Report - ee-helpdesk.com/login.php?sessionid=10bf437861701960d2d6d1b5ef9054f5

Report Overview

Submitted URL
ee-helpdesk.com/login.php?sessionid=10bf437861701960d2d6d1b5ef9054f5
IP
45.141.59.16
ASN
#213373 IP Connect Inc
Submitted
2022-10-26 09:34:45
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
26

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-10T05:10:04Z	3.2 kB	51 kB	34.120.237.76
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-10T05:09:10Z	1.6 kB	4.4 kB	23.36.77.32
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-10T05:11:10Z	662 B	1.4 kB	142.250.74.3
ee-dtp-static.s3.amazonaws.com	432870	2017-05-11T10:20:15Z	2023-03-01T12:46:53Z	399 B	188 kB	52.217.69.28
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-10T05:10:00Z	321 B	229 B	34.117.237.239
cdnjs.cloudflare.com	235	2015-04-17T22:46:33Z	2023-03-10T08:04:05Z	808 B	14 kB	104.17.24.14
ajax.googleapis.com	12905	2013-08-16T11:51:31Z	2023-03-10T14:01:59Z	378 B	32 kB	142.250.74.106
ocsp.sca1b.amazontrust.com	1015	2017-03-03T16:20:51Z	2019-03-27T05:05:54Z	338 B	1.0 kB	54.230.245.39
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-10T05:10:02Z	594 B	127 B	54.187.102.159
ee-helpdesk.com	unknown	2020-01-20T21:35:18Z	2022-12-02T23:25:32Z	7.3 kB	365 kB	45.141.59.16
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-10T13:49:44Z	2.0 kB	4.2 kB	93.184.220.29
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-10T05:12:35Z	401 B	5.8 kB	34.160.144.191

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-10-26	medium	ee-helpdesk.com/login.php?sessionid=10bf437861701960d2d6d1b5ef9054f5	Phishing
2022-10-26	medium	ee-helpdesk.com/index.php	Phishing
2022-10-26	medium	ee-helpdesk.com/login.php?sessionid=35b0bce9d250429df012c0426f88d0bd	Phishing
2022-10-26	medium	ee-helpdesk.com/js/jquery-3.2.1.min.js	Phishing
2022-10-26	medium	ee-helpdesk.com/js/jquery.validate.js	Phishing
2022-10-26	medium	ee-helpdesk.com/js/jquery.mask.js	Phishing
2022-10-26	medium	ee-helpdesk.com/js/inputmask.min.js	Phishing
2022-10-26	medium	ee-helpdesk.com/fonts/rubrik_regular.woff	Phishing
2022-10-26	medium	ee-helpdesk.com/fonts/rubrik_semibold.woff	Phishing
2022-10-26	medium	ee-helpdesk.com/fonts/nobblee_light.woff	Phishing
2022-10-26	medium	ee-helpdesk.com/fonts/rubrik_light.woff	Phishing
2022-10-26	medium	ee-helpdesk.com/fonts/nobblee_regular.woff	Phishing
2022-10-26	medium	ee-helpdesk.com/fonts/ee-icons.woff	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (10)

	URL	Size	First Seen	Last Seen
	ee-helpdesk.com/js/inputmask.min.js	20 kB	2023-03-08	2023-11-26
Pretty URL ee-helpdesk.com/js/inputmask.min.js IP 45.141.59.16 ASN #213373 IP Connect Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:27:20 Last Seen2023-11-26 22:21:14 Times Seen9 Hash b8d34a858720c3eead8a1a560dac2d92 029877145d5bb8385eed27b0035a84673bfa042a 86da86ca2e4470a03d378a4160164ba5c2d1fe340f695bab602ab97da20c87b8 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js	90 kB	2023-03-07	2024-05-08
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-05-08 01:42:43 Times Seen142598 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	ee-helpdesk.com/login.php?sessionid=35b0bce9d250429df012c0426f88d0bd	360 B	2023-03-10	2023-03-11
Pretty URL ee-helpdesk.com/login.php?sessionid=35b0bce9d250429df012c0426f88d0bd IP 45.141.59.16 ASN #213373 IP Connect Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 14:31:31 Last Seen2023-03-11 10:40:29 Times Seen1 Hash ada21e37ce51e2376132be521675fce9 f4f548142e4fabd6d5409b601d67516a97ba5d11 7d4a25a04b0810041bef056d97642b137f248708ee90641338c72ca7b0fa5fbe Loading...

	ee-helpdesk.com/js/jquery-3.2.1.min.js	87 kB	2023-03-07	2024-05-08
Pretty URL ee-helpdesk.com/js/jquery-3.2.1.min.js IP 45.141.59.16 ASN #213373 IP Connect Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-08 03:01:58 Times Seen65113 Hash c9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Loading...

	ee-helpdesk.com/js/jquery.validate.js	48 kB	2023-03-10	2023-03-11
Pretty URL ee-helpdesk.com/js/jquery.validate.js IP 45.141.59.16 ASN #213373 IP Connect Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 14:55:37 Last Seen2023-03-11 10:40:29 Times Seen1 Hash a4f48349c2473af867f2df7f04c50100 a06cf3e1f0b9ae046e20fdabd39e6aaba05923eb 1fb74efcae5b93fdf6808ca0291ea01ee867ddb4e2a1facd3169ff355790f1dd Loading...

	ee-helpdesk.com/js/jquery.mask.js	21 kB	2023-03-08	2023-11-26
Pretty URL ee-helpdesk.com/js/jquery.mask.js IP 45.141.59.16 ASN #213373 IP Connect Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:27:20 Last Seen2023-11-26 22:21:14 Times Seen17 Hash 504a4b0ce366d2d44eb3e92eb1ca9777 17a0b963c68c513d333624cce8387b3ada9da279 48ce47091a7f70176bcf4f56af6ef58b0625c7b68355c341a3d41e14a53a4fe9 Loading...

	ee-helpdesk.com/login.php?sessionid=35b0bce9d250429df012c0426f88d0bd	561 B	2023-03-10	2023-03-11
Pretty URL ee-helpdesk.com/login.php?sessionid=35b0bce9d250429df012c0426f88d0bd IP 45.141.59.16 ASN #213373 IP Connect Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 14:31:31 Last Seen2023-03-11 10:40:29 Times Seen1 Hash bd2d09ca1959d2d44a6c11eb43ae6207 d491465555e1e84bc21441025a28f6cdfaf89998 3ecc829bc992e740db5ee84f606c204707695855dd71cd0260d46b02106adf10 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.19.4/jquery.validate.min.js	24 kB	2023-03-07	2024-01-16
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.19.4/jquery.validate.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:33:25 Last Seen2024-01-16 11:27:50 Times Seen66 Hash fe79875178f26538388850ac25659596 10eb15da6c18f3c8597ff9b8990ae4a7412501cf 4fb69ddb1016cfb494dc95ba59e09e7850f6efb4c0b414f2e353553ea098363b Loading...

	ee-helpdesk.com/login.php?sessionid=35b0bce9d250429df012c0426f88d0bd	512 B	2023-03-10	2023-03-11
Pretty URL ee-helpdesk.com/login.php?sessionid=35b0bce9d250429df012c0426f88d0bd IP 45.141.59.16 ASN #213373 IP Connect Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 14:31:31 Last Seen2023-03-11 10:40:29 Times Seen1 Hash a1d4a6818aa3059887c344c49b3a61ee b02e0c461f9004859966e9bcb75ce7610adb8ab2 7220fc6cf69ab702af7c531f5aa4bce0c2cccb382457876715830b90ded13550 Loading...

	ee-helpdesk.com/login.php?sessionid=35b0bce9d250429df012c0426f88d0bd	247 B	2023-03-10	2023-03-11
Pretty URL ee-helpdesk.com/login.php?sessionid=35b0bce9d250429df012c0426f88d0bd IP 45.141.59.16 ASN #213373 IP Connect Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 14:31:31 Last Seen2023-03-11 10:40:29 Times Seen1 Hash 44d0f8a6a0e6dae6835b6cb4b6e9d876 312bc0660201961e1da7fb5fcaba2dcc055adeb7 11ee8089f5abc1637b9f130148ed9f5f5441ea449ce5689a1939dcd3e0656954 Loading...

HTTP Transactions (45)

URL IP Response Size

ee-helpdesk.com/login.php?sessionid=10bf437861701960d2d6d1b5ef9054f5

45.141.59.16

302 Found

6.2 kB

URL HTTP/1.1
ee-helpdesk.com/login.php?sessionid=10bf437861701960d2d6d1b5ef9054f5
IP
45.141.59.16:0
ASN
#213373 IP Connect Inc

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (2379), with CRLF line terminators
Size
6.2 kB (6209 bytes)
Hash
b23b9dc23fa671bfde45a6b1a1bd5767
8a4ee78c3a1a421a5aefdbdaed913043619d7179
9d723b2632ddd59df1e723f11043186d8b2fd0569a1213766e1aaeaaea98c638

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /login.php?sessionid=10bf437861701960d2d6d1b5ef9054f5 HTTP/1.1
Host: ee-helpdesk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
set-cookie: PHPSESSID=2d0883c9b9ba0998aa188c6f4a4ac982; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
location: index.php
content-type: text/html; charset=UTF-8
content-length: 6209
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 26 Oct 2022 09:34:34 GMT
server: LiteSpeed

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b3537658770790ad6cf0d727f0c0acd2
8365cadda05ef27b2ebd627d545e31886b512bde
df992311f130f15459739841de925c7eec2604d5a68ca6b2a67b6dc8d229212c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF992311F130F15459739841DE925C7EEC2604D5A68CA6B2A67B6DC8D229212C"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6187
Expires: Wed, 26 Oct 2022 11:17:41 GMT
Date: Wed, 26 Oct 2022 09:34:34 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
c2bba4cad162918b17858b60e909e4d9
d9a1d4f7fb7635ab233ebbf776e6de1a2857032b
3a1d27ec3d034d6326b32f6054b6be46079a86a33e75d5a2a3796a0c4c5eadab

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5388
Cache-Control: max-age=91585
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 09:34:34 GMT
Etag: "6357acdf-1d7"
Expires: Thu, 27 Oct 2022 11:00:59 GMT
Last-Modified: Tue, 25 Oct 2022 09:31:11 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
c2bba4cad162918b17858b60e909e4d9
d9a1d4f7fb7635ab233ebbf776e6de1a2857032b
3a1d27ec3d034d6326b32f6054b6be46079a86a33e75d5a2a3796a0c4c5eadab

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3608
Cache-Control: max-age=89805
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 09:34:34 GMT
Etag: "6357acdf-1d7"
Expires: Thu, 27 Oct 2022 10:31:19 GMT
Last-Modified: Tue, 25 Oct 2022 09:31:11 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8db408c487f7d35bba323046736e8d3a
01b91e2dce7c6d3de9adfe6ff4d38f9b24ab7db0
9aeafc72c1a969243e1fc96f68ce18888034a749ee70582208bf814bd40b61a5

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9AEAFC72C1A969243E1FC96F68CE18888034A749EE70582208BF814BD40B61A5"
Last-Modified: Tue, 25 Oct 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6604
Expires: Wed, 26 Oct 2022 11:24:38 GMT
Date: Wed, 26 Oct 2022 09:34:34 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: u0cQ8AwHV8o6FXZtKAw/jGL9d1/H0XMy+6v3yBGm/ZTDFJsgmxQeFZzoTPX571LjrsyGdSjJQG4=
x-amz-request-id: CCGCV27S2P0KMPNX
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 26 Oct 2022 08:39:08 GMT
age: 3326
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 26 Oct 2022 09:34:34 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ee-helpdesk.com/index.php

45.141.59.16

302 Found

0 B

URL HTTP/1.1
ee-helpdesk.com/index.php
IP
45.141.59.16:0
ASN
#213373 IP Connect Inc

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /index.php HTTP/1.1
Host: ee-helpdesk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: PHPSESSID=2d0883c9b9ba0998aa188c6f4a4ac982
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
location: login.php?sessionid=35b0bce9d250429df012c0426f88d0bd
content-type: text/html; charset=UTF-8
content-length: 0
date: Wed, 26 Oct 2022 09:34:34 GMT
server: LiteSpeed

ee-helpdesk.com/login.php?sessionid=35b0bce9d250429df012c0426f88d0bd

45.141.59.16

200 OK

6.2 kB

URL HTTP/1.1
ee-helpdesk.com/login.php?sessionid=35b0bce9d250429df012c0426f88d0bd
IP
45.141.59.16:0
ASN
#213373 IP Connect Inc

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (2379), with CRLF line terminators
Size
6.2 kB (6236 bytes)
Hash
28693675d5fdcb7da281d8d27aaf48da
5b68fbce0d25c6a784d50c718325d7189afc9425
4a77495f4799137a29338197e34beeb0b6d371a89e8433658a7a186bdba81948

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /login.php?sessionid=35b0bce9d250429df012c0426f88d0bd HTTP/1.1
Host: ee-helpdesk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: PHPSESSID=2d0883c9b9ba0998aa188c6f4a4ac982
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset=UTF-8
content-length: 6236
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 26 Oct 2022 09:34:35 GMT
server: LiteSpeed

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
65510aedd1a67f63a74f0de49818efd4
565e20c6757bfedfb32091dad5842a26e1de3d71
db85f5a4a38880cf98a0bdae8b7ed47840716a63a2e10397191a10463b6d93be

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5863
Cache-Control: max-age=127688
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 09:34:35 GMT
Etag: "6358380c-116"
Expires: Thu, 27 Oct 2022 21:02:43 GMT
Last-Modified: Tue, 25 Oct 2022 19:25:00 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 278

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
65510aedd1a67f63a74f0de49818efd4
565e20c6757bfedfb32091dad5842a26e1de3d71
db85f5a4a38880cf98a0bdae8b7ed47840716a63a2e10397191a10463b6d93be

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3607
Cache-Control: max-age=125432
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 09:34:35 GMT
Etag: "6358380c-116"
Expires: Thu, 27 Oct 2022 20:25:07 GMT
Last-Modified: Tue, 25 Oct 2022 19:25:00 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 278

cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

104.17.24.14

200 OK

5.6 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (30837)
Size
5.6 kB (5631 bytes)
Hash
109d1ed85cd01f9cdab73a4cac5bf80d
d6c6498ad46de2d8e2008a8ff68e364ae7f16b32
8b3a74fe462f5b3c0635995fd721a60eb640e237680b0b532b96711f2823e8bc

HTTP Headers

GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ee-helpdesk.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 26 Oct 2022 09:34:35 GMT
content-type: text/css; charset=utf-8
content-length: 5631
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-7918"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 581317
expires: Mon, 16 Oct 2023 09:34:35 GMT
accept-ranges: bytes
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7602326f2eb7b51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
518ff04fd536958e285cf07aaf4a2786
fa5dad2391c2a9957340bd629f0462db4f412a5c
608c78964412d5dc7025e9cbfaef345d448a29eae0f11257c49a41f274917b9a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6508
Cache-Control: max-age=87641
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 09:34:35 GMT
Etag: "63579918-1d7"
Expires: Thu, 27 Oct 2022 09:55:16 GMT
Last-Modified: Tue, 25 Oct 2022 08:06:48 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

ee-helpdesk.com/js/jquery-3.2.1.min.js

45.141.59.16

200 OK

30 kB

URL HTTP/1.1
ee-helpdesk.com/js/jquery-3.2.1.min.js
IP
45.141.59.16:0
ASN
#213373 IP Connect Inc

File type
ASCII text, with very long lines (32058)
Size
30 kB (30229 bytes)
Hash
2b9c3a55026fa687fa8add847adc9703
f2d759f36127a585a1353362fc0888eb5ccc38f8
5a2a26016574209924c64a06714a35f93eb82a215bb635a98706e3421e5e305d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/jquery-3.2.1.min.js HTTP/1.1
Host: ee-helpdesk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ee-helpdesk.com/login.php?sessionid=35b0bce9d250429df012c0426f88d0bd
Cookie: PHPSESSID=2d0883c9b9ba0998aa188c6f4a4ac982

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Wed, 02 Nov 2022 09:34:35 GMT
content-type: application/javascript
last-modified: Mon, 24 Oct 2022 17:26:47 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 30229
date: Wed, 26 Oct 2022 09:34:35 GMT
server: LiteSpeed

ee-helpdesk.com/css/login.1e1767e.min.css

45.141.59.16

200 OK

11 kB

URL HTTP/1.1
ee-helpdesk.com/css/login.1e1767e.min.css
IP
45.141.59.16:0
ASN
#213373 IP Connect Inc

File type
ASCII text, with very long lines (423), with CRLF line terminators
Size
11 kB (10685 bytes)
Hash
be027ba0266ddb6f1b497df5ad435856
4b5bacce6fb2b59c96e20f989d466c38a37e0248
63837e4066e2bc5a6efd254e1d6bce17063a24731500ab499efaa662c686fdea

HTTP Headers

GET /css/login.1e1767e.min.css HTTP/1.1
Host: ee-helpdesk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ee-helpdesk.com/login.php?sessionid=35b0bce9d250429df012c0426f88d0bd
Cookie: PHPSESSID=2d0883c9b9ba0998aa188c6f4a4ac982

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Wed, 02 Nov 2022 09:34:35 GMT
content-type: text/css
last-modified: Mon, 24 Oct 2022 17:25:29 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 10685
date: Wed, 26 Oct 2022 09:34:35 GMT
server: LiteSpeed

ee-helpdesk.com/css/clientlibs_meganav.min.css

45.141.59.16

200 OK

11 kB

URL HTTP/1.1
ee-helpdesk.com/css/clientlibs_meganav.min.css
IP
45.141.59.16:0
ASN
#213373 IP Connect Inc

File type
ASCII text, with very long lines (937), with CRLF line terminators
Size
11 kB (10757 bytes)
Hash
b1a7f9968dfc85ef6b9e8a7e7d07b7f3
23b4b40e5276effc21603eabfbbb8e6eca666bb4
942f53160af6ff0510a31a3ebbf85f0e6a16ae2c4def86368d6b22efe976f95b

HTTP Headers

GET /css/clientlibs_meganav.min.css HTTP/1.1
Host: ee-helpdesk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ee-helpdesk.com/login.php?sessionid=35b0bce9d250429df012c0426f88d0bd
Cookie: PHPSESSID=2d0883c9b9ba0998aa188c6f4a4ac982

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Wed, 02 Nov 2022 09:34:35 GMT
content-type: text/css
last-modified: Mon, 24 Oct 2022 17:25:30 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 10757
date: Wed, 26 Oct 2022 09:34:35 GMT
server: LiteSpeed

ee-helpdesk.com/js/jquery.validate.js

45.141.59.16

200 OK

13 kB

URL HTTP/1.1
ee-helpdesk.com/js/jquery.validate.js
IP
45.141.59.16:0
ASN
#213373 IP Connect Inc

File type
Unicode text, UTF-8 text, with very long lines (511)
Size
13 kB (12787 bytes)
Hash
38529838a84d4134e2a58cffaa5e9514
628467bf882dcda2f7cd9d1992e340b1b3983e71
9bda00674b9fdb7fb794fa60e8c9b9ecbaef530c519a2e28dbc14ddfb46dd7cc

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/jquery.validate.js HTTP/1.1
Host: ee-helpdesk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ee-helpdesk.com/login.php?sessionid=35b0bce9d250429df012c0426f88d0bd
Cookie: PHPSESSID=2d0883c9b9ba0998aa188c6f4a4ac982

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Wed, 02 Nov 2022 09:34:35 GMT
content-type: application/javascript
last-modified: Mon, 24 Oct 2022 17:26:47 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 12787
date: Wed, 26 Oct 2022 09:34:35 GMT
server: LiteSpeed

ee-helpdesk.com/js/jquery.mask.js

45.141.59.16

200 OK

5.4 kB

URL HTTP/1.1
ee-helpdesk.com/js/jquery.mask.js
IP
45.141.59.16:0
ASN
#213373 IP Connect Inc

File type
ASCII text, with CRLF line terminators
Size
5.4 kB (5427 bytes)
Hash
fa417c38bf1214e57c5610772a2b8861
1ece4413135ec1f1f196aaf0c11ed33f23499e80
60931f965acfe90351f9e41c747a824c68431b378c18e89fcdb90efa8d33b24a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/jquery.mask.js HTTP/1.1
Host: ee-helpdesk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ee-helpdesk.com/login.php?sessionid=35b0bce9d250429df012c0426f88d0bd
Cookie: PHPSESSID=2d0883c9b9ba0998aa188c6f4a4ac982

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Wed, 02 Nov 2022 09:34:35 GMT
content-type: application/javascript
last-modified: Mon, 24 Oct 2022 17:26:47 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 5427
date: Wed, 26 Oct 2022 09:34:35 GMT
server: LiteSpeed

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
19132f29a8811a10f90eca2d81e5deb8
3b9e0bbf9f40f46b57dad5567b008e58b5770565
708aeab241760b108d60c1462b1979e59cf473242222e9270705ba70642b04f6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 09:34:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.19.4/jquery.validate.min.js

104.17.24.14

200 OK

7.0 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.19.4/jquery.validate.min.js
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (24350)
Size
7.0 kB (6982 bytes)
Hash
2ea08661494600f2b846f2f2a0edf928
23dd30df766a846db627a3209b5d89d3bbb9a36a
aa22efaecb862cd85da8683a5ab6a4ebcb3a58a83e9709e87e41b3668ce3a05b

HTTP Headers

GET /ajax/libs/jquery-validate/1.19.4/jquery.validate.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ee-helpdesk.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 26 Oct 2022 09:34:35 GMT
content-type: application/javascript; charset=utf-8
content-length: 6982
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "62866b7a-1b46"
last-modified: Thu, 19 May 2022 16:08:26 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 12215776
expires: Mon, 16 Oct 2023 09:34:35 GMT
accept-ranges: bytes
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7602326f5eecb51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
65510aedd1a67f63a74f0de49818efd4
565e20c6757bfedfb32091dad5842a26e1de3d71
db85f5a4a38880cf98a0bdae8b7ed47840716a63a2e10397191a10463b6d93be

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3607
Cache-Control: max-age=125432
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 09:34:35 GMT
Etag: "6358380c-116"
Expires: Thu, 27 Oct 2022 20:25:07 GMT
Last-Modified: Tue, 25 Oct 2022 19:25:00 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 278

ee-helpdesk.com/js/inputmask.min.js

45.141.59.16

200 OK

8.6 kB

URL HTTP/1.1
ee-helpdesk.com/js/inputmask.min.js
IP
45.141.59.16:0
ASN
#213373 IP Connect Inc

File type
ASCII text, with very long lines (20001), with no line terminators
Size
8.6 kB (8575 bytes)
Hash
895976241713f2aa9bfd76f512cc5177
01006faa422098d4599e307de794019151b11027
01806391b34b9ebabec30b04f3dd60d25065bbdf0b37b691dd9492059db542f2

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/inputmask.min.js HTTP/1.1
Host: ee-helpdesk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ee-helpdesk.com/login.php?sessionid=35b0bce9d250429df012c0426f88d0bd
Cookie: PHPSESSID=2d0883c9b9ba0998aa188c6f4a4ac982

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Wed, 02 Nov 2022 09:34:35 GMT
content-type: application/javascript
last-modified: Mon, 24 Oct 2022 17:26:47 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 8575
date: Wed, 26 Oct 2022 09:34:35 GMT
server: LiteSpeed

ee-helpdesk.com/css/main.1e1767e.min.css

45.141.59.16

200 OK

32 kB

URL HTTP/1.1
ee-helpdesk.com/css/main.1e1767e.min.css
IP
45.141.59.16:0
ASN
#213373 IP Connect Inc

File type
ASCII text, with very long lines (51865), with CRLF line terminators
Size
32 kB (31574 bytes)
Hash
dacee3ef18692d1a8701df321eb91983
59202cf17f5a9116e3101b6f2728f628e161535e
19dfed8455088f4b0ef34a956b434b5801d4c2750237ab1298e3b81c7a5187d5

HTTP Headers

GET /css/main.1e1767e.min.css HTTP/1.1
Host: ee-helpdesk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ee-helpdesk.com/login.php?sessionid=35b0bce9d250429df012c0426f88d0bd
Cookie: PHPSESSID=2d0883c9b9ba0998aa188c6f4a4ac982

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Wed, 02 Nov 2022 09:34:35 GMT
content-type: text/css
last-modified: Mon, 24 Oct 2022 17:25:30 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 31574
date: Wed, 26 Oct 2022 09:34:35 GMT
server: LiteSpeed

ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

142.250.74.106

200 OK

31 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65451)
Size
31 kB (31021 bytes)
Hash
903bc7a7e510f87aa5d0201eb59a0832
ac9aa4dd94cde1bcba9037e94087138b127e41fc
41a7ac8150cc9f38421451d5143c1ffec7a1f1fafbf7a7fc0f51b98ad699cf8f

HTTP Headers

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ee-helpdesk.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31021
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 22 Oct 2022 20:15:10 GMT
expires: Sun, 22 Oct 2023 20:15:10 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Fri, 08 May 2020 07:05:03 GMT
content-type: text/javascript; charset=UTF-8
age: 307165
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
19132f29a8811a10f90eca2d81e5deb8
3b9e0bbf9f40f46b57dad5567b008e58b5770565
708aeab241760b108d60c1462b1979e59cf473242222e9270705ba70642b04f6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 09:34:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.sca1b.amazontrust.com/

54.230.245.39

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.39:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
435e85353937b871a7d8ea3da4f1fc89
02573caa664376e532127a5a269a59982ef1c69c
1eb797d1601b1a70fb8c97513ad1284120f51bea61be95834601e861ab82829b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=104388
Date: Wed, 26 Oct 2022 09:34:35 GMT
Etag: "6357db3e-1d7"
Expires: Thu, 27 Oct 2022 14:34:23 GMT
Last-Modified: Tue, 25 Oct 2022 12:49:02 GMT
Server: ECS (nyb/1D0B)
X-Cache: Miss from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: tlFRTcl6iVmTlgPDoO6Kj2XRAmrDxWQongd7MkZEc2K_FYTsyUvACA==
Age: 6321

push.services.mozilla.com/

54.187.102.159

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.187.102.159:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: KMyDaRscu3VGl8+nRJ0O5A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: XmYBOnEiQAB/VzKxnrbWz7lL544=

ee-dtp-static.s3.amazonaws.com/prod/css/clientlibs_myee.min.css

52.217.69.28

200 OK

187 kB

URL HTTP/1.1
ee-dtp-static.s3.amazonaws.com/prod/css/clientlibs_myee.min.css
IP
52.217.69.28:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (349)
Size
187 kB (187065 bytes)
Hash
13475e875670c5bbb6ffb086ffc17514
1b6b30e04a6b202cbdeb702d6255486fd010843d
094680d16cf39187e3edb36b5405fc502934223a92830a0bb125fe411b08728d

HTTP Headers

GET /prod/css/clientlibs_myee.min.css HTTP/1.1
Host: ee-dtp-static.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ee-helpdesk.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
x-amz-id-2: XOTXdA8mMJblOu2xEYAoykAevvcZicjxyRqXOVgFh+FZzEYDKk8ulervYR27JeaO5MWMeO9vADc=
x-amz-request-id: XBR8Q3CXK8G6V2ZQ
Date: Wed, 26 Oct 2022 09:34:36 GMT
Last-Modified: Tue, 24 Aug 2021 12:11:08 GMT
ETag: "13475e875670c5bbb6ffb086ffc17514"
x-amz-version-id: qbHf_153ZUcp5KfrEPOpU3DRB90sgpwY
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Content-Length: 187065

ee-helpdesk.com/fonts/rubrik_regular.woff

45.141.59.16

200 OK

32 kB

URL HTTP/1.1
ee-helpdesk.com/fonts/rubrik_regular.woff
IP
45.141.59.16:0
ASN
#213373 IP Connect Inc

File type
Web Open Font Format, TrueType, length 32224, version 1.0\012- data
Size
32 kB (32224 bytes)
Hash
089b68fbe51043d85c0027efff60aca2
4e25eca27452c882c20e1ab37d9f1285726ca5b7
717f88116eeb521c6f62d2507b1df5331a3422cfe73126c2675382b5540cf57f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /fonts/rubrik_regular.woff HTTP/1.1
Host: ee-helpdesk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://ee-helpdesk.com/css/login.1e1767e.min.css
Cookie: PHPSESSID=2d0883c9b9ba0998aa188c6f4a4ac982

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Wed, 02 Nov 2022 09:34:36 GMT
content-type: font/woff
last-modified: Mon, 24 Oct 2022 17:25:47 GMT
accept-ranges: bytes
content-length: 32224
date: Wed, 26 Oct 2022 09:34:36 GMT
server: LiteSpeed

ee-helpdesk.com/fonts/rubrik_semibold.woff

45.141.59.16

200 OK

33 kB

URL HTTP/1.1
ee-helpdesk.com/fonts/rubrik_semibold.woff
IP
45.141.59.16:0
ASN
#213373 IP Connect Inc

File type
Web Open Font Format, TrueType, length 33016, version 1.0\012- data
Size
33 kB (33016 bytes)
Hash
9bab90fef9341ee639d18c06e7799825
f67fdb4a053368dede02a0ef7abf2f0bc743ad3a
92570d2534fc4d673622e3881535a6dc39213c9f6ff05903ec90a8381b1a2ffe

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /fonts/rubrik_semibold.woff HTTP/1.1
Host: ee-helpdesk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://ee-helpdesk.com/css/login.1e1767e.min.css
Cookie: PHPSESSID=2d0883c9b9ba0998aa188c6f4a4ac982

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Wed, 02 Nov 2022 09:34:36 GMT
content-type: font/woff
last-modified: Mon, 24 Oct 2022 17:25:48 GMT
accept-ranges: bytes
content-length: 33016
date: Wed, 26 Oct 2022 09:34:36 GMT
server: LiteSpeed

ee-helpdesk.com/fonts/nobblee_light.woff

45.141.59.16

200 OK

32 kB

URL HTTP/1.1
ee-helpdesk.com/fonts/nobblee_light.woff
IP
45.141.59.16:0
ASN
#213373 IP Connect Inc

File type
Web Open Font Format, TrueType, length 32272, version 1.0\012- data
Size
32 kB (32272 bytes)
Hash
3be441e45fd1c9c05288a83484f154d8
4b5eca1227ecab5a5a262792909d38271795a2f3
a2b35cb11e44fb935099d43e70a5a61c3e4af9769b48c3ff27778c359052ab78

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /fonts/nobblee_light.woff HTTP/1.1
Host: ee-helpdesk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://ee-helpdesk.com/css/main.1e1767e.min.css
Cookie: PHPSESSID=2d0883c9b9ba0998aa188c6f4a4ac982

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Wed, 02 Nov 2022 09:34:36 GMT
content-type: font/woff
last-modified: Mon, 24 Oct 2022 17:25:47 GMT
accept-ranges: bytes
content-length: 32272
date: Wed, 26 Oct 2022 09:34:36 GMT
server: LiteSpeed

ee-helpdesk.com/fonts/rubrik_light.woff

45.141.59.16

200 OK

32 kB

URL HTTP/1.1
ee-helpdesk.com/fonts/rubrik_light.woff
IP
45.141.59.16:0
ASN
#213373 IP Connect Inc

File type
Web Open Font Format, TrueType, length 31860, version 1.0\012- data
Size
32 kB (31860 bytes)
Hash
76dfdd96d026bf3b4c1f457fe340c1a9
0ca6a34b789996a9c55f2a6460e953317b7a60df
1af05253947be88483e3340c3f971b3c0a6830a71851b9d3e5f3de83a89005f1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /fonts/rubrik_light.woff HTTP/1.1
Host: ee-helpdesk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://ee-helpdesk.com/css/login.1e1767e.min.css
Cookie: PHPSESSID=2d0883c9b9ba0998aa188c6f4a4ac982

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Wed, 02 Nov 2022 09:34:36 GMT
content-type: font/woff
last-modified: Mon, 24 Oct 2022 17:25:47 GMT
accept-ranges: bytes
content-length: 31860
date: Wed, 26 Oct 2022 09:34:36 GMT
server: LiteSpeed

ee-helpdesk.com/fonts/nobblee_regular.woff

45.141.59.16

200 OK

48 kB

URL HTTP/1.1
ee-helpdesk.com/fonts/nobblee_regular.woff
IP
45.141.59.16:0
ASN
#213373 IP Connect Inc

File type
Web Open Font Format, TrueType, length 48360, version 1.0\012- data
Size
48 kB (48360 bytes)
Hash
ffa7ba568e6d02cbaa04563bc1ff0a0c
7612873f9370e21fd36e6a3d83373db47e760d29
59a88d64e191e0adfd848a14cd3be24ac3dbbc4c2d888bb20c6e768d7ae59514

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /fonts/nobblee_regular.woff HTTP/1.1
Host: ee-helpdesk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://ee-helpdesk.com/css/main.1e1767e.min.css
Cookie: PHPSESSID=2d0883c9b9ba0998aa188c6f4a4ac982

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Wed, 02 Nov 2022 09:34:36 GMT
content-type: font/woff
last-modified: Mon, 24 Oct 2022 17:25:47 GMT
accept-ranges: bytes
content-length: 48360
date: Wed, 26 Oct 2022 09:34:36 GMT
server: LiteSpeed

ee-helpdesk.com/fonts/ee-icons.woff

45.141.59.16

200 OK

48 kB

URL HTTP/1.1
ee-helpdesk.com/fonts/ee-icons.woff
IP
45.141.59.16:0
ASN
#213373 IP Connect Inc

File type
Web Open Font Format, TrueType, length 48388, version 1.0\012- data
Size
48 kB (48388 bytes)
Hash
721c8affd502ae9282e4595af720d799
abd111280610d302cf980a6e8d8799fafe7e8ed0
da4cc80a79084aaf4e6edd60228913b0244dec63332d25b36c076632619b19ed

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /fonts/ee-icons.woff HTTP/1.1
Host: ee-helpdesk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://ee-helpdesk.com/css/main.1e1767e.min.css
Cookie: PHPSESSID=2d0883c9b9ba0998aa188c6f4a4ac982

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Wed, 02 Nov 2022 09:34:36 GMT
content-type: font/woff
last-modified: Mon, 24 Oct 2022 17:25:47 GMT
accept-ranges: bytes
content-length: 48388
date: Wed, 26 Oct 2022 09:34:36 GMT
server: LiteSpeed

ee-helpdesk.com/img/favicon-196x196.png

45.141.59.16

200 OK

9.2 kB

URL HTTP/1.1
ee-helpdesk.com/img/favicon-196x196.png
IP
45.141.59.16:0
ASN
#213373 IP Connect Inc

File type
PNG image data, 196 x 196, 8-bit/color RGB, non-interlaced\012- data
Size
9.2 kB (9179 bytes)
Hash
779d2aa00f64023424e1aa7b2ba466d1
49298de9f1731d3cb0c356f9d005852392ca213c
a01fdf21cfde4d76986b1d91ec5d9cb2f95e74fa06a72c69e8ac78e21de7d4ee

HTTP Headers

GET /img/favicon-196x196.png HTTP/1.1
Host: ee-helpdesk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ee-helpdesk.com/login.php?sessionid=35b0bce9d250429df012c0426f88d0bd
Cookie: PHPSESSID=2d0883c9b9ba0998aa188c6f4a4ac982

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Wed, 02 Nov 2022 09:34:36 GMT
content-type: image/png
last-modified: Mon, 24 Oct 2022 17:26:08 GMT
accept-ranges: bytes
content-length: 9179
date: Wed, 26 Oct 2022 09:34:36 GMT
server: LiteSpeed

ee-helpdesk.com/img/favicon-16x16.png

45.141.59.16

200 OK

1.0 kB

URL HTTP/1.1
ee-helpdesk.com/img/favicon-16x16.png
IP
45.141.59.16:0
ASN
#213373 IP Connect Inc

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Size
1.0 kB (1004 bytes)
Hash
c2d08be3b716511a34c530ab80fef9e9
6f416133bf1545ff2813dc0b436aabb91ee875bb
db394b4aa60dc97a65e8aa3d2913ce543f4a41e9b1b3c2857ce169efd9ad8e02

HTTP Headers

GET /img/favicon-16x16.png HTTP/1.1
Host: ee-helpdesk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ee-helpdesk.com/login.php?sessionid=35b0bce9d250429df012c0426f88d0bd
Cookie: PHPSESSID=2d0883c9b9ba0998aa188c6f4a4ac982

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Wed, 02 Nov 2022 09:34:36 GMT
content-type: image/png
last-modified: Mon, 24 Oct 2022 17:26:08 GMT
accept-ranges: bytes
content-length: 1004
date: Wed, 26 Oct 2022 09:34:36 GMT
server: LiteSpeed

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
398e3c90084d7d71fc1e9fd833116f5f
3e202da5559a8f219144adee3639d063a98559c0
724547db3ed9f1779308e9dd6604664e6ffa3580ca076fbdc1dfb1b75591bba4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14068
Expires: Wed, 26 Oct 2022 13:29:04 GMT
Date: Wed, 26 Oct 2022 09:34:36 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
398e3c90084d7d71fc1e9fd833116f5f
3e202da5559a8f219144adee3639d063a98559c0
724547db3ed9f1779308e9dd6604664e6ffa3580ca076fbdc1dfb1b75591bba4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14068
Expires: Wed, 26 Oct 2022 13:29:04 GMT
Date: Wed, 26 Oct 2022 09:34:36 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
398e3c90084d7d71fc1e9fd833116f5f
3e202da5559a8f219144adee3639d063a98559c0
724547db3ed9f1779308e9dd6604664e6ffa3580ca076fbdc1dfb1b75591bba4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14068
Expires: Wed, 26 Oct 2022 13:29:04 GMT
Date: Wed, 26 Oct 2022 09:34:36 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9f8e8b2-cbee-42dd-a8d8-d4165e9a97ae.jpeg

34.120.237.76

200 OK

3.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9f8e8b2-cbee-42dd-a8d8-d4165e9a97ae.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.7 kB (3695 bytes)
Hash
6dbedb2a47310dcc21ddb2f9c15ca08a
aa1c7300ce49a977fc7ed17534d48c04ec8c34fc
dc4edcfaa03bcccfd66cdacba33167877be7b0b746b9028fe9d82d71feefed2c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9f8e8b2-cbee-42dd-a8d8-d4165e9a97ae.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3695
x-amzn-requestid: 969f155c-e60f-4ecc-bdc8-29e85a803c46
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: alK9KEvqIAMFf4g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63585854-116ea1e74504dd416825d1ec;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 21:42:44 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: SDTaQGxFhSOc7XaFxoZzpo_z_BtH_F_K5pkIeLB4qo8KdJM5r_Ldqg==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 21:49:21 GMT
age: 42315
etag: "aa1c7300ce49a977fc7ed17534d48c04ec8c34fc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5b77f552-f63a-490e-8ebf-e424535dc52b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.6 kB (4639 bytes)
Hash
422e2d39d09378a93241ca9d9275cdb3
b023427c7f5d8c4db74e626fd146b29feff5e578
419e9829c1c1c1a8ad7dcbe8cea395835733360b20f1f762bf93747c965ff95e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5b77f552-f63a-490e-8ebf-e424535dc52b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4639
x-amzn-requestid: a88c5362-6ce2-4db6-8bfd-97d4b8476fa6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: alJ3vENroAMF0mQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63585697-1e5cca0918d9a36f4273ba4c;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 21:35:19 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: nf4UHlnSKaJcTYXDo7Nq6EMpFLL5MTq4y112iDh9B3M1mKaXnyAyOw==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 21:49:00 GMT
age: 42336
etag: "b023427c7f5d8c4db74e626fd146b29feff5e578"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fadc5382d-fbb1-4d8e-8ee0-d7dcda16508e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.5 kB (4524 bytes)
Hash
91ee720c15dc69de45080d0c951353af
5292b31a99d90bcb7071f327b93d52034bdf9dcb
7fbe9f0f6db08fd539f2e8d4ac22e3b4d5ca14f7cde69f8424cce8b361d026e6

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fadc5382d-fbb1-4d8e-8ee0-d7dcda16508e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4524
x-amzn-requestid: a493efe7-11c7-4032-b36b-7f838f8180bc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aljicH_6IAMFqpQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63587fa9-0f15eae7680ea7b15e5e47ec;Sampled=0
x-amzn-remapped-date: Wed, 26 Oct 2022 00:30:33 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: OV7g4Y4fcQGijljebzHQtnpKdcPKw6LTxqORxxBJL2lFPYQLLoyNuQ==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 00:34:40 GMT
age: 32396
etag: "5292b31a99d90bcb7071f327b93d52034bdf9dcb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae122c0f-a41b-4abc-a703-a5de223ae39a.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.4 kB (8439 bytes)
Hash
db946866312c734e0c5f91ca76255b2f
e8b8236baab9106a426a415eb01494cc4cc91ad1
a695e7bc87da2c6d9f5669c09e662fe22982e69cb139466efa5093429fe19866

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae122c0f-a41b-4abc-a703-a5de223ae39a.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8439
x-amzn-requestid: e0eed725-0725-4f5a-9c91-fec13ad0ebe5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ajKYQGWhIAMFdhw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63578a9b-2a0115120e75f5271cea992f;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 07:04:59 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: WVz4PqWqT9Pk1juQ95Xzi-7HcEDBqKb5VAncjXxOYFfKTnjRbmodoA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 04:44:59 GMT
age: 17377
etag: "e8b8236baab9106a426a415eb01494cc4cc91ad1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc635673e-499c-4d9c-8bc5-a713fb19e221.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (13796 bytes)
Hash
b946c4f2f177828cf7b76c5764e97157
c3856686b98e1883133aa1824c496d34512769a0
be818a015fc9c745ea561a0b9c2aca6ba25ade24acd696fa651163d47b195371

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc635673e-499c-4d9c-8bc5-a713fb19e221.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13796
x-amzn-requestid: 90b1e032-78c6-499d-b564-f25c15e20304
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: alJ2OG0SoAMFx-w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6358568e-599d0f526fc6a01f77b67dcf;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 21:35:10 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: qxBQMJAnYNJVLBf5LSOTC7v3hPl9sh-G-OIqrK7d5KpdVITaQCcGMA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 21:47:18 GMT
age: 42438
etag: "c3856686b98e1883133aa1824c496d34512769a0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdb59802-0d15-47b0-9824-34102fa77aeb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.4 kB (9355 bytes)
Hash
ffefed59982fc01dd8df2f14cea499ca
abab3e94679d0c3e2cbecbda2e9a789a7fe17873
0c9e876f3f638aa4148aecdd77722e5091a2bb47ac30e4367505a1ebe39535d2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdb59802-0d15-47b0-9824-34102fa77aeb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9355
x-amzn-requestid: eb558ca7-8a59-4135-85c8-f0fd5afd30fe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: alJ35EV2oAMF_4g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63585698-0ea5ca6a1f03dd6174ac208c;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 21:35:20 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: kCkZee35C72NmGRZ7BNRLkag29lRxJV0VHDycTNZOJXhosKdjsOxPg==
via: 1.1 6a63e853422f3197776fb098fab5a416.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 21:52:53 GMT
age: 42103
etag: "abab3e94679d0c3e2cbecbda2e9a789a7fe17873"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (10)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations