Report - waymaker-charters.com/ovo/8rpn7eld/a2ltLnBhcnNvbnNAbm9hYS5nb3Y=

Report Overview

Submitted URL
waymaker-charters.com/ovo/8rpn7eld/a2ltLnBhcnNvbnNAbm9hYS5nb3Y=
IP
69.49.228.234
ASN
#19871 NETWORK-SOLUTIONS-HOSTING
Submitted
2024-03-28 20:13:29
Access
public
Website Title
PORTAL - NOAA Mail Authentication
Final URL
cloudflare-ipfs.com/ipfs/bafybeihmfbcrj23fhwzt7pxguz6qcgf5zps5lffb725rcqnnr3ut76ky5m#kim.parsons@noaa.gov
Tags
phishing microsoft outlook
urlquery detections
Phishing - Microsoft Outlook

Detections

urlquery
4
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.w3schools.com	17487	2000-03-21	2014-02-05	2024-03-28	424 B	5.8 kB	192.229.133.221
cloudflare-ipfs.com	75147	2018-05-30	2021-01-20	2024-03-15	1.3 kB	305 kB	104.17.64.14
t1.gstatic.com	unknown	2008-02-11	2013-05-07	2024-03-27	1.5 kB	8.3 kB	142.250.74.68
t3.gstatic.com	unknown	2008-02-11	2013-05-06	2024-03-28	1.0 kB	5.5 kB	142.250.74.100
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-03-28	562 B	23 kB	216.58.207.227
waymaker-charters.com	unknown	unknown	No data	No data	517 B	373 B	69.49.228.234
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-03-28	1.6 kB	282 kB	104.17.25.14
egensession.com	unknown	2024-03-19	2024-03-19	2024-03-25	1.2 kB	5.7 kB	188.114.97.1
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-03-28	1.5 kB	17 kB	142.250.74.74

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

Scan Date	Severity	Indicator	Alert
2023-05-02	medium	cloudflare-ipfs.com/images/favicon.ico	Other
2023-05-02	medium	cloudflare-ipfs.com/ipfs/bafybeihmfbcrj23fhwzt7pxguz6qcgf5zps5lffb725rcqnnr3ut76ky5m	Other

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-03-28	medium	egensession.com	Sinkholed
2024-03-28	medium	egensession.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (1)

	URL	Size	First Seen	Last Seen
	cloudflare-ipfs.com/ipfs/bafybeihmfbcrj23fhwzt7pxguz6qcgf5zps5lffb725rcqnnr3ut76ky5m#kim.parsons@noaa.gov	267 kB	2023-11-07	2024-04-26
Pretty URL cloudflare-ipfs.com/ipfs/bafybeihmfbcrj23fhwzt7pxguz6qcgf5zps5lffb725rcqnnr3ut76ky5m#kim.parsons@noaa.gov IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-07 21:04:06 Last Seen2024-04-26 23:01:14 Times Seen313 Hash 826628cfe7bc18a7b465571f40d0eaee 25272b7011de72a14878f8603e5c0c81e1385171 2ca80ebd84c8a26db5611ae2ecf9a4c817ffadf9ca6d3b419adb1008c38ee8f1 Loading...

HTTP Transactions (18)

URL IP Response Size

waymaker-charters.com/ovo/8rpn7eld/a2ltLnBhcnNvbnNAbm9hYS5nb3Y=

69.49.228.234

179 B

URL
waymaker-charters.com/ovo/8rpn7eld/a2ltLnBhcnNvbnNAbm9hYS5nb3Y=
IP
69.49.228.234:0
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

File type
HTML document, ASCII text
Size
179 B (179 bytes)
Hash
2a4639fd6c5a73444a6bb553076c60ef
542caa7099e43e416025b83ad850b475b93e4827
72aff485f60354eedd077a99f66e9ee5eb81bf7f4c6b35e08ad6a5548490a00a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /ovo/8rpn7eld/a2ltLnBhcnNvbnNAbm9hYS5nb3Y= HTTP/1.1
Host: waymaker-charters.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 28 Mar 2024 20:13:03 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css

104.17.25.14

200 OK

19 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cloudflare-ipfs.com/ipfs/bafybeihmfbcrj23fhwzt7pxguz6qcgf5zps5lffb725rcqnnr3ut76ky5m#kim.parsons@noaa.gov
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (52276)
Size
19 kB (18778 bytes)
Hash
5222e06b77a1692fa2520a219840e6be
8b4236206a8b86af3761a244277663046d7ff7ee
0934b1fc0d3a766d41d3adf5e7a115875e66e98ebba408d965a41cf3d2cb4ab5

HTTP Headers

GET /ajax/libs/font-awesome/6.4.2/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cloudflare-ipfs.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 28 Mar 2024 20:13:05 GMT
content-type: text/css; charset=utf-8
content-length: 18778
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "64cac444-495a"
last-modified: Wed, 02 Aug 2023 21:01:56 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 680885
expires: Tue, 18 Mar 2025 20:13:05 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2DUMCAPsIrLZIm14PX6sp0oogjvND1HvkGu7clRllvHJ%2F8VW76HqVuNdIA5mKbOaJ5hK6Vgc5%2FpGAHer2nwGNUP0PKCCxyZtsasxfM9gTpxQJlEB%2Br6%2BjbwWlqoHacTVCix9ZhEh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 86ba47603e60b4ff-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.w3schools.com/w3css/4/w3.css

192.229.133.221

200 OK

5.3 kB

URL GET HTTP/2
www.w3schools.com/w3css/4/w3.css
IP
192.229.133.221:443
ASN
#15133 EDGECAST

Requested by
https://cloudflare-ipfs.com/ipfs/bafybeihmfbcrj23fhwzt7pxguz6qcgf5zps5lffb725rcqnnr3ut76ky5m#kim.parsons@noaa.gov
Certificate
IssuerDigiCert Inc
Subject*.w3schools.com
FingerprintC1:D8:A1:39:6A:5E:03:D0:6B:53:1B:C0:E7:E0:84:EB:D2:44:AE:A2
ValiditySun, 05 Mar 2023 00:00:00 GMT - Thu, 04 Apr 2024 23:59:59 GMT

File type
Unicode text, UTF-8 (with BOM) text
Size
5.3 kB (5256 bytes)
Hash
ba0537e9574725096af97c27d7e54f76
bd46b47d74d344f435b5805114559d45979762d5
4a7611bc677873a0f87fe21727bc3a2a43f57a5ded3b10ce33a0f371a2e6030f

HTTP Headers

GET /w3css/4/w3.css HTTP/1.1
Host: www.w3schools.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
age: 3328
cache-control: public,max-age=14400,public
content-security-policy: frame-ancestors 'self' https://mycourses.w3schools.com;
content-type: text/css
date: Thu, 28 Mar 2024 20:13:06 GMT
etag: "0ef6eafe580da1:0+gzip"
last-modified: Thu, 28 Mar 2024 07:58:14 GMT
server: ECS (ska/F716)
vary: Accept-Encoding
x-cache: HIT
x-content-security-policy: frame-ancestors 'self' https://mycourses.w3schools.com;
x-powered-by: ASP.NET
content-length: 5256
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/webfonts/fa-solid-900.woff2

104.17.25.14

200 OK

150 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/webfonts/fa-solid-900.woff2
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cloudflare-ipfs.com/ipfs/bafybeihmfbcrj23fhwzt7pxguz6qcgf5zps5lffb725rcqnnr3ut76ky5m#kim.parsons@noaa.gov
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 150020, version 772.1280
Size
150 kB (150020 bytes)
Hash
d5e647388e2415268b700d3df2e30a0d
97f0942c6627ddd89fb62170e5cac9a2cbd6c98c
886c86112a804ef1ddd1cb206af4c8c40e34b73c26652ca231404aa35a6b30d9

HTTP Headers

GET /ajax/libs/font-awesome/6.4.2/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cloudflare-ipfs.com
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 28 Mar 2024 20:13:06 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 150020
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "64cac444-24a04"
last-modified: Wed, 02 Aug 2023 21:01:56 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1263142
expires: Tue, 18 Mar 2025 20:13:06 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8KRIXezHtrf0K76p5rHRKLVWHtW3yu7sttPO2%2BJCjiIshWfR4ptfiiHFeMV1MFL8kiGJBFmHSYTMwQ%2FhUvJOTSaiLaHdcJZ14Jb7jdSD0LTdxr1EyuQn0KBkFFp2xfPi1Hx1uTpR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 86ba476278bcb4ff-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cloudflare-ipfs.com/images/favicon.ico

104.17.64.14

404 Not Found

14 B

URL GET HTTP/3
cloudflare-ipfs.com/images/favicon.ico
IP
104.17.64.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cloudflare-ipfs.com/ipfs/bafybeihmfbcrj23fhwzt7pxguz6qcgf5zps5lffb725rcqnnr3ut76ky5m#kim.parsons@noaa.gov
Certificate
IssuerLet's Encrypt
Subjectcloudflare-ipfs.com
Fingerprint18:E5:C9:71:96:8A:A9:48:E2:79:2A:29:91:D2:4E:46:90:B7:5D:9F
ValiditySun, 25 Feb 2024 02:55:05 GMT - Sat, 25 May 2024 02:55:04 GMT

File type
ASCII text, with no line terminators
Size
14 B (14 bytes)
Hash
d0fbda9855d118740f1105334305c126
bc3023b36063a7681db24681472b54fa11f0d4ec
a469ab4ca4e55bf547566e9ebfa1b809c933207e9d558156bc0c4252b17533fe

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook
PhishTank	phishing	Other

HTTP Headers

GET /images/favicon.ico HTTP/1.1
Host: cloudflare-ipfs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/ipfs/bafybeihmfbcrj23fhwzt7pxguz6qcgf5zps5lffb725rcqnnr3ut76ky5m
Cookie: __cf_bm=lhsmimv7bSDWPH_0G5sSa4vIP.BP5KwvQYAS0P1wxW8-1711656785-1.0.1.1-jD0VIWMgM49ZsYR2oLxhI0HjBj2D8QjY.aB5d9RkXhp7O30o0K0mnN1J7QY4AL2xh4WjcJQTGjclmGbeGUpjrw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Thu, 28 Mar 2024 20:13:06 GMT
content-type: text/plain;charset=UTF-8
content-length: 14
vary: Accept-Encoding
server: cloudflare
cf-ray: 86ba47639c25b503-OSL
alt-svc: h3=":443"; ma=86400

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/webfonts/fa-brands-400.woff2

104.17.25.14

200 OK

110 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/webfonts/fa-brands-400.woff2
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cloudflare-ipfs.com/ipfs/bafybeihmfbcrj23fhwzt7pxguz6qcgf5zps5lffb725rcqnnr3ut76ky5m#kim.parsons@noaa.gov
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 109808, version 772.1280
Size
110 kB (109808 bytes)
Hash
005c9aa92b564b73b7582cc4f1fa49cb
373361ed756b1fe68ce2f5968d467826b6973bb5
faae6fc0aa94cc5bde5076647c817a23206096a1cbeda10d1c6f3d89d6163ed1

HTTP Headers

GET /ajax/libs/font-awesome/6.4.2/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cloudflare-ipfs.com
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 28 Mar 2024 20:13:07 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 109808
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "64cac444-1acf0"
last-modified: Wed, 02 Aug 2023 21:01:56 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 781144
expires: Tue, 18 Mar 2025 20:13:07 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a9l4caMfA8Y2dFknvd18Z8azExpu96FLgJTv17LDQqYnhxwJkFhyGjD09rKGpJKPKO6sagSCatgYKJ1Zz%2BW%2FEZ07bnup5rWVDP9G0tXbzPjMz7ZByyBul4251jyboD9Wig%2FPpQrr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 86ba47684e3eb4ff-OSL
alt-svc: h3=":443"; ma=86400

t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://noaa.gov&size=64

142.250.74.68

1.9 kB

URL
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://noaa.gov&size=64
IP
142.250.74.68:0
ASN
#15169 GOOGLE

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Size
1.9 kB (1915 bytes)
Hash
df3412acfda37cb918f14e9fc8e75916
e8c2655c709f67bdd09a906dfee756d36503baca
1d78f418b48cd4500fa2118cd0048df2cd9029365c17c15aef3b7bfb96caf9a5

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://noaa.gov&size=64 HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
content-location: https://www.noaa.gov/themes/custom/noaa/favicon.ico
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 1915
date: Thu, 28 Mar 2024 20:13:07 GMT
expires: Thu, 04 Apr 2024 20:13:07 GMT
cache-control: public, max-age=604800
last-modified: Wed, 29 Nov 2017 12:34:19 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

egensession.com/n.php?getemailinfo=kim.parsons@noaa.gov&linkbox=nicholaski&url=https://cloudflare-ipfs.com/ipfs/bafybeihmfbcrj23fhwzt7pxguz6qcgf5zps5lffb725rcqnnr3ut76ky5m

188.114.97.1

2.7 kB

URL
egensession.com/n.php?getemailinfo=kim.parsons@noaa.gov&linkbox=nicholaski&url=https://cloudflare-ipfs.com/ipfs/bafybeihmfbcrj23fhwzt7pxguz6qcgf5zps5lffb725rcqnnr3ut76ky5m
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
JSON text data
Size
2.7 kB (2664 bytes)
Hash
e7b9bd74d100958c7726236e94c0e885
f25fcbed54f2da8259ea693107b0bf420378aecc
aa522d4fb4a5e70afa551a20faf6136d8f45861943c1722295b3ddc473d98fb6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /n.php?getemailinfo=kim.parsons@noaa.gov&linkbox=nicholaski&url=https://cloudflare-ipfs.com/ipfs/bafybeihmfbcrj23fhwzt7pxguz6qcgf5zps5lffb725rcqnnr3ut76ky5m HTTP/1.1
Host: egensession.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cloudflare-ipfs.com/
Origin: https://cloudflare-ipfs.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 28 Mar 2024 20:13:07 GMT
content-type: application/json; charset=utf-8
x-powered-by: PHP/8.0.30
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Origin, Content-Type, Accept, Authorization, X-Request-With
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cTnbs1I%2FX%2F1RW4LmAW%2B%2FctEfdai21GXui9h4RAUr8MFz3jL4dlZC0OTHYLlOBxDlfw4dHbMZIxreTLss7%2B4g7XKwxnVX%2BCTMq6XV7RQPDv%2FCbESBcee02aMoYHwLNt2S%2Bh0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86ba4762ef02b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://noaa.gov&size=32

142.250.74.100

1.9 kB

URL
t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://noaa.gov&size=32
IP
142.250.74.100:0
ASN
#15169 GOOGLE

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Size
1.9 kB (1915 bytes)
Hash
df3412acfda37cb918f14e9fc8e75916
e8c2655c709f67bdd09a906dfee756d36503baca
1d78f418b48cd4500fa2118cd0048df2cd9029365c17c15aef3b7bfb96caf9a5

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://noaa.gov&size=32 HTTP/1.1
Host: t3.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
content-location: https://www.noaa.gov/themes/custom/noaa/favicon.ico
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 1915
date: Thu, 28 Mar 2024 20:13:07 GMT
expires: Thu, 04 Apr 2024 20:13:07 GMT
cache-control: public, max-age=604800
last-modified: Wed, 29 Nov 2017 12:34:19 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/playfairdisplay/v37/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKdFvXDXbtM.woff2

216.58.207.227

200 OK

22 kB

URL GET HTTP/2
fonts.gstatic.com/s/playfairdisplay/v37/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKdFvXDXbtM.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://cloudflare-ipfs.com/ipfs/bafybeihmfbcrj23fhwzt7pxguz6qcgf5zps5lffb725rcqnnr3ut76ky5m#kim.parsons@noaa.gov
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF3:56:10:42:A8:3C:BF:F5:89:9C:4C:C0:F8:E3:DC:C4:1C:E9:34:9E
ValidityMon, 26 Feb 2024 08:18:21 GMT - Mon, 20 May 2024 08:18:20 GMT

File type
Web Open Font Format (Version 2), TrueType, length 21904, version 1.0
Size
22 kB (21904 bytes)
Hash
27b2f94167bce460f3e669c52be7301e
de5636d6096f5a29f0764aa563c54f157b1f9de9
51c8eae79bf05bbcc1811da8cb56ff69d87d40bafdce8282fea8a43259b4afcb

HTTP Headers

GET /s/playfairdisplay/v37/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKdFvXDXbtM.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cloudflare-ipfs.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21904
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 28 Mar 2024 17:44:49 GMT
expires: Fri, 28 Mar 2025 17:44:49 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 31 Jan 2024 23:15:04 GMT
content-type: font/woff2
age: 8900
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Fjalla+One&family=Josefin+Slab:ital,wght@1,100&family=Playfair+Display:ital,wght@0,400;1,900&family=Sofia+Sans+Extra+Condensed:ital,wght@0,1;0,100;0,200;0,300;1,100;1,200&display=swap

142.250.74.74

200 OK

11 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Fjalla+One&family=Josefin+Slab:ital,wght@1,100&family=Playfair+Display:ital,wght@0,400;1,900&family=Sofia+Sans+Extra+Condensed:ital,wght@0,1;0,100;0,200;0,300;1,100;1,200&display=swap
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://cloudflare-ipfs.com/ipfs/bafybeihmfbcrj23fhwzt7pxguz6qcgf5zps5lffb725rcqnnr3ut76ky5m#kim.parsons@noaa.gov
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint04:B9:D9:E0:01:DB:5E:AB:5A:FF:F0:D9:ED:39:0F:C1:63:18:51:0B
ValidityMon, 26 Feb 2024 08:18:27 GMT - Mon, 20 May 2024 08:18:26 GMT

File type
gzip compressed data, max compression
Size
11 kB (11071 bytes)
Hash
753adbca51c94886a9f89d689b96807b
6a09e142906fe5927735d74c144b4da68493e9e2
59fa58958bdbcc95334f5a2f9d7c052784ff649abfcbfe159c6e017a5d6e04e0

HTTP Headers

GET /css2?family=Fjalla+One&family=Josefin+Slab:ital,wght@1,100&family=Playfair+Display:ital,wght@0,400;1,900&family=Sofia+Sans+Extra+Condensed:ital,wght@0,1;0,100;0,200;0,300;1,100;1,200&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 28 Mar 2024 20:13:06 GMT
date: Thu, 28 Mar 2024 20:13:06 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

egensession.com/n.php?getemailinfo=kim.parsons@noaa.gov&linkbox=nicholaski&url=https://cloudflare-ipfs.com/ipfs/bafybeihmfbcrj23fhwzt7pxguz6qcgf5zps5lffb725rcqnnr3ut76ky5m

188.114.97.1

200 OK

1.4 kB

URL GET HTTP/2
egensession.com/n.php?getemailinfo=kim.parsons@noaa.gov&linkbox=nicholaski&url=https://cloudflare-ipfs.com/ipfs/bafybeihmfbcrj23fhwzt7pxguz6qcgf5zps5lffb725rcqnnr3ut76ky5m
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cloudflare-ipfs.com/ipfs/bafybeihmfbcrj23fhwzt7pxguz6qcgf5zps5lffb725rcqnnr3ut76ky5m#kim.parsons@noaa.gov
Certificate
IssuerGoogle Trust Services LLC
Subjectegensession.com
FingerprintDA:92:ED:40:FF:16:EA:C4:47:1F:A5:C4:AA:CB:3D:C8:B3:70:10:A0
ValidityTue, 19 Mar 2024 07:18:47 GMT - Mon, 17 Jun 2024 07:18:46 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (1592), with no line terminators
Size
1.4 kB (1427 bytes)
Hash
f6497c946241318261dc2e72bdcc1b50
32c1ad6464be194ca5f93c6b990cd3099b3f00ed
748c5cc4767a6539458cb512f9122b387b1a7c24b139a06a14aead1702e561ae

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /n.php?getemailinfo=kim.parsons@noaa.gov&linkbox=nicholaski&url=https://cloudflare-ipfs.com/ipfs/bafybeihmfbcrj23fhwzt7pxguz6qcgf5zps5lffb725rcqnnr3ut76ky5m HTTP/1.1
Host: egensession.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cloudflare-ipfs.com/
Origin: https://cloudflare-ipfs.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 28 Mar 2024 20:13:07 GMT
content-type: application/json; charset=utf-8
x-powered-by: PHP/8.0.30
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Origin, Content-Type, Accept, Authorization, X-Request-With
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cTnbs1I%2FX%2F1RW4LmAW%2B%2FctEfdai21GXui9h4RAUr8MFz3jL4dlZC0OTHYLlOBxDlfw4dHbMZIxreTLss7%2B4g7XKwxnVX%2BCTMq6XV7RQPDv%2FCbESBcee02aMoYHwLNt2S%2Bh0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86ba4762ef02b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://noaa.gov&size=32

142.250.74.100

200 OK

1.9 kB

URL GET HTTP/2
t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://noaa.gov&size=32
IP
142.250.74.100:443
ASN
#15169 GOOGLE

Requested by
https://cloudflare-ipfs.com/ipfs/bafybeihmfbcrj23fhwzt7pxguz6qcgf5zps5lffb725rcqnnr3ut76ky5m#kim.parsons@noaa.gov
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF3:56:10:42:A8:3C:BF:F5:89:9C:4C:C0:F8:E3:DC:C4:1C:E9:34:9E
ValidityMon, 26 Feb 2024 08:18:21 GMT - Mon, 20 May 2024 08:18:20 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Size
1.9 kB (1915 bytes)
Hash
df3412acfda37cb918f14e9fc8e75916
e8c2655c709f67bdd09a906dfee756d36503baca
1d78f418b48cd4500fa2118cd0048df2cd9029365c17c15aef3b7bfb96caf9a5

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://noaa.gov&size=32 HTTP/1.1
Host: t3.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
content-location: https://www.noaa.gov/themes/custom/noaa/favicon.ico
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 1915
date: Thu, 28 Mar 2024 20:13:07 GMT
expires: Thu, 04 Apr 2024 20:13:07 GMT
cache-control: public, max-age=604800
last-modified: Wed, 29 Nov 2017 12:34:19 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://noaa.gov&size=64

142.250.74.68

200 OK

1.9 kB

URL GET HTTP/2
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://noaa.gov&size=64
IP
142.250.74.68:443
ASN
#15169 GOOGLE

Requested by
https://cloudflare-ipfs.com/ipfs/bafybeihmfbcrj23fhwzt7pxguz6qcgf5zps5lffb725rcqnnr3ut76ky5m#kim.parsons@noaa.gov
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF3:56:10:42:A8:3C:BF:F5:89:9C:4C:C0:F8:E3:DC:C4:1C:E9:34:9E
ValidityMon, 26 Feb 2024 08:18:21 GMT - Mon, 20 May 2024 08:18:20 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Size
1.9 kB (1915 bytes)
Hash
df3412acfda37cb918f14e9fc8e75916
e8c2655c709f67bdd09a906dfee756d36503baca
1d78f418b48cd4500fa2118cd0048df2cd9029365c17c15aef3b7bfb96caf9a5

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://noaa.gov&size=64 HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-location: https://www.noaa.gov/themes/custom/noaa/favicon.ico
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 1915
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 28 Mar 2024 20:13:07 GMT
expires: Thu, 04 Apr 2024 20:13:07 GMT
cache-control: public, max-age=604800
last-modified: Wed, 29 Nov 2017 12:34:19 GMT
content-type: image/png
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cloudflare-ipfs.com/ipfs/bafybeihmfbcrj23fhwzt7pxguz6qcgf5zps5lffb725rcqnnr3ut76ky5m

104.17.64.14

200 OK

303 kB

URL User Request GET HTTP/2
cloudflare-ipfs.com/ipfs/bafybeihmfbcrj23fhwzt7pxguz6qcgf5zps5lffb725rcqnnr3ut76ky5m
IP
104.17.64.14:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectcloudflare-ipfs.com
Fingerprint18:E5:C9:71:96:8A:A9:48:E2:79:2A:29:91:D2:4E:46:90:B7:5D:9F
ValiditySun, 25 Feb 2024 02:55:05 GMT - Sat, 25 May 2024 02:55:04 GMT

File type

Size
303 kB (303444 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook
PhishTank	phishing	Other

HTTP Headers

GET /ipfs/bafybeihmfbcrj23fhwzt7pxguz6qcgf5zps5lffb725rcqnnr3ut76ky5m HTTP/1.1
Host: cloudflare-ipfs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://waymaker-charters.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 28 Mar 2024 20:13:05 GMT
content-type: text/html
cf-ray: 86ba475bfcdc568a-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 8236
cache-control: public, max-age=29030400, immutable
etag: W/"bafybeihmfbcrj23fhwzt7pxguz6qcgf5zps5lffb725rcqnnr3ut76ky5m"
vary: Accept-Encoding
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
access-control-allow-methods: GET
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
x-cf-ipfs-cache-status: hit
x-ipfs-path: /ipfs/bafybeihmfbcrj23fhwzt7pxguz6qcgf5zps5lffb725rcqnnr3ut76ky5m
x-ipfs-roots: bafybeihmfbcrj23fhwzt7pxguz6qcgf5zps5lffb725rcqnnr3ut76ky5m
set-cookie: __cf_bm=lhsmimv7bSDWPH_0G5sSa4vIP.BP5KwvQYAS0P1wxW8-1711656785-1.0.1.1-jD0VIWMgM49ZsYR2oLxhI0HjBj2D8QjY.aB5d9RkXhp7O30o0K0mnN1J7QY4AL2xh4WjcJQTGjclmGbeGUpjrw; path=/; expires=Thu, 28-Mar-24 20:43:05 GMT; domain=.cloudflare-ipfs.com; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://noaa.gov&size=64

142.250.74.68

200 OK

1.9 kB

URL GET HTTP/2
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://noaa.gov&size=64
IP
142.250.74.68:443
ASN
#15169 GOOGLE

Requested by
https://cloudflare-ipfs.com/ipfs/bafybeihmfbcrj23fhwzt7pxguz6qcgf5zps5lffb725rcqnnr3ut76ky5m#kim.parsons@noaa.gov
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF3:56:10:42:A8:3C:BF:F5:89:9C:4C:C0:F8:E3:DC:C4:1C:E9:34:9E
ValidityMon, 26 Feb 2024 08:18:21 GMT - Mon, 20 May 2024 08:18:20 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Size
1.9 kB (1915 bytes)
Hash
df3412acfda37cb918f14e9fc8e75916
e8c2655c709f67bdd09a906dfee756d36503baca
1d78f418b48cd4500fa2118cd0048df2cd9029365c17c15aef3b7bfb96caf9a5

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://noaa.gov&size=64 HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
content-location: https://www.noaa.gov/themes/custom/noaa/favicon.ico
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 1915
date: Thu, 28 Mar 2024 20:13:07 GMT
expires: Thu, 04 Apr 2024 20:13:07 GMT
cache-control: public, max-age=604800
last-modified: Wed, 29 Nov 2017 12:34:19 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Ubuntu+Mono

142.250.74.74

200 OK

1.9 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Ubuntu+Mono
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://cloudflare-ipfs.com/ipfs/bafybeihmfbcrj23fhwzt7pxguz6qcgf5zps5lffb725rcqnnr3ut76ky5m#kim.parsons@noaa.gov
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint04:B9:D9:E0:01:DB:5E:AB:5A:FF:F0:D9:ED:39:0F:C1:63:18:51:0B
ValidityMon, 26 Feb 2024 08:18:27 GMT - Mon, 20 May 2024 08:18:26 GMT

File type
ASCII text, with very long lines (1938), with no line terminators
Size
1.9 kB (1890 bytes)
Hash
49099c0c24729e98df44c3aba879ca98
ea666032fb3869d736cdd50039ba5604606754f2
86204584dba18073c507f3c08f643364e80e4d0a1842348fcfc4cca25143ce71

HTTP Headers

GET /css?family=Ubuntu+Mono HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 28 Mar 2024 20:13:06 GMT
date: Thu, 28 Mar 2024 20:13:06 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Ubuntu

142.250.74.74

200 OK

1.8 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Ubuntu
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://cloudflare-ipfs.com/ipfs/bafybeihmfbcrj23fhwzt7pxguz6qcgf5zps5lffb725rcqnnr3ut76ky5m#kim.parsons@noaa.gov
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint04:B9:D9:E0:01:DB:5E:AB:5A:FF:F0:D9:ED:39:0F:C1:63:18:51:0B
ValidityMon, 26 Feb 2024 08:18:27 GMT - Mon, 20 May 2024 08:18:26 GMT

File type
ASCII text, with very long lines (1842), with no line terminators
Size
1.8 kB (1794 bytes)
Hash
2a764feaa95273c536f1e3d4e314de1f
0c37ed71068b6c8f09db6a3249b51c6e945d2c99
41b1d16b0aa9d7d414303d14205f9f0bc4834b4eea4f91dc133b8ca2ac90c335

HTTP Headers

GET /css?family=Ubuntu HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cloudflare-ipfs.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 28 Mar 2024 20:13:06 GMT
date: Thu, 28 Mar 2024 20:13:06 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (18)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3