342c780d3668
3f14f6e0a36f76863c0aea6fb561c266404a7ea3
e82ca5f310e37267fbf792427747e65c2bb35e684d3f629c0aa302f688bc4f80

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16501
Expires: Sun, 25 Sep 2022 00:57:49 GMT
Date: Sat, 24 Sep 2022 20:22:48 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
453b912814c810e68cdced039c82604c
6dc019eb796008d124fa21350758fdda14e206dc
1b6fcb9265f567554bc487fabf0406173b0c5159135843b23a25cef713b0ae2b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1123
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:22:48 GMT
Last-Modified: Sat, 24 Sep 2022 20:04:05 GMT
Server: ECS (amb/6BC3)
X-Cache: HIT
Content-Length: 279

firefox.settings.services.mozilla.com/v1/

13.224.132.78

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
13.224.132.78:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 24 Sep 2022 20:05:45 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a1cb6e97bccd4899987b343ae5d4c252.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR3-C2
X-Amz-Cf-Id: 0U2g9TBv_dNyKgvsyz2vqFpVqgs1kL7JhnM-z2Te0r8WF6dTBZKvNA==
Age: 1023

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

13.224.132.85

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
13.224.132.85:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 24 Sep 2022 04:13:03 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 95b26b715ee81beaff56d7e9f185da2e.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR3-C2
x-amz-cf-id: GB1OiGYl1ZxioHBXW4zeYIgOVY_kaAEQJP763C6Y3LxI_tmdVQ5l0g==
age: 58185
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 20:22:48 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

13.224.132.78

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
13.224.132.78:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Expires, Alert, Content-Length, ETag, Cache-Control, Content-Type, Backoff, Pragma, Last-Modified
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Sat, 24 Sep 2022 20:20:46 GMT
Expires: Sat, 24 Sep 2022 21:02:43 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 83ec53fe63944bed8681c782a9a0dc48.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR3-C2
X-Amz-Cf-Id: n0eyC-ekJzp_9DqGlBBQBV-ufEg6BJCQ15bWhkasFuCj0KFWyFwo6g==
Age: 123

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
a7809de115ea73f8b61f3d20a9978493
01fc65a2b694d7aadd5204d21801e87b2b55b73e
72692486033feeb149424c59576c6c75b17228dfc89b4c369d2e17cc4bff3d52

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5755
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:22:49 GMT
Last-Modified: Sat, 24 Sep 2022 18:46:54 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

34.210.107.213

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.210.107.213:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: kTkIVBYbSiBS5+6Tlqh6Nw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: oESclH1kH20qQg+l8KIiatR1Iqk=

advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/f06b908907d5.png

104.17.124.55

200 OK

10 kB

URL HTTP/2
advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/f06b908907d5.png
IP
104.17.124.55:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 564 x 168, 8-bit/color RGBA, non-interlaced\012- data
Size
10 kB (10071 bytes)
Hash
f06b908907d5d4f2aaf733e2bee7ea8e
073dcf14c7c312be5daeb4fa2113429e019fdbc7
583714033cab0d76045a8d4bbfb2326983f40d5c2cfa239e9527da9617686e6b

HTTP Headers

GET /TFO_files/f06b908907d5.png HTTP/1.1
Host: advisory-narrative-notion-moisture.trycloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://advisory-narrative-notion-moisture.trycloudflare.com/otp.login.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:22:50 GMT
content-type: image/png
content-length: 10071
cf-ray: 74fe3c00ad9efac4-OSL
cf-cache-status: DYNAMIC
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2

advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/629d23a3c7b2.jpg

104.17.124.55

200 OK

24 kB

URL HTTP/2
advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/629d23a3c7b2.jpg
IP
104.17.124.55:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 240x427, components 3\012- data
Size
24 kB (24052 bytes)
Hash
629d23a3c7b24459b2584bddb8a4a8e5
302e54effe6f4118a9cf003aef81b91e9ee62547
acd9e915679087545562b678b5f1ed295c0c9a06f19025a0d699e7dc8099640a

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Instagram

HTTP Headers

GET /TFO_files/629d23a3c7b2.jpg HTTP/1.1
Host: advisory-narrative-notion-moisture.trycloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://advisory-narrative-notion-moisture.trycloudflare.com/otp.login.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:22:50 GMT
content-type: image/jpeg
content-length: 24052
cf-ray: 74fe3c00ad8efac4-OSL
cf-cache-status: DYNAMIC
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2

advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/001bc33056c1.jpg

104.17.124.55

200 OK

26 kB

URL HTTP/2
advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/001bc33056c1.jpg
IP
104.17.124.55:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 240x427, components 3\012- data
Size
26 kB (26442 bytes)
Hash
001bc33056c10fdbbdb1db41009b57e1
ba9c9ec52cb05c909c1c9fc2fba64f981aff65b4
05dbf03a18c2dc87edc2c5a5dfe083a5e5a1cded370ddcb66810372433f5dcb5

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Instagram

HTTP Headers

GET /TFO_files/001bc33056c1.jpg HTTP/1.1
Host: advisory-narrative-notion-moisture.trycloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://advisory-narrative-notion-moisture.trycloudflare.com/otp.login.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:22:50 GMT
content-type: image/jpeg
content-length: 26442
cf-ray: 74fe3c00ad9bfac4-OSL
cf-cache-status: DYNAMIC
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2

advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/2d9d7248af43.jpg

104.17.124.55

200 OK

32 kB

URL HTTP/2
advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/2d9d7248af43.jpg
IP
104.17.124.55:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 240x427, components 3\012- data
Size
32 kB (32106 bytes)
Hash
2d9d7248af43c6a4405960bfb0254d48
d3b577667185d3abe12f2055addbde4e86607619
00a774313f1c87d2c40eae36529736eead9ce35345a82b814c718202bcf84f2d

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Instagram

HTTP Headers

GET /TFO_files/2d9d7248af43.jpg HTTP/1.1
Host: advisory-narrative-notion-moisture.trycloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://advisory-narrative-notion-moisture.trycloudflare.com/otp.login.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:22:50 GMT
content-type: image/jpeg
content-length: 32106
cf-ray: 74fe3c00ad8dfac4-OSL
cf-cache-status: DYNAMIC
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2

advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/f55c258e826e.png

104.17.124.55

200 OK

35 kB

URL HTTP/2
advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/f55c258e826e.png
IP
104.17.124.55:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 864 x 312, 8-bit/color RGB, non-interlaced\012- data
Size
35 kB (34608 bytes)
Hash
f55c258e826e3ce5d39d1004f8c4ff31
a6cf2c4199458fb68c6b47687e186e9eec85299b
0044767308dc917efc445a03ab5d5b16ef5e446f9ee11faed8df47fdd2ab50fb

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Instagram

HTTP Headers

GET /TFO_files/f55c258e826e.png HTTP/1.1
Host: advisory-narrative-notion-moisture.trycloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://advisory-narrative-notion-moisture.trycloudflare.com/otp.login.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:22:50 GMT
content-type: image/png
content-length: 34608
cf-ray: 74fe3c00ada0fac4-OSL
cf-cache-status: DYNAMIC
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2

advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/f5ae123ab1e2.jpg

104.17.124.55

200 OK

35 kB

URL HTTP/2
advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/f5ae123ab1e2.jpg
IP
104.17.124.55:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 240x427, components 3\012- data
Size
35 kB (35056 bytes)
Hash
f5ae123ab1e24e72615bea84fc7b4845
40251760c3fc66529bfee516450952f3e174a2f4
9a82dc4aa881a8a4cb0c24f9ecf1357b0fb6faf6bf88ee9e791360ddae796bf8

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Instagram

HTTP Headers

GET /TFO_files/f5ae123ab1e2.jpg HTTP/1.1
Host: advisory-narrative-notion-moisture.trycloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://advisory-narrative-notion-moisture.trycloudflare.com/otp.login.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:22:50 GMT
content-type: image/jpeg
content-length: 35056
cf-ray: 74fe3c00ad9cfac4-OSL
cf-cache-status: DYNAMIC
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5607
Expires: Sat, 24 Sep 2022 21:56:17 GMT
Date: Sat, 24 Sep 2022 20:22:50 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5607
Expires: Sat, 24 Sep 2022 21:56:17 GMT
Date: Sat, 24 Sep 2022 20:22:50 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5607
Expires: Sat, 24 Sep 2022 21:56:17 GMT
Date: Sat, 24 Sep 2022 20:22:50 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5607
Expires: Sat, 24 Sep 2022 21:56:17 GMT
Date: Sat, 24 Sep 2022 20:22:50 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5607
Expires: Sat, 24 Sep 2022 21:56:17 GMT
Date: Sat, 24 Sep 2022 20:22:50 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10032 bytes)
Hash
aa150280eb113504d61a25935c0f0127
ed04f74fbb4c77b21e2babc51a82857f5e23d169
07df17fffb391aa82efb09e30d97e88fa4dbe6df00e37bb90304f69179f4848e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10032
x-amzn-requestid: 521c4012-9834-4100-a7ed-30093502f1a9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sPBHGYoAMFh-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e272c-77b03c321240d76a572d603a;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:37:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lAQOV9_fZ2RFvhRKMtDOeRTWJc-Jo1u-DrtJshcQuCSOUXVbNMjhaw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:56:56 GMT
age: 80754
etag: "ed04f74fbb4c77b21e2babc51a82857f5e23d169"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/96f2557117a2.js.download

104.17.124.55

200 OK

62 kB

URL HTTP/2
advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/96f2557117a2.js.download
IP
104.17.124.55:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
62 kB (62081 bytes)
Hash
afbda727651df4b6d1a87093be2f345f
a3aaaf65c915ca33ac736c3fb3754c2a96b7954f
4be1a2d81e387502bbde143a158ee66d3146e7535e9d1b65cc2fb59d84f7e3fd

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Instagram
fortinet	Phishing

HTTP Headers

GET /TFO_files/96f2557117a2.js.download HTTP/1.1
Host: advisory-narrative-notion-moisture.trycloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://advisory-narrative-notion-moisture.trycloudflare.com/otp.login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:22:50 GMT
content-length: 62081
cf-ray: 74fe3c00ada3fac4-OSL
cf-cache-status: DYNAMIC
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10279 bytes)
Hash
8ea5f06ad31f0cedd2cb5c6df82f35f4
60a83a1618ffae06e49ca3002bac1db9980dcfe8
5f6a4cb92c016ef0f229b11d727e9680a15b10782b5bfe9e66ad9d100b458d8d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10279
x-amzn-requestid: 0f361c26-1f12-421a-9752-7d4fcdf839ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4V65GTXIAMF9-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd045-25677a637307879044de8242;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:14:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NcnEyVD-vG10pOpPCBMjKGqVw-rstkPIt-oqkIc5urAGE934fxL0VQ==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 04:12:38 GMT
age: 58212
etag: "60a83a1618ffae06e49ca3002bac1db9980dcfe8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.0 kB (8029 bytes)
Hash
02a682b4703bb9d6381c762726c05531
1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54
fb672de67420a239fe5d7e2588f640150ed29883fe2a46ded160385e3265004c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8029
x-amzn-requestid: 2fc5c63d-5cef-42f4-a6d2-b55f51c57af6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y0tHjGoAMFcFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4ea-73f2f78a2d1ca8fc666d2571;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:34 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 7DX67a-HmEh76IorINvRU61AKtSiimdPnHFnYeR2OJezZJ1_mJq0MA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:59:08 GMT
age: 80623
etag: "1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5039669-74cb-4d54-9208-94257c765b35.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.9 kB (9935 bytes)
Hash
55d224ac83a417772c98bc5080fb6689
a30f9044330824e70dde0dcc785890d981e6fdf5
b2ea4dea200109019a65834b98e31e8fac718a199513810a2819858be2b4470a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5039669-74cb-4d54-9208-94257c765b35.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9935
x-amzn-requestid: 9eb8463d-172a-40a2-8eed-3c97b1260afe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sQ5FARoAMFXQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e2738-3709a2f22ecc033532223b26;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:38:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: e5eETCL5yFnoG4HPx0Qv8hjGnlXx5vOL4syMx9uato8nuIHkSvMezg==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:53:50 GMT
age: 80941
etag: "a30f9044330824e70dde0dcc785890d981e6fdf5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F76fa20bb-9883-4867-b55e-fc56c8f8fc57.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.4 kB (6386 bytes)
Hash
d8d9af95acfc8b9b431eb1e020157f6d
f6f926be6e265a597aaede424f05fcd7c76fcc20
0b61d6cb0e0908cb8d303b9e951e2854166bd232e0291b5d698a6b757c064e88

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F76fa20bb-9883-4867-b55e-fc56c8f8fc57.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6386
x-amzn-requestid: 4380489e-d0ba-4f67-ac4f-67619ba34422
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7shGHryIAMF6zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e27a0-005f9c783c7722f16c178026;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:39:44 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: RuUOjTDRTkcaGFf_hTWrHZ89edOajgGUdl5PjbaUV7CUppat6IYsRg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:52:36 GMT
age: 81015
etag: "f6f926be6e265a597aaede424f05fcd7c76fcc20"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85d1d130-04e1-43f4-81d7-b15e9286f813.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.4 kB (8354 bytes)
Hash
e1087dcce202bbbc8c84196bd2050662
670d89082f8da643e1196b11fb64bf71707f0e8d
f6a7b6e07177431d7845e2f2b7b1b3b76088671db32aeef580a72e9bd3ddae00

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85d1d130-04e1-43f4-81d7-b15e9286f813.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8354
x-amzn-requestid: 3ec3470c-2268-4102-af88-27dcfed76bfc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sPCGOcoAMF2xQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e272c-481aa98b413690636fc3a2f0;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:37:48 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: dXqPCGTGK8gW86McTltPuNYKXQgUuSqcL_XbyRQitinH5LsUscmU2w==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:47:49 GMT
age: 81302
etag: "670d89082f8da643e1196b11fb64bf71707f0e8d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/b67d172d5783.js.download

104.17.124.55

200 OK

169 kB

URL HTTP/2
advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/b67d172d5783.js.download
IP
104.17.124.55:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
169 kB (169089 bytes)
Hash
dda24fdc9d42618065b015e00633f9f0
4c744a39bb5bd381a9eace776bf351e8fbfdc90d
5d9a8c98591572b3cae2e15069e9d94bfb48caa3583ce85fcf8da9c095cf56ce

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Instagram
fortinet	Phishing

HTTP Headers

GET /TFO_files/b67d172d5783.js.download HTTP/1.1
Host: advisory-narrative-notion-moisture.trycloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://advisory-narrative-notion-moisture.trycloudflare.com/otp.login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:22:50 GMT
content-length: 169089
cf-ray: 74fe3c009d87fac4-OSL
cf-cache-status: DYNAMIC
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2

advisory-narrative-notion-moisture.trycloudflare.com/otp.login.php

104.17.124.55

200 OK

247 kB

URL HTTP/2
advisory-narrative-notion-moisture.trycloudflare.com/otp.login.php
IP
104.17.124.55:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
247 kB (247200 bytes)
Hash
6cd7c8eda8b9f049fcf22854e3233cfb
b890f288543d7b45a2d0e012982d70fce68ae9d4
40b48d479054d5ba562693b87d3c06b4ac57166db9c9001414ff19606c038d7d

Detections

Analyzer	Verdict	Alert
openphish	Instagram
fortinet	Phishing

HTTP Headers

GET /otp.login.php HTTP/1.1
Host: advisory-narrative-notion-moisture.trycloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:22:49 GMT
content-type: text/html; charset=UTF-8
cf-ray: 74fe3bfb4a21fac4-OSL
cf-cache-status: DYNAMIC
x-powered-by: PHP/8.1.5
vary: Accept-Encoding
server: cloudflare
content-encoding: gzip
X-Firefox-Spdy: h2

advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/4b70f6fae447.png

104.17.124.55

200 OK

3.8 kB

URL HTTP/2
advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/4b70f6fae447.png
IP
104.17.124.55:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 306 x 90, 8-bit colormap, non-interlaced\012- data
Size
3.8 kB (3754 bytes)
Hash
4b70f6fae44727678540b68e876908b1
d5a23520acdf18636380e1a88d3de2a1efbf6ce1
14c09561486ba385a8a62bc0a8b41e03638a6334648113a7f28be47271eccb5e

HTTP Headers

GET /TFO_files/4b70f6fae447.png HTTP/1.1
Host: advisory-narrative-notion-moisture.trycloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://advisory-narrative-notion-moisture.trycloudflare.com/otp.login.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:22:51 GMT
content-type: image/png
content-length: 3754
cf-ray: 74fe3c00ad9dfac4-OSL
cf-cache-status: DYNAMIC
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2

advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/fbevents.js.download

104.17.124.55

200 OK

129 kB

URL HTTP/2
advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/fbevents.js.download
IP
104.17.124.55:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (33256)
Size
129 kB (128769 bytes)
Hash
9d939cad64375505e4dce7469a82e4ee
c0d0919210cb8dc763acb3de97a6218020caaa8d
5a91c6d3e635c0bd1551a53cf0769328132151a7732039170280d500dbcb4685

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /TFO_files/fbevents.js.download HTTP/1.1
Host: advisory-narrative-notion-moisture.trycloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://advisory-narrative-notion-moisture.trycloudflare.com/otp.login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:22:51 GMT
content-length: 128769
cf-ray: 74fe3c009d8afac4-OSL
cf-cache-status: DYNAMIC
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2

advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/f9e5c0ca0804.js.download

104.17.124.55

200 OK

542 kB

URL HTTP/2
advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/f9e5c0ca0804.js.download
IP
104.17.124.55:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, Unicode text, UTF-8 text, with very long lines (55484)
Size
542 kB (542348 bytes)
Hash
5444b5168ab99762807c4d894440ff67
11916472efe7ea99c76cdd341316793386ea1d6f
abe26e3273ad85e1070eb72f601a26dc00c964ad53fe2c8164b880f2056353b6

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Instagram
fortinet	Phishing

HTTP Headers

GET /TFO_files/f9e5c0ca0804.js.download HTTP/1.1
Host: advisory-narrative-notion-moisture.trycloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://advisory-narrative-notion-moisture.trycloudflare.com/otp.login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:22:50 GMT
content-length: 542348
cf-ray: 74fe3c00ada5fac4-OSL
cf-cache-status: DYNAMIC
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2

advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/b67d172d5783.js.download

104.17.124.55

200 OK

169 kB

URL HTTP/2
advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/b67d172d5783.js.download
IP
104.17.124.55:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
169 kB (169089 bytes)
Hash
dda24fdc9d42618065b015e00633f9f0
4c744a39bb5bd381a9eace776bf351e8fbfdc90d
5d9a8c98591572b3cae2e15069e9d94bfb48caa3583ce85fcf8da9c095cf56ce

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Instagram
fortinet	Phishing

HTTP Headers

GET /TFO_files/b67d172d5783.js.download HTTP/1.1
Host: advisory-narrative-notion-moisture.trycloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://advisory-narrative-notion-moisture.trycloudflare.com/otp.login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:22:52 GMT
content-length: 169089
cf-ray: 74fe3c0c4f20fac4-OSL
cf-cache-status: DYNAMIC
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2

advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/d1f0f06b39df.js.download

104.17.124.55

200 OK

428 kB

URL HTTP/2
advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/d1f0f06b39df.js.download
IP
104.17.124.55:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (54549)
Size
428 kB (427522 bytes)
Hash
01d42ef463b3a1d11f61052ad4f83590
27749ff279a5631d993cf0cd7c2f0e192518a736
7840c3d2426871bbe923b713761bdd3385cf4dc7e34b1e26a9aba078f4b6d769

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Instagram
fortinet	Phishing

HTTP Headers

GET /TFO_files/d1f0f06b39df.js.download HTTP/1.1
Host: advisory-narrative-notion-moisture.trycloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://advisory-narrative-notion-moisture.trycloudflare.com/otp.login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:22:51 GMT
content-length: 427522
cf-ray: 74fe3c00ada1fac4-OSL
cf-cache-status: DYNAMIC
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
419de8bd44f32435f5730ab5925e843b
6b352afe88897d6f3c3c2944de370eb96c670644
0c74e6e47c5fb7501624f8e88e5e53ad25e0d059a07ff5df2882bcb86b94a62a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6413
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:22:53 GMT
Last-Modified: Sat, 24 Sep 2022 18:36:00 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
bab07b664f09df787e34ccb816008d57
e9c867683110f11e16f9faa83659e04ae65292fb
368d87353000eec4918d5d5f0945d16d9103d17b434b70e056ece48917894bca

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4501
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:22:53 GMT
Last-Modified: Sat, 24 Sep 2022 19:07:52 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
bab07b664f09df787e34ccb816008d57
e9c867683110f11e16f9faa83659e04ae65292fb
368d87353000eec4918d5d5f0945d16d9103d17b434b70e056ece48917894bca

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5224
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:22:53 GMT
Last-Modified: Sat, 24 Sep 2022 18:55:49 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471

advisory-narrative-notion-moisture.trycloudflare.com/static/images/homepage/home-phones.png/38825c9d5aa2.png

104.17.124.55

404 Not Found

4.0 kB

URL HTTP/2
advisory-narrative-notion-moisture.trycloudflare.com/static/images/homepage/home-phones.png/38825c9d5aa2.png
IP
104.17.124.55:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
4.0 kB (3970 bytes)
Hash
5053e7c563875e3a5a6def761472fd49
2253ff3f50323cdde9977f5cb898ad9a0bcb8b38
bc167a561c7ea020290050b2d9756b465235914a77e16738ee60c08d6810a8f3

HTTP Headers

GET /static/images/homepage/home-phones.png/38825c9d5aa2.png HTTP/1.1
Host: advisory-narrative-notion-moisture.trycloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://advisory-narrative-notion-moisture.trycloudflare.com/otp.login.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
date: Sat, 24 Sep 2022 20:22:52 GMT
content-type: text/html; charset=UTF-8
cf-ray: 74fe3c0c6f34fac4-OSL
cf-cache-status: DYNAMIC
vary: Accept-Encoding
server: cloudflare
content-encoding: gzip
X-Firefox-Spdy: h2

connect.facebook.net/en_US/fbevents.js

157.240.200.14

200 OK

27 kB

URL HTTP/2
connect.facebook.net/en_US/fbevents.js
IP
157.240.200.14:0
ASN
#32934 FACEBOOK

File type
ASCII text, with very long lines (64348)
Size
27 kB (26839 bytes)
Hash
9ecd89752214ef749272eef344b9089a
70a58a49c08934265ee34c74efb01d6b3124095d
f76c51487e348977288fcaf83984cd8fe4e73758cc352402774d9eb94680d528

HTTP Headers

GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://advisory-narrative-notion-moisture.trycloudflare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: Wbi3kJShlXIt+TvE2TZ7JXSqQyH8UJ2qMX8Kj7N79Op4+/fNr16r4gdSgLBDfgE2ox/le5yLQAf0VrPQ6arQBQ==
content-length: 26839
x-fb-trip-id: 1679558926
date: Sat, 24 Sep 2022 20:22:53 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.instagram.com/static/images/ico/favicon-192.png/b407fa101800.png

157.240.200.174

200 OK

35 kB

URL HTTP/2
www.instagram.com/static/images/ico/favicon-192.png/b407fa101800.png
IP
157.240.200.174:0
ASN
#32934 FACEBOOK

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
35 kB (34719 bytes)
Hash
dc5dd2d4aae02d969a174c57e8cb24ba
ba0a803fb325c0f56082363346ef3e9639200787
e413af3093fdc4fa174691b4c5a8e649ff11a79ec646c68f07c9a4b0643bdafb

HTTP Headers

GET /static/images/ico/favicon-192.png/b407fa101800.png HTTP/1.1
Host: www.instagram.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://advisory-narrative-notion-moisture.trycloudflare.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/png
content-encoding: br
vary: Accept-Encoding
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
etag: "b407fa101800"
cache-control: public,max-age=31536000,immutable
edge-control: max-age=1209600, no-transform
date: Mon, 19 Sep 2022 13:15:06 GMT
content-length: 34719
x-fb-trip-id: 1679558926
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
419de8bd44f32435f5730ab5925e843b
6b352afe88897d6f3c3c2944de370eb96c670644
0c74e6e47c5fb7501624f8e88e5e53ad25e0d059a07ff5df2882bcb86b94a62a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5134
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:22:53 GMT
Last-Modified: Sat, 24 Sep 2022 18:57:19 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471

advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/b67d172d5783.js.download

104.17.124.55

200 OK

169 kB

URL HTTP/2
advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/b67d172d5783.js.download
IP
104.17.124.55:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
169 kB (169089 bytes)
Hash
dda24fdc9d42618065b015e00633f9f0
4c744a39bb5bd381a9eace776bf351e8fbfdc90d
5d9a8c98591572b3cae2e15069e9d94bfb48caa3583ce85fcf8da9c095cf56ce

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Instagram
fortinet	Phishing

HTTP Headers

GET /TFO_files/b67d172d5783.js.download HTTP/1.1
Host: advisory-narrative-notion-moisture.trycloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://advisory-narrative-notion-moisture.trycloudflare.com/otp.login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:22:53 GMT
content-length: 169089
cf-ray: 74fe3c163e77fac4-OSL
cf-cache-status: DYNAMIC
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2

www.facebook.com/tr/?id=1425767024389221&ev=PageView&dl=https%3A%2F%2Fadvisory-narrative-notion-moisture.trycloudflare.com%2Fotp.login.php&rl=&if=false&ts=1664050973021&sw=1280&sh=1024&v=2.9.83&r=stable&ec=0&o=30&fbp=fb.2.1664050973020.2058015018&it=1664050972175&coo=false&rqm=GET

157.240.200.35

200 OK

0 B

URL HTTP/2
www.facebook.com/tr/?id=1425767024389221&ev=PageView&dl=https%3A%2F%2Fadvisory-narrative-notion-moisture.trycloudflare.com%2Fotp.login.php&rl=&if=false&ts=1664050973021&sw=1280&sh=1024&v=2.9.83&r=stable&ec=0&o=30&fbp=fb.2.1664050973020.2058015018&it=1664050972175&coo=false&rqm=GET
IP
157.240.200.35:0
ASN
#32934 FACEBOOK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /tr/?id=1425767024389221&ev=PageView&dl=https%3A%2F%2Fadvisory-narrative-notion-moisture.trycloudflare.com%2Fotp.login.php&rl=&if=false&ts=1664050973021&sw=1280&sh=1024&v=2.9.83&r=stable&ec=0&o=30&fbp=fb.2.1664050973020.2058015018&it=1664050972175&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://advisory-narrative-notion-moisture.trycloudflare.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin: 
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Sat, 24 Sep 2022 20:22:54 GMT
X-Firefox-Spdy: h2

advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/lY4eZXm_YWu.html

104.17.124.55

200 OK

0 B

URL HTTP/2
advisory-narrative-notion-moisture.trycloudflare.com/TFO_files/lY4eZXm_YWu.html
IP
104.17.124.55:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /TFO_files/lY4eZXm_YWu.html HTTP/1.1
Host: advisory-narrative-notion-moisture.trycloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://advisory-narrative-notion-moisture.trycloudflare.com/otp.login.php
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:22:53 GMT
content-type: text/html; charset=UTF-8
cf-ray: 74fe3c165e82fac4-OSL
cf-cache-status: DYNAMIC
vary: Accept-Encoding
server: cloudflare
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations