Report - get.mychilla.co.za/telekom/ios/oauth2/index.php

Report Overview

Submitted URL
get.mychilla.co.za/telekom/ios/oauth2/index.php
IP
165.73.84.228
ASN
#37611 Afrihost
Submitted
2022-11-27 13:45:25
Access
Website Title
Final URL
Tags
None
urlquery detections
Phishing - Deutsche Telekom
Phishing - Deutsche Telekom

Detections

urlquery
11
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
lns-ev.xplosion.de	318008	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	454 B	336 B	52.51.179.0
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.41.252.32
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	72 kB	34.120.237.76
accounts.login.idm.telekom.com	91730	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.4 kB	235 kB	62.157.140.200
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	7.1 kB	23.36.76.226
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
ocsp.serverpass.telesec.de	29467	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	355 B	1.8 kB	80.158.61.91
pix.telekom.de	165388	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	573 B	921 B	185.54.150.52
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
get.mychilla.co.za	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.6 kB	110 kB	165.73.84.228
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	340 B	963 B	104.18.32.68
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.6 kB	93.184.220.29
xdn-ttp.de	309350	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	431 B	462 B	80.82.200.32
ocsp.telesec.de	45319	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	8.4 kB	80.158.50.254

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	get.mychilla.co.za/telekom/ios/oauth2/index.php	156 B	2023-03-07	2024-04-18
Pretty URL get.mychilla.co.za/telekom/ios/oauth2/index.php IP 165.73.84.228 ASN #37611 Afrihost Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:27:42 Last Seen2024-04-18 08:21:56 Times Seen89 Hash 2b464024fb37722468d82877d77301df 56669685bdbc696ca248d03ef84059af25e74b1b eb30f29d0241a6617af445116127d2351ba39f3ccd5229efb98364f2aa68b387 Loading...

	get.mychilla.co.za/telekom/ios/static/factorx/js/jquery-3.2.1.min.js	87 kB	2023-03-07	2024-04-25
Pretty URL get.mychilla.co.za/telekom/ios/static/factorx/js/jquery-3.2.1.min.js IP 165.73.84.228 ASN #37611 Afrihost Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-25 17:18:33 Times Seen62414 Hash c9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Loading...

	get.mychilla.co.za/telekom/ios/static/factorx/js/components.min.js	78 kB	2023-03-07	2024-04-18
Pretty URL get.mychilla.co.za/telekom/ios/static/factorx/js/components.min.js IP 165.73.84.228 ASN #37611 Afrihost Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:27:42 Last Seen2024-04-18 08:21:56 Times Seen230 Hash 86ccc7913cdb65bebdce717ee74888cb ec056f2c92b0aea18f6a2cfabe197139d84a07b6 42d274b3c3f7c6565c2f3cc9b009770f143ceca121b91bc25f844f7040f18c94 Loading...

	get.mychilla.co.za/telekom/ios/static/factorx/js/jquery-matchheight-0.7.2.min.js	3.4 kB	2023-03-07	2024-04-18
Pretty URL get.mychilla.co.za/telekom/ios/static/factorx/js/jquery-matchheight-0.7.2.min.js IP 165.73.84.228 ASN #37611 Afrihost Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:27:42 Last Seen2024-04-18 08:21:56 Times Seen204 Hash 65ff1cbc70086a20b9658570355b1115 99e414bb56c5a6ae55eea044836b44e9ad465029 6ebd3995a2d04fc1550f8d025400411954fdb51dcaa24def899d8fc33b2504a7 Loading...

	get.mychilla.co.za/telekom/ios/static/factorx/js/login.js	18 kB	2023-03-07	2024-03-09
Pretty URL get.mychilla.co.za/telekom/ios/static/factorx/js/login.js IP 165.73.84.228 ASN #37611 Afrihost Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:27:42 Last Seen2024-03-09 17:18:28 Times Seen31 Hash 7e034152ccf2f01381a696c2f6e3ed9a 652cf0442283382bc37a647a7b854b1da27e5f92 295d169c7fffd85246d74c76766fe54f5f28658c0229d5ad2294a561ccf45340 Loading...

HTTP Transactions (48)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cdbad2434b7d127a4fc769807a9dc3e7
fa98cd9fc2309ab4423f33f683d17bdb17d76713
560cbbb751ab2884024da3b93fba6bc45c6434797dba72a98c05e7fc2bb94bc1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "560CBBB751AB2884024DA3B93FBA6BC45C6434797DBA72A98C05E7FC2BB94BC1"
Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2562
Expires: Sun, 27 Nov 2022 14:27:56 GMT
Date: Sun, 27 Nov 2022 13:45:14 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
64b2a23eab6e5ae8c010ec7242be930c
0673e4385ba01a5a245711bab96cafc34f765793
64751d193f7af72431e9689581faffcae1a30ff50ea425697b2b80ff61c87909

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5509
Cache-Control: max-age=166668
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 13:45:14 GMT
Etag: "63833c71-1d7"
Expires: Tue, 29 Nov 2022 12:03:02 GMT
Last-Modified: Sun, 27 Nov 2022 10:31:13 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
71f9c681a82440fd55e76c780a20e55d
3147768cfbcdd06e0c6e69684292e68e99917a80
5ea71ce6dd9e927f9bb3f97f59cc1ac7dc25a949024815965b29bc5835614786

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2389
Expires: Sun, 27 Nov 2022 14:25:03 GMT
Date: Sun, 27 Nov 2022 13:45:14 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 27 Nov 2022 13:19:22 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1552
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: LKf4KrRXeu0cYFHLxgXVgnqbESDUkjvhe/zwNNVuLOm/XMWcDjMyuKGPUsYZCqlTJ+EqDsfhwyI=
x-amz-request-id: FHW7A2QG03TX9FYG
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 27 Nov 2022 13:41:39 GMT
age: 215
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

get.mychilla.co.za/telekom/ios/oauth2/index.php

165.73.84.228

200 OK

3.3 kB

URL HTTP/1.1
get.mychilla.co.za/telekom/ios/oauth2/index.php
IP
165.73.84.228:0
ASN
#37611 Afrihost

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (894)
Size
3.3 kB (3259 bytes)
Hash
c4129e6509a9a50d14649e440690a850
cefd702e0901f8fb36332c684a13c5d4098e1d58
b8607c7debe6a4c4e73a45cff747360c43ddbd96c1788a814ee797aef133b29a

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Deutsche Telekom

HTTP Headers

GET /telekom/ios/oauth2/index.php HTTP/1.1
Host: get.mychilla.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 13:45:14 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=d7101a12f94f09105d6d5983c8bb5515; path=/
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 3259
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 13:45:14 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

get.mychilla.co.za/telekom/ios/static/factorx/css/login-24.05.1.css

165.73.84.228

200 OK

3.6 kB

URL HTTP/1.1
get.mychilla.co.za/telekom/ios/static/factorx/css/login-24.05.1.css
IP
165.73.84.228:0
ASN
#37611 Afrihost

File type
ASCII text, with very long lines (18251)
Size
3.6 kB (3644 bytes)
Hash
ac19a77f96c7836c7aae7bb28ae252ec
ad1d1bdefbe1cebec00b4d6d6baae2b30af8e7bd
8b90832afc5c2605fdf70ea57934385f100cd98bceb8396add74ebb8299f0167

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Deutsche Telekom

HTTP Headers

GET /telekom/ios/static/factorx/css/login-24.05.1.css HTTP/1.1
Host: get.mychilla.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.mychilla.co.za/telekom/ios/oauth2/index.php
Cookie: PHPSESSID=d7101a12f94f09105d6d5983c8bb5515

HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 13:45:14 GMT
Server: Apache
Last-Modified: Tue, 25 Oct 2022 13:17:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 3644
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

ocsp.serverpass.telesec.de/ocspr

80.158.61.91

200 OK

1.6 kB

URL HTTP/1.1
ocsp.serverpass.telesec.de/ocspr
IP
80.158.61.91:0
ASN
#6878 T-Systems International GmbH

File type
data
Size
1.6 kB (1583 bytes)
Hash
b718e7fea2e495668213e4899d698754
443b1d7cbb422ed45b4dd91a625da4c7b38bc16b
edd79588a5a3d901bfa44dff25e98c10995ddd2168c643147f5820fb20fbc4e3

HTTP Headers

POST /ocspr HTTP/1.1
Host: ocsp.serverpass.telesec.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 13:45:14 GMT
Server: Apache
Cache-Control: must-revalidate,no-cache,no-store
Content-Type: application/ocsp-response
Content-Length: 1583
Connection: close

pix.telekom.de/196380495960676/wt?p=441,www.telekom.de.privatkunden.login-idm-id,0,0,0,0,0,0,0,0&cg1=www.telekom.de&cg2=login&cg8=privatkunden&cg9=login-idm-id&cp19=653721ea-4998-4e08-8208-8d9e1dedf6ff

185.54.150.52

200 OK

43 B

URL HTTP/2
pix.telekom.de/196380495960676/wt?p=441,www.telekom.de.privatkunden.login-idm-id,0,0,0,0,0,0,0,0&cg1=www.telekom.de&cg2=login&cg8=privatkunden&cg9=login-idm-id&cp19=653721ea-4998-4e08-8208-8d9e1dedf6ff
IP
185.54.150.52:0
ASN
#60164 Webtrekk GmbH

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

HTTP Headers

GET /196380495960676/wt?p=441,www.telekom.de.privatkunden.login-idm-id,0,0,0,0,0,0,0,0&cg1=www.telekom.de&cg2=login&cg8=privatkunden&cg9=login-idm-id&cp19=653721ea-4998-4e08-8208-8d9e1dedf6ff HTTP/1.1
Host: pix.telekom.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.mychilla.co.za/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
set-cookie: wteid_196380495960676=4166955671400159643; Max-Age=15552000; Expires=Fri, 26 May 2023 13:45:14 GMT; Domain=.telekom.de; Path=/; Httponly; Secure; SameSite=None
wtsid_196380495960676=1; Domain=.telekom.de; Path=/; Httponly; Secure; SameSite=None
wt_nbg_Q3=!kYL7arS7lUeNDPS7MOh2eXQWYSomxrfSaDlk5c/ifAVhoh2AozUtcQ86OgY3ZxprXHftJ+/LiYIRAA==; path=/; Httponly; Secure; SameSite=None
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, private, post-check=0, pre-check=0
pragma: no-cache
last-modified: Sun, 27 Nov 2022 13:45:14 GMT
p3p: policyref="https://q3.webtrekk.net/w3c/p3p.xml", CP="NOI DSP IND COM NAV INT"
x-robots-tag: noindex, nofollow, noarchive
content-type: image/gif;charset=UTF-8
content-length: 43
date: Sun, 27 Nov 2022 13:45:14 GMT
server: c20ad4d7
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 27 Nov 2022 13:11:12 GMT
cache-control: public,max-age=3600
age: 2042
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

get.mychilla.co.za/telekom/ios/static/factorx/js/jquery-matchheight-0.7.2.min.js

165.73.84.228

200 OK

1.4 kB

URL HTTP/1.1
get.mychilla.co.za/telekom/ios/static/factorx/js/jquery-matchheight-0.7.2.min.js
IP
165.73.84.228:0
ASN
#37611 Afrihost

File type
ASCII text, with very long lines (3284)
Size
1.4 kB (1377 bytes)
Hash
d54ea2c2cb99635dfa0e68d86420aaa1
7fac890652b5975f4442bb6519dd2a092e01dbe0
500ff197bd686c85a69db82c873451c73d7d074b51c60e56e711b4aaef67bb88

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Deutsche Telekom

HTTP Headers

GET /telekom/ios/static/factorx/js/jquery-matchheight-0.7.2.min.js HTTP/1.1
Host: get.mychilla.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.mychilla.co.za/telekom/ios/oauth2/index.php
Cookie: PHPSESSID=d7101a12f94f09105d6d5983c8bb5515

HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 13:45:14 GMT
Server: Apache
Last-Modified: Tue, 25 Oct 2022 13:17:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 1377
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

get.mychilla.co.za/telekom/ios/static/factorx/css/components.min.css

165.73.84.228

200 OK

19 kB

URL HTTP/1.1
get.mychilla.co.za/telekom/ios/static/factorx/css/components.min.css
IP
165.73.84.228:0
ASN
#37611 Afrihost

File type
ASCII text, with very long lines (65442)
Size
19 kB (18661 bytes)
Hash
573a9a281bb3be7896dbde1abd50c742
64aaab59fb2e19f6a6d62d682e417c56f7cf21eb
e383b61a6d667b6ddc223e85e049456f0380c9146c1883146bb1f06f222cd34e

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Deutsche Telekom

HTTP Headers

GET /telekom/ios/static/factorx/css/components.min.css HTTP/1.1
Host: get.mychilla.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.mychilla.co.za/telekom/ios/oauth2/index.php
Cookie: PHPSESSID=d7101a12f94f09105d6d5983c8bb5515

HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 13:45:14 GMT
Server: Apache
Last-Modified: Tue, 25 Oct 2022 13:17:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 18661
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

get.mychilla.co.za/telekom/ios/static/factorx/js/login.js

165.73.84.228

200 OK

4.1 kB

URL HTTP/1.1
get.mychilla.co.za/telekom/ios/static/factorx/js/login.js
IP
165.73.84.228:0
ASN
#37611 Afrihost

File type
ASCII text
Size
4.1 kB (4099 bytes)
Hash
8def8eb34f535ceff662420e29ae231d
97c980782f495d285c3addb7778163520c27c5a0
5d77d96b15b00a63d5ca52cc274154bddbd3670243aa406885f987186eae4849

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Deutsche Telekom

HTTP Headers

GET /telekom/ios/static/factorx/js/login.js HTTP/1.1
Host: get.mychilla.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.mychilla.co.za/telekom/ios/oauth2/index.php
Cookie: PHPSESSID=d7101a12f94f09105d6d5983c8bb5515

HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 13:45:14 GMT
Server: Apache
Last-Modified: Tue, 25 Oct 2022 13:17:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 4099
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
a6fee11dfe1b88cd768a0ca3e2bd0c89
59cec9a44a4a92467678afe65f347f68641a2174
50870c499aae4d5dfd6df25a36cd04b6d185b66ef0590e46933984bf52e2483f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3535
Cache-Control: max-age=159632
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 13:45:15 GMT
Etag: "638328ac-1d7"
Expires: Tue, 29 Nov 2022 10:05:47 GMT
Last-Modified: Sun, 27 Nov 2022 09:06:52 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471

get.mychilla.co.za/telekom/ios/static/factorx/js/jquery-3.2.1.min.js

165.73.84.228

200 OK

30 kB

URL HTTP/1.1
get.mychilla.co.za/telekom/ios/static/factorx/js/jquery-3.2.1.min.js
IP
165.73.84.228:0
ASN
#37611 Afrihost

File type
ASCII text, with very long lines (32058)
Size
30 kB (30138 bytes)
Hash
3430607b4301113ad9394c9260eef3f0
8c4db68b161b17e31be300e968a30ab0116b3193
31e4d11375322cd6f94dba7338570426f2412d6c5fa670427966d45c3648098c

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Deutsche Telekom

HTTP Headers

GET /telekom/ios/static/factorx/js/jquery-3.2.1.min.js HTTP/1.1
Host: get.mychilla.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.mychilla.co.za/telekom/ios/oauth2/index.php
Cookie: PHPSESSID=d7101a12f94f09105d6d5983c8bb5515

HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 13:45:14 GMT
Server: Apache
Last-Modified: Tue, 25 Oct 2022 13:17:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 30138
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

get.mychilla.co.za/telekom/ios/static/factorx/js/components.min.js

165.73.84.228

200 OK

23 kB

URL HTTP/1.1
get.mychilla.co.za/telekom/ios/static/factorx/js/components.min.js
IP
165.73.84.228:0
ASN
#37611 Afrihost

File type
ASCII text, with very long lines (32048)
Size
23 kB (22815 bytes)
Hash
3c165c51fd50284feaf24abc654e957c
1501a4df0920eee81224e3295e8425e4ac16bf47
ac56b4d7059a479097a857ec00ec891371c051661c633cb40d24c4d50de12824

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Deutsche Telekom

HTTP Headers

GET /telekom/ios/static/factorx/js/components.min.js HTTP/1.1
Host: get.mychilla.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.mychilla.co.za/telekom/ios/oauth2/index.php
Cookie: PHPSESSID=d7101a12f94f09105d6d5983c8bb5515

HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 13:45:14 GMT
Server: Apache
Last-Modified: Tue, 25 Oct 2022 13:17:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 22815
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
2224930bd07e7963e93f44b12dfeec3b
5257d5c98adcd580f667d09820b3789f11a01b9a
1cdfd29755d284fb7609ec7f2c19bd7ddbfed0a97d029c970e6c63ffe857cf28

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 13:45:15 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 01:14:40 GMT
Expires: Sat, 03 Dec 2022 01:14:39 GMT
Etag: "5257d5c98adcd580f667d09820b3789f11a01b9a"
Cache-Control: max-age=472763,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 770b4d9a9ed8b51d-OSL

xdn-ttp.de/lns/import-event-0746?zid=653721ea-4998-4e08-8208-8d9e1dedf6ff

80.82.200.32

302 Found

0 B

URL HTTP/1.1
xdn-ttp.de/lns/import-event-0746?zid=653721ea-4998-4e08-8208-8d9e1dedf6ff
IP
80.82.200.32:0
ASN
#48173 The Unbelievable Machine Company GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /lns/import-event-0746?zid=653721ea-4998-4e08-8208-8d9e1dedf6ff HTTP/1.1
Host: xdn-ttp.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.mychilla.co.za/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Date: Sun, 27 Nov 2022 13:45:15 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS, PUT
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
Location: https://lns-ev.xplosion.de/xdn-import/import-event?zid=653721ea-4998-4e08-8208-8d9e1dedf6ff&partner=0746
Content-Length: 0
Server: Jetty(9.4.48.v20220622)

get.mychilla.co.za/telekom/ios/static/factorx/images/services.png

165.73.84.228

200 OK

23 kB

URL HTTP/1.1
get.mychilla.co.za/telekom/ios/static/factorx/images/services.png
IP
165.73.84.228:0
ASN
#37611 Afrihost

File type
PNG image data, 270 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
23 kB (22647 bytes)
Hash
70e3abc323721940a3fde12ec5a337cb
cd37490fee37309e370e0a4d73a29eac2b49d007
14977cb7057352ad7715b93dec52f4993fc16980836d03b64f79566e8c9bec22

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Deutsche Telekom

HTTP Headers

GET /telekom/ios/static/factorx/images/services.png HTTP/1.1
Host: get.mychilla.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.mychilla.co.za/telekom/ios/oauth2/index.php
Cookie: PHPSESSID=d7101a12f94f09105d6d5983c8bb5515

HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 13:45:15 GMT
Server: Apache
Last-Modified: Tue, 25 Oct 2022 13:17:50 GMT
Accept-Ranges: bytes
Content-Length: 22647
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

push.services.mozilla.com/

52.41.252.32

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.41.252.32:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: D9+lZPCQeohu/t7TsVZTBQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Src3TKKz5pf75493stnJEe1ufGY=

ocsp.telesec.de/ocspr

80.158.50.254

200 OK

1.5 kB

URL HTTP/1.1
ocsp.telesec.de/ocspr
IP
80.158.50.254:0
ASN
#6878 T-Systems International GmbH

File type
data
Size
1.5 kB (1479 bytes)
Hash
7285c539857777c8dc4c86c984fe0fa8
de3b60870f5e14d970ce0857959b672ade6affc3
0d8cb8815d6e8aa2afede83635e67afc0bb24b51b3d9464c668a93ac4ca6ad7c

HTTP Headers

POST /ocspr HTTP/1.1
Host: ocsp.telesec.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 13:45:15 GMT
Server: Apache
Cache-Control: must-revalidate,no-cache,no-store
Content-Type: application/ocsp-response
Content-Length: 1479
Connection: close

ocsp.telesec.de/ocspr

80.158.50.254

200 OK

1.5 kB

URL HTTP/1.1
ocsp.telesec.de/ocspr
IP
80.158.50.254:0
ASN
#6878 T-Systems International GmbH

File type
data
Size
1.5 kB (1479 bytes)
Hash
7285c539857777c8dc4c86c984fe0fa8
de3b60870f5e14d970ce0857959b672ade6affc3
0d8cb8815d6e8aa2afede83635e67afc0bb24b51b3d9464c668a93ac4ca6ad7c

HTTP Headers

POST /ocspr HTTP/1.1
Host: ocsp.telesec.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 13:45:15 GMT
Server: Apache
Cache-Control: must-revalidate,no-cache,no-store
Content-Type: application/ocsp-response
Content-Length: 1479
Connection: close

ocsp.telesec.de/ocspr

80.158.50.254

200 OK

1.5 kB

URL HTTP/1.1
ocsp.telesec.de/ocspr
IP
80.158.50.254:0
ASN
#6878 T-Systems International GmbH

File type
data
Size
1.5 kB (1479 bytes)
Hash
7285c539857777c8dc4c86c984fe0fa8
de3b60870f5e14d970ce0857959b672ade6affc3
0d8cb8815d6e8aa2afede83635e67afc0bb24b51b3d9464c668a93ac4ca6ad7c

HTTP Headers

POST /ocspr HTTP/1.1
Host: ocsp.telesec.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 13:45:15 GMT
Server: Apache
Cache-Control: must-revalidate,no-cache,no-store
Content-Type: application/ocsp-response
Content-Length: 1479
Connection: close

ocsp.telesec.de/ocspr

80.158.50.254

200 OK

1.5 kB

URL HTTP/1.1
ocsp.telesec.de/ocspr
IP
80.158.50.254:0
ASN
#6878 T-Systems International GmbH

File type
data
Size
1.5 kB (1479 bytes)
Hash
7285c539857777c8dc4c86c984fe0fa8
de3b60870f5e14d970ce0857959b672ade6affc3
0d8cb8815d6e8aa2afede83635e67afc0bb24b51b3d9464c668a93ac4ca6ad7c

HTTP Headers

POST /ocspr HTTP/1.1
Host: ocsp.telesec.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 13:45:15 GMT
Server: Apache
Cache-Control: must-revalidate,no-cache,no-store
Content-Type: application/ocsp-response
Content-Length: 1479
Connection: close

ocsp.telesec.de/ocspr

80.158.50.254

200 OK

1.5 kB

URL HTTP/1.1
ocsp.telesec.de/ocspr
IP
80.158.50.254:0
ASN
#6878 T-Systems International GmbH

File type
data
Size
1.5 kB (1479 bytes)
Hash
7285c539857777c8dc4c86c984fe0fa8
de3b60870f5e14d970ce0857959b672ade6affc3
0d8cb8815d6e8aa2afede83635e67afc0bb24b51b3d9464c668a93ac4ca6ad7c

HTTP Headers

POST /ocspr HTTP/1.1
Host: ocsp.telesec.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 13:45:15 GMT
Server: Apache
Cache-Control: must-revalidate,no-cache,no-store
Content-Type: application/ocsp-response
Content-Length: 1479
Connection: close

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6391
Expires: Sun, 27 Nov 2022 15:31:46 GMT
Date: Sun, 27 Nov 2022 13:45:15 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6391
Expires: Sun, 27 Nov 2022 15:31:46 GMT
Date: Sun, 27 Nov 2022 13:45:15 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6391
Expires: Sun, 27 Nov 2022 15:31:46 GMT
Date: Sun, 27 Nov 2022 13:45:15 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6391
Expires: Sun, 27 Nov 2022 15:31:46 GMT
Date: Sun, 27 Nov 2022 13:45:15 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6391
Expires: Sun, 27 Nov 2022 15:31:46 GMT
Date: Sun, 27 Nov 2022 13:45:15 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa78e81d9-dbc4-4911-9711-219f64026531.jpeg

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa78e81d9-dbc4-4911-9711-219f64026531.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10944 bytes)
Hash
5e586c141835f4ac8819c55dcb811b4d
a23fd98701ac35cd8740d1f7a832118c770e20c8
4296f391f755a649897a2211f9072c69a0510e43a313674908bb0a771b12650e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa78e81d9-dbc4-4911-9711-219f64026531.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10944
x-amzn-requestid: ed714e4a-0f80-4b2d-ae82-b28d617fe927
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b42xTGpSoAMF9Vw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6379d1a1-1235a4ad16a6bfee50615fbb;Sampled=0
x-amzn-remapped-date: Sun, 20 Nov 2022 07:05:05 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: UzVSiMniBPN9LTEIutLmWn7BZX7d5RWIxtH0H-RpLfIGqdIBTovGMg==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 28fdf6e146f70e7372911f118404fb20.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 22:36:11 GMT
age: 54544
etag: "a23fd98701ac35cd8740d1f7a832118c770e20c8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcfaef414-0c01-4bb9-800d-29da0ef5607d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.4 kB (8387 bytes)
Hash
4e97baa4851785eac92c719abf481c64
c32a57038d3cdbc514c9081c9938eca6a04fb481
adb59e982648082e5421f58899a5331b2747e9d45be33c495fbe3ab8cc872b22

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcfaef414-0c01-4bb9-800d-29da0ef5607d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8387
x-amzn-requestid: e4ce369f-7654-4c1a-94c2-70c913eb1a01
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cFL0tEcqIAMFXHw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637ec01d-37bd969f4cdfe220096b8c1f;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 00:51:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: __2hrJIdzCKzhuJ_YfbSSfz-WwyIqnPugk7P6SuYSjn6b2wwm0otCw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 20:58:18 GMT
age: 60417
etag: "c32a57038d3cdbc514c9081c9938eca6a04fb481"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F661e728e-05a1-40d9-ae81-c058443324b3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.9 kB (9926 bytes)
Hash
892849386662d30042f01ab952a3ec14
3b349ac17a00d68875e64bee110ec85d07cffda2
893797d55f15081d45af7a31af9fefe106ace9ba236e9b113787d07ab416faf9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F661e728e-05a1-40d9-ae81-c058443324b3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9926
x-amzn-requestid: b03f4d3b-b144-4466-ab11-96c8201d75a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b8Je2G_NIAMFZRw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637b22c5-5ef5e11a198cd8202372d8da;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 07:03:33 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Eeu-CbRcm2Zv8ZVXNO3vhUt2shbKNQZ1YqsxCMk96twd7zL_rceGYg==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 22:05:31 GMT
age: 56384
etag: "3b349ac17a00d68875e64bee110ec85d07cffda2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.8 kB (4803 bytes)
Hash
cc0a257323f882caff067adb86d906e4
cedf2f21be7cd366bd46055b62b5513db3011dfc
c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4803
x-amzn-requestid: 80f7f1c8-0316-4181-83ac-2787b1ae825f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iFHoIAMF2-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-2c0a081b07e0785b4350c10c;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: AVwDLlKoy5pc9NNuR_OakMB0ONGAoO-k2AKwV--b2sjiaqYSKAWlZg==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:51:37 GMT
age: 57218
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53b989dd-5b05-43e6-807e-30a5611591c1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12505 bytes)
Hash
9443750de7962c9e235cbb6dbda24df0
05de7f68103849bd0cd80a704ef97685d0150800
d84e37f9bfd9888a385364c52cdc0d817aa680ee0a83e579ca1f1083f1131468

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53b989dd-5b05-43e6-807e-30a5611591c1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12505
x-amzn-requestid: a89c780f-e1a4-451e-842b-656ba43958be
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVOeHzfIAMFpGQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381358f-3478b6c81d94ec65388bd3da;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:37:19 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: mUic7CJjKQ8l7EKhTTSs2LTLaCqnVQUBuxzmfzET4TwSa_LX8na-MA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 20:31:35 GMT
age: 62020
etag: "05de7f68103849bd0cd80a704ef97685d0150800"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

accounts.login.idm.telekom.com/static/factorx/images/data_protection.svg

62.157.140.200

200 OK

673 B

URL HTTP/2
accounts.login.idm.telekom.com/static/factorx/images/data_protection.svg
IP
62.157.140.200:0
ASN
#3320 Deutsche Telekom AG

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text
Size
673 B (673 bytes)
Hash
ba732830349cf7e4d2bfbbdf64db1466
35c2682d012268440adda739df7f32a0f5985c0f
53637a2d4745687c07969427a743c6b9207b3ba6e261fa19a61cccaab46eb316

HTTP Headers

GET /static/factorx/images/data_protection.svg HTTP/1.1
Host: accounts.login.idm.telekom.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.mychilla.co.za/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Wed, 25 Nov 2020 05:40:34 GMT
accept-ranges: bytes
content-length: 673
cache-control: public
expires: Sun, 27 Nov 2022 14:45:15 GMT
sh: 48a2a2f8015144cc8362d02caadc02cf
p3p: CP="NOI CURa TAIa OUR NOR UNI"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/svg+xml
date: Sun, 27 Nov 2022 13:45:15 GMT
server: Apache
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10199 bytes)
Hash
2cd887044e91d7ed0f1a8d7119ff7dd0
ae8aa4ce6ddaccba771fe65446926b60fc5628da
bad283c15531000b7a8c126d442154b64a880cc26196a46cbd2e6266a526db67

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10199
x-amzn-requestid: baee3bbe-7ded-425a-ae39-fccfc8169217
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iF1VIAMF09g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-5522727b2f09b27e63b23270;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CXOqm7bjsSV0aJBTkTI7LsMovjgPeISPt3sZotEc7CjZnUL_y4_OoQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:51:41 GMT
age: 57214
etag: "ae8aa4ce6ddaccba771fe65446926b60fc5628da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

accounts.login.idm.telekom.com/static/factorx/fonts/telegroteskscreen-ultra.woff

62.157.140.200

200 OK

53 kB

URL HTTP/2
accounts.login.idm.telekom.com/static/factorx/fonts/telegroteskscreen-ultra.woff
IP
62.157.140.200:0
ASN
#3320 Deutsche Telekom AG

File type
Web Open Font Format, TrueType, length 53428, version 1.0\012- data
Size
53 kB (53428 bytes)
Hash
5c389a411627b7bedab70df1ef5e0ca2
9cd8f2eb2d2467258f17f51a10cd62dafb3bd9c6
3b6317d7c6288f6380f182e8bdc16b4cea82df91bc0f0209dfbce457b3e16910

HTTP Headers

GET /static/factorx/fonts/telegroteskscreen-ultra.woff HTTP/1.1
Host: accounts.login.idm.telekom.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://get.mychilla.co.za
Connection: keep-alive
Referer: http://get.mychilla.co.za/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Wed, 25 Nov 2020 05:40:33 GMT
accept-ranges: bytes
content-length: 53428
cache-control: public
expires: Sun, 04 Dec 2022 13:45:15 GMT
access-control-allow-origin: http://get.mychilla.co.za
sh: 51fb2b016fdae5ec79978616b9e41e94
p3p: CP="NOI CURa TAIa OUR NOR UNI"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-font-woff
date: Sun, 27 Nov 2022 13:45:15 GMT
server: Apache
X-Firefox-Spdy: h2

accounts.login.idm.telekom.com/static/factorx/fonts/telegroteskscreen-thin.woff

62.157.140.200

200 OK

58 kB

URL HTTP/2
accounts.login.idm.telekom.com/static/factorx/fonts/telegroteskscreen-thin.woff
IP
62.157.140.200:0
ASN
#3320 Deutsche Telekom AG

File type
Web Open Font Format, TrueType, length 58248, version 1.0\012- data
Size
58 kB (58248 bytes)
Hash
8b89ab4ea001775d72ba921b09ac4b96
f483b6124328aa884413f62396c7a75f18cf7204
3c3cff57406992d5b880806e120965b2a77f6a9ac1bbe7a781bfc9f752b4ab5c

HTTP Headers

GET /static/factorx/fonts/telegroteskscreen-thin.woff HTTP/1.1
Host: accounts.login.idm.telekom.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://get.mychilla.co.za
Connection: keep-alive
Referer: http://get.mychilla.co.za/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Wed, 25 Nov 2020 05:40:33 GMT
accept-ranges: bytes
content-length: 58248
cache-control: public
expires: Sun, 04 Dec 2022 13:45:15 GMT
access-control-allow-origin: http://get.mychilla.co.za
sh: 51fb2b016fdae5ec79978616b9e41e94
p3p: CP="NOI CURa TAIa OUR NOR UNI"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-font-woff
date: Sun, 27 Nov 2022 13:45:15 GMT
server: Apache
X-Firefox-Spdy: h2

accounts.login.idm.telekom.com/static/factorx/fonts/telegroteskscreen-bold.woff

62.157.140.200

200 OK

54 kB

URL HTTP/2
accounts.login.idm.telekom.com/static/factorx/fonts/telegroteskscreen-bold.woff
IP
62.157.140.200:0
ASN
#3320 Deutsche Telekom AG

File type
Web Open Font Format, TrueType, length 53500, version 1.0\012- data
Size
54 kB (53500 bytes)
Hash
a1f05af86de48779a73dda888042a2ca
3be31c9362c1bd05383d467a182958eaa079691b
dff75c72abbd5b70b8cf2acb31155760116d14517cc89b81d00285da85306497

HTTP Headers

GET /static/factorx/fonts/telegroteskscreen-bold.woff HTTP/1.1
Host: accounts.login.idm.telekom.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://get.mychilla.co.za
Connection: keep-alive
Referer: http://get.mychilla.co.za/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Wed, 25 Nov 2020 05:40:32 GMT
accept-ranges: bytes
content-length: 53500
cache-control: public
expires: Sun, 04 Dec 2022 13:45:15 GMT
access-control-allow-origin: http://get.mychilla.co.za
sh: 51fb2b016fdae5ec79978616b9e41e94
p3p: CP="NOI CURa TAIa OUR NOR UNI"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-font-woff
date: Sun, 27 Nov 2022 13:45:15 GMT
server: Apache
X-Firefox-Spdy: h2

accounts.login.idm.telekom.com/static/factorx/fonts/teleicon-outline.woff

62.157.140.200

200 OK

8.8 kB

URL HTTP/2
accounts.login.idm.telekom.com/static/factorx/fonts/teleicon-outline.woff
IP
62.157.140.200:0
ASN
#3320 Deutsche Telekom AG

File type
Web Open Font Format, TrueType, length 8824, version 2.200\012- data
Size
8.8 kB (8824 bytes)
Hash
5dc5e36d344b5d8876eb73f451d92e01
fd2835b1428970d8df70e0a29aef6417d60fbf7d
01fa42140c7fd1e43496b320027681e75123e8121c4ff52e7a390a4ec37d9379

HTTP Headers

GET /static/factorx/fonts/teleicon-outline.woff HTTP/1.1
Host: accounts.login.idm.telekom.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://get.mychilla.co.za
Connection: keep-alive
Referer: http://get.mychilla.co.za/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Wed, 25 Nov 2020 05:40:33 GMT
accept-ranges: bytes
content-length: 8824
cache-control: public
expires: Sun, 04 Dec 2022 13:45:15 GMT
access-control-allow-origin: http://get.mychilla.co.za
sh: 51fb2b016fdae5ec79978616b9e41e94
p3p: CP="NOI CURa TAIa OUR NOR UNI"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-font-woff
date: Sun, 27 Nov 2022 13:45:15 GMT
server: Apache
X-Firefox-Spdy: h2

accounts.login.idm.telekom.com/static/factorx/fonts/telegroteskscreen-regular.woff

62.157.140.200

200 OK

55 kB

URL HTTP/2
accounts.login.idm.telekom.com/static/factorx/fonts/telegroteskscreen-regular.woff
IP
62.157.140.200:0
ASN
#3320 Deutsche Telekom AG

File type
Web Open Font Format, TrueType, length 54684, version 1.0\012- data
Size
55 kB (54684 bytes)
Hash
179dec2b30e30c5b09f10478ae273639
1fe138b840993579f42929090c7df61de1a63566
b80effdb6b1baee7ad8a926a027a9f085d0b91a1b52e3a8cf34e9a6b087aad97

HTTP Headers

GET /static/factorx/fonts/telegroteskscreen-regular.woff HTTP/1.1
Host: accounts.login.idm.telekom.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://get.mychilla.co.za
Connection: keep-alive
Referer: http://get.mychilla.co.za/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Wed, 25 Nov 2020 05:40:33 GMT
accept-ranges: bytes
content-length: 54684
cache-control: public
expires: Sun, 04 Dec 2022 13:45:15 GMT
access-control-allow-origin: http://get.mychilla.co.za
sh: 51fb2b016fdae5ec79978616b9e41e94
p3p: CP="NOI CURa TAIa OUR NOR UNI"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-font-woff
date: Sun, 27 Nov 2022 13:45:15 GMT
server: Apache
X-Firefox-Spdy: h2

accounts.login.idm.telekom.com/static/factorx/fonts/teleicon-ui.woff

62.157.140.200

200 OK

2.7 kB

URL HTTP/2
accounts.login.idm.telekom.com/static/factorx/fonts/teleicon-ui.woff
IP
62.157.140.200:0
ASN
#3320 Deutsche Telekom AG

File type
Web Open Font Format, TrueType, length 2736, version 0.0\012- data
Size
2.7 kB (2736 bytes)
Hash
0902a6d34545258aa8a18f304ebae9ba
e0da40bd3f6723cea9cf0554fe6761378353ba48
3cf35b128c4c5dcd9bb0a12bcc009f2e46e382edec4737360a623d0052a6fe34

HTTP Headers

GET /static/factorx/fonts/teleicon-ui.woff HTTP/1.1
Host: accounts.login.idm.telekom.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://get.mychilla.co.za
Connection: keep-alive
Referer: http://get.mychilla.co.za/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Wed, 25 Nov 2020 05:40:33 GMT
accept-ranges: bytes
content-length: 2736
cache-control: public
expires: Sun, 04 Dec 2022 13:45:15 GMT
access-control-allow-origin: http://get.mychilla.co.za
sh: 51fb2b016fdae5ec79978616b9e41e94
p3p: CP="NOI CURa TAIa OUR NOR UNI"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-font-woff
date: Sun, 27 Nov 2022 13:45:15 GMT
server: Apache
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7ea52d6d0655384affa470e52bd70a12
3903de6e78920be9f9a6748e023ce0be4f44abba
5cee71c49b0d5607b677954702811cddccc76af75ee76653955ad2e376ec2162

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5CEE71C49B0D5607B677954702811CDDCCC76AF75EE76653955AD2E376EC2162"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4771
Expires: Sun, 27 Nov 2022 15:04:46 GMT
Date: Sun, 27 Nov 2022 13:45:15 GMT
Connection: keep-alive

lns-ev.xplosion.de/xdn-import/import-event?zid=653721ea-4998-4e08-8208-8d9e1dedf6ff&partner=0746

52.51.179.0

204 No Content

0 B

URL HTTP/1.1
lns-ev.xplosion.de/xdn-import/import-event?zid=653721ea-4998-4e08-8208-8d9e1dedf6ff&partner=0746
IP
52.51.179.0:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /xdn-import/import-event?zid=653721ea-4998-4e08-8208-8d9e1dedf6ff&partner=0746 HTTP/1.1
Host: lns-ev.xplosion.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://get.mychilla.co.za/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: *
Date: Sun, 27 Nov 2022 13:45:15 GMT
Server: fasthttp
Connection: keep-alive

get.mychilla.co.za/favicon.ico

165.73.84.228

404 Not Found

315 B

URL HTTP/1.1
get.mychilla.co.za/favicon.ico
IP
165.73.84.228:0
ASN
#37611 Afrihost

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - Deutsche Telekom

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: get.mychilla.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.mychilla.co.za/telekom/ios/oauth2/index.php
Cookie: PHPSESSID=d7101a12f94f09105d6d5983c8bb5515

HTTP/1.1 404 Not Found
Date: Sun, 27 Nov 2022 13:45:15 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

34.120.237.76

200 OK

8.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdaab9de7-1f50-401c-bd84-6bcd72fb53d1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.3 kB (8335 bytes)
Hash
c52c26038ed572c870cf2119865907b1
b298107232e837ccf8d853e6d2c91f67e74dc2ba
d95471f66cf6404bfb5400c4c707fbb81bcaf4be1518313d3f513c9b2a3da1fd

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdaab9de7-1f50-401c-bd84-6bcd72fb53d1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 8335
x-amzn-requestid: 265466c8-029d-4738-bdbe-be0a161fb497
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOeD0GwYIAMFYqw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638276e5-1c8225cf00057ce0047f74ba;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 20:28:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: TK_kNT9Vcv_lNMbiTqXxAYXCko2Gy64Oy9MGXwuBu9S_3DdqIc67Nw==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:54:52 GMT
age: 57030
etag: "b298107232e837ccf8d853e6d2c91f67e74dc2ba"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (48)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size