| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashdfb72f04bd7a4410640c0543bb4bd402 7c63b7e220b337b6a4f39864e11d6aa9e26c38ac b7f7a4d355ed3b847a5e28f16030d5cbc715d47326aea20f292cd76dcaf59794
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B7F7A4D355ED3B847A5E28F16030D5CBC715D47326AEA20F292CD76DCAF59794"
Last-Modified: Mon, 21 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16034
Expires: Thu, 24 Nov 2022 11:52:45 GMT
Date: Thu, 24 Nov 2022 07:25:31 GMT
Connection: keep-alive
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 471 B |
IP93.184.220.29:0
Hash770d09773b5f304acf141fd66a4862b4 5ddc46ab75de26c858a9a6f6d1beaaec9bb181f5 c7bcc6928fa1c0bb225ce8a2f6badd6cb1bd6ea002fb808ed34e8dafbd7b3b26
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 823
Cache-Control: max-age=98368
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 07:25:31 GMT
Etag: "637df674-1d7"
Expires: Fri, 25 Nov 2022 10:44:59 GMT
Last-Modified: Wed, 23 Nov 2022 10:31:16 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash054ff0d1a0a43f7cb1d78dbd34e27f99 3caf54f3de1d6a8c6f6454083f8b8e7dec77db54 fcdcef8306ae31f20c366489e1f88aa40b08f154d25d45f4055c4f8cdef47634
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FCDCEF8306AE31F20C366489E1F88AA40B08F154D25D45F4055C4F8CDEF47634"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18423
Expires: Thu, 24 Nov 2022 12:32:34 GMT
Date: Thu, 24 Nov 2022 07:25:31 GMT
Connection: keep-alive
|
|
| firefox.settings.services.mozilla.com/v1/ | 34.102.187.140 | 200 OK | 939 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/ IP34.102.187.140:0
File typeJSON data\012- , ASCII text, with very long lines (939), with no line terminators Hashd130218d0e2841f39c99610fe1a2ab90 29fbe1e177ee55c7a61ae0a206afff271cf5f945 6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 24 Nov 2022 07:17:15 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 496
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain | 34.160.144.191 | 200 OK | 5.3 kB |
URL HTTP/2content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain IP34.160.144.191:0
File typePEM certificate\012- , ASCII text Hash9ebddc2b260d081ebbefee47c037cb28 492bad62a7ca6a74738921ef5ae6f0be5edebf39 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: FKHRGzFXh3RjpWCoxHRtP+nGEbS+C5A3BXY7uqgQyEuc6BXdothS2GeSFAV0P1On99KfHD2771E=
x-amz-request-id: AR061CNBHZAD787C
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 24 Nov 2022 06:40:18 GMT
age: 2713
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| contile.services.mozilla.com/v1/tiles | 34.117.237.239 | 200 OK | 12 B |
URL HTTP/2contile.services.mozilla.com/v1/tiles IP34.117.237.239:0
File typeJSON data\012- , ASCII text, with no line terminators Hash23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 24 Nov 2022 07:25:31 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US | 34.102.187.140 | 200 OK | 329 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP34.102.187.140:0
File typeJSON data\012- , ASCII text, with very long lines (329), with no line terminators Hash0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 24 Nov 2022 07:08:53 GMT
cache-control: public,max-age=3600
age: 999
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 471 B |
IP93.184.220.29:0
Hasheb52164d651f5f45416e873aec29eb04 405b29bb7e7cd4367cf82988f8603e53db65f139 ed885e05db822ff30fe951e10b6d4f21e574d053939afca792992a1549a15301
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3141
Cache-Control: max-age=95622
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 07:25:32 GMT
Etag: "637de2ad-1d7"
Expires: Fri, 25 Nov 2022 09:59:14 GMT
Last-Modified: Wed, 23 Nov 2022 09:06:53 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
|
|
| e1.o.lencr.org/ | 23.36.77.32 | 200 OK | 345 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashfe1f66d4690a18d1ae4d7e2ff1fa22ac 53d32f3e9cde3ee2ddc236f555798105fe837a7d 9aa7578b42e44784d65b7d1c4fdc352ef89c203448d6f32aafb83a0ab012d8ba
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "9AA7578B42E44784D65B7D1C4FDC352EF89C203448D6F32AAFB83A0AB012D8BA"
Last-Modified: Wed, 23 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10656
Expires: Thu, 24 Nov 2022 10:23:08 GMT
Date: Thu, 24 Nov 2022 07:25:32 GMT
Connection: keep-alive
|
|
| e1.o.lencr.org/ | 23.36.77.32 | 200 OK | 345 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashfe1f66d4690a18d1ae4d7e2ff1fa22ac 53d32f3e9cde3ee2ddc236f555798105fe837a7d 9aa7578b42e44784d65b7d1c4fdc352ef89c203448d6f32aafb83a0ab012d8ba
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "9AA7578B42E44784D65B7D1C4FDC352EF89C203448D6F32AAFB83A0AB012D8BA"
Last-Modified: Wed, 23 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10779
Expires: Thu, 24 Nov 2022 10:25:11 GMT
Date: Thu, 24 Nov 2022 07:25:32 GMT
Connection: keep-alive
|
|
| kabalservice.com/email-list/dropboxyteyt25/assets/logo.png | 104.21.82.61 | 200 OK | 10 kB |
URL HTTP/2kabalservice.com/email-list/dropboxyteyt25/assets/logo.png IP104.21.82.61:0
File typePNG image data, 500 x 98, 8-bit/color RGBA, non-interlaced\012- data Hash0bcf55c4e7c4e4dce0263762f87fd3c3 84cda8e61741c4cd7707d2f10dffa9f8047250a9 cab58d8b45a1a683e1e9ee76208fd2b842d6f78f9140c9d438eb35b58453e70a
Analyzer | Verdict | Alert | openphish | Generic/Spear Phishing | |
GET /email-list/dropboxyteyt25/assets/logo.png HTTP/1.1
Host: kabalservice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 07:25:32 GMT
content-type: image/png
content-length: 10308
last-modified: Wed, 27 Jul 2022 08:18:10 GMT
etag: "62e0f4c2-2844"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 225225
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6aMTsRQuHmaO9mKY2WOvVnuahYIsLPAjCRrT6qI%2FY05uvUb25433GLFAj7A%2BZwV1PNuL4B6NkjQPqM%2B65pxxHIZr2JYLyQeU18D7NmTbMZR5Bvg1xcuC5u2rtaguz5FyFeu9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f06948696cb523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| kabalservice.com/email-list/dropboxyteyt25/assets/aol.png | 104.21.82.61 | 200 OK | 608 B |
URL HTTP/2kabalservice.com/email-list/dropboxyteyt25/assets/aol.png IP104.21.82.61:0
File typePNG image data, 44 x 18, 8-bit/color RGBA, non-interlaced\012- data Hashc34396b80a0d5471185208ffa9ff97ad d47437998746e81a08ee647230d07da8300188bf 38e64fbeb524b7748d30fcf0c0e1a52f2994cbe0c036b3f2c2d1cdcf55219689
Analyzer | Verdict | Alert | openphish | Generic/Spear Phishing | |
GET /email-list/dropboxyteyt25/assets/aol.png HTTP/1.1
Host: kabalservice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 07:25:32 GMT
content-type: image/png
content-length: 608
last-modified: Wed, 27 Jul 2022 08:18:05 GMT
etag: "62e0f4bd-260"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 225225
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kbpNMIlSWv3iYfnh4RuHW0vzZ17HNBk%2FBDAraVgENunilOlZYKuo2fdiwu2avIj%2BGZ2W9VP6S1qdVLwY2t0moWWf0OgPFQU8Kg4vnFkvwOrR3EO%2FspD%2BYHireVhVg2%2Fj2eSJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f06948696fb523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| e1.o.lencr.org/ | 23.36.77.32 | 200 OK | 345 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashfe1f66d4690a18d1ae4d7e2ff1fa22ac 53d32f3e9cde3ee2ddc236f555798105fe837a7d 9aa7578b42e44784d65b7d1c4fdc352ef89c203448d6f32aafb83a0ab012d8ba
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "9AA7578B42E44784D65B7D1C4FDC352EF89C203448D6F32AAFB83A0AB012D8BA"
Last-Modified: Wed, 23 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Thu, 24 Nov 2022 13:25:32 GMT
Date: Thu, 24 Nov 2022 07:25:32 GMT
Connection: keep-alive
|
|
| e1.o.lencr.org/ | 23.36.77.32 | 200 OK | 344 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashd08d70dfa29b985b1f33772db708c3ed 6debedc5ce6b2266e699bca72eb09546da030b63 e24014560dea03482436858ebd01ccb0c6fc2a1e96b6ca993b3a687b991cfbd0
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "E24014560DEA03482436858EBD01CCB0C6FC2A1E96B6CA993B3A687B991CFBD0"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21588
Expires: Thu, 24 Nov 2022 13:25:20 GMT
Date: Thu, 24 Nov 2022 07:25:32 GMT
Connection: keep-alive
|
|
| e1.o.lencr.org/ | 23.36.77.32 | 200 OK | 345 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashfe1f66d4690a18d1ae4d7e2ff1fa22ac 53d32f3e9cde3ee2ddc236f555798105fe837a7d 9aa7578b42e44784d65b7d1c4fdc352ef89c203448d6f32aafb83a0ab012d8ba
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "9AA7578B42E44784D65B7D1C4FDC352EF89C203448D6F32AAFB83A0AB012D8BA"
Last-Modified: Wed, 23 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Thu, 24 Nov 2022 13:25:32 GMT
Date: Thu, 24 Nov 2022 07:25:32 GMT
Connection: keep-alive
|
|
| e1.o.lencr.org/ | 23.36.77.32 | 200 OK | 345 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashfe1f66d4690a18d1ae4d7e2ff1fa22ac 53d32f3e9cde3ee2ddc236f555798105fe837a7d 9aa7578b42e44784d65b7d1c4fdc352ef89c203448d6f32aafb83a0ab012d8ba
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "9AA7578B42E44784D65B7D1C4FDC352EF89C203448D6F32AAFB83A0AB012D8BA"
Last-Modified: Wed, 23 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Thu, 24 Nov 2022 13:25:32 GMT
Date: Thu, 24 Nov 2022 07:25:32 GMT
Connection: keep-alive
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 472 B |
IP142.250.74.3:0
Hash4af780570d49b327d38dc189095448e9 1dd4193a2afeb237c5e475b603b1cbd137f7f97e f25ef2e65d3c2acbba49b5d36c2fe37f8d404fa3b0ea5cdd6c93ac1685a6129a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 07:25:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| kabalservice.com/email-list/dropboxyteyt25/assets/other.png | 104.21.82.61 | 200 OK | 1.8 kB |
URL HTTP/2kabalservice.com/email-list/dropboxyteyt25/assets/other.png IP104.21.82.61:0
File typePNG image data, 29 x 20, 8-bit/color RGBA, non-interlaced\012- data Hasha2bd4bcc517e1546247140c1a8be404d 63207b7abf46e980b8cb38dfb51421288b715340 79f1125dcdb1f9194d515a1da5fcd62db3cd89e4d50c5aa29fb7e10a293ac127
Analyzer | Verdict | Alert | openphish | Generic/Spear Phishing | |
GET /email-list/dropboxyteyt25/assets/other.png HTTP/1.1
Host: kabalservice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Nov 2022 07:25:32 GMT
content-type: image/png
content-length: 1775
last-modified: Wed, 27 Jul 2022 08:18:05 GMT
etag: "62e0f4bd-6ef"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v0mpPvldnNTCftCsq1dboDd5WiOpRoWeKqAtLaKLOczKHWkdbI1uNfvYu6p7OgEk4GGDjhbjyIrRFgC4nu%2BWCT40UIUGhTC9Kd0C4Xgbq%2BltbXr0If%2FT37hQylQ8h4q2mUKM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f06948696bb523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js | 216.58.207.202 | 200 OK | 30 kB |
URL HTTP/2ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js IP216.58.207.202:0
File typeASCII text, with very long lines (65451) Hash0f83cadc148d2ad7e53c91f6c4ee05bb 90035c5fffedf4b0f099465f6b929a030b46c92b 3f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae
GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Nov 2022 15:30:11 GMT
expires: Fri, 17 Nov 2023 15:30:11 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 575721
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| push.services.mozilla.com/ | 35.161.136.21 | 101 Switching Protocols | 0 B |
URL HTTP/1.1push.services.mozilla.com/ IP35.161.136.21:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: iUKV1xfzmtDgvjon+COuHA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 9CgSJW5C7l7tsCdm5FxsMozjwo4=
|
|
| kabalservice.com/email-list/dropboxyteyt25/assets/source-sans-pro-v14-latin-600.woff2 | 104.21.82.61 | 200 OK | 16 kB |
URL HTTP/2kabalservice.com/email-list/dropboxyteyt25/assets/source-sans-pro-v14-latin-600.woff2 IP104.21.82.61:0
File typeWeb Open Font Format (Version 2), TrueType, length 15948, version 1.0\012- data Hashc85615b296302af51e683eecb5e371d4 ff7c20b0947804c607759aa46eab666d94cf12ea efb3cdc5e4582fd67dffab6fc6e5062074ce3f8c51747346af944e97749dc309
Analyzer | Verdict | Alert | openphish | Generic/Spear Phishing | | fortinet | Phishing | |
GET /email-list/dropboxyteyt25/assets/source-sans-pro-v14-latin-600.woff2 HTTP/1.1
Host: kabalservice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app
Connection: keep-alive
Referer: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 07:25:32 GMT
content-length: 15948
last-modified: Wed, 27 Jul 2022 08:18:09 GMT
etag: "3e4c-5e4c50ea5f240"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LkIAWjuDDeb0puzRDHpha9OqqHFyZuU%2ByLabSbSMJtu5%2FCE0qPhm8i7tCXO7Ac2L%2FcqhnYXgBX8i90mtJBYjcgspGS4CsOj1iwEoA53KOnO%2BqxEkWz%2B5Dx5TN7cPn6gY%2FWEW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f069487cfbb51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| kabalservice.com/email-list/dropboxyteyt25/assets/Atlas%20Grotesk%20Web%20Light%20Regular.woff2 | 104.21.82.61 | 200 OK | 34 kB |
URL HTTP/2kabalservice.com/email-list/dropboxyteyt25/assets/Atlas%20Grotesk%20Web%20Light%20Regular.woff2 IP104.21.82.61:0
File typeWeb Open Font Format (Version 2), TrueType, length 34472, version 1.0\012- data Hasha997304362efdb4f8491ebfca7b30456 3895693e6aa4a64951409e6b2124772996891ec2 181c3b1c9746c07038d6a177d488bc404c1e317bcac535e2a8b824b283dba28a
Analyzer | Verdict | Alert | openphish | Generic/Spear Phishing | | fortinet | Phishing | |
GET /email-list/dropboxyteyt25/assets/Atlas%20Grotesk%20Web%20Light%20Regular.woff2 HTTP/1.1
Host: kabalservice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app
Connection: keep-alive
Referer: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 07:25:32 GMT
content-length: 34472
last-modified: Wed, 27 Jul 2022 08:18:11 GMT
etag: "86a8-5e4c50ec476c0"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Vayj52rpJxrHL9g0pwXX4Rof8H9Y468A12QT0a6u25d9CzH%2FSIPspAHk%2BazuMepiowTxctGIFiEZZ7rrTFo%2F6x68%2FBFIDRONgd5B37%2BlouTxEXoGkFj%2BQ1D8Ln4yWDxe%2FPz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f069486ceab51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| kabalservice.com/email-list/dropboxyteyt25/assets/1.png | 104.21.82.61 | 200 OK | 12 kB |
URL HTTP/2kabalservice.com/email-list/dropboxyteyt25/assets/1.png IP104.21.82.61:0
File typePNG image data, 990 x 800, 8-bit colormap, non-interlaced\012- data Hashd439223bf727cdc34a52394e3666a07d 1b8b64be9eaf6ec1e0ad07af769e5135611d4d88 1f4ea5e61266b9cf8a513de2bab68553c98f697e77b695065a75f24c27fb6c72
Analyzer | Verdict | Alert | openphish | Generic/Spear Phishing | |
GET /email-list/dropboxyteyt25/assets/1.png HTTP/1.1
Host: kabalservice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 07:25:32 GMT
content-type: image/png
content-length: 11697
last-modified: Wed, 27 Jul 2022 08:18:07 GMT
etag: "62e0f4bf-2db1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rl5T3UpbzmqyUJUDl2v025sb1Huq8015Zp4gFofazf2Wlb3dGj4eXFz8ZUzyUc1HO8xMSpKjeY2Q71S%2FD6rmzDMEH0ZFLv4A%2FE23CGWOG5rcgjtiTIe%2BQ7NGNUoEulFWt%2FIP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f06948a9cbb523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| kabalservice.com/email-list/dropboxyteyt25/assets/yahoo.png | 104.21.82.61 | 200 OK | 1.0 kB |
URL HTTP/2kabalservice.com/email-list/dropboxyteyt25/assets/yahoo.png IP104.21.82.61:0
File typePNG image data, 65 x 18, 8-bit/color RGBA, non-interlaced\012- data Hashe6bcb5dfc5538d11bfe7380337b52dfd c7a726d0f8d7246c127ebabf8a0e036167b64945 f4b303a7ed2422acd6a453103a4de290078485b90a0e214d5216a7411934e2e7
Analyzer | Verdict | Alert | openphish | Generic/Spear Phishing | |
GET /email-list/dropboxyteyt25/assets/yahoo.png HTTP/1.1
Host: kabalservice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 07:25:32 GMT
content-type: image/png
content-length: 1025
last-modified: Wed, 27 Jul 2022 08:18:05 GMT
etag: "62e0f4bd-401"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z85LScdV7wSQ%2Br2eS6Tx9bQUUrAPn12L6dM%2BviSWKjFjyUCiaaQhsa8x%2F3vYPSSmnBliaLJpuVPzH%2B9l2bBpHsiFicL0WNSARELTXwlZnCsFpmIAErI1MgcJ1CC208bbB%2BPO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f06948a9d7b523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 472 B |
IP142.250.74.3:0
Hash4af780570d49b327d38dc189095448e9 1dd4193a2afeb237c5e475b603b1cbd137f7f97e f25ef2e65d3c2acbba49b5d36c2fe37f8d404fa3b0ea5cdd6c93ac1685a6129a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 07:25:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| kabalservice.com/email-list/dropboxyteyt25/assets/Atlas%20Grotesk%20Web%20Bold%20Regular.woff2 | 104.21.82.61 | 200 OK | 36 kB |
URL HTTP/2kabalservice.com/email-list/dropboxyteyt25/assets/Atlas%20Grotesk%20Web%20Bold%20Regular.woff2 IP104.21.82.61:0
File typeWeb Open Font Format (Version 2), TrueType, length 35544, version 1.0\012- data Hash801b6ffe8d359ea9954eb5c4a3a05009 1a069ba7434fab9c819a06da11de873a6b9b348c a0d1fe00f77c8077c7fd527a3568555479388e7061aa6f75cb06fca2a6e8c38c
Analyzer | Verdict | Alert | openphish | Generic/Spear Phishing | | fortinet | Phishing | |
GET /email-list/dropboxyteyt25/assets/Atlas%20Grotesk%20Web%20Bold%20Regular.woff2 HTTP/1.1
Host: kabalservice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app
Connection: keep-alive
Referer: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 07:25:32 GMT
content-length: 35544
last-modified: Wed, 27 Jul 2022 08:18:04 GMT
etag: "8ad8-5e4c50e59a700"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7hgS7WEpuR3a53WzAgO38iGcCKJW4V9zusew3kcmlFBTU%2B7Ke3e6DX1fGgBOybJm2eWJElV7wF%2BQYGZev2JtJYs6QIkfSTub82jSGK1nOzwflsEsS%2F3SKmtQJAys4lZoUpHA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f069488d12b51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| kabalservice.com/email-list/dropboxyteyt25/assets/source-sans-pro-v14-latin-600.woff | 104.21.82.61 | 200 OK | 20 kB |
URL HTTP/2kabalservice.com/email-list/dropboxyteyt25/assets/source-sans-pro-v14-latin-600.woff IP104.21.82.61:0
File typeWeb Open Font Format, TrueType, length 20096, version 1.1\012- data Hasha75563d7b9e5b1db163971b9a2e66216 f52ccc0bbce9d1e550790ea02639b36326764349 c08efa91781865d1a2e9fcb030f8ac55c2d8eadbf8822c2ea251556333f99d9c
Analyzer | Verdict | Alert | openphish | Generic/Spear Phishing | | fortinet | Phishing | |
GET /email-list/dropboxyteyt25/assets/source-sans-pro-v14-latin-600.woff HTTP/1.1
Host: kabalservice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app
Connection: keep-alive
Referer: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Nov 2022 07:25:33 GMT
content-type: font/woff
content-length: 20096
last-modified: Wed, 27 Jul 2022 08:18:06 GMT
etag: "62e0f4be-4e80"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OkG3EHrndZ9Cip%2B7C%2BBqmmwrlgvOPHMvmQM9S%2FwYPEgZLMQPluj%2Ft3a1Tz%2BoVGVchKB9PWWgXyyZZvjCo5iKO8krevHrYjh%2Fpy%2FmWammr9eRQZ5bpPRf3lbEt85sV9kdV8KE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f069491d94b51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| kabalservice.com/email-list/dropboxyteyt25/assets/Atlas%20Grotesk%20Web%20Light%20Regular.woff | 104.21.82.61 | 200 OK | 46 kB |
URL HTTP/2kabalservice.com/email-list/dropboxyteyt25/assets/Atlas%20Grotesk%20Web%20Light%20Regular.woff IP104.21.82.61:0
File typeWeb Open Font Format, TrueType, length 46212, version 1.1\012- data Hash707f848d48e67967202429057603066e 83f0d9c263d084977116238163f87ec0d03e919e c95e0b24ee1e3ac362304dbe886af5ecc2b3ad49d828222bd794caead0d60e35
Analyzer | Verdict | Alert | openphish | Generic/Spear Phishing | | fortinet | Phishing | |
GET /email-list/dropboxyteyt25/assets/Atlas%20Grotesk%20Web%20Light%20Regular.woff HTTP/1.1
Host: kabalservice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app
Connection: keep-alive
Referer: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Nov 2022 07:25:33 GMT
content-type: font/woff
content-length: 46212
last-modified: Wed, 27 Jul 2022 08:18:08 GMT
etag: "62e0f4c0-b484"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8gH7Md5dnVdPPNTrhbwzTY9Lcriv%2BKSnlcW3Vuu4zeR%2Bf0oAGarljnhLY3sM9WwB5ERqmYqfnCNextwAmT7ml3XvbjCfepAWJDk2DM1Q%2FlYOFe3cZBYCsOnwrTAEOkW%2Ftmcr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f069491d8fb51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| kabalservice.com/email-list/dropboxyteyt25/assets/Atlas%20Grotesk%20Web%20Bold%20Regular.woff | 104.21.82.61 | 200 OK | 47 kB |
URL HTTP/2kabalservice.com/email-list/dropboxyteyt25/assets/Atlas%20Grotesk%20Web%20Bold%20Regular.woff IP104.21.82.61:0
File typeWeb Open Font Format, TrueType, length 46908, version 1.1\012- data Hashd67ec221e0e09f0b0387c11c3a79a1e4 be7d915868d39c6cbd658ea096201e14915997c3 e2468d7a58ebc5c4cb72e5d002543fdea18198e6cf53b4b10485047672c62b5e
Analyzer | Verdict | Alert | openphish | Generic/Spear Phishing | | fortinet | Phishing | |
GET /email-list/dropboxyteyt25/assets/Atlas%20Grotesk%20Web%20Bold%20Regular.woff HTTP/1.1
Host: kabalservice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app
Connection: keep-alive
Referer: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Nov 2022 07:25:33 GMT
content-type: font/woff
content-length: 46908
last-modified: Wed, 27 Jul 2022 08:18:03 GMT
etag: "62e0f4bb-b73c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y4XP8617BuwO%2F0CtIoWHKN9npyyIv7yLENgITfo0gxquxY01q4fgUB9w8BozBk9lRQh6JX3WPxQKYQQFPUf9VCm%2FZzrlG%2Ffn89WD5h%2BZJfVEMtr5F63NEpWsLDjRgGJpB0Vc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f069492daeb51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| i.ibb.co/TtTg9r7/icon.png | 51.210.32.103 | 200 OK | 60 kB |
URL HTTP/2i.ibb.co/TtTg9r7/icon.png IP51.210.32.103:0
File typePNG image data, 640 x 595, 8-bit/color RGBA, non-interlaced\012- data Hash173c517e1c57c6168628df4a4516a0e0 09f6bb7aecd71e6434ef3cf368322f2a02239541 32d2e58dc13623fff35bd2b5727fda4159d429c4f3061983b173166c951f0a03
GET /TtTg9r7/icon.png HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 24 Nov 2022 07:25:33 GMT
content-type: image/png
content-length: 59460
last-modified: Sun, 03 Jan 2021 16:24:39 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashb75c00c21f5854618bc06d14b8d83c40 ae14f585ae9682e6c2fad146c12c00ee4d83e8f3 a8e7585e49b01a64520051f8d38f499c8cb82645e3d146e6ca34378eac684e69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2609
Expires: Thu, 24 Nov 2022 08:09:03 GMT
Date: Thu, 24 Nov 2022 07:25:34 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashb75c00c21f5854618bc06d14b8d83c40 ae14f585ae9682e6c2fad146c12c00ee4d83e8f3 a8e7585e49b01a64520051f8d38f499c8cb82645e3d146e6ca34378eac684e69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2609
Expires: Thu, 24 Nov 2022 08:09:03 GMT
Date: Thu, 24 Nov 2022 07:25:34 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashb75c00c21f5854618bc06d14b8d83c40 ae14f585ae9682e6c2fad146c12c00ee4d83e8f3 a8e7585e49b01a64520051f8d38f499c8cb82645e3d146e6ca34378eac684e69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2609
Expires: Thu, 24 Nov 2022 08:09:03 GMT
Date: Thu, 24 Nov 2022 07:25:34 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashb75c00c21f5854618bc06d14b8d83c40 ae14f585ae9682e6c2fad146c12c00ee4d83e8f3 a8e7585e49b01a64520051f8d38f499c8cb82645e3d146e6ca34378eac684e69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2609
Expires: Thu, 24 Nov 2022 08:09:03 GMT
Date: Thu, 24 Nov 2022 07:25:34 GMT
Connection: keep-alive
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a16068e-5377-48a5-aaf5-19e46c86681d.jpeg | 34.120.237.76 | 200 OK | 11 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a16068e-5377-48a5-aaf5-19e46c86681d.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashe091109c8f54cf23b221d8d0a35d6914 a67bdea6358146f7de38d6be37e9f69a8edd5f22 362dc1665e27a4307a7ce832019a6e5e3d8edb0d18db084e4dc9dd026ea68df4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a16068e-5377-48a5-aaf5-19e46c86681d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11447
x-amzn-requestid: fb600f6e-d936-4255-b79f-528d9cb8e729
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvYTEqyIAMFalg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5ce-2bc3102e268ccdff7f960289;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:03:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: flF0yRgk5BMItKbudaEq7iQgLJcCHd6WNsvqFr1uDAvI_EKyVkc4_w==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 07:15:33 GMT
age: 601
etag: "a67bdea6358146f7de38d6be37e9f69a8edd5f22"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| kabalservice.com/email-list/dropboxyteyt25/assets/office.svg | 104.21.82.61 | 200 OK | 13 kB |
URL HTTP/2kabalservice.com/email-list/dropboxyteyt25/assets/office.svg IP104.21.82.61:0
File typeSVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text Hash7411adf25fb54e3e402c3a011aecc353 85ea67105a7fbd2164a98c2610c422fc59cc4553 c1bd74f60d85165b72f8a3c3796a7daa8e2c6054768ca5a474e9e223d6d9c04a
Analyzer | Verdict | Alert | openphish | Generic/Spear Phishing | | fortinet | Phishing | |
GET /email-list/dropboxyteyt25/assets/office.svg HTTP/1.1
Host: kabalservice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 07:25:32 GMT
content-type: image/svg+xml
last-modified: Wed, 27 Jul 2022 08:18:11 GMT
vary: Accept-Encoding
etag: W/"62e0f4c3-479"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 225225
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v5a3r5IWsle%2BLA4%2FXWCJzG1wrz5zAnF5glSWG8kOsggTIMNTeYv4LEhb4QPnwMs9FY2YZYSP1VmVf%2FOxiCp0QtviirygKvfg%2FUyfkXabiA4RUFO1Ok4Q8CdL2eyjMNANre5S"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f069485962b523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg | 34.120.237.76 | 200 OK | 8.0 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash92c78302bcce1568eb6a5563100b932c 43d1dec7fc06879988c9c3cadd800cc8145df988 0dda9914306c8e3a7ea75eade8e762652d93907dd6c5a8cc81707d6d8098b60a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7993
x-amzn-requestid: 9f0ff853-4819-47cd-959d-658401ea5748
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvCsG5mIAMFqAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9211-1c48b9223684f2942f8dd42d;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:35:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 7YSXUV-LZpsI7vciFhuqt1EVr6YRkhxcOgMg8z8bxLcOE01_baf6Gg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:47:06 GMT
etag: "43d1dec7fc06879988c9c3cadd800cc8145df988"
content-type: image/jpeg
age: 34708
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| kabalservice.com/email-list/dropboxyteyt25/assets/outlook.svg | 104.21.82.61 | 200 OK | 5.8 kB |
URL HTTP/2kabalservice.com/email-list/dropboxyteyt25/assets/outlook.svg IP104.21.82.61:0
File typeSVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text Hashcce87dcae8dbe312929a95dd591824dc 96029fef97bc6c9ca38f216cafcf9ae7efffed12 097cf21265fa1cdcae8416990e96fae6ac3d75ff0e14372f13d093a05be7a859
Analyzer | Verdict | Alert | openphish | Generic/Spear Phishing | | fortinet | Phishing | |
GET /email-list/dropboxyteyt25/assets/outlook.svg HTTP/1.1
Host: kabalservice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 07:25:32 GMT
content-type: image/svg+xml
last-modified: Wed, 27 Jul 2022 08:18:07 GMT
vary: Accept-Encoding
etag: W/"62e0f4bf-583"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 225225
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uOAVo%2Bpt2m5lPGLHEDuZuVPl2dDg8MzYD63m5eBmV3zQEEhRy0RmTqeLQLCILTfllihrmNbgu%2FNELZd2nVbzUlG0bkT9FXoJ9fhG209p%2Bpc1fDfYwjfgD6s4dp3rjsm6HSl%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f0694899bbb523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6dee69c-a683-4448-a26a-ed78ea0cb4a0.jpeg | 34.120.237.76 | 200 OK | 5.6 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6dee69c-a683-4448-a26a-ed78ea0cb4a0.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash0b88331b5cbc633ee1ae21a77a983e92 acc9dd298e87e1079229d2c958ec088023603974 299e0c024f5209289e27aea403337e05ec7da447e706eee79aae6e982986faee
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6dee69c-a683-4448-a26a-ed78ea0cb4a0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5553
x-amzn-requestid: 203724f3-e044-4533-ae46-af79c11e5460
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b_c6lFucoAMFs7g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637c7510-4dad6a426642a025759eb363;Sampled=0
x-amzn-remapped-date: Tue, 22 Nov 2022 07:06:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: JRqctghettaL53ADxhP7pd9gib0TsC6RZI8ERQldNYuusuha5qohpg==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 07:08:12 GMT
age: 1042
etag: "acc9dd298e87e1079229d2c958ec088023603974"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac98a873-8b46-43f5-9ac0-fc1cc1a0cd81.jpeg | 34.120.237.76 | 200 OK | 11 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac98a873-8b46-43f5-9ac0-fc1cc1a0cd81.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash481c033b9ffd030ff0de6e35cf788b47 85d3baad9217af2b5d75c019d2ef95dbb919a788 02443c7869914c2b29892deb0c645395bcf4e8379da3cf20974614ff9c92893b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac98a873-8b46-43f5-9ac0-fc1cc1a0cd81.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11249
x-amzn-requestid: 65a3db77-b2e6-40b9-a776-021c2e9b56d0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bubSsHbZoAMFZNg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6375a5aa-1286b97968cc2e4c7fe8ab29;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 03:08:26 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: _j5ykGwKHIQEFLyuJK_OMvs-CsCvkUQhZc_YD8gAtbyOECQ894zvjw==
via: 1.1 38eecd3ca21bf068d69a2f9cfe668d14.cloudfront.net (CloudFront), 1.1 abbf2df97f9d83839470842dc2e68cb6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 05:46:02 GMT
age: 5972
etag: "85d3baad9217af2b5d75c019d2ef95dbb919a788"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/ | 147.75.33.214 | 200 OK | 0 B |
URL HTTP/2s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/ IP147.75.33.214:0
Analyzer | Verdict | Alert | openphish | Dropbox, Inc. | | fortinet | Phishing | |
GET / HTTP/1.1
Host: s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx/1.21.3
date: Thu, 24 Nov 2022 07:25:32 GMT
content-type: text/html
x-ic-subnet-id: 5kdm2-62fc6-fwnja-hutkz-ycsnm-4z33i-woh43-4cenu-ev7mi-gii6t-4ae
x-ic-node-id: 4bxus-2eum2-iairr-vpwci-xoswm-ktyb5-3yxxo-ih4ye-etk6w-bub4s-qae
x-ic-canister-id: 00000000007023770101
ic-certificate: certificate=:2dn3o2R0cmVlgwGDAYMBgwJIY2FuaXN0ZXKDAYIEWCB361WDtZpNSnwyGSZ4NTrr2HoPfg1B0b8Bj3EiPuP9n4MBggRYIADx16ExLQB7KeCCTeWAKj6j1O4Ah+W5n3vGjrfKdyfEgwGCBFgggR6UnKsfAgfqtvz2GmXaIdGFYzL00ws+Rwv46OX6J/ODAYIEWCDvQRmiIP2Eg4fG62R5P8Zw7gfEi8IShZqU/j/iFSJb74MBggRYIKJMAJp0wGTtsXC2e/mHml3ZsyGOfYLOMwAyrYqAwlb7gwGDAYIEWCA1TVYLHYA2zU87hbaZmoS/iwTh+1xOg0vJeo9KqwX614MBgwGCBFggiwBzgU98lztjJFGbDOiQM1Jb+in87UtM3AwWS041yY6DAYIEWCCgYW0jSjcw7qSEcw2oZo+pShHgr9kX5du0jCeYvEoDY4MCSgAAAAAAcCN3AQGDAYMBgwGDAk5jZXJ0aWZpZWRfZGF0YYIDWCCRxx9lNMjrefY/Y6+T4oFLZCSLrcUJht4cJKTBNsnlw4IEWCCDxWvxTd49KN5mxpK1/J2X6d2YW2rXKw/m+E6KjfPcsoIEWCDwR+afFan49YUZxxXt4HwemJ8JLbvnr6DAhdVycBwokoIEWCBfluH1JoY1y6BRnQM7d2SdXvBwEokOw/974mWzLAIaMIIEWCBLXzQqa+G/gHL8LIjtibLGAdidO+uO48o19ftbWN0QTYIEWCAERxKNJsFecu1I4LqIoWB+PnTBdyCsXGo1hcF1LiPlV4IEWCBC9O5V7xMMo/wIhQN9Gphj9vELXXnGD+SXce6S+bTOBoIEWCBSDgpWFYnc8E5W0uP9286snrpS6nbto7yxYjY9ORwToIMBggRYIP0wDTfp0S4lr0srbNjBa0QuqcIKSNfdRFDPa3ZIqPybgwJEdGltZYIDSZe4zenbkJ2VF2lzaWduYXR1cmVYMIGzvVw7evzqQVVAZ+jZvcO9fK4S332TUcbVoDAPpaVCpvc/3foYJihCxlKA4ooBEmpkZWxlZ2F0aW9uomlzdWJuZXRfaWRYHUUXi2akB6TVnApNZzO9os4/N8ERtCV+xBkI9PgCa2NlcnRpZmljYXRlWQJX2dn3omR0cmVlgwGCBFggF1NdF/SWTgvoqSN0vsBnql03rYCx1GcMcNXRAr4qtYeDAYMCRnN1Ym5ldIMBgwGDAYIEWCAmf+VREbVuPDl1Uy6jNz97cun4IHL+jmB+00SGR4pbOYMBggRYIEZqcChs+azpgBylPiKvbuBZoJT9YEmGBtSEtoVAWDB9gwGCBFggvnKkxm3I5+VWamHMo//+m0k6zj1MAHGqxsSSFsdkQpqDAYMCWB1FF4tmpAek1ZwKTWczvaLOPzfBEbQlfsQZCPT4AoMBgwJPY2FuaXN0ZXJfcmFuZ2VzggNYG9nZ94GCSgAAAAAAcAAAAQFKAAAAAAB///8BAYMCSnB1YmxpY19rZXmCA1iFMIGCMB0GDSsGAQQBgtx8BQMBAgEGDCsGAQQBgtx8BQMCAQNhAJVfUvc8LexZpjeylOULk0211t4p5zu8+E59hqSsQbrXtTn5gXreiRaWHZ3Wv5JXAQ1YVxVuj+aq/Pb9BoeV5wvTOZs0ETAMnMyOug0GjBDkz7b04n0ZWx6teF1hjrOTuYIEWCAAm+bqf6+s6PfCS94lWkfuSudBPVAeM77aP3K1oe9ONoIEWCBKHXbAjmQuPbaYLmZTvoxzbydaJKwiEINDCy1bRBznVIIEWCAthWu6e2yAFxzo5dEhu35EULNWWmRNkTXp/liEKBwfuYMCRHRpbWWCA0mrgsH6ksGOlRdpc2lnbmF0dXJlWDCk9gwlpwHyYp6UNmx5MFN+7lipRHJNfP7h+dB9lNrNmRoK2tt0q6cQ96wFCc3SCeM=:, tree=:2dn3gwJLaHR0cF9hc3NldHODAYMBgwGDAkkvQU9MLmh0bWyCBFgg8KBs+TXrPH6bkmlCeFiPTIn73OrLX2aBGJn8z6tJJN2CBFgg/6KCnFlD40RBMS0e870W9aDJVjoIfake/Wun+kHwNduCBFggzOftXe2zBBkhE/RVyZM2W2YwKmRg+Y8DmrV4hUCVKfuDAYIEWCCusBHzAzVsoQnClGwJKATpIHMw5RaRDj20JYf3PkWgwYMBggRYIKzdQov/YFqoDksZYPoz22eAq3kBg1G+pBS8t7lYL8JSgwGCBFgghpzacqIIeJai8Fb4VyKdcLtmKaF8o+0KwREI6lOJICeDAksvaW5kZXguaHRtbIIDWCBVcgVIoY2s7Isf/oiGy6SOsG4wpNzywSRZ1dXzO/TTnA==:
access-control-allow-origin: *
access-control-allow-methods: HEAD, GET, POST, OPTIONS
access-control-allow-credentials: true
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-None-Match,If-Modified-Since,Cache-Control,Content-Type,Range,Cookie
access-control-expose-headers: Accept-Ranges,Content-Length,Content-Range
access-control-max-age: 600
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| kabalservice.com/email-list/dropboxyteyt25/assets/search.svg | 104.21.82.61 | 200 OK | 0 B |
URL HTTP/2kabalservice.com/email-list/dropboxyteyt25/assets/search.svg IP104.21.82.61:0
Analyzer | Verdict | Alert | openphish | Generic/Spear Phishing | | fortinet | Phishing | |
GET /email-list/dropboxyteyt25/assets/search.svg HTTP/1.1
Host: kabalservice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s567o-2yaaa-aaaad-qen3q-cai.raw.ic0.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Nov 2022 07:25:32 GMT
content-type: image/svg+xml
last-modified: Wed, 27 Jul 2022 08:18:08 GMT
vary: Accept-Encoding
etag: W/"62e0f4c0-626"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m9ehnBv4sx45PSmR4HMMdKo%2FxGFBKcr%2FlDr9I8kUU5GqIivha%2BQYIJAB68eFgclaFUL0IhSfCBR03fwIIDThOot3rN3yRey49%2F4YyFlcek9a3wStP71d2iUjdv8RuStcJ%2F4e"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f069486969b523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|