Report - google.com.ua/amp/s/google.com/amp/s/www.warmplate.de/.new/auth/pIV3/KU1xz/d2lsbC5pLmFtYnJvQGdtYWlsLmNvbQ==

Report Overview

Visited public
2023-10-09 00:45:53
Tags
Submit Tags
URL
google.com.ua/amp/s/google.com/amp/s/www.warmplate.de/.new/auth/pIV3/KU1xz/d2lsbC5pLmFtYnJvQGdtYWlsLmNvbQ==
Finishing URL
fleek.ipfs.io/ipfs/QmXzMSQJhgY4Htgfdhg7hGVLhoVDNctAtDpg36B3SCJNXc/#d2lsbC5pLmFtYnJvQGdtYWlsLmNvbQ%3D%3D
IP / ASN
142.250.74.99
#15169 GOOGLE
Title
Mail - Outerlook

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
google.com	1	1997-09-15	2013-10-02 17:25:49	2023-10-08 16:52:02	612 B	1.4 kB	216.58.207.206
aadcdn.msftauth.net	1455	2018-10-25	2018-11-19 11:50:32	2023-10-08 09:51:03	478 B	18 kB	152.199.23.37
fleek.ipfs.io	unknown	2014-05-16	2022-12-19 21:26:16	2023-10-08 07:25:29	1.1 kB	37 kB	209.94.90.1
www.google.com.ua	13211	2002-12-03	2012-05-22 20:32:57	2023-10-08 23:20:19	657 B	1.5 kB	142.250.74.35
google.com.ua	6217	2002-12-03	2012-12-07 20:10:06	2023-10-08 20:41:37	632 B	1.4 kB	142.250.74.99
www.google.com	7	1997-09-15	2015-05-10 13:11:19	2023-09-20 20:05:47	637 B	1.5 kB	142.250.74.132
pub-5acee21dd4b14f8087b8e93fc27ac3fc.r2.dev	unknown	2022-08-23	2023-10-05 21:36:40	2023-10-06 13:59:59	543 B	0 B	0.0.0.0
www.warmplate.de	unknown	unknown	2022-11-07 04:08:07	2023-10-06 13:59:38	528 B	36 kB	104.21.76.213
ocsp.pki.goog	175	2016-06-13	2018-07-01 08:43:07	2023-10-08 18:12:08	1.7 kB	3.5 kB	142.250.74.131

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-10-08	medium	fleek.ipfs.io/ipfs/QmXzMSQJhgY4Htgfdhg7hGVLhoVDNctAtDpg36B3SCJNXc/	Outlook

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	From	Size	First Seen	Last Seen
	fleek.ipfs.io/ipfs/QmXzMSQJhgY4Htgfdhg7hGVLhoVDNctAtDpg36B3SCJNXc/#d2lsbC5pLmFtYnJvQGdtYWlsLmNvbQ%3D%3D	ScriptElement	414 B	2023-10-09	2024-08-21
Pretty URL fleek.ipfs.io/ipfs/QmXzMSQJhgY4Htgfdhg7hGVLhoVDNctAtDpg36B3SCJNXc/#d2lsbC5pLmFtYnJvQGdtYWlsLmNvbQ%3D%3D IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-09 02:45 Last Seen2024-08-21 05:04 Times Seen9 Hash 86cfae475a3ef0363b40c801c2de02fd fef7ffea944b1be4afeba7c25b80dd438fb0711c acff209c4efeccb19379dbea1146f024a64f914ba6a101a08ef7fe55058fadf7 Loading...

	unknown	EventHandler	22 kB	2023-06-06	2024-08-21
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-06-06 03:09 Last Seen2024-08-21 05:11 Times Seen96 Hash afe6fd149577d13e7ef598249aa81ac4 27c477c76a0ba4b9748a7d70835f37737e60451b b3ee1e69c1c04ee8caa7dadc9b09fff0fb81d80f6c6a08df64487a510daa4ae2 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 655903d6ce3c5ebc3a32423a13c80f39	17 kB	2023-06-06 03:09	2024-08-21 05:11
Pretty Observations First Seen2023-06-06 03:09 Last Seen2024-08-21 05:11 Times Seen96 Hash 655903d6ce3c5ebc3a32423a13c80f39 36a8ec7334395af0ae1fd74f8d9a171a665b2b9b 4cd4c3ad8661396dd070c1f78cec555e0f109450943a6b401cbcd14f18eaffd9 Loading...

HTTP Transactions (14)

URL IP Response Size

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
ff1c3d30ae27e253e360cdb8c89a9856
11bafdb73294e4319d87b99741545cecc26b4916
c9bf6f75f441730cb005bb18bf37970da3eddcd255e2d1fab9733143625b410d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 09 Oct 2023 00:45:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET google.com.ua/amp/s/google.com/amp/s/www.warmplate.de/.new/auth/pIV3/KU1xz/d2lsbC5pLmFtYnJvQGdtYWlsLmNvbQ==

142.250.74.99

301 Moved Permanently

316 B

URL User Request GET HTTP/2
google.com.ua/amp/s/google.com/amp/s/www.warmplate.de/.new/auth/pIV3/KU1xz/d2lsbC5pLmFtYnJvQGdtYWlsLmNvbQ==
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com.ua
FingerprintB0:E2:77:DE:8B:0E:FF:38:89:B5:84:67:5C:CD:C8:91:E8:D0:2C:3A
ValidityMon, 18 Sep 2023 08:26:46 GMT - Mon, 11 Dec 2023 08:26:45 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
316 B (316 bytes)
Hash
c4d20da0abda4fd59af73da13bb695b4
b8bcc2238b385cd02d8f94b1d01e716fa27950f9
5b1fecf64cbb22db0168da76f734b48272e67ddf15145b849859e86203d072e9

HTTP Headers

GET /amp/s/google.com/amp/s/www.warmplate.de/.new/auth/pIV3/KU1xz/d2lsbC5pLmFtYnJvQGdtYWlsLmNvbQ== HTTP/1.1
Host: google.com.ua
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: SOCS=CAESHAgBEhJnd3NfMjAyMjA5MjktMF9SQzEaAnJvIAEaBgiAkvOZBg
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
location: https://www.google.com.ua/amp/s/google.com/amp/s/www.warmplate.de/.new/auth/pIV3/KU1xz/d2lsbC5pLmFtYnJvQGdtYWlsLmNvbQ==
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-qUjTtjAa3VA3Vsh92eFzCw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/fff
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/fff"}]}
date: Mon, 09 Oct 2023 00:45:36 GMT
expires: Mon, 09 Oct 2023 00:45:36 GMT
cache-control: private, max-age=2592000
server: gws
content-length: 316
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: CONSENT=PENDING+977; expires=Wed, 08-Oct-2025 00:45:36 GMT; path=/; domain=.google.com.ua; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
ff1c3d30ae27e253e360cdb8c89a9856
11bafdb73294e4319d87b99741545cecc26b4916
c9bf6f75f441730cb005bb18bf37970da3eddcd255e2d1fab9733143625b410d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 09 Oct 2023 00:45:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET www.google.com.ua/amp/s/google.com/amp/s/www.warmplate.de/.new/auth/pIV3/KU1xz/d2lsbC5pLmFtYnJvQGdtYWlsLmNvbQ==

142.250.74.35

302 Found

292 B

URL User Request GET HTTP/2
www.google.com.ua/amp/s/google.com/amp/s/www.warmplate.de/.new/auth/pIV3/KU1xz/d2lsbC5pLmFtYnJvQGdtYWlsLmNvbQ==
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com.ua
FingerprintB0:E2:77:DE:8B:0E:FF:38:89:B5:84:67:5C:CD:C8:91:E8:D0:2C:3A
ValidityMon, 18 Sep 2023 08:26:46 GMT - Mon, 11 Dec 2023 08:26:45 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
292 B (292 bytes)
Hash
24784c5cc4596013e0e8e2d26f3cb295
44e07a3d88d7b2db61b985a2998925455bad59f7
2229801ea6edbea302e6872462253ba5b11e36e17f676a69a529b8eb78c03458

HTTP Headers

GET /amp/s/google.com/amp/s/www.warmplate.de/.new/auth/pIV3/KU1xz/d2lsbC5pLmFtYnJvQGdtYWlsLmNvbQ== HTTP/1.1
Host: www.google.com.ua
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: SOCS=CAESHAgBEhJnd3NfMjAyMjA5MjktMF9SQzEaAnJvIAEaBgiAkvOZBg; CONSENT=PENDING+977
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
location: https://google.com/amp/s/www.warmplate.de/.new/auth/pIV3/KU1xz/d2lsbC5pLmFtYnJvQGdtYWlsLmNvbQ==
cache-control: private
x-robots-tag: noindex
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-F2_IYHVlEcea89GeLk5nCQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/fff
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/fff"}]}
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
date: Mon, 09 Oct 2023 00:45:37 GMT
server: gws
content-length: 292
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: __Secure-ENID=15.SE=TN4D8RgkycySbmS95YzHn2BXTZFpUMu46HSnrZkup1mGCa6vQmJB7HAB0_j85fZDC6YDilyd4zkYYbjb_cCSktxP6X0TcbTDbw2hzwt-aevrk_xTnXJr1C-cKNifGY3hL2OPwvlaDgUM6YM4tmkfSprAyVD-Sqy7Fn2OBwdl06I; expires=Thu, 07-Nov-2024 17:03:54 GMT; path=/; domain=.google.com.ua; Secure; HttpOnly; SameSite=lax
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
2ea5a5377a939effb88dc070007dce03
9c120363515b712dba16454aa07d8b0ec703be5c
325d8a44a982408a8107d29b7b3b2c9b556fd5fd98677c5cf4a35c4b075b9c0b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 09 Oct 2023 00:45:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET google.com/amp/s/www.warmplate.de/.new/auth/pIV3/KU1xz/d2lsbC5pLmFtYnJvQGdtYWlsLmNvbQ==

216.58.207.206

301 Moved Permanently

296 B

URL User Request GET HTTP/2
google.com/amp/s/www.warmplate.de/.new/auth/pIV3/KU1xz/d2lsbC5pLmFtYnJvQGdtYWlsLmNvbQ==
IP
216.58.207.206:443
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint09:1E:68:9F:BD:40:4B:47:8D:AC:BE:FE:EF:35:D6:52:C1:A0:EC:9F
ValidityMon, 18 Sep 2023 08:19:26 GMT - Mon, 11 Dec 2023 08:19:25 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
296 B (296 bytes)
Hash
39bc6034401edad21de50f650e9440be
b398a81bf706ac41b241835c5f698172aa91b34a
974f4ef52df4ca1f4a7b39c01e0ec0ff97e1274a022336174e7d04811c8f9605

HTTP Headers

GET /amp/s/www.warmplate.de/.new/auth/pIV3/KU1xz/d2lsbC5pLmFtYnJvQGdtYWlsLmNvbQ== HTTP/1.1
Host: google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: SOCS=CAESHAgBEhJnd3NfMjAyMjA5MjktMF9SQzEaAnJvIAEaBgiAkvOZBg
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
location: https://www.google.com/amp/s/www.warmplate.de/.new/auth/pIV3/KU1xz/d2lsbC5pLmFtYnJvQGdtYWlsLmNvbQ==
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce--ICNmwi0U8__05QOcWylng' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/fff
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/fff"}]}
date: Mon, 09 Oct 2023 00:45:37 GMT
expires: Mon, 09 Oct 2023 00:45:37 GMT
cache-control: private, max-age=2592000
server: gws
content-length: 296
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: CONSENT=PENDING+031; expires=Wed, 08-Oct-2025 00:45:37 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
2ea5a5377a939effb88dc070007dce03
9c120363515b712dba16454aa07d8b0ec703be5c
325d8a44a982408a8107d29b7b3b2c9b556fd5fd98677c5cf4a35c4b075b9c0b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 09 Oct 2023 00:45:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
86f476f576b13a99c44048055854530f
3a6f1994a675af3688c85c8f6d026de9a2aa9ee1
1ccd726633946df623b8952e193924ada32f2ae2d44acfb9fea28ec254c145f2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 09 Oct 2023 00:45:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET www.google.com/amp/s/www.warmplate.de/.new/auth/pIV3/KU1xz/d2lsbC5pLmFtYnJvQGdtYWlsLmNvbQ==

142.250.74.132

302 Found

275 B

URL User Request GET HTTP/2
www.google.com/amp/s/www.warmplate.de/.new/auth/pIV3/KU1xz/d2lsbC5pLmFtYnJvQGdtYWlsLmNvbQ==
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintC9:F6:98:54:A9:56:99:75:0A:10:B7:BD:95:70:40:74:3A:B0:B0:77
ValidityMon, 18 Sep 2023 08:25:14 GMT - Mon, 11 Dec 2023 08:25:13 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
275 B (275 bytes)
Hash
b029ceb5249de86c09925d3168667cf2
87bbeaae008a8cf74ca70bbfd79f22afe1230f59
b97acb5d05875b6df292f959594f8b8aee2778e725fe1bb3cce35ad72d5d2cfe

HTTP Headers

GET /amp/s/www.warmplate.de/.new/auth/pIV3/KU1xz/d2lsbC5pLmFtYnJvQGdtYWlsLmNvbQ== HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: SOCS=CAESHAgBEhJnd3NfMjAyMjA5MjktMF9SQzEaAnJvIAEaBgiAkvOZBg; CONSENT=PENDING+031
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
location: https://www.warmplate.de/.new/auth/pIV3/KU1xz/d2lsbC5pLmFtYnJvQGdtYWlsLmNvbQ==
cache-control: private
x-robots-tag: noindex
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-ISdPIR-1DFUZ2743_Y0iYQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/fff
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/fff"}]}
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
date: Mon, 09 Oct 2023 00:45:37 GMT
server: gws
content-length: 275
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: __Secure-ENID=15.SE=nlxkRh2tBboesf4liAlOAVN4-wYxAS73gklJqFMnugu0GqgInxV5VIV9e76y_DKJzMZgTjWdq6Ye7JpKh22CNsgL_VPfSC7zMl6gt1biCantYShp_ZrwxucL0uZVcoyacyrGjfUj4NYlHS0oWwCEZGPNV_xJwCAmQtceGxQWZ8c; expires=Thu, 07-Nov-2024 17:03:55 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico

152.199.23.37

200 OK

17 kB

URL GET HTTP/2
aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
IP
152.199.23.37:443
ASN
#15133 EDGECAST

Requested by
https://fleek.ipfs.io/ipfs/QmXzMSQJhgY4Htgfdhg7hGVLhoVDNctAtDpg36B3SCJNXc/#d2lsbC5pLmFtYnJvQGdtYWlsLmNvbQ%3D%3D
Certificate
IssuerDigiCert Inc
Subjectaadcdn.msftauth.net
Fingerprint99:06:D8:1E:EC:BF:DB:78:DF:F4:89:A3:ED:23:07:3D:79:F1:16:D6
ValidityTue, 31 Jan 2023 00:00:00 GMT - Wed, 31 Jan 2024 23:59:59 GMT

File type
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors\012- data
Size
17 kB (17174 bytes)
Hash
12e3dac858061d088023b2bd48e2fa96
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

HTTP Headers

GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fleek.ipfs.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 11311830
cache-control: public, max-age=31536000
content-md5: EuPayFgGHQiAI7K9SOL6lg==
content-type: image/x-icon
date: Mon, 09 Oct 2023 00:45:38 GMT
etag: 0x8D8731240E548EB
last-modified: Sun, 18 Oct 2020 03:02:30 GMT
server: ECAcc (ska/F738)
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 003b7cc6-501e-0067-4768-9344ba000000
x-ms-version: 2009-09-19
content-length: 17174
X-Firefox-Spdy: h2

GET pub-5acee21dd4b14f8087b8e93fc27ac3fc.r2.dev/index.html

0.0.0.0

0 B

URL GET
pub-5acee21dd4b14f8087b8e93fc27ac3fc.r2.dev/index.html
IP
0.0.0.0:0
ASN
#0

Requested by
https://fleek.ipfs.io/ipfs/QmXzMSQJhgY4Htgfdhg7hGVLhoVDNctAtDpg36B3SCJNXc/#d2lsbC5pLmFtYnJvQGdtYWlsLmNvbQ%3D%3D

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /index.html HTTP/1.1
Host: pub-5acee21dd4b14f8087b8e93fc27ac3fc.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fleek.ipfs.io/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET www.warmplate.de/.new/auth/pIV3/KU1xz/d2lsbC5pLmFtYnJvQGdtYWlsLmNvbQ==

104.21.76.213

302 Found

35 kB

URL User Request GET HTTP/2
www.warmplate.de/.new/auth/pIV3/KU1xz/d2lsbC5pLmFtYnJvQGdtYWlsLmNvbQ==
IP
104.21.76.213:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintB1:B8:1B:27:77:09:C8:E0:44:92:F4:1D:3D:D2:A9:B3:DD:38:4A:B4
ValidityThu, 16 Feb 2023 00:00:00 GMT - Thu, 15 Feb 2024 23:59:59 GMT

File type

Size
35 kB (34980 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /.new/auth/pIV3/KU1xz/d2lsbC5pLmFtYnJvQGdtYWlsLmNvbQ== HTTP/1.1
Host: www.warmplate.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Mon, 09 Oct 2023 00:45:37 GMT
content-type: text/html; charset=UTF-8
location: https://fleek.ipfs.io/ipfs/QmXzMSQJhgY4Htgfdhg7hGVLhoVDNctAtDpg36B3SCJNXc/#d2lsbC5pLmFtYnJvQGdtYWlsLmNvbQ%3D%3D
vary: User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ujru%2BGnEulI%2Bbn833%2BL5b9QrZ%2Fh2mgEJ7L9zv2XvoK4Y4%2BJkWIclT5Qxshh8DBBRJ7MGbl7HYcG8NZQCDHl8fnLzQwARfMH%2F82DG4h00jZAQrQgtceWFbpuHIv3GzFdxGO3z"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81329a1749d50b65-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET fleek.ipfs.io/ipfs/QmXzMSQJhgY4Htgfdhg7hGVLhoVDNctAtDpg36B3SCJNXc/

209.94.90.1

200 OK

35 kB

URL User Request GET HTTP/2
fleek.ipfs.io/ipfs/QmXzMSQJhgY4Htgfdhg7hGVLhoVDNctAtDpg36B3SCJNXc/
IP
209.94.90.1:443
ASN
#40680 PROTOCOL

Certificate
IssuerLet's Encrypt
Subjectdweb.link
FingerprintDC:9D:6C:D8:0D:F2:9C:6C:A8:73:22:4E:0D:D5:B5:9B:81:78:F1:39
ValiditySat, 26 Aug 2023 17:15:50 GMT - Fri, 24 Nov 2023 17:15:49 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (33510), with CRLF line terminators
Size
35 kB (34980 bytes)
Hash
d65a74b3a829011e49f77e36866d6839
b413ebf2f4b3282dd533da570a8577b864d62db8
cfeb541500c7bfb5d6439794579601d582abe343999996c08e2c28ea42f4d5b3

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Outlook

HTTP Headers

GET /ipfs/QmXzMSQJhgY4Htgfdhg7hGVLhoVDNctAtDpg36B3SCJNXc/ HTTP/1.1
Host: fleek.ipfs.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty
date: Mon, 09 Oct 2023 00:45:38 GMT
content-type: text/html
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, OPTIONS, GET, POST, OPTIONS
cache-control: public, max-age=29030400, immutable
etag: W/"QmXzMSQJhgY4Htgfdhg7hGVLhoVDNctAtDpg36B3SCJNXc"
x-ipfs-gateway-host: ipfs-bank10-fr2
x-ipfs-path: /ipfs/QmXzMSQJhgY4Htgfdhg7hGVLhoVDNctAtDpg36B3SCJNXc/
x-ipfs-roots: QmXzMSQJhgY4Htgfdhg7hGVLhoVDNctAtDpg36B3SCJNXc
x-ipfs-pop: ipfs-bank10-fr2
timing-allow-origin: *
x-ipfs-datasize: 34980
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output
access-control-expose-headers: Content-Range, X-Chunked-Output, X-Stream-Output
x-ipfs-lb-pop: gateway-bank2-fr2
x-bfid: 241d7be06976767d7bbcca1bed6ab14b
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-proxy-cache: MISS
content-encoding: gzip
X-Firefox-Spdy: h2

GET fleek.ipfs.io/ipfs/QmXzMSQJhgY4Htgfdhg7hGVLhoVDNctAtDpg36B3SCJNXc/887269895640d4ff4c4c45fa746dc8e5fa26e9cccc732d467785670eba6ca4dd72d4562970420303

209.94.90.1

404 Not Found

0 B

URL GET HTTP/2
fleek.ipfs.io/ipfs/QmXzMSQJhgY4Htgfdhg7hGVLhoVDNctAtDpg36B3SCJNXc/887269895640d4ff4c4c45fa746dc8e5fa26e9cccc732d467785670eba6ca4dd72d4562970420303
IP
209.94.90.1:443
ASN
#40680 PROTOCOL

Requested by
https://fleek.ipfs.io/ipfs/QmXzMSQJhgY4Htgfdhg7hGVLhoVDNctAtDpg36B3SCJNXc/#d2lsbC5pLmFtYnJvQGdtYWlsLmNvbQ%3D%3D
Certificate
IssuerLet's Encrypt
Subjectdweb.link
FingerprintDC:9D:6C:D8:0D:F2:9C:6C:A8:73:22:4E:0D:D5:B5:9B:81:78:F1:39
ValiditySat, 26 Aug 2023 17:15:50 GMT - Fri, 24 Nov 2023 17:15:49 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ipfs/QmXzMSQJhgY4Htgfdhg7hGVLhoVDNctAtDpg36B3SCJNXc/887269895640d4ff4c4c45fa746dc8e5fa26e9cccc732d467785670eba6ca4dd72d4562970420303 HTTP/1.1
Host: fleek.ipfs.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fleek.ipfs.io/ipfs/QmXzMSQJhgY4Htgfdhg7hGVLhoVDNctAtDpg36B3SCJNXc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: openresty
date: Mon, 09 Oct 2023 00:45:38 GMT
content-type: text/plain; charset=utf-8
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, OPTIONS, GET, POST, OPTIONS
x-content-type-options: nosniff
x-ipfs-gateway-host: ipfs-bank12-fr2
x-ipfs-path: /ipfs/QmXzMSQJhgY4Htgfdhg7hGVLhoVDNctAtDpg36B3SCJNXc/887269895640d4ff4c4c45fa746dc8e5fa26e9cccc732d467785670eba6ca4dd72d4562970420303
x-ipfs-pop: ipfs-bank12-fr2
timing-allow-origin: *
x-ipfs-datasize: 303
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output
access-control-expose-headers: Content-Range, X-Chunked-Output, X-Stream-Output
x-ipfs-lb-pop: gateway-bank2-fr2
x-bfid: 2f8d0093d5df553911ad362c28f5d82f
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (14)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL