Report - sparkasse.de-checking-3050.xyz/de/Kontrolle/spark

Report Overview

Submitted URL
sparkasse.de-checking-3050.xyz/de/Kontrolle/spark
IP
104.21.49.66
ASN
#13335 CLOUDFLARENET
Submitted
2022-09-22 11:30:27
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
14

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.115
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	978 B	2.2 kB	23.36.77.32
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	55 kB	34.120.237.76
voba.aquaflyff.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	1.2 kB	104.21.96.73
sparkasse.de-checking-3050.xyz	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	3.5 kB	172.67.142.82
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	3.5 kB	23.36.77.32
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.49
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	690 B	1.4 kB	142.250.74.3
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	962 B	93.184.220.29
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	52.39.57.61

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-09-21	medium	sparkasse.de-checking-3050.xyz/de/Kontrolle/spark	Sparkasse Bank
2022-09-21	medium	sparkasse.de-checking-3050.xyz/de/Kontrolle/spark	Sparkasse Bank

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-22	medium	sparkasse.de-checking-3050.xyz/de/Kontrolle/spark	Malware
2022-09-22	medium	sparkasse.de-checking-3050.xyz/de/Kontrolle/spark/	Malware
2022-09-22	medium	sparkasse.de-checking-3050.xyz/de/Kontrolle/spark/a1b2c3/089f347b553b77c92c499a45cbea5d41/?	Malware
2022-09-22	medium	sparkasse.de-checking-3050.xyz/de/Kontrolle/spark	Malware
2022-09-22	medium	sparkasse.de-checking-3050.xyz/de/Kontrolle/spark/	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (13)

	URL	Size	First Seen	Last Seen
	sparkasse.de-checking-3050.xyz/de/Kontrolle/spark/bower_components/ua-parser-js/dist/ua-parser.min.js	17 kB	2023-03-07	2024-04-25
Pretty URL sparkasse.de-checking-3050.xyz/de/Kontrolle/spark/bower_components/ua-parser-js/dist/ua-parser.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:40 Last Seen2024-04-25 08:42:18 Times Seen667 Hash e0ae48c8ebbe57edeacb5b02f16d0df9 0c5a29a88add39486162e0c16f23e2e06fc7842e 0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896 Loading...

	sparkasse.de-checking-3050.xyz/de/Kontrolle/spark/core/form/core_form.js	28 kB	2023-03-07	2023-03-10
Pretty URL sparkasse.de-checking-3050.xyz/de/Kontrolle/spark/core/form/core_form.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:21:03 Last Seen2023-03-10 18:01:31 Times Seen1 Hash 9d10700c2434703e40da9ac0b8296965 1da1e49e9d9eb6e2ec6b1603e3387b4668196fd1 cd0b29115fe07a3946cc278bc6a13b725db7601174ebabe43f38a624de5c10e7 Loading...

	sparkasse.de-checking-3050.xyz/de/Kontrolle/spark/core/token/core_token.js	22 kB	2023-03-07	2023-03-10
Pretty URL sparkasse.de-checking-3050.xyz/de/Kontrolle/spark/core/token/core_token.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:21:03 Last Seen2023-03-10 18:01:31 Times Seen1 Hash 89b3f1be8ac25977ca5fa6b517b3540c 23c0a69401aaa00c1ac3645edd1dd66a3304f53a 8c910d768b439727b73d56eafb29fa934f1b7b25bdc3e026a0687f2724cf25fa Loading...

	sparkasse.de-checking-3050.xyz/de/Kontrolle/spark/bower_components/angular/angular.min.js	169 kB	2023-03-07	2024-04-17
Pretty URL sparkasse.de-checking-3050.xyz/de/Kontrolle/spark/bower_components/angular/angular.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:40 Last Seen2024-04-17 21:52:49 Times Seen427 Hash 4c619ef91e3fa3f1d4813db2b2eb738d c5f77156c6f5397be71914eb80d8f998ea1279e7 35f73a70cca067828be9e0a712b8b48908e1bc4490637c62bd70158f95cd6e27 Loading...

	sparkasse.de-checking-3050.xyz/de/Kontrolle/spark/a1b2c3/089f347b553b77c92c499a45cbea5d41/start/?	499 B	2023-03-07	2023-03-07
Pretty URL sparkasse.de-checking-3050.xyz/de/Kontrolle/spark/a1b2c3/089f347b553b77c92c499a45cbea5d41/start/? IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:11:54 Last Seen2023-03-07 23:11:54 Times Seen1 Hash 28cdbe38c0ea7fac435ba8d46504c3aa b141c2ab5af33c8b12d98f367213300ab37f8cfd fceffde1149de1e1dd18dec7763c2e41b46e789e7685e8dc94c6cf1d4cea1bbb Loading...

	sparkasse.de-checking-3050.xyz/de/Kontrolle/spark/start/form/form.js?v=632c474a2800e	3.1 kB	2023-03-07	2024-04-19
Pretty URL sparkasse.de-checking-3050.xyz/de/Kontrolle/spark/start/form/form.js?v=632c474a2800e IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:28:34 Last Seen2024-04-19 23:46:08 Times Seen277 Hash 0410329bbea4ef934e13e41ff067fbd5 6f9b4e2ee9373e2bbc4fe86937b97ce4003825b5 907d66973b8a86469b449cbf61d1dd0e17df8cbdb894efb6ea47cae06cd67c3f Loading...

	sparkasse.de-checking-3050.xyz/de/Kontrolle/spark/start/ng/ng.js?v=632c474a28012	7.3 kB	2023-03-07	2023-03-10
Pretty URL sparkasse.de-checking-3050.xyz/de/Kontrolle/spark/start/ng/ng.js?v=632c474a28012 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:45:52 Last Seen2023-03-10 18:01:31 Times Seen1 Hash 6b4a4b230c419fcdea8dd5f898c1171e 0d4852302a8a1b7cc36a2307cac3a161ea4c6d67 161cba54a532286399c40371515311fe87a152e7218e39da20d2444d96dcd58f Loading...

	sparkasse.de-checking-3050.xyz/de/Kontrolle/spark/	109 B	2023-03-07	2023-03-07
Pretty URL sparkasse.de-checking-3050.xyz/de/Kontrolle/spark/ IP 172.67.142.82 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:11:54 Last Seen2023-03-07 23:11:54 Times Seen1 Hash c3eed295c6969d0a5170eaf0e266f501 8939d017083e449907da4dbb499a3c341c3eefc4 d6d086316d156a42747f86857643b94f2f60333186457ba675ea6bebf5a97db1 Loading...

	sparkasse.de-checking-3050.xyz/de/Kontrolle/spark/bower_components/jquery/dist/jquery.min.js	87 kB	2023-03-07	2024-04-27
Pretty URL sparkasse.de-checking-3050.xyz/de/Kontrolle/spark/bower_components/jquery/dist/jquery.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-27 05:42:28 Times Seen62862 Hash c9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Loading...

	sparkasse.de-checking-3050.xyz/de/Kontrolle/spark/a1b2c3/089f347b553b77c92c499a45cbea5d41/start/?	548 B	2023-03-07	2023-03-07
Pretty URL sparkasse.de-checking-3050.xyz/de/Kontrolle/spark/a1b2c3/089f347b553b77c92c499a45cbea5d41/start/? IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:21:03 Last Seen2023-03-07 23:45:30 Times Seen1 Hash d4c34afad105ef94267ebf93a61a61f3 05f4c4a99e465db7445281b98ed1e8e6c2d0d10d 8eaf801764dab73667c13b7e6d22ea435334b87079bfd05f6fa5861b5c6a4d56 Loading...

	sparkasse.de-checking-3050.xyz/de/Kontrolle/spark/start/token/token.js?v=632c474a28013	1.3 kB	2023-03-07	2023-09-26
Pretty URL sparkasse.de-checking-3050.xyz/de/Kontrolle/spark/start/token/token.js?v=632c474a28013 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:45:52 Last Seen2023-09-26 13:48:24 Times Seen3 Hash b6b75ddf85ac814b0c664d4511653409 dec6fb8d48f87c2cd05869c90756389809ff4a03 87eb5b13400c1ac4be75ec2a0dc621e3fcb0e0996dc2e674699d275255c73229 Loading...

	voba.aquaflyff.com/de/uadmin/gate.php?pl=token&link=sparkasse-shima&bid=089f347b553b77c92c499a45cbea5d41&callback=jQuery32106763314563652179_1663846217897&data=%7B%22mes%22%3A%22User%20on%20start%20page%22%7D&_=1663846217898	57 B	2023-03-07	2023-03-07
Pretty URL voba.aquaflyff.com/de/uadmin/gate.php?pl=token&link=sparkasse-shima&bid=089f347b553b77c92c499a45cbea5d41&callback=jQuery32106763314563652179_1663846217897&data=%7B%22mes%22%3A%22User%20on%20start%20page%22%7D&_=1663846217898 IP 104.21.96.73 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:11:54 Last Seen2023-03-07 23:11:54 Times Seen1 Hash b2a6ef20868ca41f617242de70679680 29dc774ca049f3937411394e07763795b6b77f85 c7b16e4772103360b1a489fa68c5d8b3411bfde5f1a52838acd916fbf7ad2e30 Loading...

	voba.aquaflyff.com/de/uadmin/gate.php?pl=token&link=sparkasse-shima&bid=089f347b553b77c92c499a45cbea5d41&callback=jQuery32106763314563652179_1663846217895&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1663846217896	57 B	2023-03-07	2023-03-07
Pretty URL voba.aquaflyff.com/de/uadmin/gate.php?pl=token&link=sparkasse-shima&bid=089f347b553b77c92c499a45cbea5d41&callback=jQuery32106763314563652179_1663846217895&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1663846217896 IP 104.21.96.73 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:11:54 Last Seen2023-03-07 23:11:54 Times Seen1 Hash c323986f312df503c3399b29f340c39d 8cb47ee50ab655a8fc0249170f9ba2ef9ff91af6 c076d610d5474d09a139ac8104db76efd43035c1ab2f625422df8f0076a6f79a Loading...

HTTP Transactions (27)

URL IP Response Size

sparkasse.de-checking-3050.xyz/de/Kontrolle/spark

172.67.142.82

301 Moved Permanently

0 B

URL HTTP/1.1
sparkasse.de-checking-3050.xyz/de/Kontrolle/spark
IP
172.67.142.82:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Sparkasse Bank
fortinet	Malware

HTTP Headers

GET /de/Kontrolle/spark HTTP/1.1
Host: sparkasse.de-checking-3050.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Thu, 22 Sep 2022 11:30:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 22 Sep 2022 12:30:16 GMT
Location: https://sparkasse.de-checking-3050.xyz/de/Kontrolle/spark
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q1ZbxZtEIoTtH6Ncg%2FhquTA5aORKTLsFooUuSU1KlVWxXnm9WIz4OB8XNjAJtLdrK7scdLmCD3RqMaKB2MiW8DRu9wlbllb2RGjkf4h8hbsBbF9V%2BwYZHe6OTbKSl12NqE5%2FYVPgQEQzBb7yb9e0fmY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74eab5239d9afac0-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a26d0784548ecab22f417f3d689daf23
8893b79366bbadeb5c8d587b8f023e310694df1c
35baaae7b3ce3110ebb2b075881cfab55ecf3eab57d834283fd18ac691b41fa2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35BAAAE7B3CE3110EBB2B075881CFAB55ECF3EAB57D834283FD18AC691B41FA2"
Last-Modified: Tue, 20 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8043
Expires: Thu, 22 Sep 2022 13:44:19 GMT
Date: Thu, 22 Sep 2022 11:30:16 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

143.204.55.115

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.115:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 22 Sep 2022 11:13:58 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: GrxPsMkl9jLlUcuUuWX-_KFyk4c5eIPlZXEBj2EJ3uT0iQE-6_SMWQ==
Age: 978

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

143.204.55.49

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
143.204.55.49:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 22 Sep 2022 04:35:15 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: UOY-omaqtnL3Vv77GvlN4AX_fFc3kq8CVHGYT-hNxZPXr6EL6L_T_w==
age: 24902
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1p5/qyOr1wJNqr4

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/qyOr1wJNqr4
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8b07e92d0db64c5d8b9f1aaed1cd84b8
43baeef3e083e80783ae707d6c25a0092152229e
7b3dc520ea331a8f2ed5ca873576fb6f297436c51652a94801b24c5266940497

HTTP Headers

POST /s/gts1p5/qyOr1wJNqr4 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 11:30:16 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

sparkasse.de-checking-3050.xyz/de/Kontrolle/spark/

172.67.142.82

301 Moved Permanently

0 B

URL HTTP/1.1
sparkasse.de-checking-3050.xyz/de/Kontrolle/spark/
IP
172.67.142.82:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /de/Kontrolle/spark/ HTTP/1.1
Host: sparkasse.de-checking-3050.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Thu, 22 Sep 2022 11:30:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 22 Sep 2022 12:30:16 GMT
Location: https://sparkasse.de-checking-3050.xyz/de/Kontrolle/spark/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VZ%2FxVOWTKn%2FbdWP554BflRWOh9OAPqM8iGLi%2By1QVlVqWsXRC5WqRVF6s%2BaoY4GqYjPIcW3NYzff79Rgcb60e5PbxQ3dChkOrQEw2lwVCUzsoXuTcMEWPPk6nENcfepV0fiueK31ZoRE9ypWP%2FQGQhM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74eab526efb5fac0-OSL
alt-svc: h2=":443"; ma=60

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.115

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.115:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Thu, 22 Sep 2022 11:03:22 GMT
Expires: Thu, 22 Sep 2022 12:01:43 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: b35p3gxqqWySDNb_OB6LAXcIhS1cBbJ86UMye4H6cik6ABU_XwzJzg==
Age: 1614

ocsp.pki.goog/s/gts1p5/qyOr1wJNqr4

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/qyOr1wJNqr4
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8b07e92d0db64c5d8b9f1aaed1cd84b8
43baeef3e083e80783ae707d6c25a0092152229e
7b3dc520ea331a8f2ed5ca873576fb6f297436c51652a94801b24c5266940497

HTTP Headers

POST /s/gts1p5/qyOr1wJNqr4 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 11:30:16 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

696 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
696 B (696 bytes)
Hash
9d55e6c0d6193d8f3e02e75cd7325c93
e124e5550c9163c49bce4c542f80174dcba7bbe1
22ee3658ed55a246fed7b9f4da41ca4f17ca0d20d97807150d0934bc285cc145

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3702
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 11:30:17 GMT
Last-Modified: Thu, 22 Sep 2022 10:28:35 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

52.39.57.61

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.39.57.61:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ASRWJtGrCnYB8RJXZkDxwg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: cclytZq6nB5niSOz4hQFgOVhbLE=

sparkasse.de-checking-3050.xyz/de/Kontrolle/spark/a1b2c3/089f347b553b77c92c499a45cbea5d41/?

172.67.142.82

301 Moved Permanently

0 B

URL HTTP/1.1
sparkasse.de-checking-3050.xyz/de/Kontrolle/spark/a1b2c3/089f347b553b77c92c499a45cbea5d41/?
IP
172.67.142.82:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /de/Kontrolle/spark/a1b2c3/089f347b553b77c92c499a45cbea5d41/? HTTP/1.1
Host: sparkasse.de-checking-3050.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Thu, 22 Sep 2022 11:30:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 22 Sep 2022 12:30:17 GMT
Location: https://sparkasse.de-checking-3050.xyz/de/Kontrolle/spark/a1b2c3/089f347b553b77c92c499a45cbea5d41/?
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oSfl1tgbAkwszMuaWh%2FBirqrjxg1XTjDv%2BTKZ6mm5Kl8nQ1KgyteYiQtQ4GGK7DwjWmrr3%2BfL1vvFUlsvyBhzd4eTXis%2BShhTP8I3IprYNLh4fz9BWsvhv1DpJxfu3iV4hrMWyJLFRWoIGJ7J4sdGZw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74eab52e7dc9fac0-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10544
Expires: Thu, 22 Sep 2022 14:26:02 GMT
Date: Thu, 22 Sep 2022 11:30:18 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10544
Expires: Thu, 22 Sep 2022 14:26:02 GMT
Date: Thu, 22 Sep 2022 11:30:18 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10544
Expires: Thu, 22 Sep 2022 14:26:02 GMT
Date: Thu, 22 Sep 2022 11:30:18 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8dc9975a-1730-4f22-938b-16d00b675774.webp

34.120.237.76

200 OK

6.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8dc9975a-1730-4f22-938b-16d00b675774.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.7 kB (6667 bytes)
Hash
d19cac9573e6ead9bf47fafc522e65ad
804a11a71d93ce96d33d0c9eb97f200fd72295e9
27fe9a87f50dcd0ae95a7b4b1a867e4a93da6617c205e3b686c7b3ba781113ad

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8dc9975a-1730-4f22-938b-16d00b675774.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6667
x-amzn-requestid: ca197085-d84f-4b18-bb3f-bdcbe1a09179
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YzG6gFbVIAMFfZg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632ab843-7ad0e6464190f55e4efd96e4;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 07:07:47 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: GqmLDOdrcoQM7d5mLJP_kinvgPhpAfuSh9tgKykku1Tow0xHS1bArw==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 07:08:26 GMT
age: 15712
etag: "804a11a71d93ce96d33d0c9eb97f200fd72295e9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faf89a4b3-f586-4870-ab26-efb054f637fd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8678 bytes)
Hash
91c56f0b9810bfdd84e10a626b89e389
15d83e44d568938b6c9c87201e898cedb3edec0a
942de9764e1c408f7512759774aab0479db201e6fae15ccc39e653adae4cb86f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faf89a4b3-f586-4870-ab26-efb054f637fd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8678
x-amzn-requestid: c671a9ab-c5d0-4743-b13e-cc9a47e3d2fe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y1F0vEThIAMFSwQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632b8351-17ed13811d3833ea00a34423;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 21:34:09 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 2Oem-Kw-aCUa2rA9B9-7CDYcZ-G968tFPnsrL5wJ9Dia43T5u6RDtg==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 21:34:09 GMT
etag: "15d83e44d568938b6c9c87201e898cedb3edec0a"
content-type: image/jpeg
age: 50169
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4bf12030-6891-4726-8589-181dc038b664.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.7 kB (6747 bytes)
Hash
627a1957eb7fb1bd39319cfc87cb42ac
b778bfda1edeb8f55e27b26adfe1212a1698c4e6
efaa77c56866df2ca13fd87ac82eb12b82c0a2bd4b24ae747310de5b694f80ca

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4bf12030-6891-4726-8589-181dc038b664.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6747
x-amzn-requestid: c1009486-0109-4431-8027-470cc6d7232d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y1GD7HqxoAMFv4Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632b83b2-72cff3ea11f29a99721803e2;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 21:35:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: wKtTDXaNE6AMdxubq7sKRV1JzRwJOdsG2ZxkeAHA32LoSGB90WgMbQ==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 22:05:10 GMT
age: 48308
etag: "b778bfda1edeb8f55e27b26adfe1212a1698c4e6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dee9427-1c1b-4ddc-9f89-8c6e254bd0f1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8549 bytes)
Hash
62818de3c50f957b2e5680851a1768c9
80e48c9ae48c89598780736b089c98e22d58df9a
16f2c2d23e8641a3f297a175730343d11120a228c0fe846c0fdf1e39212c522c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dee9427-1c1b-4ddc-9f89-8c6e254bd0f1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8549
x-amzn-requestid: 6d44626b-16c6-4f19-ae52-d5350065b390
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y1GwPHJJoAMFdfA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632b84ce-46ebc35612eb7a4473b36189;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 21:40:30 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: UoQTXSP0LgR4LwELp2Avm27hUekfO9TU9yfvNbIlmUtB-FrU9MGRbg==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 21:48:19 GMT
age: 49319
etag: "80e48c9ae48c89598780736b089c98e22d58df9a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2a425d5-4fbd-4af0-a85b-75f0878759cb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.5 kB (7507 bytes)
Hash
4d98acc059a69d51165fb5e0c7430ea3
09bd3300d710c3212483159f8398b84cde09da26
6e38bbb5c79c4f714973e10961d7bad9e7ae8711cf24d68b13a77206f474d2a6

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2a425d5-4fbd-4af0-a85b-75f0878759cb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7507
x-amzn-requestid: 2a40c792-8b1b-4476-92de-1fce3df48fc1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YcCmaHefoAMF4Ow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63217e28-6b05350006b7f3fb73d1e37a;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 07:09:28 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: gZ8I075ljJuPvMcsyyRU3m09P9z7mL3WNBiex99pwXtoWDzt_jWP0A==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 22:25:13 GMT
age: 47105
etag: "09bd3300d710c3212483159f8398b84cde09da26"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0788498f-41db-4d62-b749-e01caddb7f8d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10754 bytes)
Hash
af5773255351157d72c28a670a355c60
c803e5866edbe6c9baec14e93677f610bdf09bff
3229b4aa1c698647ad96d114174782549ad240f1b2c4ba8c268165a16afc84f0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0788498f-41db-4d62-b749-e01caddb7f8d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10754
x-amzn-requestid: 2d03531d-6055-477f-9cb6-9ea9fa27eeb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y1F0vHJ4IAMF42Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632b8351-692620e80d5b2efe1d0e3a82;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 21:34:09 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: eYUP9NfAkmU4A-mZvysejq1228Qfb8vbfdXOaHQvr6mjXhnVoWdqJw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 21:34:09 GMT
etag: "c803e5866edbe6c9baec14e93677f610bdf09bff"
content-type: image/jpeg
age: 50169
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.77.32

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
4b789d52dde5cd235872aadbfba2a46e
6daf916f8b069da48bc5f679f94d2a5c52042feb
8a345970ad0008b363d50d7dfeefcf93588d22ebd3434d0434b038ccc1cf3442

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "8A345970AD0008B363D50D7DFEEFCF93588D22EBD3434D0434B038CCC1CF3442"
Last-Modified: Wed, 21 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21550
Expires: Thu, 22 Sep 2022 17:29:30 GMT
Date: Thu, 22 Sep 2022 11:30:20 GMT
Connection: keep-alive

e1.o.lencr.org/

23.36.77.32

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
4b789d52dde5cd235872aadbfba2a46e
6daf916f8b069da48bc5f679f94d2a5c52042feb
8a345970ad0008b363d50d7dfeefcf93588d22ebd3434d0434b038ccc1cf3442

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "8A345970AD0008B363D50D7DFEEFCF93588D22EBD3434D0434B038CCC1CF3442"
Last-Modified: Wed, 21 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21549
Expires: Thu, 22 Sep 2022 17:29:29 GMT
Date: Thu, 22 Sep 2022 11:30:20 GMT
Connection: keep-alive

e1.o.lencr.org/

23.36.77.32

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
4b789d52dde5cd235872aadbfba2a46e
6daf916f8b069da48bc5f679f94d2a5c52042feb
8a345970ad0008b363d50d7dfeefcf93588d22ebd3434d0434b038ccc1cf3442

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "8A345970AD0008B363D50D7DFEEFCF93588D22EBD3434D0434B038CCC1CF3442"
Last-Modified: Wed, 21 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21549
Expires: Thu, 22 Sep 2022 17:29:29 GMT
Date: Thu, 22 Sep 2022 11:30:20 GMT
Connection: keep-alive

sparkasse.de-checking-3050.xyz/de/Kontrolle/spark

172.67.142.82

301 Moved Permanently

0 B

URL HTTP/2
sparkasse.de-checking-3050.xyz/de/Kontrolle/spark
IP
172.67.142.82:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	Sparkasse Bank
fortinet	Malware

HTTP Headers

GET /de/Kontrolle/spark HTTP/1.1
Host: sparkasse.de-checking-3050.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 301 Moved Permanently
date: Thu, 22 Sep 2022 11:30:16 GMT
content-type: text/html; charset=iso-8859-1
location: http://sparkasse.de-checking-3050.xyz/de/Kontrolle/spark/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xJncEHFF2SL6JaTV2p4HJO%2Bf9ImTRQu9hICfZrSO%2BPVr26fUrOrmsB0d%2FJlkYVEuQA5rA1dk3NyJ3u3IO2g3xztg7e%2Fweuaq1mX9lVB2XKSw%2BQkj%2BX9aW9URgD0u89ChYxsCAi9VJ6x8jSxr1SPvRxs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74eab5267beab529-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

sparkasse.de-checking-3050.xyz/de/Kontrolle/spark/

172.67.142.82

200 OK

0 B

URL HTTP/2
sparkasse.de-checking-3050.xyz/de/Kontrolle/spark/
IP
172.67.142.82:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /de/Kontrolle/spark/ HTTP/1.1
Host: sparkasse.de-checking-3050.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

HTTP/2 200 OK
date: Thu, 22 Sep 2022 11:30:16 GMT
content-type: text/html; charset=UTF-8
set-cookie: real=OK
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=163fx9byypBD6nkP1%2FYLfs9nBQn%2F8fMoaq1lL540MR68RKl7pufsEeKbEvmcNAUhHTFkcuAPzHqn2Nc3g0Gq%2F%2FRsM%2B8Vj0e7Rcv4BAeWqnBNObY%2FVlaHz99lZXHA7mbU0AXye2Jy3bLbKQlU756XLUQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74eab5270c99b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

voba.aquaflyff.com/de/uadmin/gate.php?pl=token&link=sparkasse-shima&bid=089f347b553b77c92c499a45cbea5d41&callback=jQuery32106763314563652179_1663846217897&data=%7B%22mes%22%3A%22User%20on%20start%20page%22%7D&_=1663846217898

104.21.96.73

200 OK

0 B

URL HTTP/2
voba.aquaflyff.com/de/uadmin/gate.php?pl=token&link=sparkasse-shima&bid=089f347b553b77c92c499a45cbea5d41&callback=jQuery32106763314563652179_1663846217897&data=%7B%22mes%22%3A%22User%20on%20start%20page%22%7D&_=1663846217898
IP
104.21.96.73:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /de/uadmin/gate.php?pl=token&link=sparkasse-shima&bid=089f347b553b77c92c499a45cbea5d41&callback=jQuery32106763314563652179_1663846217897&data=%7B%22mes%22%3A%22User%20on%20start%20page%22%7D&_=1663846217898 HTTP/1.1
Host: voba.aquaflyff.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 22 Sep 2022 11:30:20 GMT
content-type: application/javascript
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eI9BP46R0aMlfv25aJrtdc8pH9RYOF0SKmS7RtBN%2FwkF4jqDV4xVvWWg6oURugVg7aDatO0DSMr4Dp8eFm9OT4SlNmCfG3DUxiKPJWiZ3EkK1aIQ1T8Jp6Y06ydUk751c4EdqW8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74eab540ae73b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

voba.aquaflyff.com/de/uadmin/gate.php?pl=token&link=sparkasse-shima&bid=089f347b553b77c92c499a45cbea5d41&callback=jQuery32106763314563652179_1663846217895&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1663846217896

104.21.96.73

200 OK

0 B

URL HTTP/2
voba.aquaflyff.com/de/uadmin/gate.php?pl=token&link=sparkasse-shima&bid=089f347b553b77c92c499a45cbea5d41&callback=jQuery32106763314563652179_1663846217895&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1663846217896
IP
104.21.96.73:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /de/uadmin/gate.php?pl=token&link=sparkasse-shima&bid=089f347b553b77c92c499a45cbea5d41&callback=jQuery32106763314563652179_1663846217895&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1663846217896 HTTP/1.1
Host: voba.aquaflyff.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 22 Sep 2022 11:30:20 GMT
content-type: application/javascript
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hwiCR9YxGaOkFYnbVHJpvtMqgS5Tjl1ukvbf9ojPp%2BRFKtFIkwpHNIZcTjSH72ZrTjQn8rcTLp4sfZL8oGDe%2FiiEc1qOjb1VnVvqbLljwDewvZ3gooF6aOcDEYd5WF3aXrG7VWk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74eab540ae81b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (13)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations