Report - alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/login.php

Report Overview

Submitted URL
alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/login.php
IP
63.250.43.10
ASN
#22612 NAMECHEAP-NET
Submitted
2023-03-27 05:17:03
Access
public
Website Title
Final URL
Tags
netflix phishing
urlquery detections
Phishing - Netflix

Detections

urlquery
27
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-29T05:09:03Z	782 B	2.4 kB	35.241.9.150
alkabers-c915fc.ingress-baronn.ewp.live	unknown	2023-03-26T16:10:17Z	2023-03-27T08:35:47Z	7.5 kB	396 kB	63.250.43.10
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-29T05:09:31Z	413 B	5.9 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-29T05:09:31Z	333 B	391 B	34.117.237.239
ocsp.sectigo.com	487	2019-11-29T12:50:24Z	2023-03-29T08:59:28Z	340 B	963 B	172.64.155.188
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-29T05:09:32Z	606 B	238 B	34.117.65.55
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-29T05:09:12Z	3.8 kB	63 kB	34.120.237.76
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-29T05:09:11Z	2.7 kB	7.1 kB	23.36.77.32

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-03-26	medium	alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/login.php	Netflix Inc.
2023-03-26	medium	alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/login.php	Netflix Inc.

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/style/js/angular.min.js	167 kB	2023-03-07	2024-04-25
Pretty URL alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/style/js/angular.min.js IP 63.250.43.9 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:29 Last Seen2024-04-25 02:03:14 Times Seen3453 Hash be6af23e2a716c006da75d0291784254 9c923313eabc56d715a7c07bf855feb26a72f671 8c50aa8567731858e81bcfd2027718d9a7c8fd7bf54cf496499adbf5da5741b9 Loading...

	unknown	0 B	2023-03-07	2024-04-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-27 04:47:21 Times Seen37111272 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/style/js/jquery.validate.min.js	50 kB	2023-03-07	2024-04-25
Pretty URL alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/style/js/jquery.validate.min.js IP 63.250.43.9 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:19 Last Seen2024-04-25 02:03:14 Times Seen216 Hash d5629cbf42e106909b5113e08df03ce1 d3094a0e83e7189eefc2ac0af6299b27db141eae 4722cc6e6ae20ebfa5b2101b4424df64b9db793fc22061f4b3ddcdc5bf6a4c63 Loading...

	alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/style/js/jquery.mask.js	18 kB	2023-03-07	2024-04-25
Pretty URL alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/style/js/jquery.mask.js IP 63.250.43.9 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:19 Last Seen2024-04-25 02:03:14 Times Seen3598 Hash 219d169a80568884a3d6baab3e5e7def 61d00104de8c972c820cd9b527d8e2edb30e5c4a cf1f0d954cbbbcb32d170b1ff68c5b082a1086f34f2bbee825ca88b7c9fb213a Loading...

	alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/style/js/style.js	2.2 kB	2023-03-07	2024-04-25
Pretty URL alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/style/js/style.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:19 Last Seen2024-04-25 02:03:14 Times Seen912 Hash 898f19a99389c21b45afaa5cbc50ebbe 6dd2957947201f36f3a50cad3bda18874d2508d7 f050012b033cb391112b37757113c73ff09884815ff73ce45592ee309ce87b3f Loading...

	alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/login.php	277 B	2023-03-07	2024-04-19
Pretty URL alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/login.php IP 63.250.43.10 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:19 Last Seen2024-04-19 18:27:15 Times Seen386 Hash c2f5908d88a71fb36947781bbb24e737 2a03a8a3f46e05a3457b851f44529cb739a57600 2e0c16fac268511d13f6f6bd8075b5d489666c24756e9d9e4550df53097a4d77 Loading...

	alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/login.php	830 B	2023-03-08	2023-05-03
Pretty URL alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/login.php IP 63.250.43.10 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:38:15 Last Seen2023-05-03 16:49:41 Times Seen16 Hash a4ccdb4eb86e901cc40a029a09097fbe dfe7dd27be4572ed1efe1a526c8888a5ead16054 bcb234694cc77aaba596c0668f063d7ce76c40cd2852a1b1f9e00825f5e4fedd Loading...

HTTP Transactions (35)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
13f90146df1d559743af6df15c29b77b
6dd24f60629c39f857e3c996084f4d515cf3f8d0
ea5975be17b9cd29c8770939eb5d63ce43c1c44ce9a3a4d04e1e79cd69b30d1c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EA5975BE17B9CD29C8770939EB5D63CE43C1C44CE9A3A4D04E1E79CD69B30D1C"
Last-Modified: Fri, 24 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5170
Expires: Mon, 27 Mar 2023 06:43:02 GMT
Date: Mon, 27 Mar 2023 05:16:52 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5d9435c884bf4a0777fdf4b57079ae09
7f04b9db47ffeec90ac6397416b7553e5336a550
fe77420ec3a11f547cf5172b68d30faa4fe0c13165ae305f0013b02914e61084

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FE77420EC3A11F547CF5172B68D30FAA4FE0C13165AE305F0013B02914E61084"
Last-Modified: Sat, 25 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3259
Expires: Mon, 27 Mar 2023 06:11:11 GMT
Date: Mon, 27 Mar 2023 05:16:52 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1313ee2f06606d09c45b06ff9e8e1001
285ca89d1d3ea45d35832bc6d9827f834b3bfe21
63463447d29550c3734f621be02ec85290fbdf4612f79f9fad7e94f7e066dcb0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63463447D29550C3734F621BE02EC85290FBDF4612F79F9FAD7E94F7E066DCB0"
Last-Modified: Fri, 24 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4733
Expires: Mon, 27 Mar 2023 06:35:45 GMT
Date: Mon, 27 Mar 2023 05:16:52 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bc86ef2a0cee04915bc360f5821adc8f
3658f9028cce204d38f7f48fcfaa2a8e4f54383a
aeecd718d03811322457de4f20828bdba86b277e7e0e328cae9c0a8075638454

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Backoff, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 27 Mar 2023 04:27:57 GMT
content-type: application/json
age: 2935
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/login.php

63.250.43.10

301 Moved Permanently

0 B

URL HTTP/1.1
alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/login.php
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix
urlquery	phishing	Phishing - Netflix
openphish	Netflix Inc.

HTTP Headers

GET /montakhabfans/en/login.php HTTP/1.1
Host: alkabers-c915fc.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
content-length: 0
location: https://alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/login.php

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: IpVGkSky5c2M1EqarPAsI6mFrOyJO/B7q2q3Qmj6mH+qMRAL58d6SbafETanzI+ysxdkkXy0KOc=
x-amz-request-id: J3979WW5XVTPT9CG
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 27 Mar 2023 05:01:31 GMT
age: 921
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 27 Mar 2023 05:16:52 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a3242c27d5e1454c4ed0224a21b99fde
d14f94d30b766f1e11284fb333529903e116718c
e9f38284fdd9e5d9c19f16fe29db0d58bc68bd71c35aebfbcb80580417feefae

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E9F38284FDD9E5D9C19F16FE29DB0D58BC68BD71C35AEBFBCB80580417FEEFAE"
Last-Modified: Sun, 26 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12211
Expires: Mon, 27 Mar 2023 08:40:23 GMT
Date: Mon, 27 Mar 2023 05:16:52 GMT
Connection: keep-alive

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
0446c69a641bc8684b0bf34fd2f3856c
ce1bfa857b342d909634840c125492fe40f493b5
c16909fb8e04576ed8ec4e2b0b72246c56272dac92c9671832a33273ab502690

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 27 Mar 2023 05:16:52 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 25 Mar 2023 22:30:18 GMT
Expires: Sat, 01 Apr 2023 22:30:17 GMT
Etag: "ce1bfa857b342d909634840c125492fe40f493b5"
Cache-Control: max-age=493404,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ae529edbda41bfe-OSL

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Last-Modified, Retry-After, Content-Length, Alert, Cache-Control, Expires, Content-Type, Backoff, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 27 Mar 2023 05:14:35 GMT
age: 137
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

push.services.mozilla.com/

34.117.65.55

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.117.65.55:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: hv5VeR106E/669GRajZHgA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: YNX/v0qR1Kb57kOe3aGJCqdnqlg=
Date: Mon, 27 Mar 2023 05:16:52 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/login.php

63.250.43.9

200 OK

3.5 kB

URL HTTP/2
alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/login.php
IP
63.250.43.9:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1157), with CRLF line terminators
Size
3.5 kB (3479 bytes)
Hash
d22a8442f40773c3e6474e3aad8526ef
6ed16bf3264b4254fab4ffafad4301b676e7ac52
7e78a8555a024f9c7dd1ad9c86faa8d3b272457da00d8e7c5ad118bdf6a8c75e

Detections

Analyzer	Verdict	Alert
openphish	Netflix Inc.

HTTP Headers

GET /montakhabfans/en/login.php HTTP/1.1
Host: alkabers-c915fc.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: nginx
date: Mon, 27 Mar 2023 05:16:52 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: PHPSESSID=5lbubfvpshbr4a1nkth5jd9kfi; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, public
pragma: no-cache
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
content-encoding: gzip
age: 0
accept-ranges: bytes
x-cache: MISS
content-length: 3479
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/style/css/stylef.css

63.250.43.9

200 OK

2.1 kB

URL HTTP/2
alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/style/css/stylef.css
IP
63.250.43.9:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (3786), with CRLF line terminators
Size
2.1 kB (2135 bytes)
Hash
05c4b2582d769d428209dd587659776f
263208fa0e88768c89ac3d368e1abcc0d79b28ef
d9be69c4b5a3561ddb774983065505354691cda48e37ae9675a43219bf9856d5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /montakhabfans/en/style/css/stylef.css HTTP/1.1
Host: alkabers-c915fc.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/login.php
Connection: keep-alive
Cookie: PHPSESSID=5lbubfvpshbr4a1nkth5jd9kfi
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 21:20:15 GMT
last-modified: Fri, 19 Nov 2021 21:39:46 GMT
etag: "619819a2-1e9c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: text/css
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 28597
accept-ranges: bytes
x-cache: HIT
content-length: 2135
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/style/js/angular.min.js

63.250.43.9

200 OK

58 kB

URL HTTP/2
alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/style/js/angular.min.js
IP
63.250.43.9:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (566)
Size
58 kB (58485 bytes)
Hash
7fea74563a0d2d9bb508a51c6e322b22
0a62a90f9a99d185e1bce49dabea132e0edb468a
8e65040e11a39214c1bb095831fc24b0e6799a732627f7d682c48442eeff2bfd

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /montakhabfans/en/style/js/angular.min.js HTTP/1.1
Host: alkabers-c915fc.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/login.php
Connection: keep-alive
Cookie: PHPSESSID=5lbubfvpshbr4a1nkth5jd9kfi
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 21:00:14 GMT
last-modified: Fri, 19 Nov 2021 21:39:46 GMT
etag: "619819a2-28cdb"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: application/javascript
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 29798
accept-ranges: bytes
x-cache: HIT
content-length: 58485
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/style/js/jquery.min.js

63.250.43.9

200 OK

85 kB

URL HTTP/2
alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/style/js/jquery.min.js
IP
63.250.43.9:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with CRLF line terminators
Size
85 kB (85169 bytes)
Hash
cbe915655aaea508a1759d6e2d82058d
b91919490a633b42a632f21937ead78ee85e9cdd
738e409abbe6f20cfadb90cfd4a6046e0ec63b11e38c65408f855fd229ae7d91

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /montakhabfans/en/style/js/jquery.min.js HTTP/1.1
Host: alkabers-c915fc.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/login.php
Connection: keep-alive
Cookie: PHPSESSID=5lbubfvpshbr4a1nkth5jd9kfi
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 21:00:14 GMT
last-modified: Fri, 19 Nov 2021 21:39:46 GMT
etag: "619819a2-478d0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: application/javascript
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 29798
accept-ranges: bytes
x-cache: HIT
content-length: 85169
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/style/js/jquery.validate.min.js

63.250.43.9

200 OK

13 kB

URL HTTP/2
alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/style/js/jquery.validate.min.js
IP
63.250.43.9:0
ASN
#22612 NAMECHEAP-NET

File type
Unicode text, UTF-8 text, with very long lines (511), with CRLF line terminators
Size
13 kB (13089 bytes)
Hash
0a02bf90d7893fe23d1fe078a5004fcc
319396ff3db65c0fb6d41a37645dc25e89530c34
e42f7afd1acabeb93cedda9324172d36a3f6104f25ea95933e0c504fef3427ad

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /montakhabfans/en/style/js/jquery.validate.min.js HTTP/1.1
Host: alkabers-c915fc.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/login.php
Connection: keep-alive
Cookie: PHPSESSID=5lbubfvpshbr4a1nkth5jd9kfi
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 21:00:14 GMT
last-modified: Fri, 19 Nov 2021 21:39:46 GMT
etag: "619819a2-c3fa"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: application/javascript
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 29798
accept-ranges: bytes
x-cache: HIT
content-length: 13089
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/style/js/jquery.mask.js

63.250.43.9

200 OK

4.9 kB

URL HTTP/2
alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/style/js/jquery.mask.js
IP
63.250.43.9:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text
Size
4.9 kB (4948 bytes)
Hash
72561daefcabe07fcd6e4a000ce2b1f9
29f4b8a00c67c6d29e8beb9cbe1fcc040bfc4bf5
3a19e4fd29ca6cd5ba35dd0f38915107a432a326280051d32ca2b16af7d668b7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /montakhabfans/en/style/js/jquery.mask.js HTTP/1.1
Host: alkabers-c915fc.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/login.php
Connection: keep-alive
Cookie: PHPSESSID=5lbubfvpshbr4a1nkth5jd9kfi
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 21:00:14 GMT
last-modified: Fri, 19 Nov 2021 21:39:46 GMT
etag: "619819a2-47fe"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: application/javascript
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 29798
accept-ranges: bytes
x-cache: HIT
content-length: 4948
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/style/css/nonechaditk.css

63.250.43.9

200 OK

20 kB

URL HTTP/2
alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/style/css/nonechaditk.css
IP
63.250.43.9:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
20 kB (20103 bytes)
Hash
67afd5e4b05c512e87a2dcaca1ecbaaf
ce5774ee063a6948297dfbc1670c4f00e7c3ce83
50a4ffc942d195424f7ec795cadf604adb46fa1dbdec24271de0a0b828fedb74

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /montakhabfans/en/style/css/nonechaditk.css HTTP/1.1
Host: alkabers-c915fc.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/login.php
Connection: keep-alive
Cookie: PHPSESSID=5lbubfvpshbr4a1nkth5jd9kfi
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 21:20:15 GMT
last-modified: Fri, 19 Nov 2021 21:39:46 GMT
etag: "619819a2-1ec23"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: text/css
vary: Accept-Encoding
content-encoding: gzip
x-cacheable: YES
age: 28597
accept-ranges: bytes
x-cache: HIT
content-length: 20103
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/style/css/FB-f-Logo__blue_57.png

63.250.43.9

200 OK

1.5 kB

URL HTTP/2
alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/style/css/FB-f-Logo__blue_57.png
IP
63.250.43.9:0
ASN
#22612 NAMECHEAP-NET

File type
PNG image data, 57 x 57, 8-bit/color RGBA, non-interlaced\012- data
Size
1.5 kB (1455 bytes)
Hash
a33ca47ef110b6e3ec5086b8776407d3
dff5bbbe61b4920a23fb21a7fca69ca9e94dcb6c
3e49d9dc43267590184389ab3da0cb9f7308c9c848667dab109a0f7c73450ece

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /montakhabfans/en/style/css/FB-f-Logo__blue_57.png HTTP/1.1
Host: alkabers-c915fc.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/login.php
Connection: keep-alive
Cookie: PHPSESSID=5lbubfvpshbr4a1nkth5jd9kfi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 21:20:17 GMT
last-modified: Fri, 19 Nov 2021 21:39:46 GMT
etag: "619819a2-5af"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: image/png
content-length: 1455
x-cacheable: YES
age: 28596
accept-ranges: bytes
x-cache: HIT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/style/css/alpha_website_small.jpg

63.250.43.9

200 OK

116 kB

URL HTTP/2
alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/style/css/alpha_website_small.jpg
IP
63.250.43.9:0
ASN
#22612 NAMECHEAP-NET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2000x1125, components 3\012- data
Size
116 kB (115912 bytes)
Hash
330f71efaf9464edb933d1d635e27dd6
3d11a19729f6fcd344df1c38f34eccfa60a6bf2d
3e379956c11b27e761265f7d50f07f680407c9bfe4b067856b9408755ec08255

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /montakhabfans/en/style/css/alpha_website_small.jpg HTTP/1.1
Host: alkabers-c915fc.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/login.php
Connection: keep-alive
Cookie: PHPSESSID=5lbubfvpshbr4a1nkth5jd9kfi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 21:20:16 GMT
last-modified: Fri, 19 Nov 2021 21:39:46 GMT
etag: "619819a2-1c4c8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: image/jpeg
content-length: 115912
x-cacheable: YES
age: 28596
accept-ranges: bytes
x-cache: HIT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/style/css/site-spinner-240-light.png

63.250.43.9

200 OK

5.1 kB

URL HTTP/2
alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/style/css/site-spinner-240-light.png
IP
63.250.43.9:0
ASN
#22612 NAMECHEAP-NET

File type
PNG image data, 240 x 240, 8-bit/color RGBA, non-interlaced\012- data
Size
5.1 kB (5095 bytes)
Hash
93ebf9e3bb5fde6c9456ca28711bfbba
006bef52015403d071a73fb6f04bd2dd98f82ebb
5a7ed665f614fe2c62e79a477715dd18c8afae67f7c580bc049e013feb2864b7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /montakhabfans/en/style/css/site-spinner-240-light.png HTTP/1.1
Host: alkabers-c915fc.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/style/css/nonechaditk.css
Cookie: PHPSESSID=5lbubfvpshbr4a1nkth5jd9kfi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 21:20:17 GMT
last-modified: Fri, 19 Nov 2021 21:39:46 GMT
etag: "619819a2-13e7"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: image/png
content-length: 5095
x-cacheable: YES
age: 28596
accept-ranges: bytes
x-cache: HIT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/style/css/nf-icon-v1-93.woff

63.250.43.9

200 OK

74 kB

URL HTTP/2
alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/style/css/nf-icon-v1-93.woff
IP
63.250.43.9:0
ASN
#22612 NAMECHEAP-NET

File type
Web Open Font Format, CFF, length 73572, version 0.0\012- data
Size
74 kB (73572 bytes)
Hash
7cf6156cc481244b5a254362d7b73f00
4391003d1cb06d2bd1921a5813a57604fa7d9935
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /montakhabfans/en/style/css/nf-icon-v1-93.woff HTTP/1.1
Host: alkabers-c915fc.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/style/css/nonechaditk.css
Cookie: PHPSESSID=5lbubfvpshbr4a1nkth5jd9kfi
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 21:20:17 GMT
last-modified: Fri, 19 Nov 2021 21:39:46 GMT
etag: "619819a2-11f64"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: https://alkabers-c915fc.ingress-baronn.ewp.live
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-type: font/woff
content-length: 73572
x-cacheable: YES
age: 28596
accept-ranges: bytes
x-cache: HIT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/style/css/nficon2016.png

63.250.43.9

200 OK

1.8 kB

URL HTTP/2
alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/style/css/nficon2016.png
IP
63.250.43.9:0
ASN
#22612 NAMECHEAP-NET

File type
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced\012- data
Size
1.8 kB (1755 bytes)
Hash
3d194514babc5d7d010308a0f808ca51
867e51e9b4a474c19da52d6454076c007a9d01f2
7341f7b8b0ae3c0da4aea559efc31f0b53d9db9dd291664fdcf7d618fd95ed8a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /montakhabfans/en/style/css/nficon2016.png HTTP/1.1
Host: alkabers-c915fc.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/login.php
Connection: keep-alive
Cookie: PHPSESSID=5lbubfvpshbr4a1nkth5jd9kfi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 12:44:47 GMT
content-type: image/png
content-length: 1755
last-modified: Fri, 19 Nov 2021 21:39:46 GMT
etag: "619819a2-6db"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 59526
accept-ranges: bytes
x-cache: HIT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/style/css/nficon2016.ico

63.250.43.9

200 OK

1.6 kB

URL HTTP/2
alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/style/css/nficon2016.ico
IP
63.250.43.9:0
ASN
#22612 NAMECHEAP-NET

File type
MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel\012- data
Size
1.6 kB (1559 bytes)
Hash
c90664515d9118870c4a3ccbbaec9fac
86a301df5932b39b770680ddc9ce3cd58c32671b
4da99e14ee22a463b4e5c862448b668b1f604f1c55ab4d4562bfe37318706edb

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /montakhabfans/en/style/css/nficon2016.ico HTTP/1.1
Host: alkabers-c915fc.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://alkabers-c915fc.ingress-baronn.ewp.live/montakhabfans/en/login.php
Connection: keep-alive
Cookie: PHPSESSID=5lbubfvpshbr4a1nkth5jd9kfi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 12:44:35 GMT
content-type: image/x-icon
last-modified: Fri, 19 Nov 2021 21:39:46 GMT
vary: Accept-Encoding
etag: W/"619819a2-423e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 59539
accept-ranges: bytes
x-cache: HIT
content-length: 1559
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14389
Expires: Mon, 27 Mar 2023 09:16:43 GMT
Date: Mon, 27 Mar 2023 05:16:54 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14389
Expires: Mon, 27 Mar 2023 09:16:43 GMT
Date: Mon, 27 Mar 2023 05:16:54 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14389
Expires: Mon, 27 Mar 2023 09:16:43 GMT
Date: Mon, 27 Mar 2023 05:16:54 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14389
Expires: Mon, 27 Mar 2023 09:16:43 GMT
Date: Mon, 27 Mar 2023 05:16:54 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d7ce900-ce9b-481b-9205-9748eeded2e8.jpeg

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d7ce900-ce9b-481b-9205-9748eeded2e8.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10405 bytes)
Hash
22905e8a7c8b1741dd51842c114a6517
c5900fe2396e0ca371c4847af4e96149850c3577
1525f9f39c09370fcb1f58f079f2d741a4c6d13fba26e6dd5b79466153d7685e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d7ce900-ce9b-481b-9205-9748eeded2e8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10405
x-amzn-requestid: 0b8dad7a-2ec1-4eed-9a2c-06079ed46662
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CRi69E9xoAMFiJg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641d4b79-2f606ac041c5db24583c8d51;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 07:04:25 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: I9R9-URMT91CKcoZj-ra9GifpVsbGA_EZ8HO2zjeE8MU8_WnLNAm9w==
via: 1.1 4b800f7fa2c3fbb9f4f3c505b0df315e.cloudfront.net (CloudFront), 1.1 42ef990e439ae115ff739f04e3945234.cloudfront.net (CloudFront), 1.1 google
date: Sun, 26 Mar 2023 07:48:50 GMT
age: 77284
etag: "c5900fe2396e0ca371c4847af4e96149850c3577"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2675eff2-41c2-434d-a816-41982423123c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.9 kB (6915 bytes)
Hash
2b4a9bd2963b4be37c19b40d31f9367e
8315955f1781fcf0c6c47288ae30829b3f184dd2
07cabee2fe922b5838d0c4d8e72fe0e33042a9a8545cb863f26d1bfd5c521ba6

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2675eff2-41c2-434d-a816-41982423123c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6915
x-amzn-requestid: 705c075c-7a11-4e81-aad4-e50a2b33d9fd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CK85KG6HoAMF-Sw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641aa83a-404ecb343105632c30afdc8a;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 07:03:22 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 3KklZNqefUEKXHrTo64wwgTqK318K4DmIARbYMOngoDh3ZyU-1_krA==
via: 1.1 8ead054384c1626556ee4410cad35692.cloudfront.net (CloudFront), 1.1 0bb842bd5868b86440983b936bb0adee.cloudfront.net (CloudFront), 1.1 google
date: Sun, 26 Mar 2023 21:12:45 GMT
age: 29049
etag: "8315955f1781fcf0c6c47288ae30829b3f184dd2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08096a44-ba77-41a2-a4ac-0f06204be981.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.9 kB (8891 bytes)
Hash
20047337336b1101727717972decfc5e
73423dd11172dea2f48d8d29b0218ee4e7d05ca0
c5820d8739ad2c80f2248974a3fc0452776ede76f517958fa7efdb2139001f96

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08096a44-ba77-41a2-a4ac-0f06204be981.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8891
x-amzn-requestid: 67fc02b0-2382-46bc-83a2-ac1d5c69b434
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CYJXGFDZoAMFb9g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641fef60-34353ddb674de73a438738c5;Sampled=0
x-amzn-remapped-date: Sun, 26 Mar 2023 07:08:16 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 1rmUDxPWQtM6wzafHtqUwU4OfULHTd3M_KT4ehtmBP6NYD5g6HR2UQ==
via: 1.1 288c777a01e22425da9494dad7a69734.cloudfront.net (CloudFront), 1.1 4c48e9fb20d53d40e9fe273dbdae1098.cloudfront.net (CloudFront), 1.1 google
date: Sun, 26 Mar 2023 07:10:42 GMT
age: 79572
etag: "73423dd11172dea2f48d8d29b0218ee4e7d05ca0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd81c2ee0-b0d8-4d53-8a73-a453a7669c92.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.6 kB (6623 bytes)
Hash
9e5dfaeb44e65f30874efae17a8fd652
52c517a45e53a4ca5b5783d0364ac0e2606d6970
3752bdf3d574299ccb17ac42d20f940dd1daf48d127889a1d82a55bec82a0436

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd81c2ee0-b0d8-4d53-8a73-a453a7669c92.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6623
x-amzn-requestid: 5b246408-bf9c-488d-aee6-7d387115863e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: COQn4EHJoAMFl3Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641bfafe-686e97b34f7c33862db51515;Sampled=0
x-amzn-remapped-date: Thu, 23 Mar 2023 07:08:47 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Dc5ZpKbzuxe6YqNOtsNpeKShE02r5kg-YX_3gPgeEIgRADZRBL6b4w==
via: 1.1 773bf3616e85ce2b187fa78710a6beb2.cloudfront.net (CloudFront), 1.1 aa623e134417515bd2496cb01d5e5626.cloudfront.net (CloudFront), 1.1 google
date: Sun, 26 Mar 2023 16:38:20 GMT
age: 45514
etag: "52c517a45e53a4ca5b5783d0364ac0e2606d6970"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.0 kB (4000 bytes)
Hash
85351059b67b0a42eda7e69a31b3b4b4
b798268806dc2f79f033e5872676019faf0e0cc1
86e163b7159b197d6358ab01333ac6da221de0ebe1c5da8d5cef2977d38625fe

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4000
x-amzn-requestid: 68dc01d7-3eed-48f6-8532-8efaa96cc1ec
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJpraEqyoAMFgNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2315-3852cc8961365a560d1fa02f;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:17 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: I3GuoZ4ZxAtz0sKe3wrW67aitLlCAbaZkiPw23fl0F3FoumJDEnXiQ==
via: 1.1 288c777a01e22425da9494dad7a69734.cloudfront.net (CloudFront), 1.1 d90109c5a0c30f43223e0db85921c5c2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 26 Mar 2023 08:56:14 GMT
age: 73240
etag: "b798268806dc2f79f033e5872676019faf0e0cc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34000367-9577-4c81-bbc7-d968f62c4ef2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.4 kB (8438 bytes)
Hash
b0f3e3c4584dcf7b158236bf4dce164c
1a6063b2bad22f23ef33c123a16ab035515e95db
e0fe6112bdc39de23384f4a8782fc72df9577448555d1634fcd5fe34e6cf492f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34000367-9577-4c81-bbc7-d968f62c4ef2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8438
x-amzn-requestid: db3a5404-7161-4c9f-952a-4109ffd62491
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CaINiHCdoAMFn0w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6420ba56-05338fff3f562aad31c7c027;Sampled=0
x-amzn-remapped-date: Sun, 26 Mar 2023 21:34:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: ShieiBLAcoK9c12YCtljgPjG99akhVMDLppD7R2dYP5W-fSDX9MCLQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 deaaf0548506de20925615eb51a7ea7e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 26 Mar 2023 22:07:51 GMT
etag: "1a6063b2bad22f23ef33c123a16ab035515e95db"
content-type: image/jpeg
age: 25743
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4b00868-d4e4-49ee-b488-491632971243.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10282 bytes)
Hash
675f061936669e9de498cd16bfc96379
00235db033dbeb738db9633e50c8666add66dadb
7c26736fcd1bf736aba7d16534720e03e0527ef30f6efb98403ad17e8c11a7e2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4b00868-d4e4-49ee-b488-491632971243.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 10282
x-amzn-requestid: 29110a42-55db-45a2-8abf-0270f02b3017
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CRi4YH3SIAMF31g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641d4b68-459f32fe475dc8d439aa8343;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 07:04:08 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: H0c7tei0dk0pJQQmcORCZ8Wq9J4SVtvKl8aePWY6mDqmZcL9ofUm_Q==
via: 1.1 8591441a35c0af61913aec9af012bc38.cloudfront.net (CloudFront), 1.1 331202b5b8aab67acbf389883133f256.cloudfront.net (CloudFront), 1.1 google
date: Sun, 26 Mar 2023 09:14:55 GMT
age: 72126
etag: "00235db033dbeb738db9633e50c8666add66dadb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (35)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers