Report - onedrive.0ffice365sg.cloud/sasf9cwgb9adzam4/

Report Overview

Submitted URL
onedrive.0ffice365sg.cloud/sasf9cwgb9adzam4/
IP
194.56.189.220
ASN
#207143 hosttech GmbH
Submitted
2023-01-29 19:08:56
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
12
Threat Detection Systems
18

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
onedrive.0ffice365sg.cloud	unknown	2023-01-29T13:15:11Z	2023-03-03T15:34:21Z	4.7 kB	316 kB	194.56.189.220
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	52.41.131.197
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	4.4 kB	67 kB	34.120.237.76
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	4.1 kB	11 kB	95.101.11.115
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-01-29 19:08:54	medium	Client IP	194.56.189.220	ET INFO HTTP Request to Suspicious *.cloud Domain
2023-01-29 19:08:54	medium	194.56.189.220	Client IP	ET PHISHING Lucy Security Phishing Server Reply
2023-01-29 19:08:54	medium	194.56.189.220	Client IP	ET PHISHING Microsoft Account Phishing Landing 2018-08-07
2023-01-29 19:08:54	medium	Client IP	194.56.189.220	ET INFO HTTP Request to Suspicious *.cloud Domain
2023-01-29 19:08:54	medium	Client IP	194.56.189.220	ET INFO HTTP Request to Suspicious *.cloud Domain
2023-01-29 19:08:54	medium	Client IP	194.56.189.220	ET INFO HTTP Request to Suspicious *.cloud Domain
2023-01-29 19:08:54	medium	Client IP	194.56.189.220	ET INFO HTTP Request to Suspicious *.cloud Domain
2023-01-29 19:08:54	medium	Client IP	194.56.189.220	ET INFO HTTP Request to Suspicious *.cloud Domain
2023-01-29 19:08:54	medium	Client IP	194.56.189.220	ET INFO HTTP Request to Suspicious *.cloud Domain
2023-01-29 19:08:54	medium	Client IP	194.56.189.220	ET INFO HTTP Request to Suspicious *.cloud Domain
2023-01-29 19:09:03	medium	Client IP	194.56.189.220	ET INFO HTTP Request to Suspicious *.cloud Domain
2023-01-29 19:09:03	medium	Client IP	194.56.189.220	ET PHISHING Lucy Security Time Tracking POST

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-01-29	medium	onedrive.0ffice365sg.cloud/sasf9cwgb9adzam4/	Outlook

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-29	medium	onedrive.0ffice365sg.cloud/sasf9cwgb9adzam4/	Phishing
2023-01-29	medium	onedrive.0ffice365sg.cloud/js/events.js	Phishing
2023-01-29	medium	onedrive.0ffice365sg.cloud/js/timeme.min.js	Phishing
2023-01-29	medium	onedrive.0ffice365sg.cloud/js/time-tracker.js	Phishing
2023-01-29	medium	onedrive.0ffice365sg.cloud/obfuscate?path=js/events.js	Phishing
2023-01-29	medium	onedrive.0ffice365sg.cloud/obfuscate?path=js/time-tracker.js	Phishing
2023-01-29	medium	onedrive.0ffice365sg.cloud/obfuscate?path=js/timeme.min.js	Phishing
2023-01-29	medium	onedrive.0ffice365sg.cloud/scenario/track-time	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (8)

	URL	Size	First Seen	Last Seen
	onedrive.0ffice365sg.cloud/js/events.js	558 B	2023-03-07	2024-01-22
Pretty URL onedrive.0ffice365sg.cloud/js/events.js IP 194.56.189.220 ASN #207143 hosttech GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:49:49 Last Seen2024-01-22 00:46:55 Times Seen65 Hash aa8dfb8a7bd19f7be5275d7a81875a40 9ae580ccc9302d371ded26bfa5a365f14b35e24d a8f7e59c2a6d75c51e1898b2d1ff9f6f666caad39a12d215e506202fce2ce150 Loading...

	onedrive.0ffice365sg.cloud/sasf9cwgb9adzam4/	379 B	2023-03-13	2023-03-13
Pretty URL onedrive.0ffice365sg.cloud/sasf9cwgb9adzam4/ IP 194.56.189.220 ASN #207143 hosttech GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 11:33:39 Last Seen2023-03-13 11:33:39 Times Seen1 Hash 4407c6c2b3a826e3ab443b9e75c3360c 5baa45eda2c8204b5086b67d4cd1dcdfadc69b75 e143377b13d6f356bd89d2064811ee8337ecf707595b9f4027070560c76516d2 Loading...

	onedrive.0ffice365sg.cloud/js/timeme.min.js	4.2 kB	2023-03-07	2024-01-22
Pretty URL onedrive.0ffice365sg.cloud/js/timeme.min.js IP 194.56.189.220 ASN #207143 hosttech GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:49:49 Last Seen2024-01-22 00:46:55 Times Seen66 Hash 38127671067bfa6f6273cf93c40e4972 06f5c44727f9f496461ab165c584b97b9d0d8db6 3ae66a8d261814acf0678914f1832973fe5be31912abf545f81fe4f97fd707dd Loading...

	onedrive.0ffice365sg.cloud/js/time-tracker.js	1.6 kB	2023-03-07	2024-01-22
Pretty URL onedrive.0ffice365sg.cloud/js/time-tracker.js IP 194.56.189.220 ASN #207143 hosttech GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:49:49 Last Seen2024-01-22 00:46:55 Times Seen65 Hash 9062f7bf42d8a16f49553793183a7cee b1957a84a49ea27b2b46f925b4095dfa2a000f31 ce5b41bb9e310321a957d16cbd21b476c2f68454eb3eb6c5f79a3f3e823908c0 Loading...

	onedrive.0ffice365sg.cloud/sasf9cwgb9adzam4/	43 B	2023-03-07	2024-04-18
Pretty URL onedrive.0ffice365sg.cloud/sasf9cwgb9adzam4/ IP 194.56.189.220 ASN #207143 hosttech GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:49:49 Last Seen2024-04-18 07:10:35 Times Seen29 Hash 2f55c1f252b014cc381e55aabcd962ce 9803d10bfec0ed3e842e1bf38fd59c1d2f27d38d 5705d617c69d99e0febe3e90cad265112f65f70788d0a405dfca9f407e347cec Loading...

		Size	First Seen	Last Seen
	#1 Eval - 4fee51259aa3ac86fadd60602aeecc94	251 B	2023-03-07	2024-04-18
Pretty Observations First Seen2023-03-07 13:49:49 Last Seen2024-04-18 07:10:35 Times Seen86 Hash 4fee51259aa3ac86fadd60602aeecc94 42a73d174f8499e3d1e4f1ac585d217ef66d259f ca4ec166d1f3d8b15f06a8db1035daa1ca831485d7c12489398f69c38a6288c0 Loading...

	#2 Eval - 4449d618fa2f2f350a555c41bc782b63	6.2 kB	2023-03-07	2024-04-18
Pretty Observations First Seen2023-03-07 13:49:49 Last Seen2024-04-18 07:10:35 Times Seen92 Hash 4449d618fa2f2f350a555c41bc782b63 295754756d7517eb8f30d957e0f6a5cdb6c1dba5 fcae9a7e0427744ff2199897d14c0d69e8434112f16851f587f7002b3fbe8704 Loading...

	#3 Eval - 5cd2153e255ca406e73da1901d37c022	1.7 kB	2023-03-07	2024-01-22
Pretty Observations First Seen2023-03-07 13:49:49 Last Seen2024-01-22 00:46:55 Times Seen43 Hash 5cd2153e255ca406e73da1901d37c022 6970413ec9c6328d9b7f62ae5ccb40c2b576aa52 872288a5d3abc32b7bb1dd3393eee6c3e22bb26c8a64ecee0217c07aa6d2d89b Loading...

HTTP Transactions (37)

URL IP Response Size

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5eb7c9bc996a0ff420e58af45526f053
8c2614832b8efe1c9da0bbd465d6f3f172d95a9e
c085cf277dd0429fe15e4a4bce5595636e9f2204d5a8e77220f8bf88adf4068f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C085CF277DD0429FE15E4A4BCE5595636E9F2204D5A8E77220F8BF88ADF4068F"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2726
Expires: Sun, 29 Jan 2023 19:54:11 GMT
Date: Sun, 29 Jan 2023 19:08:45 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3eb88dea4fe00db1182370e72683c3ab
ca520abf1e91bfd2aef40c6a1270a911071e8922
d8083ee567c7b3023111dc30f32c94237df7db30d4d2daaea0a569e8a3069ad7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8083EE567C7B3023111DC30F32C94237DF7DB30D4D2DAAEA0A569E8A3069AD7"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4953
Expires: Sun, 29 Jan 2023 20:31:18 GMT
Date: Sun, 29 Jan 2023 19:08:45 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 29 Jan 2023 18:35:38 GMT
content-type: application/json
age: 1987
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
302c7548412192add063ad6c8b99cf3b
e5d178931a27db036ce8daae302594d3ff7050b8
fc2bd9091006189e67e8074093805ee5492ce16e1dbfba32e083abeeae34969d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC2BD9091006189E67E8074093805EE5492CE16E1DBFBA32E083ABEEAE34969D"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6685
Expires: Sun, 29 Jan 2023 21:00:10 GMT
Date: Sun, 29 Jan 2023 19:08:45 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: J0UeP657FjLo8uiTRWQWX0J7KHB5GVAvvQB5gxrui1kbLwQYzy1roVW5yvx0hJw+5bIrCRRl6IE=
x-amz-request-id: 6R7K54ZD6MW1XG25
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 29 Jan 2023 18:21:29 GMT
age: 2836
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

onedrive.0ffice365sg.cloud/sasf9cwgb9adzam4/

194.56.189.220

200 OK

1.0 kB

URL HTTP/1.1
onedrive.0ffice365sg.cloud/sasf9cwgb9adzam4/
IP
194.56.189.220:0
ASN
#207143 hosttech GmbH

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (315), with CRLF line terminators
Size
1.0 kB (1029 bytes)
Hash
e028e7e7c337fd65df01887877e3b654
2b63eed4965025545d869233b14234e458419e80
f5ec6f61c8279a1ad53d78301bfc1bb016e6b54efdf4ac5d438bee9a181a58b8

Detections

Analyzer	Verdict	Alert
openphish	Outlook
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to Suspicious *.cloud Domain
suricata	medium	ET PHISHING Lucy Security Phishing Server Reply
suricata	medium	ET PHISHING Microsoft Account Phishing Landing 2018-08-07

HTTP Headers

GET /sasf9cwgb9adzam4/ HTTP/1.1
Host: onedrive.0ffice365sg.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 19:08:45 GMT
Server: Lucy
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=o3g7v5c6abbiou1p2adf49u913; path=/; secure; HttpOnly
link=sasf9cwgb9adzam4; expires=Tue, 28-Feb-2023 19:08:45 GMT; Max-Age=2592000; path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: *
Access-Control-Allow-Headers: *
Content-Length: 1029
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 19:08:45 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

onedrive.0ffice365sg.cloud/js/events.js

194.56.189.220

302 Found

320 B

URL HTTP/1.1
onedrive.0ffice365sg.cloud/js/events.js
IP
194.56.189.220:0
ASN
#207143 hosttech GmbH

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
320 B (320 bytes)
Hash
2badfc3030209326a16d94fbb0477893
714a8378a0ef8647102929fc15169151fbea5e7f
e3e9956911f64f5ffdfa31c25970c01df71ff65bc9464d8fd7e16ce33927ab95

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to Suspicious *.cloud Domain

HTTP Headers

GET /js/events.js HTTP/1.1
Host: onedrive.0ffice365sg.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://onedrive.0ffice365sg.cloud/sasf9cwgb9adzam4/
Cookie: link=sasf9cwgb9adzam4

HTTP/1.1 302 Found
Date: Sun, 29 Jan 2023 19:08:45 GMT
Server: Lucy
Location: https://onedrive.0ffice365sg.cloud/obfuscate?path=js/events.js
Cache-Control: max-age=1
Expires: Sun, 29 Jan 2023 19:08:46 GMT
Content-Length: 320
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

onedrive.0ffice365sg.cloud/public/campaign/53/73/15/static/style.css

194.56.189.220

200 OK

743 B

URL HTTP/1.1
onedrive.0ffice365sg.cloud/public/campaign/53/73/15/static/style.css
IP
194.56.189.220:0
ASN
#207143 hosttech GmbH

File type
ASCII text, with CRLF line terminators
Size
743 B (743 bytes)
Hash
a2b318753aa39178e27af73ae7c09071
6789079d6abbfa8f8d208108b030d68e523bae91
cd82966aa429a89a5cdb89bd0173933cb550d34b95b8f3bd79e9fea86aa2e81c

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to Suspicious *.cloud Domain

HTTP Headers

GET /public/campaign/53/73/15/static/style.css HTTP/1.1
Host: onedrive.0ffice365sg.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://onedrive.0ffice365sg.cloud/sasf9cwgb9adzam4/
Cookie: link=sasf9cwgb9adzam4

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 19:08:45 GMT
Server: Lucy
Last-Modified: Mon, 09 Jan 2023 15:56:59 GMT
ETag: "911-5f1d6d13d299f-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 743
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

onedrive.0ffice365sg.cloud/js/timeme.min.js

194.56.189.220

302 Found

324 B

URL HTTP/1.1
onedrive.0ffice365sg.cloud/js/timeme.min.js
IP
194.56.189.220:0
ASN
#207143 hosttech GmbH

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
324 B (324 bytes)
Hash
56dccb49ca46f950d704502f7aa666ef
905bba9e77858f5bd4e5d6b21a0f4b412a95513a
6af5a4e8f846573008bdebe3b6a637ccff62cd9c0304e38dcf7088f700b19d0f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to Suspicious *.cloud Domain

HTTP Headers

GET /js/timeme.min.js HTTP/1.1
Host: onedrive.0ffice365sg.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://onedrive.0ffice365sg.cloud/sasf9cwgb9adzam4/
Cookie: link=sasf9cwgb9adzam4

HTTP/1.1 302 Found
Date: Sun, 29 Jan 2023 19:08:45 GMT
Server: Lucy
Location: https://onedrive.0ffice365sg.cloud/obfuscate?path=js/timeme.min.js
Cache-Control: max-age=1
Expires: Sun, 29 Jan 2023 19:08:46 GMT
Content-Length: 324
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

onedrive.0ffice365sg.cloud/js/time-tracker.js

194.56.189.220

302 Found

326 B

URL HTTP/1.1
onedrive.0ffice365sg.cloud/js/time-tracker.js
IP
194.56.189.220:0
ASN
#207143 hosttech GmbH

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
326 B (326 bytes)
Hash
222dbaf53d788503f3493d1c6616b799
2ca9110cbb8cf5a00623346e84c099dd4d082d55
6f520e51d151d7fdd26af440c3ed3e3b41b4a1a519db3c7861fdce5b0da068d8

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to Suspicious *.cloud Domain

HTTP Headers

GET /js/time-tracker.js HTTP/1.1
Host: onedrive.0ffice365sg.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://onedrive.0ffice365sg.cloud/sasf9cwgb9adzam4/
Cookie: link=sasf9cwgb9adzam4

HTTP/1.1 302 Found
Date: Sun, 29 Jan 2023 19:08:45 GMT
Server: Lucy
Location: https://onedrive.0ffice365sg.cloud/obfuscate?path=js/time-tracker.js
Cache-Control: max-age=1
Expires: Sun, 29 Jan 2023 19:08:46 GMT
Content-Length: 326
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

onedrive.0ffice365sg.cloud/public/campaign/53/73/15/static/logo.png

194.56.189.220

200 OK

1.3 kB

URL HTTP/1.1
onedrive.0ffice365sg.cloud/public/campaign/53/73/15/static/logo.png
IP
194.56.189.220:0
ASN
#207143 hosttech GmbH

File type
PNG image data, 108 x 23, 8-bit/color RGB, non-interlaced\012- data
Size
1.3 kB (1289 bytes)
Hash
3139bb9e6c55fc6d7a6893da05c26dd4
96c85e4328fbb44f8bf47be2f153146fd23c9434
20bf8e95743ad0b8eaad3d92cbcd88bd7ce77633dcf6244817ed12365d4e06ce

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to Suspicious *.cloud Domain

HTTP Headers

GET /public/campaign/53/73/15/static/logo.png HTTP/1.1
Host: onedrive.0ffice365sg.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://onedrive.0ffice365sg.cloud/sasf9cwgb9adzam4/
Cookie: link=sasf9cwgb9adzam4

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 19:08:45 GMT
Server: Lucy
Last-Modified: Mon, 09 Jan 2023 15:56:59 GMT
ETag: "509-5f1d6d13d299f"
Accept-Ranges: bytes
Content-Length: 1289
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c928b7708b3dabacb0c66ce42955bd92
69b25b36badd6e1ca2251b100282cb25f631cf22
280f64bbff9f7d6bd95a25b8429e4d2a2db900c45c1d405d2e7d8b5b2eeb7598

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "280F64BBFF9F7D6BD95A25B8429E4D2A2DB900C45C1D405D2E7D8B5B2EEB7598"
Last-Modified: Sun, 29 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21568
Expires: Mon, 30 Jan 2023 01:08:14 GMT
Date: Sun, 29 Jan 2023 19:08:46 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c928b7708b3dabacb0c66ce42955bd92
69b25b36badd6e1ca2251b100282cb25f631cf22
280f64bbff9f7d6bd95a25b8429e4d2a2db900c45c1d405d2e7d8b5b2eeb7598

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "280F64BBFF9F7D6BD95A25B8429E4D2A2DB900C45C1D405D2E7D8B5B2EEB7598"
Last-Modified: Sun, 29 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21550
Expires: Mon, 30 Jan 2023 01:07:56 GMT
Date: Sun, 29 Jan 2023 19:08:46 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c928b7708b3dabacb0c66ce42955bd92
69b25b36badd6e1ca2251b100282cb25f631cf22
280f64bbff9f7d6bd95a25b8429e4d2a2db900c45c1d405d2e7d8b5b2eeb7598

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "280F64BBFF9F7D6BD95A25B8429E4D2A2DB900C45C1D405D2E7D8B5B2EEB7598"
Last-Modified: Sun, 29 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Mon, 30 Jan 2023 01:08:46 GMT
Date: Sun, 29 Jan 2023 19:08:46 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Last-Modified, ETag, Expires, Backoff, Content-Length, Cache-Control, Alert, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 29 Jan 2023 18:41:41 GMT
age: 1625
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

onedrive.0ffice365sg.cloud/obfuscate?path=js/events.js

194.56.189.220

200 OK

558 B

URL HTTP/1.1
onedrive.0ffice365sg.cloud/obfuscate?path=js/events.js
IP
194.56.189.220:0
ASN
#207143 hosttech GmbH

File type
ASCII text, with very long lines (558), with no line terminators
Size
558 B (558 bytes)
Hash
aa8dfb8a7bd19f7be5275d7a81875a40
9ae580ccc9302d371ded26bfa5a365f14b35e24d
a8f7e59c2a6d75c51e1898b2d1ff9f6f666caad39a12d215e506202fce2ce150

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /obfuscate?path=js/events.js HTTP/1.1
Host: onedrive.0ffice365sg.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://onedrive.0ffice365sg.cloud/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 19:08:46 GMT
Server: Lucy
Set-Cookie: PHPSESSID=r1suf9j4457k0gi020ltbm9516; path=/; secure; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: *
Access-Control-Allow-Headers: *
Content-Length: 558
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/javascript;charset=UTF-8

onedrive.0ffice365sg.cloud/obfuscate?path=js/time-tracker.js

194.56.189.220

200 OK

1.6 kB

URL HTTP/1.1
onedrive.0ffice365sg.cloud/obfuscate?path=js/time-tracker.js
IP
194.56.189.220:0
ASN
#207143 hosttech GmbH

File type
ASCII text, with very long lines (1597), with no line terminators
Size
1.6 kB (1597 bytes)
Hash
9062f7bf42d8a16f49553793183a7cee
b1957a84a49ea27b2b46f925b4095dfa2a000f31
ce5b41bb9e310321a957d16cbd21b476c2f68454eb3eb6c5f79a3f3e823908c0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /obfuscate?path=js/time-tracker.js HTTP/1.1
Host: onedrive.0ffice365sg.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://onedrive.0ffice365sg.cloud/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 19:08:46 GMT
Server: Lucy
Set-Cookie: PHPSESSID=2if991u7netjr2ut3100k7e606; path=/; secure; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: *
Access-Control-Allow-Headers: *
Content-Length: 1597
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/javascript;charset=UTF-8

onedrive.0ffice365sg.cloud/obfuscate?path=js/timeme.min.js

194.56.189.220

200 OK

4.2 kB

URL HTTP/1.1
onedrive.0ffice365sg.cloud/obfuscate?path=js/timeme.min.js
IP
194.56.189.220:0
ASN
#207143 hosttech GmbH

File type
ASCII text, with very long lines (4210), with no line terminators
Size
4.2 kB (4210 bytes)
Hash
38127671067bfa6f6273cf93c40e4972
06f5c44727f9f496461ab165c584b97b9d0d8db6
3ae66a8d261814acf0678914f1832973fe5be31912abf545f81fe4f97fd707dd

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /obfuscate?path=js/timeme.min.js HTTP/1.1
Host: onedrive.0ffice365sg.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://onedrive.0ffice365sg.cloud/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 19:08:46 GMT
Server: Lucy
Set-Cookie: PHPSESSID=t7l8l00horp56hfm37iniflph0; path=/; secure; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: *
Access-Control-Allow-Headers: *
Content-Length: 4210
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/javascript;charset=UTF-8

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3545
Expires: Sun, 29 Jan 2023 20:07:51 GMT
Date: Sun, 29 Jan 2023 19:08:46 GMT
Connection: keep-alive

onedrive.0ffice365sg.cloud/public/campaign/53/73/15/static/0.jpg

194.56.189.220

200 OK

283 kB

URL HTTP/1.1
onedrive.0ffice365sg.cloud/public/campaign/53/73/15/static/0.jpg
IP
194.56.189.220:0
ASN
#207143 hosttech GmbH

File type
JPEG image data, baseline, precision 8, 1920x1080, components 3\012- data
Size
283 kB (283351 bytes)
Hash
a5dbd4393ff6a725c7e62b61df7e72f0
55b292f885ffc92abce18750b07aa4acfa4e903e
211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to Suspicious *.cloud Domain

HTTP Headers

GET /public/campaign/53/73/15/static/0.jpg HTTP/1.1
Host: onedrive.0ffice365sg.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://onedrive.0ffice365sg.cloud/public/campaign/53/73/15/static/style.css
Cookie: link=sasf9cwgb9adzam4

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 19:08:46 GMT
Server: Lucy
Last-Modified: Mon, 09 Jan 2023 15:56:59 GMT
ETag: "452d7-5f1d6d13d19fe"
Accept-Ranges: bytes
Content-Length: 283351
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/jpeg

onedrive.0ffice365sg.cloud/public/campaign/53/73/15/static/favicon.ico

194.56.189.220

200 OK

17 kB

URL HTTP/1.1
onedrive.0ffice365sg.cloud/public/campaign/53/73/15/static/favicon.ico
IP
194.56.189.220:0
ASN
#207143 hosttech GmbH

File type
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors\012- data
Size
17 kB (17174 bytes)
Hash
12e3dac858061d088023b2bd48e2fa96
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to Suspicious *.cloud Domain

HTTP Headers

GET /public/campaign/53/73/15/static/favicon.ico HTTP/1.1
Host: onedrive.0ffice365sg.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://onedrive.0ffice365sg.cloud/sasf9cwgb9adzam4/
Cookie: link=sasf9cwgb9adzam4

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 19:08:46 GMT
Server: Lucy
Last-Modified: Mon, 09 Jan 2023 15:56:59 GMT
ETag: "4316-5f1d6d13d299f"
Accept-Ranges: bytes
Content-Length: 17174
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/vnd.microsoft.icon

push.services.mozilla.com/

52.41.131.197

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.41.131.197:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: SFitkhbTX+BnnajJN2Lv+g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: X6uJXS9oAUiTInJkWIVQIEBUVxI=

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2558
Expires: Sun, 29 Jan 2023 19:51:24 GMT
Date: Sun, 29 Jan 2023 19:08:46 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2558
Expires: Sun, 29 Jan 2023 19:51:24 GMT
Date: Sun, 29 Jan 2023 19:08:46 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2558
Expires: Sun, 29 Jan 2023 19:51:24 GMT
Date: Sun, 29 Jan 2023 19:08:46 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2558
Expires: Sun, 29 Jan 2023 19:51:24 GMT
Date: Sun, 29 Jan 2023 19:08:46 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2558
Expires: Sun, 29 Jan 2023 19:51:24 GMT
Date: Sun, 29 Jan 2023 19:08:46 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg

34.120.237.76

200 OK

4.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.5 kB (4475 bytes)
Hash
4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hAzO-IMqc1CFpiBAlRl8seIYL9UonyrBMATibovyFq5kEuaweY_VyA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 21:56:46 GMT
age: 76320
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.2 kB (9167 bytes)
Hash
3be81f83687ddb6c93d3ff3c09a9dba2
50a48e737310d3f31840db4301b25927fbcc12c5
e78c909e2381898e7f546183784a05dff47c31734c95358aaada8c2777ad47be

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9167
x-amzn-requestid: f644ca78-a07a-43d1-96e4-95bcdecff7fb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPGLfFtOIAMFp7w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf83e2-202ca7160544acd24259bd5d;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:08:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xRwqrWS66l4qJfg2HnGphN1dbrIUod9XKW3zTk_-Km9AQRPyV2UqWg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 20:46:16 GMT
age: 80550
etag: "50a48e737310d3f31840db4301b25927fbcc12c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F62d5a25c-3219-4061-b58b-b783bc3a37fb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.4 kB (7417 bytes)
Hash
6af6f32397882f56d14d22348e44a9f1
5a626376807e7507fa3a204c4e4e9e44aa074a37
478f32e98c0a1f0d62fa337795ca88b7927e14b684b681f7629b648bc2d709a5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F62d5a25c-3219-4061-b58b-b783bc3a37fb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7417
x-amzn-requestid: 53032353-8613-49b0-944d-3742236cf50c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fYcMmFeQIAMF3Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d340b6-7fe2226327d90db014527c08;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 03:10:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zd8cTO2N1JO-OK3hCDwVO8naClCsg0raJLboRFle-DPSKhR_7k8-Yg==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 03:16:35 GMT
age: 57131
etag: "5a626376807e7507fa3a204c4e4e9e44aa074a37"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.6 kB (5594 bytes)
Hash
4c77437e3a7361861aed8bfecbfe6bd6
fefd238c13c0fdfb7d964c90fcc8a8cbbf953034
282d15c443cb6232ae0a30046a0dc24360617355a4651cdba59b11e6f7313d8a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5594
x-amzn-requestid: a13a8181-5783-42c1-9fda-1fcf8db4f0f9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVpetFv-oAMF_Kg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d222c4-68165b34525ca2a054f0b505;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 06:50:44 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: rJbdYq3bZDatEVvC83VR5WiWOFwNwVZEB16ez21KdnQJJrgJ-yKPCg==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 14:55:48 GMT
age: 15178
etag: "fefd238c13c0fdfb7d964c90fcc8a8cbbf953034"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11470 bytes)
Hash
10a6491e2c1dfde68c7cd7297e70700f
d0f195319825a6d3e5e50ad15b2fcab27cb65896
4d9353d5874e5ea03c25e1562db5f479c222a48db526fdd10ede7c2e6a4dd874

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11470
x-amzn-requestid: 62d61967-9380-4ca9-b11a-531425dbd2ae
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fIf6WFgAIAMF6gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cce042-6d9fe51029094b7f37c0a648;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 07:05:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rUIvvkZQ028ey3klplI-x9oZFugon5HsAWT-SN2GQo5hBeBJWqoMAg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 04:01:15 GMT
age: 54451
etag: "d0f195319825a6d3e5e50ad15b2fcab27cb65896"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf6aeac1-fd74-4724-86b5-f0e86d98c915.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8652 bytes)
Hash
43c4a8e963936a8064dbd2bd3c67b905
8508727c97127c98b886833af28b3470306216c2
070c29fe7c0a227029483d675eac863904ab6b291467acdf62167f4845699c21

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf6aeac1-fd74-4724-86b5-f0e86d98c915.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8652
x-amzn-requestid: 21c734f0-cd73-4691-812e-7cd3908f8f89
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fRbH4HtPIAMFUGA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d07232-291e20fb41c53db7664d04b2;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 00:05:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: j2zDtHz3pZLHJKG3-PaITyUzHOQBEELzuDIt7sbB8X_B10OxG394tg==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 06:49:29 GMT
age: 44357
etag: "8508727c97127c98b886833af28b3470306216c2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F167a00fc-5c65-46d1-816e-da9e473736e3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.5 kB (6518 bytes)
Hash
5e7433eb3123a1f9b14507c78e38e7b9
fef8b905b580999963758a56be9c3226697929a2
895298ddf6822e9f95e10fe17c1ade0b0782c3753e96eab8a3798df5ba969dbe

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F167a00fc-5c65-46d1-816e-da9e473736e3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 6518
x-amzn-requestid: 6e9c624a-2036-4161-ad9e-1c66068e3eb1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPHz0HmsoAMFljA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf867e-011e1c43072a8dfa22af6e88;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:19:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: AxIaCwORa7FhDY5pxcNlrPMoam0z7DxSgKBytx5AG_qcKrxM8NnoOw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 21:46:36 GMT
age: 76937
etag: "fef8b905b580999963758a56be9c3226697929a2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd9499d0-2a81-41ee-b328-0d82ea64b349.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5198 bytes)
Hash
57ff6665d99a17d06b75c8fe64c90ab3
05648eed6830a794aa7e30ba4da526ed4c45b0ca
728b809756a0faff1a55bb03f13f33e31518f321e50dd944a0267d585c09264c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd9499d0-2a81-41ee-b328-0d82ea64b349.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 5198
x-amzn-requestid: 8117f45b-926a-4cbe-b152-dae983bc3526
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fOYdlG6XIAMF_vA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf3abd-7ce531f65f66ac3a73970841;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 01:56:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: naZHCCrUSwrLi2eWi3LOrir9zOGQcNUBJ1iS9wUewWoV3WM2E0kE2w==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 21:47:00 GMT
age: 76914
etag: "05648eed6830a794aa7e30ba4da526ed4c45b0ca"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

onedrive.0ffice365sg.cloud/scenario/track-time

194.56.189.220

200 OK

0 B

URL HTTP/1.1
onedrive.0ffice365sg.cloud/scenario/track-time
IP
194.56.189.220:0
ASN
#207143 hosttech GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to Suspicious *.cloud Domain
suricata	medium	ET PHISHING Lucy Security Time Tracking POST

HTTP Headers

POST /scenario/track-time HTTP/1.1
Host: onedrive.0ffice365sg.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-type: application/json
Content-Length: 29
Origin: http://onedrive.0ffice365sg.cloud
Connection: keep-alive
Referer: http://onedrive.0ffice365sg.cloud/sasf9cwgb9adzam4/
Cookie: link=sasf9cwgb9adzam4

HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 19:08:54 GMT
Server: Lucy
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=q3nefqhputgl3def6umofuh7o5; path=/; secure; HttpOnly
link=sasf9cwgb9adzam4; expires=Tue, 28-Feb-2023 19:08:54 GMT; Max-Age=2592000; path=/
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: *
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (37)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size