Report - s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/

Report Overview

Submitted URL
s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/
IP
147.75.33.214
ASN
#54825 PACKET
Submitted
2022-11-24 07:25:42
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
50

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
i.ibb.co	13485	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	405 B	60 kB	51.210.32.103
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.2 kB	40 kB	34.120.237.76
s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	469 B	3.1 kB	147.75.33.214
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	4.4 kB	23.36.77.32
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	35.161.136.21
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
kabalservice.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	6.9 kB	253 kB	104.21.82.61
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	686 B	1.4 kB	142.250.74.3
ajax.googleapis.com	12905	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	415 B	32 kB	216.58.207.202
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.36.76.226
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.6 kB	93.184.220.29
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-11-20	medium	kabalservice.com/	Generic/Spear Phishing
2022-11-20	medium	kabalservice.com/	Generic/Spear Phishing
2022-11-20	medium	kabalservice.com/	Generic/Spear Phishing
2022-11-20	medium	kabalservice.com/	Generic/Spear Phishing
2022-11-20	medium	kabalservice.com/	Generic/Spear Phishing
2022-11-20	medium	kabalservice.com/	Generic/Spear Phishing
2022-11-20	medium	kabalservice.com/	Generic/Spear Phishing
2022-11-20	medium	kabalservice.com/	Generic/Spear Phishing
2022-11-20	medium	kabalservice.com/	Generic/Spear Phishing
2022-11-20	medium	kabalservice.com/	Generic/Spear Phishing
2022-11-20	medium	kabalservice.com/	Generic/Spear Phishing
2022-11-20	medium	kabalservice.com/	Generic/Spear Phishing
2022-11-20	medium	kabalservice.com/	Generic/Spear Phishing
2022-11-23	medium	s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/	Dropbox, Inc.
2022-11-20	medium	kabalservice.com/	Generic/Spear Phishing

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-24	medium	kabalservice.com/email-list/dropboxyteyt25/assets/source-sans-pro-v14-latin-600.woff2	Phishing
2022-11-24	medium	kabalservice.com/email-list/dropboxyteyt25/assets/Atlas%20Grotesk%20Web%20Light%20Regular.woff2	Phishing
2022-11-24	medium	kabalservice.com/email-list/dropboxyteyt25/assets/Atlas%20Grotesk%20Web%20Bold%20Regular.woff2	Phishing
2022-11-24	medium	kabalservice.com/email-list/dropboxyteyt25/assets/source-sans-pro-v14-latin-600.woff	Phishing
2022-11-24	medium	kabalservice.com/email-list/dropboxyteyt25/assets/Atlas%20Grotesk%20Web%20Light%20Regular.woff	Phishing
2022-11-24	medium	kabalservice.com/email-list/dropboxyteyt25/assets/Atlas%20Grotesk%20Web%20Bold%20Regular.woff	Phishing
2022-11-24	medium	kabalservice.com/email-list/dropboxyteyt25/assets/office.svg	Phishing
2022-11-24	medium	kabalservice.com/email-list/dropboxyteyt25/assets/outlook.svg	Phishing
2022-11-24	medium	s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/	Phishing
2022-11-24	medium	kabalservice.com/email-list/dropboxyteyt25/assets/search.svg	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (8)

	URL	Size	First Seen	Last Seen
	s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/	747 B	2023-03-07	2023-03-29
Pretty URL s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/ IP 147.75.33.214 ASN #54825 PACKET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:23:28 Last Seen2023-03-29 21:43:33 Times Seen4 Hash 257309e0c225d278842b39c797156bd5 97eb75020196a747b01fe4ff7f0e1bd2a4d9e495 698332b21142f124d0e1534ccb910172c78cad72a1ff5fe7773671e5e04f0e44 Loading...

	s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/	337 B	2023-03-07	2023-03-13
Pretty URL s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/ IP 147.75.33.214 ASN #54825 PACKET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:25:13 Last Seen2023-03-13 19:56:27 Times Seen1 Hash 01ee2ed4c652d44a1f4adb1e130e1a72 49e9d907e76a8f04667b94f0128e11e3b2de060e 9c1a781166dda1b2f8f7886f4c194a179733c08a10d12ba265307cc52d0551b7 Loading...

	s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/	73 kB	2023-03-11	2023-03-11
Pretty URL s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/ IP 147.75.33.214 ASN #54825 PACKET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 18:57:06 Last Seen2023-03-11 18:57:06 Times Seen1 Hash e852336c87ecf326e3e2f3afae34a544 700ad8f25c0d417c6f47968a0c7242e6736475e1 80cd6670e413f8c301f21d2316193720b15e7b28abfa08cffb362ac4bfebf9a7 Loading...

	s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/	494 B	2023-03-07	2023-09-27
Pretty URL s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/ IP 147.75.33.214 ASN #54825 PACKET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:25:13 Last Seen2023-09-27 05:57:34 Times Seen16 Hash ff29adbdc922c9baa3492e18c0cd5c1c ccd9e23d5c36243fef7de1b4a69e5fff6d971497 19602a576bb68f326ed99c4e0f7674595bfca166bd21d5cae7e584be6bdc31e0 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js	87 kB	2023-03-07	2024-04-25
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js IP 216.58.207.202 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-25 01:43:41 Times Seen105994 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

		Size	First Seen	Last Seen
	#1 Eval - 3a6a3257d0915c12652ae54bb45eceb1	55 kB	2023-03-11	2023-03-11
Pretty Observations First Seen2023-03-11 18:57:06 Last Seen2023-03-11 18:57:06 Times Seen1 Hash 3a6a3257d0915c12652ae54bb45eceb1 68b27ee71d57092a2e5253f54cdcf0d9c1f9c456 f905e33ad2d1b262d4b864d6c668ecd8e1ac319984faf245c8eb35a6c981371f Loading...

	#2 Eval - ebb33178747f73711c1798d07df0f3bc	26 B	2023-03-07	2024-03-21
Pretty Observations First Seen2023-03-07 01:25:13 Last Seen2024-03-21 18:38:11 Times Seen29 Hash ebb33178747f73711c1798d07df0f3bc 8c9d6af772d08c82c5349701a5779b26adc6c219 0fa6a6c42887c8a3838722b6063bd28ac257472ffcbc0b57876516b374c107a3 Loading...

		Size	First Seen	Last Seen
	#1 Write - 86cb046450a3a228929edcc17d76a2dd	11 kB	2023-03-08	2023-03-13
Pretty Observations First Seen2023-03-08 14:38:12 Last Seen2023-03-13 03:23:55 Times Seen1 Hash 86cb046450a3a228929edcc17d76a2dd 0841bf15d3cf6ebc03a8c6bdb0a885bbd9536c4d cf99a3c1a6a96ac49cbd8718a2802ca1ff6d6b3810d6feb81a9623608f2416a0 Loading...

HTTP Transactions (42)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dfb72f04bd7a4410640c0543bb4bd402
7c63b7e220b337b6a4f39864e11d6aa9e26c38ac
b7f7a4d355ed3b847a5e28f16030d5cbc715d47326aea20f292cd76dcaf59794

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B7F7A4D355ED3B847A5E28F16030D5CBC715D47326AEA20F292CD76DCAF59794"
Last-Modified: Mon, 21 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16034
Expires: Thu, 24 Nov 2022 11:52:45 GMT
Date: Thu, 24 Nov 2022 07:25:31 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
770d09773b5f304acf141fd66a4862b4
5ddc46ab75de26c858a9a6f6d1beaaec9bb181f5
c7bcc6928fa1c0bb225ce8a2f6badd6cb1bd6ea002fb808ed34e8dafbd7b3b26

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 823
Cache-Control: max-age=98368
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 07:25:31 GMT
Etag: "637df674-1d7"
Expires: Fri, 25 Nov 2022 10:44:59 GMT
Last-Modified: Wed, 23 Nov 2022 10:31:16 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
054ff0d1a0a43f7cb1d78dbd34e27f99
3caf54f3de1d6a8c6f6454083f8b8e7dec77db54
fcdcef8306ae31f20c366489e1f88aa40b08f154d25d45f4055c4f8cdef47634

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FCDCEF8306AE31F20C366489E1F88AA40B08F154D25D45F4055C4F8CDEF47634"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18423
Expires: Thu, 24 Nov 2022 12:32:34 GMT
Date: Thu, 24 Nov 2022 07:25:31 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 24 Nov 2022 07:17:15 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 496
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: FKHRGzFXh3RjpWCoxHRtP+nGEbS+C5A3BXY7uqgQyEuc6BXdothS2GeSFAV0P1On99KfHD2771E=
x-amz-request-id: AR061CNBHZAD787C
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 24 Nov 2022 06:40:18 GMT
age: 2713
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 24 Nov 2022 07:25:31 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 24 Nov 2022 07:08:53 GMT
cache-control: public,max-age=3600
age: 999
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
eb52164d651f5f45416e873aec29eb04
405b29bb7e7cd4367cf82988f8603e53db65f139
ed885e05db822ff30fe951e10b6d4f21e574d053939afca792992a1549a15301

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3141
Cache-Control: max-age=95622
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 07:25:32 GMT
Etag: "637de2ad-1d7"
Expires: Fri, 25 Nov 2022 09:59:14 GMT
Last-Modified: Wed, 23 Nov 2022 09:06:53 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471

e1.o.lencr.org/

23.36.77.32

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
fe1f66d4690a18d1ae4d7e2ff1fa22ac
53d32f3e9cde3ee2ddc236f555798105fe837a7d
9aa7578b42e44784d65b7d1c4fdc352ef89c203448d6f32aafb83a0ab012d8ba

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "9AA7578B42E44784D65B7D1C4FDC352EF89C203448D6F32AAFB83A0AB012D8BA"
Last-Modified: Wed, 23 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10656
Expires: Thu, 24 Nov 2022 10:23:08 GMT
Date: Thu, 24 Nov 2022 07:25:32 GMT
Connection: keep-alive

e1.o.lencr.org/

23.36.77.32

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
fe1f66d4690a18d1ae4d7e2ff1fa22ac
53d32f3e9cde3ee2ddc236f555798105fe837a7d
9aa7578b42e44784d65b7d1c4fdc352ef89c203448d6f32aafb83a0ab012d8ba

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "9AA7578B42E44784D65B7D1C4FDC352EF89C203448D6F32AAFB83A0AB012D8BA"
Last-Modified: Wed, 23 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10779
Expires: Thu, 24 Nov 2022 10:25:11 GMT
Date: Thu, 24 Nov 2022 07:25:32 GMT
Connection: keep-alive

kabalservice.com/email-list/dropboxyteyt25/assets/logo.png

104.21.82.61

200 OK

10 kB

URL HTTP/2
kabalservice.com/email-list/dropboxyteyt25/assets/logo.png
IP
104.21.82.61:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 500 x 98, 8-bit/color RGBA, non-interlaced\012- data
Size
10 kB (10308 bytes)
Hash
0bcf55c4e7c4e4dce0263762f87fd3c3
84cda8e61741c4cd7707d2f10dffa9f8047250a9
cab58d8b45a1a683e1e9ee76208fd2b842d6f78f9140c9d438eb35b58453e70a

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing

HTTP Headers

GET /email-list/dropboxyteyt25/assets/logo.png HTTP/1.1
Host: kabalservice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 24 Nov 2022 07:25:32 GMT
content-type: image/png
content-length: 10308
last-modified: Wed, 27 Jul 2022 08:18:10 GMT
etag: "62e0f4c2-2844"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 225225
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6aMTsRQuHmaO9mKY2WOvVnuahYIsLPAjCRrT6qI%2FY05uvUb25433GLFAj7A%2BZwV1PNuL4B6NkjQPqM%2B65pxxHIZr2JYLyQeU18D7NmTbMZR5Bvg1xcuC5u2rtaguz5FyFeu9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f06948696cb523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

kabalservice.com/email-list/dropboxyteyt25/assets/aol.png

104.21.82.61

200 OK

608 B

URL HTTP/2
kabalservice.com/email-list/dropboxyteyt25/assets/aol.png
IP
104.21.82.61:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 44 x 18, 8-bit/color RGBA, non-interlaced\012- data
Size
608 B (608 bytes)
Hash
c34396b80a0d5471185208ffa9ff97ad
d47437998746e81a08ee647230d07da8300188bf
38e64fbeb524b7748d30fcf0c0e1a52f2994cbe0c036b3f2c2d1cdcf55219689

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing

HTTP Headers

GET /email-list/dropboxyteyt25/assets/aol.png HTTP/1.1
Host: kabalservice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 24 Nov 2022 07:25:32 GMT
content-type: image/png
content-length: 608
last-modified: Wed, 27 Jul 2022 08:18:05 GMT
etag: "62e0f4bd-260"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 225225
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kbpNMIlSWv3iYfnh4RuHW0vzZ17HNBk%2FBDAraVgENunilOlZYKuo2fdiwu2avIj%2BGZ2W9VP6S1qdVLwY2t0moWWf0OgPFQU8Kg4vnFkvwOrR3EO%2FspD%2BYHireVhVg2%2Fj2eSJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f06948696fb523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.77.32

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
fe1f66d4690a18d1ae4d7e2ff1fa22ac
53d32f3e9cde3ee2ddc236f555798105fe837a7d
9aa7578b42e44784d65b7d1c4fdc352ef89c203448d6f32aafb83a0ab012d8ba

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "9AA7578B42E44784D65B7D1C4FDC352EF89C203448D6F32AAFB83A0AB012D8BA"
Last-Modified: Wed, 23 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Thu, 24 Nov 2022 13:25:32 GMT
Date: Thu, 24 Nov 2022 07:25:32 GMT
Connection: keep-alive

e1.o.lencr.org/

23.36.77.32

200 OK

344 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
344 B (344 bytes)
Hash
d08d70dfa29b985b1f33772db708c3ed
6debedc5ce6b2266e699bca72eb09546da030b63
e24014560dea03482436858ebd01ccb0c6fc2a1e96b6ca993b3a687b991cfbd0

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "E24014560DEA03482436858EBD01CCB0C6FC2A1E96B6CA993B3A687B991CFBD0"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21588
Expires: Thu, 24 Nov 2022 13:25:20 GMT
Date: Thu, 24 Nov 2022 07:25:32 GMT
Connection: keep-alive

e1.o.lencr.org/

23.36.77.32

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
fe1f66d4690a18d1ae4d7e2ff1fa22ac
53d32f3e9cde3ee2ddc236f555798105fe837a7d
9aa7578b42e44784d65b7d1c4fdc352ef89c203448d6f32aafb83a0ab012d8ba

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "9AA7578B42E44784D65B7D1C4FDC352EF89C203448D6F32AAFB83A0AB012D8BA"
Last-Modified: Wed, 23 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Thu, 24 Nov 2022 13:25:32 GMT
Date: Thu, 24 Nov 2022 07:25:32 GMT
Connection: keep-alive

e1.o.lencr.org/

23.36.77.32

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
fe1f66d4690a18d1ae4d7e2ff1fa22ac
53d32f3e9cde3ee2ddc236f555798105fe837a7d
9aa7578b42e44784d65b7d1c4fdc352ef89c203448d6f32aafb83a0ab012d8ba

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "9AA7578B42E44784D65B7D1C4FDC352EF89C203448D6F32AAFB83A0AB012D8BA"
Last-Modified: Wed, 23 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Thu, 24 Nov 2022 13:25:32 GMT
Date: Thu, 24 Nov 2022 07:25:32 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4af780570d49b327d38dc189095448e9
1dd4193a2afeb237c5e475b603b1cbd137f7f97e
f25ef2e65d3c2acbba49b5d36c2fe37f8d404fa3b0ea5cdd6c93ac1685a6129a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 07:25:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

kabalservice.com/email-list/dropboxyteyt25/assets/other.png

104.21.82.61

200 OK

1.8 kB

URL HTTP/2
kabalservice.com/email-list/dropboxyteyt25/assets/other.png
IP
104.21.82.61:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 29 x 20, 8-bit/color RGBA, non-interlaced\012- data
Size
1.8 kB (1775 bytes)
Hash
a2bd4bcc517e1546247140c1a8be404d
63207b7abf46e980b8cb38dfb51421288b715340
79f1125dcdb1f9194d515a1da5fcd62db3cd89e4d50c5aa29fb7e10a293ac127

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing

HTTP Headers

GET /email-list/dropboxyteyt25/assets/other.png HTTP/1.1
Host: kabalservice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 24 Nov 2022 07:25:32 GMT
content-type: image/png
content-length: 1775
last-modified: Wed, 27 Jul 2022 08:18:05 GMT
etag: "62e0f4bd-6ef"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v0mpPvldnNTCftCsq1dboDd5WiOpRoWeKqAtLaKLOczKHWkdbI1uNfvYu6p7OgEk4GGDjhbjyIrRFgC4nu%2BWCT40UIUGhTC9Kd0C4Xgbq%2BltbXr0If%2FT37hQylQ8h4q2mUKM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f06948696bb523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js

216.58.207.202

200 OK

30 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP
216.58.207.202:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65451)
Size
30 kB (30399 bytes)
Hash
0f83cadc148d2ad7e53c91f6c4ee05bb
90035c5fffedf4b0f099465f6b929a030b46c92b
3f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae

HTTP Headers

GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Nov 2022 15:30:11 GMT
expires: Fri, 17 Nov 2023 15:30:11 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 575721
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

push.services.mozilla.com/

35.161.136.21

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.161.136.21:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: iUKV1xfzmtDgvjon+COuHA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 9CgSJW5C7l7tsCdm5FxsMozjwo4=

kabalservice.com/email-list/dropboxyteyt25/assets/source-sans-pro-v14-latin-600.woff2

104.21.82.61

200 OK

16 kB

URL HTTP/2
kabalservice.com/email-list/dropboxyteyt25/assets/source-sans-pro-v14-latin-600.woff2
IP
104.21.82.61:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 15948, version 1.0\012- data
Size
16 kB (15948 bytes)
Hash
c85615b296302af51e683eecb5e371d4
ff7c20b0947804c607759aa46eab666d94cf12ea
efb3cdc5e4582fd67dffab6fc6e5062074ce3f8c51747346af944e97749dc309

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing
fortinet	Phishing

HTTP Headers

GET /email-list/dropboxyteyt25/assets/source-sans-pro-v14-latin-600.woff2 HTTP/1.1
Host: kabalservice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app
Connection: keep-alive
Referer: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 24 Nov 2022 07:25:32 GMT
content-length: 15948
last-modified: Wed, 27 Jul 2022 08:18:09 GMT
etag: "3e4c-5e4c50ea5f240"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LkIAWjuDDeb0puzRDHpha9OqqHFyZuU%2ByLabSbSMJtu5%2FCE0qPhm8i7tCXO7Ac2L%2FcqhnYXgBX8i90mtJBYjcgspGS4CsOj1iwEoA53KOnO%2BqxEkWz%2B5Dx5TN7cPn6gY%2FWEW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f069487cfbb51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

kabalservice.com/email-list/dropboxyteyt25/assets/Atlas%20Grotesk%20Web%20Light%20Regular.woff2

104.21.82.61

200 OK

34 kB

URL HTTP/2
kabalservice.com/email-list/dropboxyteyt25/assets/Atlas%20Grotesk%20Web%20Light%20Regular.woff2
IP
104.21.82.61:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 34472, version 1.0\012- data
Size
34 kB (34472 bytes)
Hash
a997304362efdb4f8491ebfca7b30456
3895693e6aa4a64951409e6b2124772996891ec2
181c3b1c9746c07038d6a177d488bc404c1e317bcac535e2a8b824b283dba28a

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing
fortinet	Phishing

HTTP Headers

GET /email-list/dropboxyteyt25/assets/Atlas%20Grotesk%20Web%20Light%20Regular.woff2 HTTP/1.1
Host: kabalservice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app
Connection: keep-alive
Referer: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 24 Nov 2022 07:25:32 GMT
content-length: 34472
last-modified: Wed, 27 Jul 2022 08:18:11 GMT
etag: "86a8-5e4c50ec476c0"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Vayj52rpJxrHL9g0pwXX4Rof8H9Y468A12QT0a6u25d9CzH%2FSIPspAHk%2BazuMepiowTxctGIFiEZZ7rrTFo%2F6x68%2FBFIDRONgd5B37%2BlouTxEXoGkFj%2BQ1D8Ln4yWDxe%2FPz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f069486ceab51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

kabalservice.com/email-list/dropboxyteyt25/assets/1.png

104.21.82.61

200 OK

12 kB

URL HTTP/2
kabalservice.com/email-list/dropboxyteyt25/assets/1.png
IP
104.21.82.61:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 990 x 800, 8-bit colormap, non-interlaced\012- data
Size
12 kB (11697 bytes)
Hash
d439223bf727cdc34a52394e3666a07d
1b8b64be9eaf6ec1e0ad07af769e5135611d4d88
1f4ea5e61266b9cf8a513de2bab68553c98f697e77b695065a75f24c27fb6c72

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing

HTTP Headers

GET /email-list/dropboxyteyt25/assets/1.png HTTP/1.1
Host: kabalservice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 24 Nov 2022 07:25:32 GMT
content-type: image/png
content-length: 11697
last-modified: Wed, 27 Jul 2022 08:18:07 GMT
etag: "62e0f4bf-2db1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rl5T3UpbzmqyUJUDl2v025sb1Huq8015Zp4gFofazf2Wlb3dGj4eXFz8ZUzyUc1HO8xMSpKjeY2Q71S%2FD6rmzDMEH0ZFLv4A%2FE23CGWOG5rcgjtiTIe%2BQ7NGNUoEulFWt%2FIP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f06948a9cbb523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

kabalservice.com/email-list/dropboxyteyt25/assets/yahoo.png

104.21.82.61

200 OK

1.0 kB

URL HTTP/2
kabalservice.com/email-list/dropboxyteyt25/assets/yahoo.png
IP
104.21.82.61:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 65 x 18, 8-bit/color RGBA, non-interlaced\012- data
Size
1.0 kB (1025 bytes)
Hash
e6bcb5dfc5538d11bfe7380337b52dfd
c7a726d0f8d7246c127ebabf8a0e036167b64945
f4b303a7ed2422acd6a453103a4de290078485b90a0e214d5216a7411934e2e7

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing

HTTP Headers

GET /email-list/dropboxyteyt25/assets/yahoo.png HTTP/1.1
Host: kabalservice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 24 Nov 2022 07:25:32 GMT
content-type: image/png
content-length: 1025
last-modified: Wed, 27 Jul 2022 08:18:05 GMT
etag: "62e0f4bd-401"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z85LScdV7wSQ%2Br2eS6Tx9bQUUrAPn12L6dM%2BviSWKjFjyUCiaaQhsa8x%2F3vYPSSmnBliaLJpuVPzH%2B9l2bBpHsiFicL0WNSARELTXwlZnCsFpmIAErI1MgcJ1CC208bbB%2BPO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f06948a9d7b523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4af780570d49b327d38dc189095448e9
1dd4193a2afeb237c5e475b603b1cbd137f7f97e
f25ef2e65d3c2acbba49b5d36c2fe37f8d404fa3b0ea5cdd6c93ac1685a6129a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 07:25:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

kabalservice.com/email-list/dropboxyteyt25/assets/Atlas%20Grotesk%20Web%20Bold%20Regular.woff2

104.21.82.61

200 OK

36 kB

URL HTTP/2
kabalservice.com/email-list/dropboxyteyt25/assets/Atlas%20Grotesk%20Web%20Bold%20Regular.woff2
IP
104.21.82.61:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 35544, version 1.0\012- data
Size
36 kB (35544 bytes)
Hash
801b6ffe8d359ea9954eb5c4a3a05009
1a069ba7434fab9c819a06da11de873a6b9b348c
a0d1fe00f77c8077c7fd527a3568555479388e7061aa6f75cb06fca2a6e8c38c

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing
fortinet	Phishing

HTTP Headers

GET /email-list/dropboxyteyt25/assets/Atlas%20Grotesk%20Web%20Bold%20Regular.woff2 HTTP/1.1
Host: kabalservice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app
Connection: keep-alive
Referer: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 24 Nov 2022 07:25:32 GMT
content-length: 35544
last-modified: Wed, 27 Jul 2022 08:18:04 GMT
etag: "8ad8-5e4c50e59a700"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7hgS7WEpuR3a53WzAgO38iGcCKJW4V9zusew3kcmlFBTU%2B7Ke3e6DX1fGgBOybJm2eWJElV7wF%2BQYGZev2JtJYs6QIkfSTub82jSGK1nOzwflsEsS%2F3SKmtQJAys4lZoUpHA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f069488d12b51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

kabalservice.com/email-list/dropboxyteyt25/assets/source-sans-pro-v14-latin-600.woff

104.21.82.61

200 OK

20 kB

URL HTTP/2
kabalservice.com/email-list/dropboxyteyt25/assets/source-sans-pro-v14-latin-600.woff
IP
104.21.82.61:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format, TrueType, length 20096, version 1.1\012- data
Size
20 kB (20096 bytes)
Hash
a75563d7b9e5b1db163971b9a2e66216
f52ccc0bbce9d1e550790ea02639b36326764349
c08efa91781865d1a2e9fcb030f8ac55c2d8eadbf8822c2ea251556333f99d9c

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing
fortinet	Phishing

HTTP Headers

GET /email-list/dropboxyteyt25/assets/source-sans-pro-v14-latin-600.woff HTTP/1.1
Host: kabalservice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app
Connection: keep-alive
Referer: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 24 Nov 2022 07:25:33 GMT
content-type: font/woff
content-length: 20096
last-modified: Wed, 27 Jul 2022 08:18:06 GMT
etag: "62e0f4be-4e80"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OkG3EHrndZ9Cip%2B7C%2BBqmmwrlgvOPHMvmQM9S%2FwYPEgZLMQPluj%2Ft3a1Tz%2BoVGVchKB9PWWgXyyZZvjCo5iKO8krevHrYjh%2Fpy%2FmWammr9eRQZ5bpPRf3lbEt85sV9kdV8KE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f069491d94b51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

kabalservice.com/email-list/dropboxyteyt25/assets/Atlas%20Grotesk%20Web%20Light%20Regular.woff

104.21.82.61

200 OK

46 kB

URL HTTP/2
kabalservice.com/email-list/dropboxyteyt25/assets/Atlas%20Grotesk%20Web%20Light%20Regular.woff
IP
104.21.82.61:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format, TrueType, length 46212, version 1.1\012- data
Size
46 kB (46212 bytes)
Hash
707f848d48e67967202429057603066e
83f0d9c263d084977116238163f87ec0d03e919e
c95e0b24ee1e3ac362304dbe886af5ecc2b3ad49d828222bd794caead0d60e35

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing
fortinet	Phishing

HTTP Headers

GET /email-list/dropboxyteyt25/assets/Atlas%20Grotesk%20Web%20Light%20Regular.woff HTTP/1.1
Host: kabalservice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app
Connection: keep-alive
Referer: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 24 Nov 2022 07:25:33 GMT
content-type: font/woff
content-length: 46212
last-modified: Wed, 27 Jul 2022 08:18:08 GMT
etag: "62e0f4c0-b484"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8gH7Md5dnVdPPNTrhbwzTY9Lcriv%2BKSnlcW3Vuu4zeR%2Bf0oAGarljnhLY3sM9WwB5ERqmYqfnCNextwAmT7ml3XvbjCfepAWJDk2DM1Q%2FlYOFe3cZBYCsOnwrTAEOkW%2Ftmcr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f069491d8fb51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

kabalservice.com/email-list/dropboxyteyt25/assets/Atlas%20Grotesk%20Web%20Bold%20Regular.woff

104.21.82.61

200 OK

47 kB

URL HTTP/2
kabalservice.com/email-list/dropboxyteyt25/assets/Atlas%20Grotesk%20Web%20Bold%20Regular.woff
IP
104.21.82.61:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format, TrueType, length 46908, version 1.1\012- data
Size
47 kB (46908 bytes)
Hash
d67ec221e0e09f0b0387c11c3a79a1e4
be7d915868d39c6cbd658ea096201e14915997c3
e2468d7a58ebc5c4cb72e5d002543fdea18198e6cf53b4b10485047672c62b5e

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing
fortinet	Phishing

HTTP Headers

GET /email-list/dropboxyteyt25/assets/Atlas%20Grotesk%20Web%20Bold%20Regular.woff HTTP/1.1
Host: kabalservice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app
Connection: keep-alive
Referer: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 24 Nov 2022 07:25:33 GMT
content-type: font/woff
content-length: 46908
last-modified: Wed, 27 Jul 2022 08:18:03 GMT
etag: "62e0f4bb-b73c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y4XP8617BuwO%2F0CtIoWHKN9npyyIv7yLENgITfo0gxquxY01q4fgUB9w8BozBk9lRQh6JX3WPxQKYQQFPUf9VCm%2FZzrlG%2Ffn89WD5h%2BZJfVEMtr5F63NEpWsLDjRgGJpB0Vc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f069492daeb51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

i.ibb.co/TtTg9r7/icon.png

51.210.32.103

200 OK

60 kB

URL HTTP/2
i.ibb.co/TtTg9r7/icon.png
IP
51.210.32.103:0
ASN
#16276 OVH SAS

File type
PNG image data, 640 x 595, 8-bit/color RGBA, non-interlaced\012- data
Size
60 kB (59460 bytes)
Hash
173c517e1c57c6168628df4a4516a0e0
09f6bb7aecd71e6434ef3cf368322f2a02239541
32d2e58dc13623fff35bd2b5727fda4159d429c4f3061983b173166c951f0a03

HTTP Headers

GET /TtTg9r7/icon.png HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 24 Nov 2022 07:25:33 GMT
content-type: image/png
content-length: 59460
last-modified: Sun, 03 Jan 2021 16:24:39 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b75c00c21f5854618bc06d14b8d83c40
ae14f585ae9682e6c2fad146c12c00ee4d83e8f3
a8e7585e49b01a64520051f8d38f499c8cb82645e3d146e6ca34378eac684e69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2609
Expires: Thu, 24 Nov 2022 08:09:03 GMT
Date: Thu, 24 Nov 2022 07:25:34 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b75c00c21f5854618bc06d14b8d83c40
ae14f585ae9682e6c2fad146c12c00ee4d83e8f3
a8e7585e49b01a64520051f8d38f499c8cb82645e3d146e6ca34378eac684e69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2609
Expires: Thu, 24 Nov 2022 08:09:03 GMT
Date: Thu, 24 Nov 2022 07:25:34 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b75c00c21f5854618bc06d14b8d83c40
ae14f585ae9682e6c2fad146c12c00ee4d83e8f3
a8e7585e49b01a64520051f8d38f499c8cb82645e3d146e6ca34378eac684e69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2609
Expires: Thu, 24 Nov 2022 08:09:03 GMT
Date: Thu, 24 Nov 2022 07:25:34 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b75c00c21f5854618bc06d14b8d83c40
ae14f585ae9682e6c2fad146c12c00ee4d83e8f3
a8e7585e49b01a64520051f8d38f499c8cb82645e3d146e6ca34378eac684e69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2609
Expires: Thu, 24 Nov 2022 08:09:03 GMT
Date: Thu, 24 Nov 2022 07:25:34 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a16068e-5377-48a5-aaf5-19e46c86681d.jpeg

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a16068e-5377-48a5-aaf5-19e46c86681d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11447 bytes)
Hash
e091109c8f54cf23b221d8d0a35d6914
a67bdea6358146f7de38d6be37e9f69a8edd5f22
362dc1665e27a4307a7ce832019a6e5e3d8edb0d18db084e4dc9dd026ea68df4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a16068e-5377-48a5-aaf5-19e46c86681d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11447
x-amzn-requestid: fb600f6e-d936-4255-b79f-528d9cb8e729
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvYTEqyIAMFalg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5ce-2bc3102e268ccdff7f960289;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:03:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: flF0yRgk5BMItKbudaEq7iQgLJcCHd6WNsvqFr1uDAvI_EKyVkc4_w==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 07:15:33 GMT
age: 601
etag: "a67bdea6358146f7de38d6be37e9f69a8edd5f22"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

kabalservice.com/email-list/dropboxyteyt25/assets/office.svg

104.21.82.61

200 OK

13 kB

URL HTTP/2
kabalservice.com/email-list/dropboxyteyt25/assets/office.svg
IP
104.21.82.61:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text
Size
13 kB (12593 bytes)
Hash
7411adf25fb54e3e402c3a011aecc353
85ea67105a7fbd2164a98c2610c422fc59cc4553
c1bd74f60d85165b72f8a3c3796a7daa8e2c6054768ca5a474e9e223d6d9c04a

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing
fortinet	Phishing

HTTP Headers

GET /email-list/dropboxyteyt25/assets/office.svg HTTP/1.1
Host: kabalservice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 24 Nov 2022 07:25:32 GMT
content-type: image/svg+xml
last-modified: Wed, 27 Jul 2022 08:18:11 GMT
vary: Accept-Encoding
etag: W/"62e0f4c3-479"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 225225
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v5a3r5IWsle%2BLA4%2FXWCJzG1wrz5zAnF5glSWG8kOsggTIMNTeYv4LEhb4QPnwMs9FY2YZYSP1VmVf%2FOxiCp0QtviirygKvfg%2FUyfkXabiA4RUFO1Ok4Q8CdL2eyjMNANre5S"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f069485962b523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.0 kB (7993 bytes)
Hash
92c78302bcce1568eb6a5563100b932c
43d1dec7fc06879988c9c3cadd800cc8145df988
0dda9914306c8e3a7ea75eade8e762652d93907dd6c5a8cc81707d6d8098b60a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7993
x-amzn-requestid: 9f0ff853-4819-47cd-959d-658401ea5748
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvCsG5mIAMFqAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9211-1c48b9223684f2942f8dd42d;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:35:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 7YSXUV-LZpsI7vciFhuqt1EVr6YRkhxcOgMg8z8bxLcOE01_baf6Gg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:47:06 GMT
etag: "43d1dec7fc06879988c9c3cadd800cc8145df988"
content-type: image/jpeg
age: 34708
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

kabalservice.com/email-list/dropboxyteyt25/assets/outlook.svg

104.21.82.61

200 OK

5.8 kB

URL HTTP/2
kabalservice.com/email-list/dropboxyteyt25/assets/outlook.svg
IP
104.21.82.61:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text
Size
5.8 kB (5791 bytes)
Hash
cce87dcae8dbe312929a95dd591824dc
96029fef97bc6c9ca38f216cafcf9ae7efffed12
097cf21265fa1cdcae8416990e96fae6ac3d75ff0e14372f13d093a05be7a859

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing
fortinet	Phishing

HTTP Headers

GET /email-list/dropboxyteyt25/assets/outlook.svg HTTP/1.1
Host: kabalservice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 24 Nov 2022 07:25:32 GMT
content-type: image/svg+xml
last-modified: Wed, 27 Jul 2022 08:18:07 GMT
vary: Accept-Encoding
etag: W/"62e0f4bf-583"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 225225
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uOAVo%2Bpt2m5lPGLHEDuZuVPl2dDg8MzYD63m5eBmV3zQEEhRy0RmTqeLQLCILTfllihrmNbgu%2FNELZd2nVbzUlG0bkT9FXoJ9fhG209p%2Bpc1fDfYwjfgD6s4dp3rjsm6HSl%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f0694899bbb523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6dee69c-a683-4448-a26a-ed78ea0cb4a0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.6 kB (5553 bytes)
Hash
0b88331b5cbc633ee1ae21a77a983e92
acc9dd298e87e1079229d2c958ec088023603974
299e0c024f5209289e27aea403337e05ec7da447e706eee79aae6e982986faee

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6dee69c-a683-4448-a26a-ed78ea0cb4a0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5553
x-amzn-requestid: 203724f3-e044-4533-ae46-af79c11e5460
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b_c6lFucoAMFs7g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637c7510-4dad6a426642a025759eb363;Sampled=0
x-amzn-remapped-date: Tue, 22 Nov 2022 07:06:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: JRqctghettaL53ADxhP7pd9gib0TsC6RZI8ERQldNYuusuha5qohpg==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 07:08:12 GMT
age: 1042
etag: "acc9dd298e87e1079229d2c958ec088023603974"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac98a873-8b46-43f5-9ac0-fc1cc1a0cd81.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11249 bytes)
Hash
481c033b9ffd030ff0de6e35cf788b47
85d3baad9217af2b5d75c019d2ef95dbb919a788
02443c7869914c2b29892deb0c645395bcf4e8379da3cf20974614ff9c92893b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac98a873-8b46-43f5-9ac0-fc1cc1a0cd81.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11249
x-amzn-requestid: 65a3db77-b2e6-40b9-a776-021c2e9b56d0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bubSsHbZoAMFZNg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6375a5aa-1286b97968cc2e4c7fe8ab29;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 03:08:26 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: _j5ykGwKHIQEFLyuJK_OMvs-CsCvkUQhZc_YD8gAtbyOECQ894zvjw==
via: 1.1 38eecd3ca21bf068d69a2f9cfe668d14.cloudfront.net (CloudFront), 1.1 abbf2df97f9d83839470842dc2e68cb6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 05:46:02 GMT
age: 5972
etag: "85d3baad9217af2b5d75c019d2ef95dbb919a788"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/

147.75.33.214

200 OK

0 B

URL HTTP/2
s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/
IP
147.75.33.214:0
ASN
#54825 PACKET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	Dropbox, Inc.
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: nginx/1.21.3
date: Thu, 24 Nov 2022 07:25:32 GMT
content-type: text/html
x-ic-subnet-id: 5kdm2-62fc6-fwnja-hutkz-ycsnm-4z33i-woh43-4cenu-ev7mi-gii6t-4ae
x-ic-node-id: 4bxus-2eum2-iairr-vpwci-xoswm-ktyb5-3yxxo-ih4ye-etk6w-bub4s-qae
x-ic-canister-id: 00000000007023770101
ic-certificate: certificate=:2dn3o2R0cmVlgwGDAYMBgwJIY2FuaXN0ZXKDAYIEWCB361WDtZpNSnwyGSZ4NTrr2HoPfg1B0b8Bj3EiPuP9n4MBggRYIADx16ExLQB7KeCCTeWAKj6j1O4Ah+W5n3vGjrfKdyfEgwGCBFgggR6UnKsfAgfqtvz2GmXaIdGFYzL00ws+Rwv46OX6J/ODAYIEWCDvQRmiIP2Eg4fG62R5P8Zw7gfEi8IShZqU/j/iFSJb74MBggRYIKJMAJp0wGTtsXC2e/mHml3ZsyGOfYLOMwAyrYqAwlb7gwGDAYIEWCA1TVYLHYA2zU87hbaZmoS/iwTh+1xOg0vJeo9KqwX614MBgwGCBFggiwBzgU98lztjJFGbDOiQM1Jb+in87UtM3AwWS041yY6DAYIEWCCgYW0jSjcw7qSEcw2oZo+pShHgr9kX5du0jCeYvEoDY4MCSgAAAAAAcCN3AQGDAYMBgwGDAk5jZXJ0aWZpZWRfZGF0YYIDWCCRxx9lNMjrefY/Y6+T4oFLZCSLrcUJht4cJKTBNsnlw4IEWCCDxWvxTd49KN5mxpK1/J2X6d2YW2rXKw/m+E6KjfPcsoIEWCDwR+afFan49YUZxxXt4HwemJ8JLbvnr6DAhdVycBwokoIEWCBfluH1JoY1y6BRnQM7d2SdXvBwEokOw/974mWzLAIaMIIEWCBLXzQqa+G/gHL8LIjtibLGAdidO+uO48o19ftbWN0QTYIEWCAERxKNJsFecu1I4LqIoWB+PnTBdyCsXGo1hcF1LiPlV4IEWCBC9O5V7xMMo/wIhQN9Gphj9vELXXnGD+SXce6S+bTOBoIEWCBSDgpWFYnc8E5W0uP9286snrpS6nbto7yxYjY9ORwToIMBggRYIP0wDTfp0S4lr0srbNjBa0QuqcIKSNfdRFDPa3ZIqPybgwJEdGltZYIDSZe4zenbkJ2VF2lzaWduYXR1cmVYMIGzvVw7evzqQVVAZ+jZvcO9fK4S332TUcbVoDAPpaVCpvc/3foYJihCxlKA4ooBEmpkZWxlZ2F0aW9uomlzdWJuZXRfaWRYHUUXi2akB6TVnApNZzO9os4/N8ERtCV+xBkI9PgCa2NlcnRpZmljYXRlWQJX2dn3omR0cmVlgwGCBFggF1NdF/SWTgvoqSN0vsBnql03rYCx1GcMcNXRAr4qtYeDAYMCRnN1Ym5ldIMBgwGDAYIEWCAmf+VREbVuPDl1Uy6jNz97cun4IHL+jmB+00SGR4pbOYMBggRYIEZqcChs+azpgBylPiKvbuBZoJT9YEmGBtSEtoVAWDB9gwGCBFggvnKkxm3I5+VWamHMo//+m0k6zj1MAHGqxsSSFsdkQpqDAYMCWB1FF4tmpAek1ZwKTWczvaLOPzfBEbQlfsQZCPT4AoMBgwJPY2FuaXN0ZXJfcmFuZ2VzggNYG9nZ94GCSgAAAAAAcAAAAQFKAAAAAAB///8BAYMCSnB1YmxpY19rZXmCA1iFMIGCMB0GDSsGAQQBgtx8BQMBAgEGDCsGAQQBgtx8BQMCAQNhAJVfUvc8LexZpjeylOULk0211t4p5zu8+E59hqSsQbrXtTn5gXreiRaWHZ3Wv5JXAQ1YVxVuj+aq/Pb9BoeV5wvTOZs0ETAMnMyOug0GjBDkz7b04n0ZWx6teF1hjrOTuYIEWCAAm+bqf6+s6PfCS94lWkfuSudBPVAeM77aP3K1oe9ONoIEWCBKHXbAjmQuPbaYLmZTvoxzbydaJKwiEINDCy1bRBznVIIEWCAthWu6e2yAFxzo5dEhu35EULNWWmRNkTXp/liEKBwfuYMCRHRpbWWCA0mrgsH6ksGOlRdpc2lnbmF0dXJlWDCk9gwlpwHyYp6UNmx5MFN+7lipRHJNfP7h+dB9lNrNmRoK2tt0q6cQ96wFCc3SCeM=:, tree=:2dn3gwJLaHR0cF9hc3NldHODAYMBgwGDAkkvQU9MLmh0bWyCBFgg8KBs+TXrPH6bkmlCeFiPTIn73OrLX2aBGJn8z6tJJN2CBFgg/6KCnFlD40RBMS0e870W9aDJVjoIfake/Wun+kHwNduCBFggzOftXe2zBBkhE/RVyZM2W2YwKmRg+Y8DmrV4hUCVKfuDAYIEWCCusBHzAzVsoQnClGwJKATpIHMw5RaRDj20JYf3PkWgwYMBggRYIKzdQov/YFqoDksZYPoz22eAq3kBg1G+pBS8t7lYL8JSgwGCBFgghpzacqIIeJai8Fb4VyKdcLtmKaF8o+0KwREI6lOJICeDAksvaW5kZXguaHRtbIIDWCBVcgVIoY2s7Isf/oiGy6SOsG4wpNzywSRZ1dXzO/TTnA==:
access-control-allow-origin: *
access-control-allow-methods: HEAD, GET, POST, OPTIONS
access-control-allow-credentials: true
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-None-Match,If-Modified-Since,Cache-Control,Content-Type,Range,Cookie
access-control-expose-headers: Accept-Ranges,Content-Length,Content-Range
access-control-max-age: 600
content-encoding: gzip
X-Firefox-Spdy: h2

kabalservice.com/email-list/dropboxyteyt25/assets/search.svg

104.21.82.61

200 OK

0 B

URL HTTP/2
kabalservice.com/email-list/dropboxyteyt25/assets/search.svg
IP
104.21.82.61:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	Generic/Spear Phishing
fortinet	Phishing

HTTP Headers

GET /email-list/dropboxyteyt25/assets/search.svg HTTP/1.1
Host: kabalservice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 24 Nov 2022 07:25:32 GMT
content-type: image/svg+xml
last-modified: Wed, 27 Jul 2022 08:18:08 GMT
vary: Accept-Encoding
etag: W/"62e0f4c0-626"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m9ehnBv4sx45PSmR4HMMdKo%2FxGFBKcr%2FlDr9I8kUU5GqIivha%2BQYIJAB68eFgclaFUL0IhSfCBR03fwIIDThOot3rN3yRey49%2F4YyFlcek9a3wStP71d2iUjdv8RuStcJ%2F4e"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f069486969b523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (42)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash