| r10.o.lencr.org/ |  23.36.77.32 | | 504 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash7a008f7018d5b98d787afdc07ddf2066 88ae935b7f05301000668ad6fb1d83f6a86e82b4 d98004d3571e1a51d26420f00a34d03ba467da831291574a99d2a920aabc60de
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "D98004D3571E1A51D26420F00A34D03BA467DA831291574A99D2A920AABC60DE"
Last-Modified: Fri, 27 Sep 2024 14:37:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5776
Expires: Sun, 29 Sep 2024 02:02:32 GMT
Date: Sun, 29 Sep 2024 00:26:16 GMT
Connection: keep-alive
|
|
| pub-6bdd1c8eee414cc7b98afc0dfde86473.r2.dev/ibad3.html |  162.159.140.237 | 200 OK | 252 kB |
URL User Request GET HTTP/1.1pub-6bdd1c8eee414cc7b98afc0dfde86473.r2.dev/ibad3.html IP162.159.140.237:443
CertificateIssuerLet's Encrypt Subject*.r2.dev Fingerprint5C:19:05:54:CB:1D:39:D0:1E:C7:12:0E:9F:91:C4:38:3B:B6:02:A8 ValidityThu, 01 Aug 2024 14:00:11 GMT - Wed, 30 Oct 2024 14:00:10 GMT
File typeHTML document, ASCII text, with very long lines (65350) Size252 kB (252205 bytes) Hash3e9e5a9e7c28bbe281c1f7e9d8c655f9 31b3cadc672517ef20fcfe82bc972b3575d467c2 35aa7adba210252b2ff209837baa199d9d58df7128e2ae30e8399f8490cefa0a
| Analyzer | Verdict | Alert |
|---|
| urlquery | suspicious | Suspicious - Suspicious Javascript code | | OpenPhish | phishing | DocuSign | | Quad9 DNS | malicious | Sinkholed |
GET /ibad3.html HTTP/1.1
Host: pub-6bdd1c8eee414cc7b98afc0dfde86473.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 29 Sep 2024 00:26:16 GMT
Content-Type: text/html
Content-Length: 252205
Connection: keep-alive
Accept-Ranges: bytes
ETag: "3e9e5a9e7c28bbe281c1f7e9d8c655f9"
Last-Modified: Mon, 26 Aug 2024 19:23:52 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8ca7d73b5dd9b500-OSL
|
|
| www.continentalsports.co.uk/media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l/blurred_invoice.jpg |  95.154.228.177 | 200 OK | 7.5 kB |
URL GET HTTP/2www.continentalsports.co.uk/media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l/blurred_invoice.jpg IP95.154.228.177:443 ASN#20860 Iomart Cloud Services Limited
Requested byhttps://pub-6bdd1c8eee414cc7b98afc0dfde86473.r2.dev/ibad3.html CertificateIssuerDigiCert Inc Subjectwww.continentalsports.co.uk Fingerprint33:D6:7A:9A:99:3C:36:0F:96:23:0B:43:BA:A4:6C:15:28:EE:AE:44 ValidityFri, 01 Mar 2024 00:00:00 GMT - Sun, 16 Mar 2025 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", progressive, precision 8, 265x265, components 3 Hashe27d91cccc9d333ce4e99262e368053d f59234771f6cd9d102fd50527ce1d684e305eddd 17a7f5e4c9165ef60eb0cba29d6dc36f32f7fab0306a6cdc898997141228c5fa
GET /media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l/blurred_invoice.jpg HTTP/1.1
Host: www.continentalsports.co.uk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.10.3 (Ubuntu)
date: Sun, 29 Sep 2024 00:26:17 GMT
content-type: image/jpeg
content-length: 7494
last-modified: Tue, 26 Jul 2022 21:55:08 GMT
etag: "62e062bc-1d46"
expires: Mon, 29 Sep 2025 00:26:17 GMT
cache-control: max-age=31536000, public
x-frame-options: SAMEORIGIN
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| o.pki.goog/wr2 |  216.58.211.3 | | 471 B |
IP216.58.211.3:0
Hash88296bbf038fb007332e95ffd2bc0cb8 b67dc3668b4a960b641373849c77ef5bb34d4438 7f2f2560e851c2ec8be7331af2413250a3096770752d567819651f60e3e31da4
POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Sep 2024 00:26:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js | 172.217.21.170 | 200 OK | 30 kB |
URL GET HTTP/2ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js IP172.217.21.170:443
Requested byhttps://pub-6bdd1c8eee414cc7b98afc0dfde86473.r2.dev/ibad3.html CertificateIssuerGoogle Trust Services Subjectupload.video.google.com FingerprintC6:E8:36:27:AB:3A:34:33:0B:85:2C:D8:6C:0A:74:34:71:6A:F5:62 ValidityMon, 26 Aug 2024 07:12:45 GMT - Mon, 18 Nov 2024 07:12:44 GMT
File typeJavaScript source, ASCII text, with very long lines (32065) Hash2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30028
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Sep 2024 11:18:40 GMT
expires: Fri, 26 Sep 2025 11:18:40 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 220057
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| o.pki.goog/wr2 | 216.58.211.3 | | 471 B |
IP216.58.211.3:0
Hash88296bbf038fb007332e95ffd2bc0cb8 b67dc3668b4a960b641373849c77ef5bb34d4438 7f2f2560e851c2ec8be7331af2413250a3096770752d567819651f60e3e31da4
POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Sep 2024 00:26:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|