Report - web2substantiation-deep.xyz/service/

Report Overview

Submitted URL
web2substantiation-deep.xyz/service/
IP
104.21.58.205
ASN
#13335 CLOUDFLARENET
Submitted
2022-11-29 02:08:24
Access
Website Title
Final URL
Tags
None
urlquery detections
Phishing - Chase
Phishing - Chase

Detections

urlquery
10
Network Intrusion Detection
0
Threat Detection Systems
20

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.36.77.32
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
web2substantiation-deep.xyz	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	6.4 kB	548 kB	172.67.164.167
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
cdnjs.cloudflare.com	235	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	411 B	5.6 kB	104.17.25.14
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.5 kB	93.184.220.29
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	34.213.140.56
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	56 kB	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-29	medium	web2substantiation-deep.xyz/service/	Phishing
2022-11-29	medium	web2substantiation-deep.xyz/service/js/jquery.min.js	Phishing
2022-11-29	medium	web2substantiation-deep.xyz/service/js/jquery.CardValidator.js	Phishing
2022-11-29	medium	web2substantiation-deep.xyz/service/js/MyBabyTwo.js	Phishing
2022-11-29	medium	web2substantiation-deep.xyz/service/js/jquery.validate.min.js	Phishing
2022-11-29	medium	web2substantiation-deep.xyz/service/img/desktopnight.jpeg	Phishing
2022-11-29	medium	web2substantiation-deep.xyz/service/fonts/dcefont.woff	Phishing
2022-11-29	medium	web2substantiation-deep.xyz/service/fonts/opensans-regular.ttf	Phishing
2022-11-29	medium	web2substantiation-deep.xyz/service/img/logo.svg	Phishing
2022-11-29	medium	web2substantiation-deep.xyz/service/img/icon.ico	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	web2substantiation-deep.xyz/service/	126 B	2023-03-07	2024-04-23
Pretty URL web2substantiation-deep.xyz/service/ IP 172.67.164.167 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:35 Last Seen2024-04-23 18:22:30 Times Seen119 Hash 8740b4845ab9cab32fb62a6fad538bd4 ced8c839fd8be627298b22c0e5bafee66e700d32 525f18739bc66c1a58912857307bf9c0df387ac5f3c9f585780dc101418a40e2 Loading...

	web2substantiation-deep.xyz/service/	42 B	2023-03-07	2024-04-15
Pretty URL web2substantiation-deep.xyz/service/ IP 172.67.164.167 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:35 Last Seen2024-04-15 09:41:25 Times Seen154 Hash 2761a67601de260a37acfd3820c114ca d7bfce876cf1303475303d3bc4e6d6c1d9b332c5 696cce9ea2564c7309810ef098e91ce166edaca99d905e1be65f81450f31ff19 Loading...

	web2substantiation-deep.xyz/service/js/jquery.CardValidator.js	6.4 kB	2023-03-07	2024-04-15
Pretty URL web2substantiation-deep.xyz/service/js/jquery.CardValidator.js IP 172.67.164.167 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:35 Last Seen2024-04-15 09:41:25 Times Seen437 Hash fb905575d35b1762182c0bdb0156a8e7 5d7364bb8423174608a55975e985138b09ef16f0 2e31f31633d04598c60731878851d821eaa4403af63b930d58bb10bc9c0428a2 Loading...

	web2substantiation-deep.xyz/service/js/MyBabyTwo.js	44 kB	2023-03-07	2023-11-29
Pretty URL web2substantiation-deep.xyz/service/js/MyBabyTwo.js IP 172.67.164.167 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:39:43 Last Seen2023-11-29 01:34:02 Times Seen27 Hash 59527eea40d7bee599de1a11f3c72698 62c4490050fb23a1ca097f05d85dd31f733a3652 ad0f1cfae7a242160baaf238cc40f9ef344b45337ec80ca8e57f6af6aba41914 Loading...

	web2substantiation-deep.xyz/service/js/jquery.validate.min.js	34 kB	2023-03-07	2024-04-15
Pretty URL web2substantiation-deep.xyz/service/js/jquery.validate.min.js IP 172.67.164.167 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:35 Last Seen2024-04-15 09:41:25 Times Seen417 Hash 9ea64390e300ed1a23e2b62b7cd5cb20 7df056209ee2091fc674aa9f59a1063c072e9e32 b8302f6aead75ca339781930167f4e1ad42f50cf7e17b654c93159037fc9fd20 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js	20 kB	2023-03-07	2024-04-24
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:35 Last Seen2024-04-24 07:45:12 Times Seen3601 Hash 053305c2b293c27c02523cda42962c09 556b0af7346b9e21a8eea1be8b195b563169ecd5 be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44 Loading...

		Size	First Seen	Last Seen
	#1 Write - 3a824154b16ed7dab899bf000b80eeee	4 B	2023-03-07	2024-02-13
Pretty Observations First Seen2023-03-07 01:02:03 Last Seen2024-02-13 04:29:14 Times Seen34 Hash 3a824154b16ed7dab899bf000b80eeee e575dccc71140754dd85beda5965b6a358150309 b1ab1e892617f210425f658cf1d361b5489028c8771b56d845fe1c62c1fbc8b0 Loading...

HTTP Transactions (36)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2d2e7649ce9e9ba6fc8b68aa89352e3c
0153d1d3d830a457043e16bb40d48a0b9ddef4b8
8eed57c91b42ef7b2d5eff1309e306e23e13c3de21219af24a693cbf3e8977fc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8EED57C91B42EF7B2D5EFF1309E306E23E13C3DE21219AF24A693CBF3E8977FC"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8808
Expires: Tue, 29 Nov 2022 04:35:00 GMT
Date: Tue, 29 Nov 2022 02:08:12 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
9408cc0694fcbea57966c3a3ba906092
fddcee1fdcf3209298e41a4b1b5560357fa165f0
6ef7120d9463f56e3ddfadd5766d02da8523f34061b13bdba54bf9ab72a1e979

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2724
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 02:08:12 GMT
Last-Modified: Tue, 29 Nov 2022 01:22:48 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6d9d34c96b9a826ae5676640c966469c
8052a16d41a637e420478b7de1ff5a2dc951fccd
f18ac558cb786126bb7efb159e03353d268d5f5796bcfd2691a349dfc68d863c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F18AC558CB786126BB7EFB159E03353D268D5F5796BCFD2691A349DFC68D863C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11097
Expires: Tue, 29 Nov 2022 05:13:10 GMT
Date: Tue, 29 Nov 2022 02:08:13 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 29 Nov 2022 01:17:50 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3023
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: WI4qpxfpGMl+3UXVU5lVi02/YqSNrCMbD59tjoEt4yqLYBrLfoVCo6kHhUxe5CFboG0Tfussnlg=
x-amz-request-id: H84NB9J72QTPN0VP
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 29 Nov 2022 01:42:19 GMT
age: 1554
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

web2substantiation-deep.xyz/service/

172.67.164.167

200 OK

20 kB

URL HTTP/1.1
web2substantiation-deep.xyz/service/
IP
172.67.164.167:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (5779), with CRLF, LF line terminators
Size
20 kB (20184 bytes)
Hash
a2eaa6977d04909ca558382df1ba21ef
84b4d031b7f8b24dbbb3b04f48de36f41432895f
d6852dbb4a57bc97d0a7e2e058ffe80b195880ed1d2b5b8dc608295ee6eb8154

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /service/ HTTP/1.1
Host: web2substantiation-deep.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 02:08:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=c00a5886b8626baad05de248d7bd2989; path=/
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r5rOdqUdxOtEKq02hd4fcO8dgsn1Bjbo2EdpE1tZmTBbJscVglZBL2%2Fs9EtkZo2TBdL5lCH9eYiQbcRB6zkfss%2BV8IhlZuB6URnWXfrkuYzzwjdS3LonBkPs69lee8n5NoXeTBmfLUKsP888A3Q%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7717cb4fdd6eb52d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 02:08:13 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js

104.17.25.14

200 OK

4.5 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
4.5 kB (4517 bytes)
Hash
e40e054c5726f042bad463e3774a2777
5c9413b72837a440b327444104830c35ae3b052c
fcc8a86d2e89e8fbe9815d50c23bf205191ab8a6c0bec67358cd975d94283ff8

HTTP Headers

GET /ajax/libs/jquery.mask/1.14.10/jquery.mask.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://web2substantiation-deep.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 29 Nov 2022 02:08:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 4517
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec3-4e98"
last-modified: Mon, 04 May 2020 16:11:47 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 3492808
expires: Sun, 19 Nov 2023 02:08:13 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YOUmldEm7JVBzXKKOOUS1awiQk9j9LN0J6sTDcXAYtrzQnhTSEhqcQ8mQf8vSKQ%2FnuFx6mvBMvgFFc1o%2FhDNB1JexsH28ixQiZbcw4S0192lFSIdYfNhPhH9ALmyFQehciv8bOs0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7717cb52ecb1b51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

web2substantiation-deep.xyz/service/js/jquery.min.js

172.67.164.167

200 OK

40 kB

URL HTTP/1.1
web2substantiation-deep.xyz/service/js/jquery.min.js
IP
172.67.164.167:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (568)
Size
40 kB (39635 bytes)
Hash
d2344d57eb6c0927dab8b3b0f6e7da9e
48e07e001e2fb8af95daf9138d8409c4444392ae
3afde1eb61f9fc8fed0a7b4313babe6a9760b28b5486d4226aa96b1e06019fad

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /service/js/jquery.min.js HTTP/1.1
Host: web2substantiation-deep.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://web2substantiation-deep.xyz/service/
Cookie: PHPSESSID=c00a5886b8626baad05de248d7bd2989

HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 02:08:13 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 16 Apr 2020 20:17:40 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r3MTVrAN%2F76IfTAm7%2BUSx3sZfSz1q3hqSTV82jdQLEhmGECa0bwalFxFuqfvMc9gepOPdNWc06wnMcCxrOccst9dzh9c5DzWYzaeSrfwwJNcqMx0GQjLJqJiPjcEMUlR9HIvu6WTI6LefBkXMhU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7717cb52c8990b4d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

web2substantiation-deep.xyz/service/css/lostyle.css

172.67.164.167

200 OK

16 kB

URL HTTP/1.1
web2substantiation-deep.xyz/service/css/lostyle.css
IP
172.67.164.167:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
16 kB (15559 bytes)
Hash
3112d48fe6ca168f6d392bc617d53fc6
0de5e334b386553376287b1f4e4bfa449fbd17f0
dff192f5b06a2c663860211ef720c12c3501f93037f11719006c5f43209601d3

HTTP Headers

GET /service/css/lostyle.css HTTP/1.1
Host: web2substantiation-deep.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://web2substantiation-deep.xyz/service/
Cookie: PHPSESSID=c00a5886b8626baad05de248d7bd2989

HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 02:08:13 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 08 Apr 2020 09:00:34 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KP%2BWDY%2BnU5PGrJPViZqpgLB50jVuPGrSeRJSOxeRPNMx4ulynwlF6%2FZZK9pLoaVuu%2B8exxlq8IVumvcGQB1W8vQo4HNri3DbdQ%2BDdHgKfeNJAMylDtovre8YHDHZgTk7LrIHhDbJW7NivseGt2U%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7717cb528e7e0b02-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 29 Nov 2022 01:11:12 GMT
cache-control: public,max-age=3600
age: 3421
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

web2substantiation-deep.xyz/service/js/jquery.CardValidator.js

172.67.164.167

200 OK

2.1 kB

URL HTTP/1.1
web2substantiation-deep.xyz/service/js/jquery.CardValidator.js
IP
172.67.164.167:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
2.1 kB (2112 bytes)
Hash
5d292af60f19bfc2e9a0c240b87e394e
8e5878d975227fc748b3787e8e5adbd6824d2ae3
955c379b123ef24d8ef3190b213235cc4a18b5e70c0c58b5730eca9568525e6a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /service/js/jquery.CardValidator.js HTTP/1.1
Host: web2substantiation-deep.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://web2substantiation-deep.xyz/service/
Cookie: PHPSESSID=c00a5886b8626baad05de248d7bd2989

HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 02:08:13 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 28 Aug 2017 10:03:08 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=buHST%2BiiBfmG%2Fajp5nJ9zWV6Snykj2x70WOh8lXNTjyVgk0mox3O2DQJcVg2yHVx3KxZyggJvSCVwE0wF4AC85usdYnJI1xt83nTiJFzoIRrLmfyU9clCaBcWnIkvq9FH6d268Kf7gRAOhNtjCs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7717cb52cbacfac0-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

web2substantiation-deep.xyz/service/js/MyBabyTwo.js

172.67.164.167

200 OK

6.7 kB

URL HTTP/1.1
web2substantiation-deep.xyz/service/js/MyBabyTwo.js
IP
172.67.164.167:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (40849), with CRLF line terminators
Size
6.7 kB (6686 bytes)
Hash
9a23a29c2c7df77bcd8479fb3e3f40eb
7359200c2ed35fcf289d07b32d24d98ea1e41d4d
a2090e034300775db6c6ced9e79cf8ed0ed99c0fda1ea6b0eae524b64c23a55d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /service/js/MyBabyTwo.js HTTP/1.1
Host: web2substantiation-deep.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://web2substantiation-deep.xyz/service/
Cookie: PHPSESSID=c00a5886b8626baad05de248d7bd2989

HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 02:08:13 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 17 Apr 2020 10:55:32 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8l228etkL79qSZXvo%2Bn5C%2FdsQ2UqK82fWkRNUMqjlLg%2B16NowWhdoXcJpIZSifwQ%2FguadxHcBRyQCFS%2FXv14mhBX9PpaxhqE4lvcoGcbVeys8xO2RHSndU0cCrl5X2cnVD9eKSrIRWQW3KCiCa0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7717cb52db280afa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

web2substantiation-deep.xyz/service/js/jquery.validate.min.js

172.67.164.167

200 OK

8.0 kB

URL HTTP/1.1
web2substantiation-deep.xyz/service/js/jquery.validate.min.js
IP
172.67.164.167:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (833), with CRLF line terminators
Size
8.0 kB (7980 bytes)
Hash
91ac309554dff3a7c5ee0d82ba846d8d
5d63896cfe53d04729517a1b66f200aecf7f51af
ac5694fa8be1f7956de82eb134392c12755452a27df65d2a1737f56db2286e69

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /service/js/jquery.validate.min.js HTTP/1.1
Host: web2substantiation-deep.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://web2substantiation-deep.xyz/service/
Cookie: PHPSESSID=c00a5886b8626baad05de248d7bd2989

HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 02:08:13 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 11 Aug 2018 01:12:40 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KruFO6tQRj8fW5rweyimTZCFiFcUWAVCLkf8u9b5Qa4DW7%2Bf4OjEMXAOoN6rl7ePoOBT6L8OOKcUgcKJ18x8Gc%2BCjN1JVt%2Bt6zUqWL2VG1y029FE0ztmDMzDg8r9QJ89TB2mxoRaGDBjosoEp7s%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7717cb52cf2db50c-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
7ab2ef968cb6a3078f4b9cb2dda813d4
e669116047ca058a2c1b2999ff0ea8682719162c
6ddecf0b21c44f3851da8efeb6ecdc6c8e9b83d7681153c31952b4ec8c23c940

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6447
Cache-Control: max-age=117969
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 02:08:13 GMT
Etag: "63847a2f-1d7"
Expires: Wed, 30 Nov 2022 10:54:22 GMT
Last-Modified: Mon, 28 Nov 2022 09:06:55 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

web2substantiation-deep.xyz/service/img/congra.png

172.67.164.167

200 OK

22 kB

URL HTTP/1.1
web2substantiation-deep.xyz/service/img/congra.png
IP
172.67.164.167:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Size
22 kB (22060 bytes)
Hash
1cb46cbb550a7047d40ff30244ca144b
8c41692d4a18624338f9ec32f569b028aa20f827
065a5ede3e090578c581c77883c6acfa9dc9393efc2f19775cfb410263fa8e1c

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Chase

HTTP Headers

GET /service/img/congra.png HTTP/1.1
Host: web2substantiation-deep.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://web2substantiation-deep.xyz/service/
Cookie: PHPSESSID=c00a5886b8626baad05de248d7bd2989

HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 02:08:14 GMT
Content-Type: image/png
Content-Length: 22060
Connection: keep-alive
Last-Modified: Mon, 02 Dec 2019 07:22:14 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PvT6E6rTT00PB4%2BGtrvauUifxPxCH5lskwIaY%2BIhV7qMsCM4wrfHYhfXkfsOgVBrQGcUvml7vGM9rKvSOi30jfzDRi%2F%2B%2FFY6riDcYZ0pAwQrao816Kk6%2FnYjP9byRIUsqw7RFOOH%2BnfUJTh61vQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7717cb53c8c90b4d-OSL
alt-svc: h2=":443"; ma=60

web2substantiation-deep.xyz/service/img/desktopnight.jpeg

172.67.164.167

200 OK

252 kB

URL HTTP/1.1
web2substantiation-deep.xyz/service/img/desktopnight.jpeg
IP
172.67.164.167:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x1080, components 3\012- data
Size
252 kB (252002 bytes)
Hash
0689d4c522fe6244cc4a08a43b6a5973
e8fc8e85e910c1f6bcd9524d55dd1fd4aa2a6ce4
748d19968eceacc51b3e3cf884b508f55fac4636f24a02f69e4d72defdfda47c

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Chase
fortinet	Phishing

HTTP Headers

GET /service/img/desktopnight.jpeg HTTP/1.1
Host: web2substantiation-deep.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://web2substantiation-deep.xyz/service/
Cookie: PHPSESSID=c00a5886b8626baad05de248d7bd2989

HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 02:08:14 GMT
Content-Type: image/jpeg
Content-Length: 252002
Connection: keep-alive
Last-Modified: Wed, 15 Apr 2020 09:01:36 GMT
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 1620
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vpZfSrnRrpU2oHvrEpMRhTlzHbcGj121613R6E4K0Za4PvEHwM912LYJyU1lB%2BjdPkcj1PYhhM%2FOSy1Vu6OgYvtFK6cH5C%2BfmeJrj8K%2FItKV4NHOpIRX057Xc7tHPmVJsiJubMyO8NVBV2cxN9w%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7717cb57f9ea0b4d-OSL
alt-svc: h2=":443"; ma=60

push.services.mozilla.com/

34.213.140.56

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.213.140.56:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: nBD2m5IxjKbTzOQR14lzUQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: WbeSosOrshNVAWRWp7KjS44Ug10=

web2substantiation-deep.xyz/service/img/emdef213.png

172.67.164.167

200 OK

26 kB

URL HTTP/1.1
web2substantiation-deep.xyz/service/img/emdef213.png
IP
172.67.164.167:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Size
26 kB (26120 bytes)
Hash
f97e9297a90a73c16b5734c0910785ce
d9df719d58da061ccf75349314e562f8b22b76d3
9f926e83679171e34c289ff3aa5b7f067e75cfa564345f53941ca824c42d5f77

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Chase

HTTP Headers

GET /service/img/emdef213.png HTTP/1.1
Host: web2substantiation-deep.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://web2substantiation-deep.xyz/service/
Cookie: PHPSESSID=c00a5886b8626baad05de248d7bd2989

HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 02:08:14 GMT
Content-Type: image/png
Content-Length: 26120
Connection: keep-alive
Last-Modified: Sat, 04 Apr 2020 12:34:26 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V3qZo0%2F4AXBGkpN6ftGGBHrGpklc7KmG6uV7KkOe7bn%2FuA9aGMQAGyAg3qvOPzzyZ5Zpcon23IhCbDBoDJsIy%2FB2gU2mIZcPVqeZZNvGzg%2BMM1eh1Nclerqgt1stnDTvSejrNOteABGxtt6o1Is%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7717cb53ce71b52d-OSL
alt-svc: h2=":443"; ma=60

web2substantiation-deep.xyz/service/img/loading.gif

172.67.164.167

200 OK

39 kB

URL HTTP/1.1
web2substantiation-deep.xyz/service/img/loading.gif
IP
172.67.164.167:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 200 x 200\012- data
Size
39 kB (38636 bytes)
Hash
d10ef01e81faa2c2d812bdf670b4e072
77d09a57b2091fd7665dff763a5eab23e0ff907e
5e3d5246b17e19e65385092db07554d8e1c5c4a226a6d7f97824b8e1e8571e34

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Chase

HTTP Headers

GET /service/img/loading.gif HTTP/1.1
Host: web2substantiation-deep.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://web2substantiation-deep.xyz/service/
Cookie: PHPSESSID=c00a5886b8626baad05de248d7bd2989

HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 02:08:14 GMT
Content-Type: image/gif
Content-Length: 38636
Connection: keep-alive
Last-Modified: Sat, 11 Aug 2018 00:03:50 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PpS98vEuxLVfKORQYMxvsSJLWoGmOELhrYJC264%2FzOwegtAs%2FwojhJx4VyaIcHnd7JHLvO%2FFk%2FG63x1qjFOVUAb3FcKB0ZFhLVSLD9rO4%2B5mGi%2BUn6zj2uy7obu4YJmZqD9kzc%2BtQzzvjAkuS4A%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7717cb53cef00b02-OSL
alt-svc: h2=":443"; ma=60

web2substantiation-deep.xyz/service/fonts/dcefont.woff

172.67.164.167

200 OK

70 kB

URL HTTP/1.1
web2substantiation-deep.xyz/service/fonts/dcefont.woff
IP
172.67.164.167:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format, TrueType, length 70296, version 0.0\012- data
Size
70 kB (70296 bytes)
Hash
2ec43bffa4424b28d0cc96b37cca33a4
1cde2661fb95ece87155c7931d5da6911331ef43
6ea71f4189e78297e3d1834c586a10dd39826ed8361cb1268b847cef45e03cb1

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Chase
fortinet	Phishing

HTTP Headers

GET /service/fonts/dcefont.woff HTTP/1.1
Host: web2substantiation-deep.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://web2substantiation-deep.xyz/service/css/style.css
Cookie: PHPSESSID=c00a5886b8626baad05de248d7bd2989

HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 02:08:14 GMT
Content-Type: font/woff
Content-Length: 70296
Connection: keep-alive
Last-Modified: Fri, 03 Apr 2020 09:34:38 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2Qr0NkP2pOKxG%2FNoFYQ0Wr919aT0XNh8KA7gMO45zLXiE5KR8IGKD%2FV6%2FWu1DVS93M1yAi2TiIzLIp%2Bt23vplATAeV%2BbInMjVGg5HbpR%2B6q4H%2Fiy0Lge6qKJgKwQFMq49%2BEz4yRHmwnwsuzIf1c%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7717cb556bc80afa-OSL
alt-svc: h2=":443"; ma=60

web2substantiation-deep.xyz/service/fonts/opensans-regular.ttf

172.67.164.167

200 OK

25 kB

URL HTTP/1.1
web2substantiation-deep.xyz/service/fonts/opensans-regular.ttf
IP
172.67.164.167:0
ASN
#13335 CLOUDFLARENET

File type
TrueType Font data, 19 tables, 1st "FFTM", 18 names, Microsoft, language 0x409, Digitized data copyright \251 2010-2011, Google Corporation.Open SansRegularAscender - Open Sans\012- data
Size
25 kB (25158 bytes)
Hash
f6ca488b9a2785edd0558c7dd0b47d70
a7c187c319cde13a96d052202d823c4a48f6b93d
d5cffcfc36763a5d202aca04964ea4d6404f7a6c40d70f5a77b2861edd18c632

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /service/fonts/opensans-regular.ttf HTTP/1.1
Host: web2substantiation-deep.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://web2substantiation-deep.xyz/service/
Cookie: PHPSESSID=c00a5886b8626baad05de248d7bd2989

HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 02:08:14 GMT
Content-Type: font/ttf
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 15 Apr 2020 00:35:48 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jSE2KwzwlAFlGJYx7C5LhyDwIoXcxwrc8NiczRoLePPEK1R7xWHd0ORRM4SjN3Av5uaPWqnFAysJHjxF80ebQ6w8lLRda1epL7VRPVV95HX0%2FQNt2D1irAEtqUNH1shT%2BrrfT3RqkIqiVapjHH0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7717cb554c42fac0-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a97c452e75cf1d4833e777d7ba7f2c47
58f15763fd33f742ce870f49f1c2dbed5b41205f
39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7441
Expires: Tue, 29 Nov 2022 04:12:16 GMT
Date: Tue, 29 Nov 2022 02:08:15 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a97c452e75cf1d4833e777d7ba7f2c47
58f15763fd33f742ce870f49f1c2dbed5b41205f
39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7441
Expires: Tue, 29 Nov 2022 04:12:16 GMT
Date: Tue, 29 Nov 2022 02:08:15 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a97c452e75cf1d4833e777d7ba7f2c47
58f15763fd33f742ce870f49f1c2dbed5b41205f
39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7441
Expires: Tue, 29 Nov 2022 04:12:16 GMT
Date: Tue, 29 Nov 2022 02:08:15 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a97c452e75cf1d4833e777d7ba7f2c47
58f15763fd33f742ce870f49f1c2dbed5b41205f
39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7441
Expires: Tue, 29 Nov 2022 04:12:16 GMT
Date: Tue, 29 Nov 2022 02:08:15 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7faa45dd-b9de-4dae-a2d6-ee678d7d3906.jpeg

34.120.237.76

200 OK

9.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7faa45dd-b9de-4dae-a2d6-ee678d7d3906.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.0 kB (9015 bytes)
Hash
ae2e2986caa15a90b615147f229b51ec
c6dfd277cdbd057472e6df6ad1a200f50684d442
ec3799922c38ee6394601744ff4b2c405ee44c4718a2b90c104134657f8b480b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7faa45dd-b9de-4dae-a2d6-ee678d7d3906.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9015
x-amzn-requestid: 9f657586-a44e-46f0-8c38-f1bf26142486
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cVOlEE6ZoAMFUPw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63852aed-1da2400f4165dd553418f8b9;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 21:41:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: mqdz1NhVCqmSrhYLIF0miDzrBiS82SUU6ZRFzDMllbCwS70hC0rMRQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 21:46:55 GMT
age: 15680
etag: "c6dfd277cdbd057472e6df6ad1a200f50684d442"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdef9eb6-c1f1-4337-aff8-0986561782c7.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.2 kB (9203 bytes)
Hash
5d574c4db20a68295dbd06cb08f5990b
433061bbb226048765a711deca3026ee3e52372f
8cc1a4d18e242f8bfc8ab94637f635b73554b903462c29b06d0ec67872542afb

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdef9eb6-c1f1-4337-aff8-0986561782c7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9203
x-amzn-requestid: 8cba52d6-3c1c-495c-bb9d-3ba6f0adc7e1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cHcHmGmQoAMF6dQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fa6fd-73abfa592ff223061401af9a;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 17:16:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lzXj01ht9kpuwONgKM0xM0QRu8G9M9oX6rwYzv_Q_sI09Y3-RIVF-A==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 03:47:05 GMT
age: 80470
etag: "433061bbb226048765a711deca3026ee3e52372f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc326607e-c0fa-4e9d-b8d4-1c9173793bed.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.4 kB (9376 bytes)
Hash
cce27a1fe8c0222811a5ce0e7f89e1cb
28c165bac8cf68cd1b0763c311aece00672cb3a5
4530e34a47ef78c2c2b0d34a0511253a61f1927b192ab42f82361002ff10819e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc326607e-c0fa-4e9d-b8d4-1c9173793bed.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9376
x-amzn-requestid: 265257bd-0177-4e63-879b-e9f99d0d16c7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cTZANFW2oAMFlyw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63846ecd-6767ccde3361eb593108603d;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 08:18:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ntQPVFK12XqhVCMlaq0oIDx7k6e2xQdp1Y67W1nG6ayhG1XFekz5CQ==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 09:53:30 GMT
etag: "28c165bac8cf68cd1b0763c311aece00672cb3a5"
content-type: image/jpeg
age: 58485
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1172c72b-d329-4446-80cb-92b8cf104425.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.9 kB (3944 bytes)
Hash
9cd333c474420e235831d96ed881167e
5008d7344dd85ae61a598c17e7baf427def3e25d
2178a96e120661e43d8e8ed0df1fcf500caf4c58db9e1bedaf0706af0a80b286

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1172c72b-d329-4446-80cb-92b8cf104425.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3944
x-amzn-requestid: 8a6732c1-72da-4a73-ba51-8533c6a01a9c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cVNmfFgeIAMFjLw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6385295c-0c807d93277bfb7f6b13c2ee;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 21:34:20 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oW4xFfsPp-Jmf28Uc88iZ2jLgtMRjn2gW0orrJ4K201r6Y6OlHkacQ==
via: 1.1 995664ee945c06fc706b5cb8e0e650dc.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 21:46:51 GMT
age: 15684
etag: "5008d7344dd85ae61a598c17e7baf427def3e25d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10176 bytes)
Hash
03014221d7f49b50ffc2d1b0a0e75457
772d86ad983042a728ee3490630a9cf1134ad0dd
81fb954fa569955907952987e9d8efd1dac80e0e4a682826abf3c5d90eb31771

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10176
x-amzn-requestid: c2231955-5c78-4073-8399-b8b90f1add78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMo3oHpSoAMF5Qw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381bb63-55a1cb004ac73c8b02f2fb8d;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 07:08:19 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uGocx-Lv8ieJVvICjnTGQZyzaQzjVdICX2RZaNyBTQvUKeIcNxaCJQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 07:38:02 GMT
age: 66613
etag: "772d86ad983042a728ee3490630a9cf1134ad0dd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1ee10f9-36dd-4ca4-986e-a80758149640.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8460 bytes)
Hash
516776052e5e906ea9f42d25bae5cc85
be4c4d01fc67218e26a3e9d27a2f708e639c9d4b
28e70e38cfad65ad8a7a68ab1dc78747c7013a87b854fc35b163cc5765cd0570

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1ee10f9-36dd-4ca4-986e-a80758149640.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8460
x-amzn-requestid: 51416479-3854-4f1a-9d86-35e104c57f6a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cVNnkHuZIAMF-_A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63852963-180b323d4a45fa2f29f9b1fc;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 21:34:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ieDA8l_Up51cFaB9IExlSs8A5m-H77va1rCVF_WRMg_FN53Xakipuw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 21:46:55 GMT
age: 15680
etag: "be4c4d01fc67218e26a3e9d27a2f708e639c9d4b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

web2substantiation-deep.xyz/service/img/logo.svg

172.67.164.167

200 OK

639 B

URL HTTP/1.1
web2substantiation-deep.xyz/service/img/logo.svg
IP
172.67.164.167:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- , ASCII text
Size
639 B (639 bytes)
Hash
8eeb5025f76da52d5eccf112958e4f87
819fc3f227bde4469047c4112eecfca46a3c63c9
a23f80faefc5074e01d0397733f6285210340bc911e3048d59a5e2fff0d9e80a

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Chase
fortinet	Phishing

HTTP Headers

GET /service/img/logo.svg HTTP/1.1
Host: web2substantiation-deep.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://web2substantiation-deep.xyz/service/css/lostyle.css
Cookie: PHPSESSID=c00a5886b8626baad05de248d7bd2989

HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 02:08:15 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 03 Apr 2020 08:54:14 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TUGsQ99v8c6EK4VNIOSol5VQnMbQ4eTNGTNFUygZssnJd6VAv9G9UHYsEcmGZyODrZiIkHBzenqhCmGa7%2FmBK4cB7cQ7bSDCJcKW5tfDiPeCwGkCQXHrTLy7USZjLt7ViEdh%2BL4PNY%2BzNOID%2FLs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7717cb557815b50c-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

web2substantiation-deep.xyz/service/img/alert.gif

172.67.164.167

200 OK

6.9 kB

URL HTTP/1.1
web2substantiation-deep.xyz/service/img/alert.gif
IP
172.67.164.167:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 240 x 240\012- data
Size
6.9 kB (6926 bytes)
Hash
6b3fe3fcfdc8a4f64ce935194f5591ab
64d7c83fa447c9b84997b034d8434155ae53163e
86a86f9ba8a23418cb079bbf61fe64974770fb416a27384ef80045976487894e

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Chase

HTTP Headers

GET /service/img/alert.gif HTTP/1.1
Host: web2substantiation-deep.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://web2substantiation-deep.xyz/service/
Cookie: PHPSESSID=c00a5886b8626baad05de248d7bd2989

HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 02:08:15 GMT
Content-Type: image/gif
Content-Length: 6926
Connection: keep-alive
Last-Modified: Mon, 06 Apr 2020 13:12:04 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B7aM1T5EJ9pz9Ppkg6Ev9%2FmEryS6xTjeHJOiGgH6zG2CqQeK%2BxuePVoz0WDNOXN0et2TZLTzyP7AX4GOKd%2BSnGAqROGwmO6H0DBuFG0a1eieUaLLfd0ql3sIJ8kDUxT8n11z7D3XYKo%2FsDWpxU4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7717cb5839fd0b4d-OSL
alt-svc: h2=":443"; ma=60

web2substantiation-deep.xyz/service/img/icon.ico

172.67.164.167

200 OK

2.3 kB

URL HTTP/1.1
web2substantiation-deep.xyz/service/img/icon.ico
IP
172.67.164.167:0
ASN
#13335 CLOUDFLARENET

File type
MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
2.3 kB (2318 bytes)
Hash
c3ef0d1a6cb37e845fd0be0c4e49d4e5
6a09c153dbf7ce2ba4e9f5a2fad9b58755c82f40
61f5844e5b004c97857533a044ce533f695c08664f175442d8be16aa19bc8e23

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Chase
fortinet	Phishing

HTTP Headers

GET /service/img/icon.ico HTTP/1.1
Host: web2substantiation-deep.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://web2substantiation-deep.xyz/service/
Cookie: PHPSESSID=c00a5886b8626baad05de248d7bd2989

HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 02:08:15 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 16 Apr 2020 21:43:34 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3zSu9i1GrLKIBf4uDT%2F%2Bgs45tIHlBtawMZXpq9SWl6n953Irt%2FOgGkbY06Cj2GMNCQ4f%2BOIRNahyIEp4oQNSS5IrUFn6wvYEXeoNvtiSR0DxkwOv0x0QRcAw0DBFGjQvo1aqank2qjAOa8kb5QI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7717cb5d6d7d0afa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

web2substantiation-deep.xyz/service/css/style.css

172.67.164.167

200 OK

0 B

URL HTTP/1.1
web2substantiation-deep.xyz/service/css/style.css
IP
172.67.164.167:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /service/css/style.css HTTP/1.1
Host: web2substantiation-deep.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://web2substantiation-deep.xyz/service/
Cookie: PHPSESSID=c00a5886b8626baad05de248d7bd2989

HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 02:08:13 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 03 Apr 2020 09:40:52 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4qakkaaPCakMVjziP6vd3mugDmUgZ69lCrYrA6%2FH5hXCNioy3j%2BYOAmy07xNi6ACKqI%2FsrasYSSAPb%2BgJ6MLQYSQWZUpW04O7mVPl6BeTMm2jVFWO5CRXdJMWlltMBxzojX%2Fv4PgCw8ZNh6TQNs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7717cb527e20b52d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (36)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN