Report - globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html

Report Overview

Submitted URL
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
IP
63.250.43.136
ASN
#22612 NAMECHEAP-NET
Submitted
2022-09-05 17:33:16
Access
Website Title
Final URL
Tags
None
urlquery detections
Phishing - DHL

Detections

urlquery
2
Network Intrusion Detection
0
Threat Detection Systems
44

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	15 kB	176 kB	63.250.43.136
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
assets.adobedtm.com	512	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.8 kB	14 kB	23.38.200.237
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	44.240.140.78
www.dhl.de	42967	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	973 B	2.3 kB	23.14.14.78
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.35
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	4.4 kB	23.36.77.32
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	50 kB	34.120.237.76
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.110
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	328 B	964 B	104.18.32.68

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-09-05	medium	globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html	DHL Airways, Inc.
2022-09-05	medium	globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html	DHL Airways, Inc.

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-05	medium	globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html	Phishing
2022-09-05	medium	globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html	Phishing
2022-09-05	medium	globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/otSDKStub.js.t%C3%A9l%C3%A9chargement	Phishing
2022-09-05	medium	globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/RC1e5a8e7e3c8e4abba00ff126d1a22afe-source.min.js.t%C3%A9l%C3%A9chargement	Phishing
2022-09-05	medium	globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/RC9d884bbac35a4d7eacadd961a6b0fcd1-source.min.js.t%C3%A9l%C3%A9chargement	Phishing
2022-09-05	medium	globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/rating-play-store.svg	Phishing
2022-09-05	medium	globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/dhl-official.svg	Phishing
2022-09-05	medium	globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/dhl-group.svg	Phishing
2022-09-05	medium	globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/RC1e5a8e7e3c8e4abba00ff126d1a22afe-source.min.js.t%C3%A9l%C3%A9chargement	Phishing
2022-09-05	medium	globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/etc.clientlibs/redesign/clientlibs/static/resources/icons/sprite.svg	Phishing
2022-09-05	medium	globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-rg.woff2	Phishing
2022-09-05	medium	globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-bd.woff2	Phishing
2022-09-05	medium	globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/launch-57e76d3709d1.min.js.t%C3%A9l%C3%A9chargement	Phishing
2022-09-05	medium	globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-rg.woff	Phishing
2022-09-05	medium	globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-bd.woff	Phishing
2022-09-05	medium	globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-cdblk.woff	Phishing
2022-09-05	medium	globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/AppMeasurement.min.js.t%C3%A9l%C3%A9chargement	Phishing
2022-09-05	medium	globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/otBannerSdk.js.t%C3%A9l%C3%A9chargement	Phishing
2022-09-05	medium	globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/otBannerSdk.js.t%C3%A9l%C3%A9chargement	Phishing
2022-09-05	medium	globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/clientlibs-head.min.fb0e18bb35d6bd0435c75b800052a84f.js.t%C3%A9l%C3%A9chargement	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (8)

	URL	Size	First Seen	Last Seen
	globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html	266 B	2023-03-07	2023-03-07
Pretty URL globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html IP 63.250.43.136 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:42:11 Last Seen2023-03-07 16:53:59 Times Seen1 Hash e8709a1e6cdfdf13c7e73083462cdfbe 7f99c61b3af016870dccf9f4e78cf5528fa74c2a 69f70e49cc5b15e289609432b966104d18ea622b2931d2b80926f49468abe121 Loading...

	globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html	141 B	2023-03-07	2023-10-24
Pretty URL globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html IP 63.250.43.136 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:29:18 Last Seen2023-10-24 12:28:57 Times Seen3 Hash b30c94bdfea284a49b6c28fb33297c25 a0fd0fa16f84530eb937d9a071f1081265b1e9f5 f11f2eada19e6ee55becbf0b5ed35ba975935cfd95a96b4498a2361f50287876 Loading...

	globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html	214 B	2023-03-07	2024-04-22
Pretty URL globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html IP 63.250.43.136 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:29:18 Last Seen2024-04-22 02:05:25 Times Seen11591 Hash 60480af0c7b84a8db11f568bdfc1f343 c0289fa1764697be2aba314e6b743ef0f33d40c2 8fc08ef287bb85ed813cab365db65493074410cc07ade1993e6a666dd0d9cf8e Loading...

	globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html	1.0 kB	2023-03-07	2023-03-09
Pretty URL globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html IP 63.250.43.136 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:42:11 Last Seen2023-03-09 13:16:30 Times Seen1 Hash f74de511976a3f9e6f0642dad70eba2c 3b9f09648d00a8e957efc7824cb9fe227f02db10 6deea3ab292292e818ef4ff43d20aebccb6a37505e51ee3a750408a25e3df8eb Loading...

	globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html	667 B	2023-03-07	2023-04-05
Pretty URL globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html IP 63.250.43.136 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:29:18 Last Seen2023-04-05 08:50:48 Times Seen4 Hash d2d14c835e8397239cded99a3b02d1bc 51e2c6869d6df65affa687459bf7ba37ad1bc908 edb28b2259ce8a918d638933da0dde75519d224418264e8fa793871cdc1f82c2 Loading...

	globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html	1.0 kB	2023-03-07	2023-04-05
Pretty URL globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html IP 63.250.43.136 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:29:18 Last Seen2023-04-05 10:38:44 Times Seen5 Hash 2eaec89f58895ee1dc42727a0b97f7a7 1cbc7883923f1c84d998184da3336d56a49c8af6 f88373a691eb52d0752d0670c68300cbbde2b8ecfe0bb32a65ed6b0ade3c0f1e Loading...

	assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js	34 kB	2023-03-07	2024-04-13
Pretty URL assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js IP 23.38.200.237 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:29:18 Last Seen2024-04-13 09:58:39 Times Seen49 Hash 85722a02b6a7feb74d08ac7875516bee 7740fa756f932d6c446bfa9ba53c24ed13396ff8 055e467aa53a9c0272d805bbc009ade8c74df5a8c1255271d753ac78fe179873 Loading...

	globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html	150 B	2023-03-07	2023-10-24
Pretty URL globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html IP 63.250.43.136 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:29:18 Last Seen2023-10-24 17:07:29 Times Seen7 Hash c69f08b2a4102231512926e53def5df9 733fd3903e07281360a22a6477c7d5abb599f395 93bf6a0478881adae3e7d0686517d024d7b402afa01ad164749643827245b694 Loading...

HTTP Transactions (49)

URL IP Response Size

firefox.settings.services.mozilla.com/v1/

143.204.55.35

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 05 Sep 2022 17:01:59 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 8IU7BItnndnbwo9YbdEkfVNFm5Nh6sw-obkgQquErEu8i0iK8b88mA==
Age: 1866

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d931e0142ef5ffe9cdb4c4c6bfcb9bc9
d9c4caf525e8926b042a14f38d374cc4033ed768
f610984fb0a75b3a31424faa860cbc8172c7f21804df1dc14fbb685b7c456f29

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F610984FB0A75B3A31424FAA860CBC8172C7F21804DF1DC14FBB685B7C456F29"
Last-Modified: Sat, 03 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2886
Expires: Mon, 05 Sep 2022 18:21:11 GMT
Date: Mon, 05 Sep 2022 17:33:05 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.110

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.110:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 05 Sep 2022 01:15:19 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 2jgAMW6vfFjuwTs6oLVb6T5EWvclSRYQx67KyOV5EaZCtESzwyzMQg==
age: 58668
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 17:33:05 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
2abf06138ca8f83590225dac1ba6548d
94d7f978c5d481a22bbb2b0d6d34ea06b0d88867
f22dcbbc037cbc15d683e2f36f98a5f17a5c778deb087a14f2f8e79b4e8f7a98

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 05 Sep 2022 17:33:06 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 05 Sep 2022 11:56:48 GMT
Expires: Mon, 12 Sep 2022 11:56:47 GMT
Etag: "94d7f978c5d481a22bbb2b0d6d34ea06b0d88867"
Cache-Control: max-age=584020,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7460b54089d2b521-OSL

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.35

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Mon, 05 Sep 2022 16:38:16 GMT
Cache-Control: max-age=3600
Expires: Mon, 05 Sep 2022 17:23:44 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: KCazTax6t3uyP2M2drV-yS0MOtqwTExNo3c9ciA6ndJOEi9GSJzEig==
Age: 3290

globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html

63.250.43.136

200 OK

31 kB

URL HTTP/2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
IP
63.250.43.136:0
ASN
#22612 NAMECHEAP-NET

File type
PHP script text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (23535)
Size
31 kB (31071 bytes)
Hash
72efbecc3f71578e02f283c11699efd2
5c1fb94fdb0de8517b41189f320232058b756758
bf309b3076d0d17be526dce2f06b3624f405f7539aaaf66486c170ff9287d082

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.
fortinet	Phishing

HTTP Headers

GET /N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:37:40 GMT
content-type: text/html
last-modified: Mon, 05 Sep 2022 11:37:07 GMT
vary: Accept-Encoding
etag: W/"6315df63-3fe69"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
content-encoding: gzip
x-cacheable: YES
age: 21326
x-cache: HIT
accept-ranges: bytes
content-length: 31071
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
b57a9dd04797bf34612c80361f1dffb3
56573166d8b9cd9b8dae19fd905e4f3293af306b
b03552109f1e7d1e482aa14614ffb1e38fb53ae4951152aab307b927674dad98

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5863
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 17:33:06 GMT
Last-Modified: Mon, 05 Sep 2022 15:55:23 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html

63.250.43.136

304 Not Modified

0 B

URL HTTP/2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
IP
63.250.43.136:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.
fortinet	Phishing

HTTP Headers

GET /N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
If-Modified-Since: Mon, 05 Sep 2022 11:37:07 GMT
If-None-Match: W/"6315df63-3fe69"
TE: trailers

HTTP/2 304 Not Modified
server: nginx
date: Mon, 05 Sep 2022 11:37:40 GMT
content-type: text/html
last-modified: Mon, 05 Sep 2022 11:37:07 GMT
vary: Accept-Encoding
etag: W/"6315df63-3fe69"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
content-encoding: gzip
x-cacheable: YES
age: 21326
x-cache: HIT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js

23.38.200.237

200 OK

12 kB

URL HTTP/2
assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js
IP
23.38.200.237:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (32767)
Size
12 kB (12243 bytes)
Hash
045079643269515f6ffbe053eba2050e
9546dd8b24e1bd7013c02841004f2caf24386ecf
b68968314ff9e0ecc57a2874d496c07233be5fba22dadcc81da0a3a8dd289112

HTTP Headers

GET /extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "85722a02b6a7feb74d08ac7875516bee:1642630706.903013"
last-modified: Wed, 19 Jan 2022 22:18:26 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 12243
expires: Mon, 05 Sep 2022 18:33:06 GMT
date: Mon, 05 Sep 2022 17:33:06 GMT
cache-control: no-cache
access-control-allow-origin: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
timing-allow-origin: *
X-Firefox-Spdy: h2

globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/otSDKStub.js.t%C3%A9l%C3%A9chargement

63.250.43.136

200 OK

22 kB

URL HTTP/2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/otSDKStub.js.t%C3%A9l%C3%A9chargement
IP
63.250.43.136:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (21656)
Size
22 kB (21657 bytes)
Hash
feb0bfcbff24183c313aed535b9547e0
4c1124366ec93025ca031eafd3413d9c0b63415b
a2c340dd3914586acfd9e644e15964cb976c43d5d05dd4db674cf70271cac1ed

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/otSDKStub.js.t%C3%A9l%C3%A9chargement HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:37:40 GMT
content-type: application/octet-stream
content-length: 21657
last-modified: Mon, 05 Sep 2022 11:37:07 GMT
etag: "6315df63-5499"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
x-cacheable: YES
age: 21326
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

push.services.mozilla.com/

44.240.140.78

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
44.240.140.78:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 6gwXCPidpCEmvH/uVU4ZlA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: wK1d/iCEDGvS00zNsVPaUgnSwNA=

globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/clientlibs-head.min.783de552212b14576d1cd21a45f04b08.css

63.250.43.136

200 OK

64 kB

URL HTTP/2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/clientlibs-head.min.783de552212b14576d1cd21a45f04b08.css
IP
63.250.43.136:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (1073)
Size
64 kB (63451 bytes)
Hash
b789b66072966d4e2bf3a08672cb7642
471665d13b325d1cc6e0fbbb942e7c12f76f1b7e
ff31c0119b662b5a86d4b2eb946540720b776896dbe1957458bfbac33afb7a18

HTTP Headers

GET /N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/clientlibs-head.min.783de552212b14576d1cd21a45f04b08.css HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:39:40 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 11:37:07 GMT
vary: Accept-Encoding
etag: W/"6315df63-88e83"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 21206
x-cache: HIT
accept-ranges: bytes
content-length: 63451
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/translateelement.css

63.250.43.136

200 OK

3.7 kB

URL HTTP/2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/translateelement.css
IP
63.250.43.136:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (18670)
Size
3.7 kB (3655 bytes)
Hash
3d3127a7ab9410ff525f50ba7c06ed99
c241bd61f31f77955718b3ce17e29ace70f7d872
634410d55e741e42df8153f697c7b19e29a5471f4086834c4cff519bcac82a1b

HTTP Headers

GET /N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/translateelement.css HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:39:40 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 11:37:07 GMT
vary: Accept-Encoding
etag: W/"6315df63-4924"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 21206
x-cache: HIT
accept-ranges: bytes
content-length: 3655
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/erkennen.css

63.250.43.136

200 OK

5.6 kB

URL HTTP/2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/erkennen.css
IP
63.250.43.136:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (2457)
Size
5.6 kB (5631 bytes)
Hash
26558f04a6c7e9053e0da71e58cda103
9f807600b7addb860461fa00d203f31068396803
53f0d5d976b921a8224c5a57403ab10df9f32f19461dc02dfffccd724b30f03f

HTTP Headers

GET /N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/erkennen.css HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:39:40 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 11:37:07 GMT
vary: Accept-Encoding
etag: W/"6315df63-53f8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 21206
x-cache: HIT
accept-ranges: bytes
content-length: 5631
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/RC1e5a8e7e3c8e4abba00ff126d1a22afe-source.min.js.t%C3%A9l%C3%A9chargement

63.250.43.136

200 OK

424 B

URL HTTP/2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/RC1e5a8e7e3c8e4abba00ff126d1a22afe-source.min.js.t%C3%A9l%C3%A9chargement
IP
63.250.43.136:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text
Size
424 B (424 bytes)
Hash
fdce384554b54fc84cf5a6e63c5400b5
19ad5cdca72ca135dc4570263fb108a777c05d9f
69737963f9075b7507ac38ef01bb14fe4d31346c2e3c6ed5d9113227d06c2ffc

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/RC1e5a8e7e3c8e4abba00ff126d1a22afe-source.min.js.t%C3%A9l%C3%A9chargement HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:37:40 GMT
content-type: application/octet-stream
content-length: 424
last-modified: Mon, 05 Sep 2022 11:37:07 GMT
etag: "6315df63-1a8"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
x-cacheable: YES
age: 21326
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/priv-app.min.css

63.250.43.136

200 OK

14 kB

URL HTTP/2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/priv-app.min.css
IP
63.250.43.136:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
14 kB (13543 bytes)
Hash
c18a74da7bfbd64228d0e40b3663acbb
8b264088dee610b86540d7c48302d16b9af2f264
ef14fb994147c63dade55223777545386ed5e1c893da050b4451bf6589042e8d

HTTP Headers

GET /N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/priv-app.min.css HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:39:40 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 11:37:07 GMT
vary: Accept-Encoding
etag: W/"6315df63-1c206"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 21206
x-cache: HIT
accept-ranges: bytes
content-length: 13543
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js

23.38.200.237

304 Not Modified

0 B

URL HTTP/2
assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js
IP
23.38.200.237:0
ASN
#16625 AKAMAI-AS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Wed, 19 Jan 2022 22:18:26 GMT
If-None-Match: "85722a02b6a7feb74d08ac7875516bee:1642630706.903013"
TE: trailers

HTTP/2 304 Not Modified
content-type: application/x-javascript
last-modified: Wed, 19 Jan 2022 22:18:26 GMT
etag: "85722a02b6a7feb74d08ac7875516bee:1642630706.903013"
expires: Mon, 05 Sep 2022 18:33:07 GMT
date: Mon, 05 Sep 2022 17:33:07 GMT
cache-control: no-cache
access-control-allow-origin: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
timing-allow-origin: *
X-Firefox-Spdy: h2

assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js

23.38.200.237

304 Not Modified

0 B

URL HTTP/2
assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js
IP
23.38.200.237:0
ASN
#16625 AKAMAI-AS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Wed, 19 Jan 2022 22:18:26 GMT
If-None-Match: "85722a02b6a7feb74d08ac7875516bee:1642630706.903013"
TE: trailers

HTTP/2 304 Not Modified
content-type: application/x-javascript
last-modified: Wed, 19 Jan 2022 22:18:26 GMT
etag: "85722a02b6a7feb74d08ac7875516bee:1642630706.903013"
expires: Mon, 05 Sep 2022 18:33:07 GMT
date: Mon, 05 Sep 2022 17:33:07 GMT
cache-control: no-cache
access-control-allow-origin: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
timing-allow-origin: *
X-Firefox-Spdy: h2

assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js

23.38.200.237

304 Not Modified

0 B

URL HTTP/2
assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js
IP
23.38.200.237:0
ASN
#16625 AKAMAI-AS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Wed, 19 Jan 2022 22:18:26 GMT
If-None-Match: "85722a02b6a7feb74d08ac7875516bee:1642630706.903013"
TE: trailers

HTTP/2 304 Not Modified
content-type: application/x-javascript
last-modified: Wed, 19 Jan 2022 22:18:26 GMT
etag: "85722a02b6a7feb74d08ac7875516bee:1642630706.903013"
expires: Mon, 05 Sep 2022 18:33:07 GMT
date: Mon, 05 Sep 2022 17:33:07 GMT
cache-control: no-cache
access-control-allow-origin: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
timing-allow-origin: *
X-Firefox-Spdy: h2

assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js

23.38.200.237

304 Not Modified

0 B

URL HTTP/2
assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js
IP
23.38.200.237:0
ASN
#16625 AKAMAI-AS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Wed, 19 Jan 2022 22:18:26 GMT
If-None-Match: "85722a02b6a7feb74d08ac7875516bee:1642630706.903013"
TE: trailers

HTTP/2 304 Not Modified
content-type: application/x-javascript
last-modified: Wed, 19 Jan 2022 22:18:26 GMT
etag: "85722a02b6a7feb74d08ac7875516bee:1642630706.903013"
expires: Mon, 05 Sep 2022 18:33:07 GMT
date: Mon, 05 Sep 2022 17:33:07 GMT
cache-control: no-cache
access-control-allow-origin: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
timing-allow-origin: *
X-Firefox-Spdy: h2

globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/RC9d884bbac35a4d7eacadd961a6b0fcd1-source.min.js.t%C3%A9l%C3%A9chargement

63.250.43.136

200 OK

1.2 kB

URL HTTP/2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/RC9d884bbac35a4d7eacadd961a6b0fcd1-source.min.js.t%C3%A9l%C3%A9chargement
IP
63.250.43.136:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (1069)
Size
1.2 kB (1216 bytes)
Hash
c7e37321f2007e9d4fa2ced810a759fe
b746a175e31aecae3e43d732e843e659d504f69a
eeccbba85ac9c53063db157f07849f8c9cbd34cab10468c849a96e1ca6aca4f7

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/RC9d884bbac35a4d7eacadd961a6b0fcd1-source.min.js.t%C3%A9l%C3%A9chargement HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:37:40 GMT
content-type: application/octet-stream
content-length: 1216
last-modified: Mon, 05 Sep 2022 11:37:07 GMT
etag: "6315df63-4c0"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
x-cacheable: YES
age: 21326
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/rating-play-store.svg

63.250.43.136

200 OK

352 B

URL HTTP/2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/rating-play-store.svg
IP
63.250.43.136:0
ASN
#22612 NAMECHEAP-NET

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (512)
Size
352 B (352 bytes)
Hash
a985b92e3e641067165f2eb78ea718ba
7a729c1e3783f9c1a5c7749e4d4c37a9425e6825
81f4d7446d13d36b1e800ea4a27b6bd7c416e8d9f3f1c71992bca10029cee732

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/rating-play-store.svg HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:39:53 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Sep 2022 11:37:07 GMT
vary: Accept-Encoding
etag: W/"6315df63-388"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 21193
x-cache: HIT
accept-ranges: bytes
content-length: 352
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/dhl-official.svg

63.250.43.136

200 OK

729 B

URL HTTP/2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/dhl-official.svg
IP
63.250.43.136:0
ASN
#22612 NAMECHEAP-NET

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document, ASCII text, with very long lines (2040), with no line terminators
Size
729 B (729 bytes)
Hash
9cccd6be17d0f07106cb82bbf2f4e5d5
36edea421a0998700cb5e477c9d799db82f4b58c
47e4312df8c95c39415069608eea358cfcb6037c1ca20621b86fb39b5a906b76

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - DHL
fortinet	Phishing

HTTP Headers

GET /N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/dhl-official.svg HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:39:53 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Sep 2022 11:37:07 GMT
vary: Accept-Encoding
etag: W/"6315df63-7f8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 21193
x-cache: HIT
accept-ranges: bytes
content-length: 729
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/dhl-group.svg

63.250.43.136

200 OK

3.2 kB

URL HTTP/2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/dhl-group.svg
IP
63.250.43.136:0
ASN
#22612 NAMECHEAP-NET

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (724)
Size
3.2 kB (3240 bytes)
Hash
6caf160a09ea5de713e872ff5faf67a3
7b0e6b7fb3f394f3335e64992c46ee4c7baa515b
73a6af918932de87dd2eeb7672c37fcba95b5d2bc56d6852083b1c38a0410e8e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/dhl-group.svg HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:39:53 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Sep 2022 11:37:07 GMT
vary: Accept-Encoding
etag: W/"6315df63-220b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 21193
x-cache: HIT
accept-ranges: bytes
content-length: 3240
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/RC1e5a8e7e3c8e4abba00ff126d1a22afe-source.min.js.t%C3%A9l%C3%A9chargement

63.250.43.136

200 OK

424 B

URL HTTP/2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/RC1e5a8e7e3c8e4abba00ff126d1a22afe-source.min.js.t%C3%A9l%C3%A9chargement
IP
63.250.43.136:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text
Size
424 B (424 bytes)
Hash
fdce384554b54fc84cf5a6e63c5400b5
19ad5cdca72ca135dc4570263fb108a777c05d9f
69737963f9075b7507ac38ef01bb14fe4d31346c2e3c6ed5d9113227d06c2ffc

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/RC1e5a8e7e3c8e4abba00ff126d1a22afe-source.min.js.t%C3%A9l%C3%A9chargement HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:37:40 GMT
content-type: application/octet-stream
content-length: 424
last-modified: Mon, 05 Sep 2022 11:37:07 GMT
etag: "6315df63-1a8"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
x-cacheable: YES
age: 21327
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/etc.clientlibs/redesign/clientlibs/static/resources/icons/sprite.svg

63.250.43.136

404 Not Found

146 B

URL HTTP/2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/etc.clientlibs/redesign/clientlibs/static/resources/icons/sprite.svg
IP
63.250.43.136:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /etc.clientlibs/redesign/clientlibs/static/resources/icons/sprite.svg HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Mon, 05 Sep 2022 17:33:07 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-rg.woff2

63.250.43.136

404 Not Found

146 B

URL HTTP/2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-rg.woff2
IP
63.250.43.136:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /N%C2%B0GF0027/26757DE/track/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-rg.woff2 HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/clientlibs-head.min.783de552212b14576d1cd21a45f04b08.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Mon, 05 Sep 2022 17:33:07 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-bd.woff2

63.250.43.136

404 Not Found

146 B

URL HTTP/2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-bd.woff2
IP
63.250.43.136:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /N%C2%B0GF0027/26757DE/track/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-bd.woff2 HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/clientlibs-head.min.783de552212b14576d1cd21a45f04b08.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Mon, 05 Sep 2022 17:33:07 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/launch-57e76d3709d1.min.js.t%C3%A9l%C3%A9chargement

63.250.43.136

200 OK

18 kB

URL HTTP/2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/launch-57e76d3709d1.min.js.t%C3%A9l%C3%A9chargement
IP
63.250.43.136:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (17475), with CRLF, LF line terminators
Size
18 kB (17727 bytes)
Hash
0f8a6df5407d7363932947cffc56bce8
d633e7e3065c1333f1eef401734d8d46e5384b1c
dc52727f47dfa9650068ffc0f2bf1263b029b7a725b3196f756592c88b5f2b71

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/launch-57e76d3709d1.min.js.t%C3%A9l%C3%A9chargement HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:37:40 GMT
content-type: application/octet-stream
content-length: 382027
last-modified: Mon, 05 Sep 2022 11:37:07 GMT
etag: "6315df63-5d44b"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
x-cacheable: YES
age: 21326
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2432
Expires: Mon, 05 Sep 2022 18:13:40 GMT
Date: Mon, 05 Sep 2022 17:33:08 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2432
Expires: Mon, 05 Sep 2022 18:13:40 GMT
Date: Mon, 05 Sep 2022 17:33:08 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2432
Expires: Mon, 05 Sep 2022 18:13:40 GMT
Date: Mon, 05 Sep 2022 17:33:08 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2432
Expires: Mon, 05 Sep 2022 18:13:40 GMT
Date: Mon, 05 Sep 2022 17:33:08 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13d7f0db-89d6-4166-b182-85e35e518df9.jpeg

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13d7f0db-89d6-4166-b182-85e35e518df9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8469 bytes)
Hash
30bf854fd3e27e2313a3d26fc43b9990
032acf1bfb0c8e2cbce8f2ff4d2964424b044951
7641be64dd25487edf4f845d1fbb0b07daa80fa8fb58863dd09081d9d169bd13

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13d7f0db-89d6-4166-b182-85e35e518df9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8469
x-amzn-requestid: de0e8998-4a52-4651-bcd6-3068c50193b6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X9Ey2Eq4oAMFZlQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63151b45-15da44d87bf486cb1738fe18;Sampled=0
x-amzn-remapped-date: Sun, 04 Sep 2022 21:40:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: nqxzicnkQPrjStpPaMIZAukyjtUBQaXfuxWzIs77YGDyJmnirlMsxw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 21:54:51 GMT
age: 70697
etag: "032acf1bfb0c8e2cbce8f2ff4d2964424b044951"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99b438b1-ec2f-4d02-9da4-cca3c8bdf61b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.3 kB (4260 bytes)
Hash
7877df05329f39350f4907a067f5840e
21f33eca6863c382c216c16799d1bea83e40fbd9
94b943383bbd05d11ac0f9c3672e315c9cfaa5cb2299c3779195f08491969fa8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99b438b1-ec2f-4d02-9da4-cca3c8bdf61b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4260
x-amzn-requestid: 024510ab-0cb7-421e-805b-fa54501d1e99
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XpjFQGPVIAMFytQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630d4bbb-4492cd20474c37337f8a5521;Sampled=0
x-amzn-remapped-date: Mon, 29 Aug 2022 23:28:59 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Wk8myA4exuK32he7TlFoJtvtqHb0WcDhvSuo6-aN0dMcxIr7cDkU5Q==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 21:48:24 GMT
age: 71084
etag: "21f33eca6863c382c216c16799d1bea83e40fbd9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ad09c5e-a115-4ff7-9742-809e93046365.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.4 kB (4426 bytes)
Hash
c81f3df885bdee8cac46ea9495e6b63b
fc766bca874a352a4acb569577d4cf6527f4f074
e21473f88c613ca33ba6bbe1e0cab338274a06744cdcb088f14873c972445b36

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ad09c5e-a115-4ff7-9742-809e93046365.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4426
x-amzn-requestid: b5b68557-e46d-41cd-9b11-d996aabc0de7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzfYTHHFIAMFjFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631145ce-1d3504367cf6ef724a345564;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 23:52:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: GSRJIWisH465dPqbKyPj1iZk1jAu3RGrgwj1CX3X8A397zv9Nt0cHA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 21:47:54 GMT
age: 71114
etag: "fc766bca874a352a4acb569577d4cf6527f4f074"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8eb6cd09-3bf5-48ad-bcab-4b0b05db8dcf.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10770 bytes)
Hash
5231760bb81282416f2bd27a4261099e
e3e743b349fd5cb399d4cef4a0877dcc8e2f44f9
e0762821086503aef75013b60a4e340d6fbf9b1006fc7f8b4e079440afce8c67

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8eb6cd09-3bf5-48ad-bcab-4b0b05db8dcf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10770
x-amzn-requestid: c6d80cff-8d44-4589-bcf1-1f5a0ab199b8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X9Ey3GH4IAMF6KQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63151b45-2628cc83263aeeb14ce444ef;Sampled=0
x-amzn-remapped-date: Sun, 04 Sep 2022 21:40:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: eEuQFQAkBAHlIYBRrvaJ1qjT09ezTNaL67wa77h1wS8fHc5oWi91aQ==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 21:45:28 GMT
age: 71260
etag: "e3e743b349fd5cb399d4cef4a0877dcc8e2f44f9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F69b1e092-41e6-4f1e-b330-193f7dd11afc.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.8 kB (7830 bytes)
Hash
290f6551c5ac539ea60810b135750f17
3633391a8dd87ef10fcb0d04d7b309738affc4a7
d94d133faaf232cf15b5c3f38f5b45d87d70bce0668d607b5c66a8d3f836540f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F69b1e092-41e6-4f1e-b330-193f7dd11afc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7830
x-amzn-requestid: c56af3b5-2c48-4243-b220-d56a9be47990
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X9Ey3H4JoAMFiMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63151b45-23ec24d867e3e5906fffa1a6;Sampled=0
x-amzn-remapped-date: Sun, 04 Sep 2022 21:40:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: fpKQlxOtyRwaZk2FUf11J62jlqcAvXgOQT-ipFQm6qW-dMHyXaEnNg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 21:49:31 GMT
age: 71017
etag: "3633391a8dd87ef10fcb0d04d7b309738affc4a7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F074d7790-a0c5-48fe-9814-807d02b9ea17.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.3 kB (8331 bytes)
Hash
2c0d77a2b715f8f2547f11cc5674432b
51ca3fc7e7048f035f79c4e425197bc618671b8c
34cad56ca82b17b5df4c010eecb2c7ea348faec15d33fa4b294c0ed46e2c5de8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F074d7790-a0c5-48fe-9814-807d02b9ea17.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8331
x-amzn-requestid: 53b40605-8cb6-4c36-931f-67be541289e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5wigGtToAMFscw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c7a9-645ce10e6bd850f84fcbf256;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:31:21 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: DJAQDwsUdDSWWA1iy08hyF0GftEQsVvFQC1Z2HUOD-moV7fKy1IMbg==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 22:09:19 GMT
age: 69829
etag: "51ca3fc7e7048f035f79c4e425197bc618671b8c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-rg.woff

63.250.43.136

404 Not Found

146 B

URL HTTP/2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-rg.woff
IP
63.250.43.136:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /N%C2%B0GF0027/26757DE/track/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-rg.woff HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/clientlibs-head.min.783de552212b14576d1cd21a45f04b08.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Mon, 05 Sep 2022 17:33:07 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-bd.woff

63.250.43.136

404 Not Found

146 B

URL HTTP/2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-bd.woff
IP
63.250.43.136:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /N%C2%B0GF0027/26757DE/track/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-bd.woff HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/clientlibs-head.min.783de552212b14576d1cd21a45f04b08.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Mon, 05 Sep 2022 17:33:07 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-cdblk.woff

63.250.43.136

404 Not Found

146 B

URL HTTP/2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-cdblk.woff
IP
63.250.43.136:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /N%C2%B0GF0027/26757DE/track/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-cdblk.woff HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/clientlibs-head.min.783de552212b14576d1cd21a45f04b08.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Mon, 05 Sep 2022 17:33:07 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

www.dhl.de/etc.clientlibs/redesign/clientlibs/static/resources/favicons/android-chrome-192x192.png

23.14.14.78

200 OK

1.1 kB

URL HTTP/2
www.dhl.de/etc.clientlibs/redesign/clientlibs/static/resources/favicons/android-chrome-192x192.png
IP
23.14.14.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 192x192, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
1.1 kB (1130 bytes)
Hash
f40dea218a7cd4ed03b5daadb04b7d36
548c19b793a4af9adc647206a9e5a34866067e73
97d10bb1dd52bf50f217b414913db126771d4d2cb96439054891d0b0e08667ac

HTTP Headers

GET /etc.clientlibs/redesign/clientlibs/static/resources/favicons/android-chrome-192x192.png HTTP/1.1
Host: www.dhl.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Fri, 02 Sep 2022 14:04:05 GMT
server: Akamai Image Manager
x-serial: 1409
x-check-cacheable: YES
content-length: 1130
content-type: image/webp
cache-control: private, no-transform, max-age=43200
expires: Tue, 06 Sep 2022 05:33:08 GMT
date: Mon, 05 Sep 2022 17:33:08 GMT
set-cookie: akaalb_wwwdhldealb=~op=www_dhl_de_alb:wwwdhlde|~rv=67~m=wwwdhlde:0|~os=06f548fb0da0a4ee62020bebc018f01f~id=ef6cd683beb0a5a0e8c8e4fcca7203a4; path=/; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2

www.dhl.de/etc.clientlibs/redesign/clientlibs/static/resources/favicons/favicon-16x16.png

23.14.14.78

200 OK

128 B

URL HTTP/2
www.dhl.de/etc.clientlibs/redesign/clientlibs/static/resources/favicons/favicon-16x16.png
IP
23.14.14.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 16x16, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
128 B (128 bytes)
Hash
08ccdeda510b580a3756d7b8c6cbd09a
30bb5c6b60d96da7a33f585b8498993a796381dd
f7ce4c35e81a5cd1ea2fa5c2d0d4fa47735f33d88812bb5af0b9c8e0d8f2355d

HTTP Headers

GET /etc.clientlibs/redesign/clientlibs/static/resources/favicons/favicon-16x16.png HTTP/1.1
Host: www.dhl.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Fri, 02 Sep 2022 14:04:07 GMT
server: Akamai Image Manager
content-length: 128
content-type: image/webp
cache-control: private, no-transform, max-age=43200
expires: Tue, 06 Sep 2022 05:33:08 GMT
date: Mon, 05 Sep 2022 17:33:08 GMT
set-cookie: akaalb_wwwdhldealb=~op=www_dhl_de_alb:wwwdhlde|~rv=91~m=wwwdhlde:0|~os=06f548fb0da0a4ee62020bebc018f01f~id=ef5ad469e755cbd7242902389644e54d; path=/; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2

globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/AppMeasurement.min.js.t%C3%A9l%C3%A9chargement

63.250.43.136

200 OK

0 B

URL HTTP/2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/AppMeasurement.min.js.t%C3%A9l%C3%A9chargement
IP
63.250.43.136:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/AppMeasurement.min.js.t%C3%A9l%C3%A9chargement HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:37:40 GMT
content-type: application/octet-stream
content-length: 33797
last-modified: Mon, 05 Sep 2022 11:37:07 GMT
etag: "6315df63-8405"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
x-cacheable: YES
age: 21326
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/otBannerSdk.js.t%C3%A9l%C3%A9chargement

63.250.43.136

200 OK

0 B

URL HTTP/2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/otBannerSdk.js.t%C3%A9l%C3%A9chargement
IP
63.250.43.136:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/otBannerSdk.js.t%C3%A9l%C3%A9chargement HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:37:40 GMT
content-type: application/octet-stream
content-length: 345623
last-modified: Mon, 05 Sep 2022 11:37:07 GMT
etag: "6315df63-54617"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
x-cacheable: YES
age: 21326
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/otBannerSdk.js.t%C3%A9l%C3%A9chargement

63.250.43.136

200 OK

0 B

URL HTTP/2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/otBannerSdk.js.t%C3%A9l%C3%A9chargement
IP
63.250.43.136:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/otBannerSdk.js.t%C3%A9l%C3%A9chargement HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:37:40 GMT
content-type: application/octet-stream
content-length: 345623
last-modified: Mon, 05 Sep 2022 11:37:07 GMT
etag: "6315df63-54617"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
x-cacheable: YES
age: 21327
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/clientlibs-head.min.fb0e18bb35d6bd0435c75b800052a84f.js.t%C3%A9l%C3%A9chargement

63.250.43.136

200 OK

0 B

URL HTTP/2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/clientlibs-head.min.fb0e18bb35d6bd0435c75b800052a84f.js.t%C3%A9l%C3%A9chargement
IP
63.250.43.136:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/clientlibs-head.min.fb0e18bb35d6bd0435c75b800052a84f.js.t%C3%A9l%C3%A9chargement HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:37:40 GMT
content-type: application/octet-stream
content-length: 123014
last-modified: Mon, 05 Sep 2022 11:37:07 GMT
etag: "6315df63-1e086"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
x-cacheable: YES
age: 21326
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations