r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 048cda18c6dbe7c4e4b106f5e1104b0a
1bd6f3367ccf446263b00ad8c1ece15a4164730b
66a680d9b8e454db94e14d2c4a466891e538b2d83ccee0dc65be62163992b4e0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "66A680D9B8E454DB94E14D2C4A466891E538B2D83CCEE0DC65BE62163992B4E0"
Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7084
Expires: Tue, 20 Dec 2022 22:09:50 GMT
Date: Tue, 20 Dec 2022 20:11:46 GMT
Connection: keep-alive
identitat-sparkasse.com/verify/9cdaea5080ad142da3ae51a678c748a0/login/?
200 OK 9.4 kB URL HTTP/1.1 identitat-sparkasse.com/verify/9cdaea5080ad142da3ae51a678c748a0/login/?
IP
ASN #204197 Duomenu apdorojimo centras LTD
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (55239)
Hash 892438752e44432feb6c18a780334ee6
8804fc7a6fbc4ba56dc56360dd0747d937a8c767
6401ca5ea91b121e9ce09a2accd6acf5f6b490f5dfcfdf9d8799d7dd876f89d6
Analyzer Verdict Alert openphish Generic/Spear Phishing
quad9 Sinkholed
NIDS Severity Alert suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
GET /verify/9cdaea5080ad142da3ae51a678c748a0/login/? HTTP/1.1
Host: identitat-sparkasse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 20:11:46 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 9403
Connection: close
Vary: Accept-Encoding
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 04c14564c7083355371e41c5a09acada
ea488e34661be5420c798c7e26f193b4dee7bb37
d7e5c37d8e6cbed236670d050f84f288539642f7a41a54b0abd39357f7c42232
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D7E5C37D8E6CBED236670D050F84F288539642F7A41A54B0ABD39357F7C42232"
Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4261
Expires: Tue, 20 Dec 2022 21:22:47 GMT
Date: Tue, 20 Dec 2022 20:11:46 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b44c4b5daa307a355e7bab1c83c1ca82
dbd14cd873f1dd4502f277b3f51cb7bc8da0c080
fd4604461cfa002c8a261bb14eb8dda56817db231b9012b2eb38d6dbc2674df5
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Alert, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 20 Dec 2022 19:34:29 GMT
content-type: application/json
age: 2237
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash cf03270e3476f7482a2cc7ddc6a9e857
ab70d5ee87b01e0601f8e518bf36f97c8ceeba9a
43a4e796860a1481636dac103488cadc68c261d13cfe835d273efc368e569f97
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "43A4E796860A1481636DAC103488CADC68C261D13CFE835D273EFC368E569F97"
Last-Modified: Sun, 18 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4111
Expires: Tue, 20 Dec 2022 21:20:17 GMT
Date: Tue, 20 Dec 2022 20:11:46 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 5zJ3hYnWveKLl3+275rWk0ljcCclqBcGuA6JVMLa8J5vqvNiNt453Wqs7a4VvONlb7t88OdQtnw=
x-amz-request-id: Z855N9W703SQ9NSR
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 20 Dec 2022 19:29:34 GMT
age: 2533
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 20:11:47 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
identitat-sparkasse.com/verify/bower_components/ua-parser-js/dist/ua-parser.min.js
200 OK 6.1 kB URL HTTP/1.1 identitat-sparkasse.com/verify/bower_components/ua-parser-js/dist/ua-parser.min.js
IP
ASN #204197 Duomenu apdorojimo centras LTD
File type Unicode text, UTF-8 text, with very long lines (16817)
Hash 2fbe7e9f8ffc6f6d84ba25e3dfe70c88
cb1fbd62f76deadf6f9525793b13bda9fafe7f78
6e326f1c2eb0d89902a18a5ff1f4a2ee07c10b87dc0db6e945a3add3aa84b111
Analyzer Verdict Alert urlquery phishing Phishing - Sparkasse
urlquery phishing Phishing - Sparkasse
openphish Generic/Spear Phishing
quad9 Sinkholed
GET /verify/bower_components/ua-parser-js/dist/ua-parser.min.js HTTP/1.1
Host: identitat-sparkasse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://identitat-sparkasse.com/verify/9cdaea5080ad142da3ae51a678c748a0/login/?
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 20:11:47 GMT
Content-Type: application/javascript
Last-Modified: Wed, 11 Oct 2017 16:16:22 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"59de43d6-4298"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip
identitat-sparkasse.com/verify/bower_components/font-awesome/css/font-awesome.min.css
200 OK 6.9 kB URL HTTP/1.1 identitat-sparkasse.com/verify/bower_components/font-awesome/css/font-awesome.min.css
IP
ASN #204197 Duomenu apdorojimo centras LTD
File type ASCII text, with very long lines (30837)
Hash a77d4f5c736eac3ad8f11c9e855a6b11
d4f79ce178790388158deaeb29eb2bb434767462
645dd1711d78718b065348056f4d47f0c81b9cac8a14eb4230b3a901b97717ea
Analyzer Verdict Alert urlquery phishing Phishing - Sparkasse
urlquery phishing Phishing - Sparkasse
openphish Generic/Spear Phishing
quad9 Sinkholed
GET /verify/bower_components/font-awesome/css/font-awesome.min.css HTTP/1.1
Host: identitat-sparkasse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://identitat-sparkasse.com/verify/9cdaea5080ad142da3ae51a678c748a0/login/?
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 20:11:47 GMT
Content-Type: text/css
Last-Modified: Sat, 08 Apr 2017 12:29:24 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"58e8d7a4-7918"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip
identitat-sparkasse.com/verify/login/form/css.css
200 OK 357 B URL HTTP/1.1 identitat-sparkasse.com/verify/login/form/css.css
IP
ASN #204197 Duomenu apdorojimo centras LTD
Hash 22f06d6c34e34b3a2927b46b7391661a
b784ebce64c1a222b59546f7589ab31a0d5e46ae
823f9dfa3ee6b0ff35ef3a6662967325e4053898692cc803c4c9aff9cdcbc3db
Analyzer Verdict Alert urlquery phishing Phishing - Sparkasse
urlquery phishing Phishing - Sparkasse
openphish Generic/Spear Phishing
quad9 Sinkholed
GET /verify/login/form/css.css HTTP/1.1
Host: identitat-sparkasse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://identitat-sparkasse.com/verify/9cdaea5080ad142da3ae51a678c748a0/login/?
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 20:11:47 GMT
Content-Type: text/css
Content-Length: 357
Last-Modified: Fri, 28 Sep 2018 03:28:26 GMT
Connection: close
ETag: "5bad9fda-165"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
identitat-sparkasse.com/verify/bower_components/jquery/dist/jquery.min.js
200 OK 30 kB URL HTTP/1.1 identitat-sparkasse.com/verify/bower_components/jquery/dist/jquery.min.js
IP
ASN #204197 Duomenu apdorojimo centras LTD
File type ASCII text, with very long lines (32058)
Hash 7905271066c200fb34fa0009cde90880
2a23e0015c33afbf7aebfded41c34769067cce2a
fc1d58b2073ab18ca818b533feb200ae669596b87b2c7f77a45b5afb2cda6db4
Analyzer Verdict Alert urlquery phishing Phishing - Sparkasse
urlquery phishing Phishing - Sparkasse
openphish Generic/Spear Phishing
quad9 Sinkholed
GET /verify/bower_components/jquery/dist/jquery.min.js HTTP/1.1
Host: identitat-sparkasse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://identitat-sparkasse.com/verify/9cdaea5080ad142da3ae51a678c748a0/login/?
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 20:11:47 GMT
Content-Type: application/javascript
Last-Modified: Sun, 04 Jun 2017 11:55:06 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"5933f51a-15283"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip
identitat-sparkasse.com/verify/login/index.css
200 OK 42 kB URL HTTP/1.1 identitat-sparkasse.com/verify/login/index.css
IP
ASN #204197 Duomenu apdorojimo centras LTD
File type Unicode text, UTF-8 text, with very long lines (882)
Hash aec724473c57e22d401d0bbef86bb3d1
79356e507fb5b1fa434fb137fbd3ea5eb7644001
c6ebdfc49c85a22b543862738c3d1a276db1a7b69ab12ab2b09e63b14264509a
Analyzer Verdict Alert urlquery phishing Phishing - Sparkasse
urlquery phishing Phishing - Sparkasse
openphish Generic/Spear Phishing
quad9 Sinkholed
GET /verify/login/index.css HTTP/1.1
Host: identitat-sparkasse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://identitat-sparkasse.com/verify/9cdaea5080ad142da3ae51a678c748a0/login/?
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 20:11:47 GMT
Content-Type: text/css
Last-Modified: Mon, 02 Dec 2019 03:08:08 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"5de48018-5649c"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, ETag, Pragma, Last-Modified, Expires, Alert, Content-Type, Retry-After, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 20 Dec 2022 20:08:02 GMT
age: 225
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash d0c2b6760f2b58f445446dd2276d5af4
aeedf417b1ebde86ce837ca02ba934abb938b1a4
8fe72d0ce839150559da5ddf46bf87d26b6b9cbe34d09641b29a53be24997c81
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2918
Cache-Control: max-age=135822
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 20:11:47 GMT
Etag: "63a17b2b-1d7"
Expires: Thu, 22 Dec 2022 09:55:29 GMT
Last-Modified: Tue, 20 Dec 2022 09:06:51 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
identitat-sparkasse.com/verify/login/token/token.js?v=63a21702da6cb
200 OK 1.8 kB URL HTTP/1.1 identitat-sparkasse.com/verify/login/token/token.js?v=63a21702da6cb
IP
ASN #204197 Duomenu apdorojimo centras LTD
Hash 2f9f87998d4e3c4d9fa5be0b395b13fc
43d742c1a9a022960e358fb5728fd305bb133082
4d76ae30adda10457d2a1e9880f4d9e6f55bbb8f0122ef199a31d4b0fc6b1656
Analyzer Verdict Alert urlquery phishing Phishing - Sparkasse
urlquery phishing Phishing - Sparkasse
openphish Generic/Spear Phishing
quad9 Sinkholed
GET /verify/login/token/token.js?v=63a21702da6cb HTTP/1.1
Host: identitat-sparkasse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://identitat-sparkasse.com/verify/9cdaea5080ad142da3ae51a678c748a0/login/?
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 20:11:47 GMT
Content-Type: application/javascript
Last-Modified: Thu, 23 Jul 2020 08:08:58 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"5f19459a-2a77"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip
identitat-sparkasse.com/verify/login/spk-logo-desktop.png
200 OK 7.1 kB URL HTTP/1.1 identitat-sparkasse.com/verify/login/spk-logo-desktop.png
IP
ASN #204197 Duomenu apdorojimo centras LTD
File type PNG image data, 320 x 96, 8-bit/color RGBA, non-interlaced\012- data
Hash eddf2a53114468b60ed853855a904197
3d9d6ad644133640dbf8098ebbe7a5f6f9c52ad1
a4f04574b20972a5b290984c214ff23af7810b73db0a640c75bf11b2a042336b
Analyzer Verdict Alert urlquery phishing Phishing - Sparkasse
urlquery phishing Phishing - Sparkasse
openphish Generic/Spear Phishing
quad9 Sinkholed
GET /verify/login/spk-logo-desktop.png HTTP/1.1
Host: identitat-sparkasse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://identitat-sparkasse.com/verify/9cdaea5080ad142da3ae51a678c748a0/login/?
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 20:11:47 GMT
Content-Type: image/png
Content-Length: 7093
Last-Modified: Wed, 13 Nov 2019 02:50:18 GMT
Connection: close
ETag: "5dcb6f6a-1bb5"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
identitat-sparkasse.com/verify/login/form/form.js?v=63a21702da6ca
200 OK 2.8 kB URL HTTP/1.1 identitat-sparkasse.com/verify/login/form/form.js?v=63a21702da6ca
IP
ASN #204197 Duomenu apdorojimo centras LTD
Hash 88611daf02aa70cc065b25d53f53eacf
aebe1e08bd699c28824df96945926a18a78a21e8
bc50ccf9150cbc655b9ba85e7adc1fb4926baf0413d62366157e527b970d42d9
Analyzer Verdict Alert urlquery phishing Phishing - Sparkasse
urlquery phishing Phishing - Sparkasse
quad9 Sinkholed
GET /verify/login/form/form.js?v=63a21702da6ca HTTP/1.1
Host: identitat-sparkasse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://identitat-sparkasse.com/verify/9cdaea5080ad142da3ae51a678c748a0/login/?
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 20:11:47 GMT
Content-Type: application/javascript
Last-Modified: Tue, 25 Sep 2018 22:16:26 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"5baab3ba-2535"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip
identitat-sparkasse.com/verify/login/1528717408685.png
200 OK 7.0 kB URL HTTP/1.1 identitat-sparkasse.com/verify/login/1528717408685.png
IP
ASN #204197 Duomenu apdorojimo centras LTD
File type PNG image data, 97 x 120, 8-bit/color RGBA, non-interlaced\012- data
Hash 2721743c7ffbcf3723661f5ff5b83897
141885711aace84dc0f0681b5d70d647da0bb128
622cdddf9135812f42c5b6396df2b08c836819bb84d0bcd9e82e779d0a4ad469
Analyzer Verdict Alert urlquery phishing Phishing - Sparkasse
urlquery phishing Phishing - Sparkasse
openphish Generic/Spear Phishing
quad9 Sinkholed
GET /verify/login/1528717408685.png HTTP/1.1
Host: identitat-sparkasse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://identitat-sparkasse.com/verify/9cdaea5080ad142da3ae51a678c748a0/login/?
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 20:11:47 GMT
Content-Type: image/png
Content-Length: 7022
Last-Modified: Tue, 25 Sep 2018 14:55:22 GMT
Connection: close
ETag: "5baa4c5a-1b6e"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
identitat-sparkasse.com/verify/login/sparkasse_web_rg.woff
200 OK 40 kB URL HTTP/1.1 identitat-sparkasse.com/verify/login/sparkasse_web_rg.woff
IP
ASN #204197 Duomenu apdorojimo centras LTD
File type Web Open Font Format, TrueType, length 39492, version 2.2031\012- data
Hash 1ede5f0deb8374f620e3c9b987eea540
b6030ad252b75992b696f06b881be4146202af9d
a9ad5dac2a400c1fb324e09df57325568e98772618ff818ca5344b171c834aa2
Analyzer Verdict Alert urlquery phishing Phishing - Sparkasse
urlquery phishing Phishing - Sparkasse
openphish Generic/Spear Phishing
quad9 Sinkholed
GET /verify/login/sparkasse_web_rg.woff HTTP/1.1
Host: identitat-sparkasse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://identitat-sparkasse.com/verify/login/index.css
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 20:11:47 GMT
Content-Type: font/woff
Content-Length: 39492
Last-Modified: Tue, 25 Sep 2018 14:55:22 GMT
Connection: close
ETag: "5baa4c5a-9a44"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
identitat-sparkasse.com/verify/login/pictos-if.woff
200 OK 65 kB URL HTTP/1.1 identitat-sparkasse.com/verify/login/pictos-if.woff
IP
ASN #204197 Duomenu apdorojimo centras LTD
File type Web Open Font Format, TrueType, length 65388, version 1.0\012- data
Hash 02558358809437f1bb9101f9f0067ac6
92314956a48821d989df7c2f70413fb4756e283f
d6fff4dce0ed66b0ef96ec5165e4b5fa7d2d193df2537040630dd19606b7b664
Analyzer Verdict Alert urlquery phishing Phishing - Sparkasse
urlquery phishing Phishing - Sparkasse
openphish Generic/Spear Phishing
quad9 Sinkholed
GET /verify/login/pictos-if.woff HTTP/1.1
Host: identitat-sparkasse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://identitat-sparkasse.com/verify/login/index.css
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 20:11:47 GMT
Content-Type: font/woff
Content-Length: 65388
Last-Modified: Tue, 25 Sep 2018 14:55:22 GMT
Connection: close
ETag: "5baa4c5a-ff6c"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
identitat-sparkasse.com/verify/login/1507889499605.jpg
200 OK 5.7 kB URL HTTP/1.1 identitat-sparkasse.com/verify/login/1507889499605.jpg
IP
ASN #204197 Duomenu apdorojimo centras LTD
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 105x105, components 3\012- data
Hash 7b00c2b44ddd6a84e4903e4105498aef
b0afccad4c70648e49b37f6363ba78126c78c23a
4aed1efbbe0bb753684998625ef250fb40086fa7806930d159d80499a5aaf753
Analyzer Verdict Alert urlquery phishing Phishing - Sparkasse
urlquery phishing Phishing - Sparkasse
openphish Generic/Spear Phishing
quad9 Sinkholed
GET /verify/login/1507889499605.jpg HTTP/1.1
Host: identitat-sparkasse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://identitat-sparkasse.com/verify/9cdaea5080ad142da3ae51a678c748a0/login/?
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 20:11:47 GMT
Content-Type: image/jpeg
Content-Length: 5720
Last-Modified: Tue, 25 Sep 2018 14:55:22 GMT
Connection: close
ETag: "5baa4c5a-1658"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
identitat-sparkasse.com/verify/login/sparkasse_web_lt.woff
200 OK 27 kB URL HTTP/1.1 identitat-sparkasse.com/verify/login/sparkasse_web_lt.woff
IP
ASN #204197 Duomenu apdorojimo centras LTD
File type Web Open Font Format, TrueType, length 27372, version 2.2031\012- data
Hash 3a1f95e54325b864082cc99628b607e3
908f5e4670b31649c95c236958befd4f9cf9b84e
133ad01e7b25970c5cbcce3d8ffb7f23eef311c5950d9fcf27463c49e9ae3f02
Analyzer Verdict Alert urlquery phishing Phishing - Sparkasse
urlquery phishing Phishing - Sparkasse
openphish Generic/Spear Phishing
quad9 Sinkholed
GET /verify/login/sparkasse_web_lt.woff HTTP/1.1
Host: identitat-sparkasse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://identitat-sparkasse.com/verify/login/index.css
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 20:11:47 GMT
Content-Type: font/woff
Content-Length: 27372
Last-Modified: Tue, 25 Sep 2018 14:55:22 GMT
Connection: close
ETag: "5baa4c5a-6aec"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: MowD2n+MHPGaDhvwglUBQA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: fgzF3fUHHZT7iCsVCFec5/bm8Es=
identitat-sparkasse.com/verify/login/sparkasse_web_bd.woff
200 OK 40 kB URL HTTP/1.1 identitat-sparkasse.com/verify/login/sparkasse_web_bd.woff
IP
ASN #204197 Duomenu apdorojimo centras LTD
File type Web Open Font Format, TrueType, length 39736, version 2.2031\012- data
Hash 39389cced4efa9c27ebba65d0e92560d
05d8297cdb145f58954ce455f8186a72704d24b1
e3a096177fdb67dc609921050caec415a389d683674be529f2ba91f6e5514638
Analyzer Verdict Alert urlquery phishing Phishing - Sparkasse
urlquery phishing Phishing - Sparkasse
openphish Generic/Spear Phishing
quad9 Sinkholed
GET /verify/login/sparkasse_web_bd.woff HTTP/1.1
Host: identitat-sparkasse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://identitat-sparkasse.com/verify/login/index.css
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 20:11:47 GMT
Content-Type: font/woff
Content-Length: 39736
Last-Modified: Tue, 25 Sep 2018 14:55:22 GMT
Connection: close
ETag: "5baa4c5a-9b38"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
identitat-sparkasse.com/verify/login/1507888956944.png
200 OK 40 kB URL HTTP/1.1 identitat-sparkasse.com/verify/login/1507888956944.png
IP
ASN #204197 Duomenu apdorojimo centras LTD
File type PNG image data, 366 x 212, 8-bit/color RGBA, non-interlaced\012- data
Hash 8d3b08c4123563080af1701ca1e1de8f
f431946ea854f4b37c1813cd481ed90ac6c27b16
d3d6aefec9d4c8294072e8a246a45716badf57373b71990f6254b4c480245288
Analyzer Verdict Alert urlquery phishing Phishing - Sparkasse
urlquery phishing Phishing - Sparkasse
openphish Generic/Spear Phishing
quad9 Sinkholed
GET /verify/login/1507888956944.png HTTP/1.1
Host: identitat-sparkasse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://identitat-sparkasse.com/verify/9cdaea5080ad142da3ae51a678c748a0/login/?
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 20:11:48 GMT
Content-Type: image/png
Content-Length: 40338
Last-Modified: Tue, 25 Sep 2018 14:55:22 GMT
Connection: close
ETag: "5baa4c5a-9d92"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
identitat-sparkasse.com/verify/login/spk-logo-mobile.png
200 OK 5.2 kB URL HTTP/1.1 identitat-sparkasse.com/verify/login/spk-logo-mobile.png
IP
ASN #204197 Duomenu apdorojimo centras LTD
File type PNG image data, 220 x 120, 8-bit/color RGBA, non-interlaced\012- data
Hash c65e0835915ff7437f1a67888ca71667
c246d5a54c9e2646f89d8e02714568b884226a84
723733a7bb6f25194a40769ba4b2c4b4840d707bba89f745984fab9442f72141
Analyzer Verdict Alert urlquery phishing Phishing - Sparkasse
urlquery phishing Phishing - Sparkasse
openphish Generic/Spear Phishing
quad9 Sinkholed
GET /verify/login/spk-logo-mobile.png HTTP/1.1
Host: identitat-sparkasse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://identitat-sparkasse.com/verify/9cdaea5080ad142da3ae51a678c748a0/login/?
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 20:11:48 GMT
Content-Type: image/png
Content-Length: 5228
Last-Modified: Tue, 25 Sep 2018 21:46:04 GMT
Connection: close
ETag: "5baaac9c-146c"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
identitat-sparkasse.com/verify/login/tdg
200 OK 45 B URL HTTP/1.1 identitat-sparkasse.com/verify/login/tdg
IP
ASN #204197 Duomenu apdorojimo centras LTD
File type GIF image data, version 89a, 1 x 1\012- data
Hash 9323cda5b644259fe90fd8625c7e66c9
b16b47d625d876833220e756403721260923f85f
62cfb054088e29a0e576b434030c236c6101af0599e6f55cfe89b35a6186fba4
Analyzer Verdict Alert urlquery phishing Phishing - Sparkasse
urlquery phishing Phishing - Sparkasse
openphish Generic/Spear Phishing
quad9 Sinkholed
GET /verify/login/tdg HTTP/1.1
Host: identitat-sparkasse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://identitat-sparkasse.com/verify/9cdaea5080ad142da3ae51a678c748a0/login/?
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 20:11:48 GMT
Content-Length: 45
Connection: close
Last-Modified: Tue, 25 Sep 2018 14:55:22 GMT
ETag: "2d-576b34b884a80"
Accept-Ranges: bytes
identitat-sparkasse.com/verify/login/spk-logo-druck.png
200 OK 6.4 kB URL HTTP/1.1 identitat-sparkasse.com/verify/login/spk-logo-druck.png
IP
ASN #204197 Duomenu apdorojimo centras LTD
File type PNG image data, 1155 x 386, 8-bit colormap, non-interlaced\012- data
Hash a8c622aa02e3f28dfc9cf0ecc79eeba1
df7fd73efdc17be95eb86a4f0f57ab1044cf5fc8
92a47005456ffc3265cfb02b76cfb77edf109347cd59ef3c755aec4ffd4e8e85
Analyzer Verdict Alert urlquery phishing Phishing - Sparkasse
urlquery phishing Phishing - Sparkasse
openphish Generic/Spear Phishing
quad9 Sinkholed
GET /verify/login/spk-logo-druck.png HTTP/1.1
Host: identitat-sparkasse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://identitat-sparkasse.com/verify/9cdaea5080ad142da3ae51a678c748a0/login/?
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 20:11:48 GMT
Content-Type: image/png
Content-Length: 6357
Last-Modified: Tue, 25 Sep 2018 14:55:22 GMT
Connection: close
ETag: "5baa4c5a-18d5"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
identitat-sparkasse.com/verify/home.php?pl=token&link=sparkase.de&bid=9cdaea5080ad142da3ae51a678c748a0&callback=jQuery321049876950771992756_1671567115180&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1671567115181
200 OK 76 B URL HTTP/1.1 identitat-sparkasse.com/verify/home.php?pl=token&link=sparkase.de&bid=9cdaea5080ad142da3ae51a678c748a0&callback=jQuery321049876950771992756_1671567115180&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1671567115181
IP
ASN #204197 Duomenu apdorojimo centras LTD
File type ASCII text, with no line terminators
Hash 9ce3de8ee2e988e10b6879d62a6a3175
a2b16fe8749fccfd56d060c7faf01b8842509cb2
85076b9721da488eb52f02bfa92339b9ae20eaee6d6461546cae381c0432f274
Analyzer Verdict Alert openphish Generic/Spear Phishing
quad9 Sinkholed
GET /verify/home.php?pl=token&link=sparkase.de&bid=9cdaea5080ad142da3ae51a678c748a0&callback=jQuery321049876950771992756_1671567115180&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1671567115181 HTTP/1.1
Host: identitat-sparkasse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://identitat-sparkasse.com/verify/9cdaea5080ad142da3ae51a678c748a0/login/?
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 20:11:48 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: close
Content-Encoding: gzip
identitat-sparkasse.com/verify/home.php?pl=token&link=sparkase.de&bid=9cdaea5080ad142da3ae51a678c748a0&callback=jQuery321049876950771992756_1671567115182&data=%7B%22mes%22%3A%22User%20on%20Login%20page%22%7D&_=1671567115183
200 OK 76 B URL HTTP/1.1 identitat-sparkasse.com/verify/home.php?pl=token&link=sparkase.de&bid=9cdaea5080ad142da3ae51a678c748a0&callback=jQuery321049876950771992756_1671567115182&data=%7B%22mes%22%3A%22User%20on%20Login%20page%22%7D&_=1671567115183
IP
ASN #204197 Duomenu apdorojimo centras LTD
File type ASCII text, with no line terminators
Hash 79fe8b63e7055cbca50ca7eda4691f05
78d74032ef2c0f742b713c4060a7b78e89f42ed5
2fd2f9fc7fa552011c64461b16a89777d17486e12f52511773b506566d5de953
Analyzer Verdict Alert openphish Generic/Spear Phishing
quad9 Sinkholed
GET /verify/home.php?pl=token&link=sparkase.de&bid=9cdaea5080ad142da3ae51a678c748a0&callback=jQuery321049876950771992756_1671567115182&data=%7B%22mes%22%3A%22User%20on%20Login%20page%22%7D&_=1671567115183 HTTP/1.1
Host: identitat-sparkasse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://identitat-sparkasse.com/verify/9cdaea5080ad142da3ae51a678c748a0/login/?
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 20:11:48 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: close
Content-Encoding: gzip
identitat-sparkasse.com/verify/login/favicon1x.png
200 OK 296 B URL HTTP/1.1 identitat-sparkasse.com/verify/login/favicon1x.png
IP
ASN #204197 Duomenu apdorojimo centras LTD
File type MS Windows icon resource - 1 icon, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel\012- data
Hash 47eb2096b512df6bf2295ef2b3ff1bbf
4110aab4d22d8337dbfdb71051f46dc5d4b226a1
e5f816492f591a3d16c6468aaee7710c96f401939fa1041cd78f29a4b80395a1
Analyzer Verdict Alert urlquery phishing Phishing - Sparkasse
urlquery phishing Phishing - Sparkasse
openphish Generic/Spear Phishing
quad9 Sinkholed
GET /verify/login/favicon1x.png HTTP/1.1
Host: identitat-sparkasse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://identitat-sparkasse.com/verify/9cdaea5080ad142da3ae51a678c748a0/login/?
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 20:11:48 GMT
Content-Type: image/png
Content-Length: 296
Last-Modified: Tue, 25 Sep 2018 14:55:22 GMT
Connection: close
ETag: "5baa4c5a-128"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 746409a88b1342fe7b570306c302c71e
e08a7bf55e08a498f2eed6a35b90107fc0bdb303
9352308fd047bafceddfaf2a9a6eab650593f16ff5632330a4bf745750704650
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9352308FD047BAFCEDDFAF2A9A6EAB650593F16FF5632330A4BF745750704650"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6088
Expires: Tue, 20 Dec 2022 21:53:17 GMT
Date: Tue, 20 Dec 2022 20:11:49 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 746409a88b1342fe7b570306c302c71e
e08a7bf55e08a498f2eed6a35b90107fc0bdb303
9352308fd047bafceddfaf2a9a6eab650593f16ff5632330a4bf745750704650
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9352308FD047BAFCEDDFAF2A9A6EAB650593F16FF5632330A4BF745750704650"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6088
Expires: Tue, 20 Dec 2022 21:53:17 GMT
Date: Tue, 20 Dec 2022 20:11:49 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 746409a88b1342fe7b570306c302c71e
e08a7bf55e08a498f2eed6a35b90107fc0bdb303
9352308fd047bafceddfaf2a9a6eab650593f16ff5632330a4bf745750704650
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9352308FD047BAFCEDDFAF2A9A6EAB650593F16FF5632330A4BF745750704650"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6088
Expires: Tue, 20 Dec 2022 21:53:17 GMT
Date: Tue, 20 Dec 2022 20:11:49 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 746409a88b1342fe7b570306c302c71e
e08a7bf55e08a498f2eed6a35b90107fc0bdb303
9352308fd047bafceddfaf2a9a6eab650593f16ff5632330a4bf745750704650
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9352308FD047BAFCEDDFAF2A9A6EAB650593F16FF5632330A4BF745750704650"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6088
Expires: Tue, 20 Dec 2022 21:53:17 GMT
Date: Tue, 20 Dec 2022 20:11:49 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 746409a88b1342fe7b570306c302c71e
e08a7bf55e08a498f2eed6a35b90107fc0bdb303
9352308fd047bafceddfaf2a9a6eab650593f16ff5632330a4bf745750704650
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9352308FD047BAFCEDDFAF2A9A6EAB650593F16FF5632330A4BF745750704650"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6088
Expires: Tue, 20 Dec 2022 21:53:17 GMT
Date: Tue, 20 Dec 2022 20:11:49 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d762722-a130-4c65-99b1-2f6fb91155e5.jpeg
200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d762722-a130-4c65-99b1-2f6fb91155e5.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c7ac0b5738bab6b4ed770c26ca922250
e56fd4ee2f5354a54a6271db2be528f98eecd3d7
5997d5be6bbeb189ef08af2f6c6dd5bb0cfa70ad7b40daab8712efe5adc2c6e1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d762722-a130-4c65-99b1-2f6fb91155e5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8450
x-amzn-requestid: a9f11c68-8327-46ba-9075-e316a2f9fdbb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dabr3FoSIAMFdtQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a0d97e-61b788f5675fe0e815e1e967;Sampled=0
x-amzn-remapped-date: Mon, 19 Dec 2022 21:37:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: _nupdrdRDG-S085FRNoJgzDQVg9Ngb_nYDR5C1AkkterWy8vlXBxGw==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 ac463f3377446e4c603deca30feb744a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Dec 2022 21:45:54 GMT
age: 80755
etag: "e56fd4ee2f5354a54a6271db2be528f98eecd3d7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e977b0b-6e7d-42dd-9743-5064708ab1e0.jpeg
200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e977b0b-6e7d-42dd-9743-5064708ab1e0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b5da803c751be159f0f5b3c2f65bd2b6
39139480cfc2ed0781b51745bfaabed4490aa0db
920ee464843101c638327866fbfcc9c7f00fc19b7cdbc8948fbe53d2b6fb4ed3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e977b0b-6e7d-42dd-9743-5064708ab1e0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7876
x-amzn-requestid: 668c95f2-a1b1-4abd-9f4e-23d05c4998a5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: da270EFlIAMFR5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a10518-56d6db4f4cff1b4e08b87046;Sampled=0
x-amzn-remapped-date: Tue, 20 Dec 2022 00:43:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: U9cES2VDr79vF5gBfhG-5ZyHa8WVqEti4ZGHsBerkxIkeSWsPhC-jA==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 ea699166e6ec77aa410ff505b0a8ce18.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Dec 2022 01:06:15 GMT
age: 68734
etag: "39139480cfc2ed0781b51745bfaabed4490aa0db"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2ded193-0301-4ad3-a888-72c52212ad95.jpeg
200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2ded193-0301-4ad3-a888-72c52212ad95.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bfd0e913579b4ff2f511223d70cb01fb
497e0ffef816e100e6ddc221ec17d5f389c1142a
bee68ae1a938a5111a32dab4ec4f6964994e6c39143eac9ab94d6c5e29999372
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2ded193-0301-4ad3-a888-72c52212ad95.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5185
x-amzn-requestid: 3087af97-3f2d-4848-b297-eba8d84f10c5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dT10YHv8oAMF2sg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639e3682-7527022d4bd9c15518fe75cc;Sampled=0
x-amzn-remapped-date: Sat, 17 Dec 2022 21:37:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: _WKAnv-iFrsEA9lFq4adBmRVdSk9-FQVF_cFCDhpM1_LMDdt_vPwhQ==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Dec 2022 21:39:07 GMT
age: 81162
etag: "497e0ffef816e100e6ddc221ec17d5f389c1142a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2f35059-99cc-477d-9e68-c3a035d125df.jpeg
200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2f35059-99cc-477d-9e68-c3a035d125df.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bba7c67bdc57d1fe2870ebd4ee9fd5c9
127850560e258665ca8074757c1b66f680d2bd78
9edd765e65644edfe4221352225cb89ebe98fa451d9528b8b614d594a20e100d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2f35059-99cc-477d-9e68-c3a035d125df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9265
x-amzn-requestid: d84f905b-7faf-409a-b188-4b8cf06b9e4f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: da4KJGx9oAMFrQg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a1070d-43152d9651bcb4a15ffe1cfa;Sampled=0
x-amzn-remapped-date: Tue, 20 Dec 2022 00:51:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: uGYoskcC2ev3JFxsBZGglmBiCCWmjo5Xg2zqe5925zArdzRk5QtuTQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 c5c7edc18be1805f007e0576da02e554.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Dec 2022 01:14:29 GMT
etag: "127850560e258665ca8074757c1b66f680d2bd78"
content-type: image/jpeg
age: 68240
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82b028aa-d0e3-4082-a385-1385bc5c6e06.jpeg
200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82b028aa-d0e3-4082-a385-1385bc5c6e06.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 045f016fb66e6e0d1da1fb742d9b19a7
8f98bf2cedfccfce71464a733e2fd37482fd71c2
593cf38d1c2c315ff23fcda60e41141caa0266874f36a0c517554ca01ea51f12
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82b028aa-d0e3-4082-a385-1385bc5c6e06.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9216
x-amzn-requestid: 460a95bf-5724-4bea-b6c1-f6ce263da5e7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dabq8FXboAMFwCQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a0d979-70340469247cdcf952a98c3e;Sampled=0
x-amzn-remapped-date: Mon, 19 Dec 2022 21:36:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: utr-CdnBX5-MjBHX3PW6rdC06JzmIvfrj9FOrQtOUDd91_Fo4wVzGg==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 a3b5bb90516201e5ddd137696b7b0f50.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Dec 2022 21:45:55 GMT
age: 80754
etag: "8f98bf2cedfccfce71464a733e2fd37482fd71c2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe7b99ff1-3a90-4792-98d7-d8a29855c0b3.jpeg
200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe7b99ff1-3a90-4792-98d7-d8a29855c0b3.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 49a98c00b1949e152b5f31c588a76a63
1315068dfd111f24e39d14434c719ef10328bfbf
6f67099495261e1114eeca46d2afd3c0bc6921fbc20a6e3e78c4af5d1c9edbc2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe7b99ff1-3a90-4792-98d7-d8a29855c0b3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9593
x-amzn-requestid: 3a50abdf-4974-4f53-bdc6-5c15a84fea65
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: da6rNHYQoAMFdzg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a10b14-40a012f068ef226f07b54875;Sampled=0
x-amzn-remapped-date: Tue, 20 Dec 2022 01:08:36 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: vr3KPzYtoXK8ovd6YeEi1sRG-q4ukS9YoGtJeT44Wu5E-yvDTfP5Fg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 3236f234d59c0fda99b416088c283260.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Dec 2022 01:28:13 GMT
age: 67416
etag: "1315068dfd111f24e39d14434c719ef10328bfbf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
identitat-sparkasse.com/verify/home.php?pl=token&link=sparkase.de&bid=9cdaea5080ad142da3ae51a678c748a0&callback=jQuery321049876950771992756_1671567115182&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1671567115184
200 OK 76 B URL HTTP/1.1 identitat-sparkasse.com/verify/home.php?pl=token&link=sparkase.de&bid=9cdaea5080ad142da3ae51a678c748a0&callback=jQuery321049876950771992756_1671567115182&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1671567115184
IP
ASN #204197 Duomenu apdorojimo centras LTD
File type ASCII text, with no line terminators
Hash 79fe8b63e7055cbca50ca7eda4691f05
78d74032ef2c0f742b713c4060a7b78e89f42ed5
2fd2f9fc7fa552011c64461b16a89777d17486e12f52511773b506566d5de953
Analyzer Verdict Alert openphish Generic/Spear Phishing
quad9 Sinkholed
GET /verify/home.php?pl=token&link=sparkase.de&bid=9cdaea5080ad142da3ae51a678c748a0&callback=jQuery321049876950771992756_1671567115182&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1671567115184 HTTP/1.1
Host: identitat-sparkasse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://identitat-sparkasse.com/verify/9cdaea5080ad142da3ae51a678c748a0/login/?
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 20 Dec 2022 20:11:53 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: close
Content-Encoding: gzip
5.178.2.115
35.241.9.150
93.184.220.29
23.36.77.32