Report - www.raumkreise.ressy.de/en/rmat/verification/pii/Payment

Report Overview

URL

www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
IP

217.160.0.197

ASN

#8560 IONOS SE
Submitted

2023-05-10T00:41:20Z

Access

public
Tags

capitalone financial phishing
urlquery detections

Phishing - Capital One

Detections

urlquery

10
Network Intrusion Detection

0
Threat Detection Systems

0

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
cdnjs.cloudflare.com (1)	235	2015-04-17 22:46:33	2023-05-09 20:26:09	439	11939	104.17.24.14
www.raumkreise.ressy.de (21)	unknown	2020-08-14 20:15:53	2021-04-14 03:48:30	11265	1158585	217.160.0.197
ecm.capitalone.com (3)	13649	2017-02-01 18:32:51	2023-05-08 19:01:38	1606	86748	104.110.12.190

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

HTTP Transactions (25)

URL IP Response Size

cdnjs.cloudflare.com/ajax/libs/imask/3.4.0/imask.min.js

104.17.24.14

200 OK

10899

URL GET HTTP/2

cdnjs.cloudflare.com/ajax/libs/imask/3.4.0/imask.min.js
IP

104.17.24.14:443
ASN

#13335 CLOUDFLARENET

Requested by

https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Certificate

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

FingerprintA9:11:71:07:07:92:48:7E:A9:3C:E8:32:25:3F:EB:AC:7D:51:7E:8F

ValidityWed, 03 Aug 2022 00:00:00 GMT - Wed, 02 Aug 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (45552)

Size

10899
Hash

79c82646b886e08184f7b9fff25e64ff

804b4b0f8f3443ff05833e33fb5b76780ffafe25

8b76b3502583edddf22df0b9c6ee640053a2cdfeaa113ceff3ea9b61d1f6410d

HTTP Headers

                                        GET /ajax/libs/imask/3.4.0/imask.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.raumkreise.ressy.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Wed, 10 May 2023 00:41:05 GMT
content-type: application/javascript; charset=utf-8
content-length: 10899
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e9f-b217"
last-modified: Mon, 04 May 2020 16:11:11 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2349623
expires: Mon, 29 Apr 2024 00:41:05 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2eNQqdnmn8WXsoPORUZ4m0genXQERPxvruGrbTNe6wGN13lYXcOa1M6GivADvn6Lm%2BazzOgZs5N1moUpJZ8VpA5x6%2BU7qhqLX8IJOH5QjuYvZ7p%2FiJltYxPWoRqklV8eyIfShTEI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7c4e22709d00b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.raumkreise.ressy.de/en/rmat/verification/pii/src/c344d59e90

217.160.0.197

200 OK

URL GET HTTP/2

www.raumkreise.ressy.de/en/rmat/verification/pii/src/c344d59e90
IP

217.160.0.197:443
ASN

#8560 IONOS SE

Requested by

https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Certificate

IssuerDigiCert Inc

Subject*.raumkreise.ressy.de

Fingerprint8A:86:76:B5:74:EC:0D:63:C9:EC:18:49:18:DB:F7:2C:8E:5D:C6:7F

ValidityWed, 25 May 2022 00:00:00 GMT - Wed, 07 Jun 2023 23:59:59 GMT

Magic

ASCII text, with no line terminators

Size

49
Hash

ada33e5b8877e743ff658bf4bfa1867c

5a78662243dac43c0ee48bcb7e05a536b84c2e38

dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82

HTTP Headers

                                        GET /en/rmat/verification/pii/src/c344d59e90 HTTP/1.1
Host: www.raumkreise.ressy.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
content-length: 49
date: Wed, 10 May 2023 00:41:05 GMT
server: Apache
last-modified: Fri, 05 May 2023 10:07:28 GMT
etag: "31-5faef74d81800"
accept-ranges: bytes
X-Firefox-Spdy: h2

www.raumkreise.ressy.de/en/rmat/verification/pii/src/dc6af6edb24bc0a97d6c4571fc66a77c.js.download

217.160.0.197

200 OK

101648

URL GET HTTP/2

www.raumkreise.ressy.de/en/rmat/verification/pii/src/dc6af6edb24bc0a97d6c4571fc66a77c.js.download
IP

217.160.0.197:443
ASN

#8560 IONOS SE

Requested by

https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Certificate

IssuerDigiCert Inc

Subject*.raumkreise.ressy.de

Fingerprint8A:86:76:B5:74:EC:0D:63:C9:EC:18:49:18:DB:F7:2C:8E:5D:C6:7F

ValidityWed, 25 May 2022 00:00:00 GMT - Wed, 07 Jun 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (564)

Size

101648
Hash

4254e419a8ef6fd2049824f42f15b2e4

af9e87a63dea77a05c660094c2cb1060d2a910b7

31b4584d6af36a1dbfc4f957747fdd6ec0e947c1a345c3e1859134aed8c83322

HTTP Headers

                                        GET /en/rmat/verification/pii/src/dc6af6edb24bc0a97d6c4571fc66a77c.js.download HTTP/1.1
Host: www.raumkreise.ressy.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
content-type: text/javascript
content-length: 101648
date: Wed, 10 May 2023 00:41:05 GMT
server: Apache
last-modified: Fri, 05 May 2023 10:07:28 GMT
etag: "18d10-5faef74d81800"
accept-ranges: bytes
X-Firefox-Spdy: h2

www.raumkreise.ressy.de/en/rmat/verification/pii/src/widget-loader.min.js.download

217.160.0.197

200 OK

251471

URL GET HTTP/2

www.raumkreise.ressy.de/en/rmat/verification/pii/src/widget-loader.min.js.download
IP

217.160.0.197:443
ASN

#8560 IONOS SE

Requested by

https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Certificate

IssuerDigiCert Inc

Subject*.raumkreise.ressy.de

Fingerprint8A:86:76:B5:74:EC:0D:63:C9:EC:18:49:18:DB:F7:2C:8E:5D:C6:7F

ValidityWed, 25 May 2022 00:00:00 GMT - Wed, 07 Jun 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (65465)

Size

251471
Hash

48df4b60ad0dceb092a9d7aab32cb88e

125962d247ec4b5b9ebe05ae8eed4e6d46450444

9d8852f3d0cf2ab3391265179beff783fe5dbbf43666ebc13a7a316868987642

HTTP Headers

                                        GET /en/rmat/verification/pii/src/widget-loader.min.js.download HTTP/1.1
Host: www.raumkreise.ressy.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
content-type: text/javascript
content-length: 251471
date: Wed, 10 May 2023 00:41:05 GMT
server: Apache
last-modified: Fri, 05 May 2023 10:07:26 GMT
etag: "3d64f-5faef74b99380"
accept-ranges: bytes
X-Firefox-Spdy: h2

www.raumkreise.ressy.de/en/rmat/verification/pii/src/nr-spa-1169.min.js.download

217.160.0.197

200 OK

37554

URL GET HTTP/2

www.raumkreise.ressy.de/en/rmat/verification/pii/src/nr-spa-1169.min.js.download
IP

217.160.0.197:443
ASN

#8560 IONOS SE

Requested by

https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Certificate

IssuerDigiCert Inc

Subject*.raumkreise.ressy.de

Fingerprint8A:86:76:B5:74:EC:0D:63:C9:EC:18:49:18:DB:F7:2C:8E:5D:C6:7F

ValidityWed, 25 May 2022 00:00:00 GMT - Wed, 07 Jun 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (32021)

Size

37554
Hash

5e3590bffa49fddc4bc389e63736da42

c7f8bdf8337f4f84b1359cb2bd64a2587aeb74af

37072a42526245f257b725698d7e70dfab281bfd00d38f1112dafd36a6e04176

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Capital One

HTTP Headers

                                        GET /en/rmat/verification/pii/src/nr-spa-1169.min.js.download HTTP/1.1
Host: www.raumkreise.ressy.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
content-type: text/javascript
content-length: 37554
date: Wed, 10 May 2023 00:41:05 GMT
server: Apache
last-modified: Fri, 05 May 2023 10:07:28 GMT
etag: "92b2-5faef74d81800"
accept-ranges: bytes
X-Firefox-Spdy: h2

www.raumkreise.ressy.de/en/rmat/verification/pii/src/557936930f28b2d366ab8c42a0f9f373.js.download

217.160.0.197

200 OK

285

URL GET HTTP/2

www.raumkreise.ressy.de/en/rmat/verification/pii/src/557936930f28b2d366ab8c42a0f9f373.js.download
IP

217.160.0.197:443
ASN

#8560 IONOS SE

Requested by

https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Certificate

IssuerDigiCert Inc

Subject*.raumkreise.ressy.de

Fingerprint8A:86:76:B5:74:EC:0D:63:C9:EC:18:49:18:DB:F7:2C:8E:5D:C6:7F

ValidityWed, 25 May 2022 00:00:00 GMT - Wed, 07 Jun 2023 23:59:59 GMT

Magic

ASCII text, with no line terminators

Size

285
Hash

ae6c49ec9c8e28a8ea01401770e71cc0

0f251b8a33f7d92495b98c1f5bb231a104e2da6d

7edc1eebffd512b3688a508c6754c98cb44ada1ed7a8f56862096de6d28cb0fa

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Capital One

HTTP Headers

                                        GET /en/rmat/verification/pii/src/557936930f28b2d366ab8c42a0f9f373.js.download HTTP/1.1
Host: www.raumkreise.ressy.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
content-type: text/javascript
content-length: 285
date: Wed, 10 May 2023 00:41:05 GMT
server: Apache
last-modified: Fri, 05 May 2023 10:07:28 GMT
etag: "11d-5faef74d81800"
accept-ranges: bytes
X-Firefox-Spdy: h2

www.raumkreise.ressy.de/en/rmat/verification/pii/src/247px.js.download

217.160.0.197

200 OK

154227

URL GET HTTP/2

www.raumkreise.ressy.de/en/rmat/verification/pii/src/247px.js.download
IP

217.160.0.197:443
ASN

#8560 IONOS SE

Requested by

https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Certificate

IssuerDigiCert Inc

Subject*.raumkreise.ressy.de

Fingerprint8A:86:76:B5:74:EC:0D:63:C9:EC:18:49:18:DB:F7:2C:8E:5D:C6:7F

ValidityWed, 25 May 2022 00:00:00 GMT - Wed, 07 Jun 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (31968)

Size

154227
Hash

51aec0a7161ab17a7cc96d7a8b4e957b

7f73a5fefec6c0ddce73203aeeaa3faaa21a2c5f

8800cbabd5a1b36b06da75e60be4349d856bc43a87e93e5b989e1cdc67e676ab

HTTP Headers

                                        GET /en/rmat/verification/pii/src/247px.js.download HTTP/1.1
Host: www.raumkreise.ressy.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
content-type: text/javascript
content-length: 154227
date: Wed, 10 May 2023 00:41:05 GMT
server: Apache
last-modified: Fri, 05 May 2023 10:07:28 GMT
etag: "25a73-5faef74d81800"
accept-ranges: bytes
X-Firefox-Spdy: h2

www.raumkreise.ressy.de/en/rmat/verification/pii/src/aee4cee5b8f3059e54cc2fda347def51.js.download

217.160.0.197

200 OK

11374

URL GET HTTP/2

www.raumkreise.ressy.de/en/rmat/verification/pii/src/aee4cee5b8f3059e54cc2fda347def51.js.download
IP

217.160.0.197:443
ASN

#8560 IONOS SE

Requested by

https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Certificate

IssuerDigiCert Inc

Subject*.raumkreise.ressy.de

Fingerprint8A:86:76:B5:74:EC:0D:63:C9:EC:18:49:18:DB:F7:2C:8E:5D:C6:7F

ValidityWed, 25 May 2022 00:00:00 GMT - Wed, 07 Jun 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (600)

Size

11374
Hash

9be245faac1a23e1a227e553d265d0aa

29484cf6f6a2ce76e52f4cbeb105e83bdabb81c4

51e6ac1e31c3fab5e6705eb47edbf23c4a184f14d582a405896a6fa8c4441429

HTTP Headers

                                        GET /en/rmat/verification/pii/src/aee4cee5b8f3059e54cc2fda347def51.js.download HTTP/1.1
Host: www.raumkreise.ressy.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
content-type: text/javascript
content-length: 11374
date: Wed, 10 May 2023 00:41:05 GMT
server: Apache
last-modified: Fri, 05 May 2023 10:07:28 GMT
etag: "2c6e-5faef74d81800"
accept-ranges: bytes
X-Firefox-Spdy: h2

www.raumkreise.ressy.de/en/rmat/verification/pii/src/6a11fdd2d5fa6a863700c83f4f717479.js.download

217.160.0.197

200 OK

142582

URL GET HTTP/2

www.raumkreise.ressy.de/en/rmat/verification/pii/src/6a11fdd2d5fa6a863700c83f4f717479.js.download
IP

217.160.0.197:443
ASN

#8560 IONOS SE

Requested by

https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Certificate

IssuerDigiCert Inc

Subject*.raumkreise.ressy.de

Fingerprint8A:86:76:B5:74:EC:0D:63:C9:EC:18:49:18:DB:F7:2C:8E:5D:C6:7F

ValidityWed, 25 May 2022 00:00:00 GMT - Wed, 07 Jun 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (1780)

Size

142582
Hash

cce013065bfcfed98fe7372d0d188758

93c89a82faa6d61ea2f1d42ffcf33a63ca6ad5bc

a97acb0c0b54cdecf0ba0170816c8ad546387a0104c144613a1c953709932a88

HTTP Headers

                                        GET /en/rmat/verification/pii/src/6a11fdd2d5fa6a863700c83f4f717479.js.download HTTP/1.1
Host: www.raumkreise.ressy.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
content-type: text/javascript
content-length: 142582
date: Wed, 10 May 2023 00:41:05 GMT
server: Apache
last-modified: Fri, 05 May 2023 10:07:28 GMT
etag: "22cf6-5faef74d81800"
accept-ranges: bytes
X-Firefox-Spdy: h2

www.raumkreise.ressy.de/en/rmat/verification/pii/src/6.js.download

217.160.0.197

200 OK

1056

URL GET HTTP/2

www.raumkreise.ressy.de/en/rmat/verification/pii/src/6.js.download
IP

217.160.0.197:443
ASN

#8560 IONOS SE

Requested by

https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Certificate

IssuerDigiCert Inc

Subject*.raumkreise.ressy.de

Fingerprint8A:86:76:B5:74:EC:0D:63:C9:EC:18:49:18:DB:F7:2C:8E:5D:C6:7F

ValidityWed, 25 May 2022 00:00:00 GMT - Wed, 07 Jun 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (1056), with no line terminators

Size

1056
Hash

ad999adb9d5b723fa7826ade641c4264

4b627d57788b8c6125eb8ec14204df485a534f9a

eeb97d820965c4b0f2f0d55c81cd4e8f54ec9faa8ddca76111ee8e9d406429c1

HTTP Headers

                                        GET /en/rmat/verification/pii/src/6.js.download HTTP/1.1
Host: www.raumkreise.ressy.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
content-type: text/javascript
content-length: 1056
date: Wed, 10 May 2023 00:41:05 GMT
server: Apache
last-modified: Fri, 05 May 2023 10:07:28 GMT
etag: "420-5faef74d81800"
accept-ranges: bytes
X-Firefox-Spdy: h2

www.raumkreise.ressy.de/en/rmat/verification/pii/src/styles.46f55e805a3865891048.css

217.160.0.197

200 OK

117825

URL GET HTTP/2

www.raumkreise.ressy.de/en/rmat/verification/pii/src/styles.46f55e805a3865891048.css
IP

217.160.0.197:443
ASN

#8560 IONOS SE

Requested by

https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Certificate

IssuerDigiCert Inc

Subject*.raumkreise.ressy.de

Fingerprint8A:86:76:B5:74:EC:0D:63:C9:EC:18:49:18:DB:F7:2C:8E:5D:C6:7F

ValidityWed, 25 May 2022 00:00:00 GMT - Wed, 07 Jun 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (65536), with no line terminators

Size

117825
Hash

18b22df77380c1455755c1789a1aa4c8

07043c4af449e9170f5826347030ab5c943b8d0f

05bb73d87c9000a0397443c3dfe64ea892c676173e8d7cd01895426dba399d96

HTTP Headers

                                        GET /en/rmat/verification/pii/src/styles.46f55e805a3865891048.css HTTP/1.1
Host: www.raumkreise.ressy.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
content-type: text/css
content-length: 117825
date: Wed, 10 May 2023 00:41:05 GMT
server: Apache
last-modified: Fri, 05 May 2023 10:07:30 GMT
etag: "1cc41-5faef74f69c80"
accept-ranges: bytes
X-Firefox-Spdy: h2

www.raumkreise.ressy.de/en/rmat/verification/pii/css/style.css

217.160.0.197

200 OK

3776

URL GET HTTP/2

www.raumkreise.ressy.de/en/rmat/verification/pii/css/style.css
IP

217.160.0.197:443
ASN

#8560 IONOS SE

Requested by

https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Certificate

IssuerDigiCert Inc

Subject*.raumkreise.ressy.de

Fingerprint8A:86:76:B5:74:EC:0D:63:C9:EC:18:49:18:DB:F7:2C:8E:5D:C6:7F

ValidityWed, 25 May 2022 00:00:00 GMT - Wed, 07 Jun 2023 23:59:59 GMT

Magic

ASCII text

Size

3776
Hash

2d337c2a121cc03a85631a5a824ecb8b

0d207fad87ce5114c1aa5692eda7e949aacb88bf

ff5dfb322569b484616a25c622fd03e10b19ee018eb8daaf39d59effd3d5d79f

HTTP Headers

                                        GET /en/rmat/verification/pii/css/style.css HTTP/1.1
Host: www.raumkreise.ressy.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
content-type: text/css
content-length: 3776
date: Wed, 10 May 2023 00:41:05 GMT
server: Apache
last-modified: Fri, 05 May 2023 10:56:18 GMT
etag: "ec0-5faf0237c5880"
accept-ranges: bytes
X-Firefox-Spdy: h2

www.raumkreise.ressy.de/en/rmat/verification/pii/js/script.js

217.160.0.197

200 OK

99372

URL GET HTTP/2

www.raumkreise.ressy.de/en/rmat/verification/pii/js/script.js
IP

217.160.0.197:443
ASN

#8560 IONOS SE

Requested by

https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Certificate

IssuerDigiCert Inc

Subject*.raumkreise.ressy.de

Fingerprint8A:86:76:B5:74:EC:0D:63:C9:EC:18:49:18:DB:F7:2C:8E:5D:C6:7F

ValidityWed, 25 May 2022 00:00:00 GMT - Wed, 07 Jun 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (18129)

Size

99372
Hash

1501b528220baca92f7d189b7f00136b

60b48644dc907af63a10411190e9e085857a7078

9b11ce0ce39ad24aa3c869cbde323c1605bbafdfd45ab8f013aa48731d5a4969

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Capital One

HTTP Headers

                                        GET /en/rmat/verification/pii/js/script.js HTTP/1.1
Host: www.raumkreise.ressy.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
content-type: text/javascript
content-length: 99372
date: Wed, 10 May 2023 00:41:05 GMT
server: Apache
last-modified: Mon, 28 Dec 2020 15:00:36 GMT
etag: "1842c-5b7878953ed00"
accept-ranges: bytes
X-Firefox-Spdy: h2

www.raumkreise.ressy.de/en/rmat/verification/pii/src/cc.js.download

217.160.0.197

200 OK

38768

URL GET HTTP/2

www.raumkreise.ressy.de/en/rmat/verification/pii/src/cc.js.download
IP

217.160.0.197:443
ASN

#8560 IONOS SE

Requested by

https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Certificate

IssuerDigiCert Inc

Subject*.raumkreise.ressy.de

Fingerprint8A:86:76:B5:74:EC:0D:63:C9:EC:18:49:18:DB:F7:2C:8E:5D:C6:7F

ValidityWed, 25 May 2022 00:00:00 GMT - Wed, 07 Jun 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (4821)

Size

38768
Hash

7905ddf5b571034696bdb323dd4556b0

d067758cf1159345c0d2c7fdee50c76e822eb31b

fbb84de8c5c59a2bb5fafacf80660757b499e38c251858e22ea0713b97e31436

HTTP Headers

                                        GET /en/rmat/verification/pii/src/cc.js.download HTTP/1.1
Host: www.raumkreise.ressy.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
content-type: text/javascript
content-length: 38768
date: Wed, 10 May 2023 00:41:05 GMT
server: Apache
last-modified: Fri, 05 May 2023 10:07:30 GMT
etag: "9770-5faef74f69c80"
accept-ranges: bytes
X-Firefox-Spdy: h2

www.raumkreise.ressy.de/en/rmat/verification/pii/src/browserFingerPrintv1.min.js.download

217.160.0.197

200 OK

28442

URL GET HTTP/2

www.raumkreise.ressy.de/en/rmat/verification/pii/src/browserFingerPrintv1.min.js.download
IP

217.160.0.197:443
ASN

#8560 IONOS SE

Requested by

https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Certificate

IssuerDigiCert Inc

Subject*.raumkreise.ressy.de

Fingerprint8A:86:76:B5:74:EC:0D:63:C9:EC:18:49:18:DB:F7:2C:8E:5D:C6:7F

ValidityWed, 25 May 2022 00:00:00 GMT - Wed, 07 Jun 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (28442), with no line terminators

Size

28442
Hash

0f537e63c621f88c0c4bf4257394b2c2

7f28eaf9bbf93c3a2d4e012aaca4f34c3cbc3c97

559d96c9ff8af5055471707c21b22ac1a7bca706d199dc9f5659a65c02d7e944

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Capital One

HTTP Headers

                                        GET /en/rmat/verification/pii/src/browserFingerPrintv1.min.js.download HTTP/1.1
Host: www.raumkreise.ressy.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
content-type: text/javascript
content-length: 28442
date: Wed, 10 May 2023 00:41:05 GMT
server: Apache
last-modified: Fri, 05 May 2023 10:07:30 GMT
etag: "6f1a-5faef74f69c80"
accept-ranges: bytes
X-Firefox-Spdy: h2

www.raumkreise.ressy.de/en/rmat/verification/pii/src/fdic.svg

217.160.0.197

200 OK

2063

URL GET HTTP/2

www.raumkreise.ressy.de/en/rmat/verification/pii/src/fdic.svg
IP

217.160.0.197:443
ASN

#8560 IONOS SE

Requested by

https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Certificate

IssuerDigiCert Inc

Subject*.raumkreise.ressy.de

Fingerprint8A:86:76:B5:74:EC:0D:63:C9:EC:18:49:18:DB:F7:2C:8E:5D:C6:7F

ValidityWed, 25 May 2022 00:00:00 GMT - Wed, 07 Jun 2023 23:59:59 GMT

Magic

SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (2063), with no line terminators

Size

2063
Hash

508681d436b6b42ca2fe4f037d575129

78a4d0e58d49cfce4ed992dcd7265548c1fa7814

628de643d113e225cf4347ed2571ee813cb0919a3895d1902ee18e6f63d539f1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Capital One

HTTP Headers

                                        GET /en/rmat/verification/pii/src/fdic.svg HTTP/1.1
Host: www.raumkreise.ressy.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
content-type: image/svg+xml
content-length: 2063
date: Wed, 10 May 2023 00:41:05 GMT
server: Apache
last-modified: Fri, 05 May 2023 10:07:32 GMT
etag: "80f-5faef75152100"
accept-ranges: bytes
X-Firefox-Spdy: h2

www.raumkreise.ressy.de/en/rmat/verification/pii/src/equal_housing_lender.svg

217.160.0.197

200 OK

3739

URL GET HTTP/2

www.raumkreise.ressy.de/en/rmat/verification/pii/src/equal_housing_lender.svg
IP

217.160.0.197:443
ASN

#8560 IONOS SE

Requested by

https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Certificate

IssuerDigiCert Inc

Subject*.raumkreise.ressy.de

Fingerprint8A:86:76:B5:74:EC:0D:63:C9:EC:18:49:18:DB:F7:2C:8E:5D:C6:7F

ValidityWed, 25 May 2022 00:00:00 GMT - Wed, 07 Jun 2023 23:59:59 GMT

Magic

SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (3739), with no line terminators

Size

3739
Hash

0a9caf42835ab4b61876bddec69ce0de

d30fd829250e6439b36ddd5e1b2354a52f309a4e

6043dfa194d29e8e22dc4aeed56d87b6a9a7623b97c3334592031570f4281d89

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Capital One

HTTP Headers

                                        GET /en/rmat/verification/pii/src/equal_housing_lender.svg HTTP/1.1
Host: www.raumkreise.ressy.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
content-type: image/svg+xml
content-length: 3739
date: Wed, 10 May 2023 00:41:05 GMT
server: Apache
last-modified: Fri, 05 May 2023 10:07:32 GMT
etag: "e9b-5faef75152100"
accept-ranges: bytes
X-Firefox-Spdy: h2

www.raumkreise.ressy.de/en/rmat/verification/pii/src/capital-one-logo.svg

217.160.0.197

200 OK

3971

URL GET HTTP/2

www.raumkreise.ressy.de/en/rmat/verification/pii/src/capital-one-logo.svg
IP

217.160.0.197:443
ASN

#8560 IONOS SE

Requested by

https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Certificate

IssuerDigiCert Inc

Subject*.raumkreise.ressy.de

Fingerprint8A:86:76:B5:74:EC:0D:63:C9:EC:18:49:18:DB:F7:2C:8E:5D:C6:7F

ValidityWed, 25 May 2022 00:00:00 GMT - Wed, 07 Jun 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (3967), with CRLF line terminators

Size

3971
Hash

f0b7ad81821effc52540e39cafda48f9

33d64bc7001f414f12bd92e740a45e5ced239add

57dfca5b95599a613da940f4a49ab6378fcf0586366a47cae679796930bf0eed

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Capital One

HTTP Headers

                                        GET /en/rmat/verification/pii/src/capital-one-logo.svg HTTP/1.1
Host: www.raumkreise.ressy.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
content-type: image/svg+xml
content-length: 3971
date: Wed, 10 May 2023 00:41:05 GMT
server: Apache
last-modified: Fri, 05 May 2023 10:07:32 GMT
etag: "f83-5faef75152100"
accept-ranges: bytes
X-Firefox-Spdy: h2

ecm.capitalone.com/CI_Common/assets/fonts/Optimist_W_Rg.woff2

104.110.12.190

200 OK

28388

URL GET HTTP/2

ecm.capitalone.com/CI_Common/assets/fonts/Optimist_W_Rg.woff2
IP

104.110.12.190:443
ASN

#16625 AKAMAI-AS

Requested by

https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Certificate

IssuerDigiCert Inc

Subjectecm.capitalone.com

Fingerprint90:19:90:06:2C:C9:A4:8F:1D:A2:69:D1:6C:87:09:C4:94:E7:83:C5

ValidityTue, 12 Jul 2022 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

Magic

Web Open Font Format (Version 2), TrueType, length 28388, version 1.0\012- data

Size

28388
Hash

f4e1fbca28c954a486a90828b2ee7543

7750f00fe0337120e16632ea7fff2a78b11c874a

9b98e19f831844b3dae8e1fd65b6802bc778446fbdacac8203e34bbc02eacbcd

HTTP Headers

                                        GET /CI_Common/assets/fonts/Optimist_W_Rg.woff2 HTTP/1.1
Host: ecm.capitalone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.raumkreise.ressy.de
DNT: 1
Connection: keep-alive
Referer: https://www.raumkreise.ressy.de/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 28388
last-modified: Fri, 28 Jun 2019 00:26:02 GMT
etag: "f4e1fbca28c954a486a90828b2ee7543"
x-amz-server-side-encryption: AES256
x-amz-version-id: 1GgM.ruzxSoQhqV._aklwOsuyVwoqFBE
accept-ranges: bytes
server: AmazonS3
x-amz-cf-pop: LHR62-C4
x-amz-cf-id: BGWuX4caZ0kfZbeEU9EBXkYNIfAXAQn7qhOobVDMcBZpZGYT9HOYpw==
x-datastream-cache-status: 1
cache-control: max-age=754702
expires: Thu, 18 May 2023 18:19:27 GMT
date: Wed, 10 May 2023 00:41:05 GMT
access-control-request-method: POST,GET,PUT,DELETE
access-control-max-age: 86400
access-control-allow-credentials: false
access-control-allow-headers: *
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2

ecm.capitalone.com/CI_Common/assets/fonts/Optimist_W_Lt.woff2

104.110.12.190

200 OK

27852

URL GET HTTP/2

ecm.capitalone.com/CI_Common/assets/fonts/Optimist_W_Lt.woff2
IP

104.110.12.190:443
ASN

#16625 AKAMAI-AS

Requested by

https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Certificate

IssuerDigiCert Inc

Subjectecm.capitalone.com

Fingerprint90:19:90:06:2C:C9:A4:8F:1D:A2:69:D1:6C:87:09:C4:94:E7:83:C5

ValidityTue, 12 Jul 2022 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

Magic

Web Open Font Format (Version 2), TrueType, length 27852, version 1.0\012- data

Size

27852
Hash

cb37fa55f3dfdd26d61901032a53644f

1115e8d43a08c1f74ec1f6a886d1cb530bb9da97

902c5a9d8ad932630fb2021fe1a1a7f4f06513b19e8d073866178ee65ff33fe9

HTTP Headers

                                        GET /CI_Common/assets/fonts/Optimist_W_Lt.woff2 HTTP/1.1
Host: ecm.capitalone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.raumkreise.ressy.de
DNT: 1
Connection: keep-alive
Referer: https://www.raumkreise.ressy.de/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 27852
last-modified: Fri, 28 Jun 2019 00:26:02 GMT
etag: "cb37fa55f3dfdd26d61901032a53644f"
x-amz-server-side-encryption: AES256
x-amz-version-id: Q75rYxmglrbgkwTTGgaHL71RQB9n5YCD
accept-ranges: bytes
server: AmazonS3
x-amz-cf-pop: LHR62-C4
x-amz-cf-id: WZLHu-KyMHr9Oi38M7o8z4XXwUqHnVG-f6Rg-E6l9knxWl69APaosA==
x-datastream-cache-status: 1
cache-control: max-age=1103352
expires: Mon, 22 May 2023 19:10:17 GMT
date: Wed, 10 May 2023 00:41:05 GMT
access-control-request-method: POST,GET,PUT,DELETE
access-control-max-age: 86400
access-control-allow-credentials: false
access-control-allow-headers: *
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2

ecm.capitalone.com/CI_Common/assets/fonts/Optimist_W_SBd.woff2

104.110.12.190

200 OK

28188

URL GET HTTP/2

ecm.capitalone.com/CI_Common/assets/fonts/Optimist_W_SBd.woff2
IP

104.110.12.190:443
ASN

#16625 AKAMAI-AS

Requested by

https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Certificate

IssuerDigiCert Inc

Subjectecm.capitalone.com

Fingerprint90:19:90:06:2C:C9:A4:8F:1D:A2:69:D1:6C:87:09:C4:94:E7:83:C5

ValidityTue, 12 Jul 2022 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

Magic

Web Open Font Format (Version 2), TrueType, length 28188, version 1.0\012- data

Size

28188
Hash

d647937062406e5cc182de0cc77947d8

9d4c283a4fca43ae95019091bbd0a9e1b77b97bc

48b4ed4ba8ee0eaeddfba861e6772c61f818931816102636a888ec0b49bce056

HTTP Headers

                                        GET /CI_Common/assets/fonts/Optimist_W_SBd.woff2 HTTP/1.1
Host: ecm.capitalone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.raumkreise.ressy.de
DNT: 1
Connection: keep-alive
Referer: https://www.raumkreise.ressy.de/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 28188
last-modified: Fri, 28 Jun 2019 00:26:02 GMT
etag: "d647937062406e5cc182de0cc77947d8"
x-amz-server-side-encryption: AES256
x-amz-version-id: QmX7yv6RJT4hT4UTSJmqyU0reaonF3KP
accept-ranges: bytes
server: AmazonS3
x-amz-cf-pop: LHR62-C4
x-amz-cf-id: SxgW2j2Ku0ctcy9uifxoUSuEGDe6rOxpREUwMoFk23y-XvIAp5y9VA==
x-datastream-cache-status: 1
cache-control: max-age=927754
expires: Sat, 20 May 2023 18:23:39 GMT
date: Wed, 10 May 2023 00:41:05 GMT
access-control-request-method: POST,GET,PUT,DELETE
access-control-max-age: 86400
access-control-allow-credentials: false
access-control-allow-headers: *
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2

www.raumkreise.ressy.de/en/rmat/verification/pii/img/favicon.ico

217.160.0.197

200 OK

15086

URL GET HTTP/2

www.raumkreise.ressy.de/en/rmat/verification/pii/img/favicon.ico
IP

217.160.0.197:443
ASN

#8560 IONOS SE

Requested by

https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Certificate

IssuerDigiCert Inc

Subject*.raumkreise.ressy.de

Fingerprint8A:86:76:B5:74:EC:0D:63:C9:EC:18:49:18:DB:F7:2C:8E:5D:C6:7F

ValidityWed, 25 May 2022 00:00:00 GMT - Wed, 07 Jun 2023 23:59:59 GMT

Magic

MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data

Size

15086
Hash

d27e1739c7477b10ec6917546ae61f1d

bb36ab8bce726ce72a2d74a8529526bca0fa515d

5f2123af80970c0478de7f373c9d861d886e070592ebcd55fa372d8dfc9752ec

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Capital One

HTTP Headers

                                        GET /en/rmat/verification/pii/img/favicon.ico HTTP/1.1
Host: www.raumkreise.ressy.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
content-type: image/vnd.microsoft.icon
content-length: 15086
date: Wed, 10 May 2023 00:41:06 GMT
server: Apache
last-modified: Fri, 05 May 2023 10:12:42 GMT
etag: "3aee-5faef878f5a80"
accept-ranges: bytes
X-Firefox-Spdy: h2

www.raumkreise.ressy.de/en/rmat/verification/pii/src/serverComponent.php

217.160.0.197

200 OK

602

URL GET HTTP/2

www.raumkreise.ressy.de/en/rmat/verification/pii/src/serverComponent.php
IP

217.160.0.197:443
ASN

#8560 IONOS SE

Requested by

https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Certificate

IssuerDigiCert Inc

Subject*.raumkreise.ressy.de

Fingerprint8A:86:76:B5:74:EC:0D:63:C9:EC:18:49:18:DB:F7:2C:8E:5D:C6:7F

ValidityWed, 25 May 2022 00:00:00 GMT - Wed, 07 Jun 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (603), with no line terminators

Size

602
Hash

93168fdda6e863087ca02430575dd180

6056ebcbe9d88a265cc704b5a3f0e63d8b6aa291

583153c204c48081f381aa17efe0f4de1138178149061b089ad67f7c673e0562

HTTP Headers

                                        GET /en/rmat/verification/pii/src/serverComponent.php HTTP/1.1
Host: www.raumkreise.ressy.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Wed, 10 May 2023 00:41:05 GMT
server: Apache
content-encoding: gzip
X-Firefox-Spdy: h2

www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/

217.160.0.197

200 OK

139771

URL User Request GET HTTP/2

www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
IP

217.160.0.197:443
ASN

#8560 IONOS SE

Certificate

IssuerDigiCert Inc

Subject*.raumkreise.ressy.de

Fingerprint8A:86:76:B5:74:EC:0D:63:C9:EC:18:49:18:DB:F7:2C:8E:5D:C6:7F

ValidityWed, 25 May 2022 00:00:00 GMT - Wed, 07 Jun 2023 23:59:59 GMT

Magic

Size

139771
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Capital One

HTTP Headers

                                        GET /en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/ HTTP/1.1
Host: www.raumkreise.ressy.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Wed, 10 May 2023 00:41:02 GMT
server: Apache
content-encoding: gzip
X-Firefox-Spdy: h2

www.raumkreise.ressy.de/en/rmat/verification/pii/src/saved_resource.html

217.160.0.197

200 OK

168

URL GET HTTP/2

www.raumkreise.ressy.de/en/rmat/verification/pii/src/saved_resource.html
IP

217.160.0.197:443
ASN

#8560 IONOS SE

Requested by

https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Certificate

IssuerDigiCert Inc

Subject*.raumkreise.ressy.de

Fingerprint8A:86:76:B5:74:EC:0D:63:C9:EC:18:49:18:DB:F7:2C:8E:5D:C6:7F

ValidityWed, 25 May 2022 00:00:00 GMT - Wed, 07 Jun 2023 23:59:59 GMT

Magic

HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators

Size

168
Hash

a7df68343bf875bcc6ea39ba68ebf93f

fe5ac2888749272172287aa64647263e4246bd5b

1f7af2ecf83e96b2d9fa7e552021709594f9272bcf55b54bdccce8cc4daeb192

HTTP Headers

                                        GET /en/rmat/verification/pii/src/saved_resource.html HTTP/1.1
Host: www.raumkreise.ressy.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.raumkreise.ressy.de/en/rmat/verification/pii/Payment_Oath.php?ie=SI8CN/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
content-type: text/html
date: Wed, 10 May 2023 00:41:05 GMT
server: Apache
last-modified: Fri, 05 May 2023 10:07:34 GMT
etag: W/"a8-5faef7533a580"
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (17)

#1 JS:Script (size: 154227)

#2 JS:Script (size: 251471)

#3 JS:Script (size: 99372)

#4 JS:Script (size: 49)

#5 JS:Script (size: 11374)

#6 JS:Script (size: 101648)

#7 JS:Script (size: 1056)

#8 JS:Script (size: 602)

#9 JS:Script (size: 142582)

#10 JS:Script (size: 45591)

#11 JS:Script (size: 37554)

#12 JS:Script (size: 285)

#13 JS:Script (size: 16)

#14 JS:Script (size: 38768)

#15 JS:Script (size: 28442)

#1 JS:Eval (size: 23)

#2 JS:Eval (size: 5760)

HTTP Transactions (25)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

Magic

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

Magic

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

Magic

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

Magic

Size

Hash

HTTP Headers

URL GET HTTP/2

IP