Report - notification.builderallwppro.com/dee0/dechu/Verifiera_din

Report Overview

Submitted URL
notification.builderallwppro.com/dee0/dechu/Verifiera_din_leveransadress/
IP
65.111.164.149
ASN
#15083 INFOLINK-MIA
Submitted
2023-02-01 10:09:51
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
26

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	44.226.39.149
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	64 kB	34.120.237.76
www.google-analytics.com	40	2012-10-03T03:04:21Z	2023-03-13T07:36:03Z	388 B	21 kB	142.250.74.110
unpkg.com	11693	2016-01-08T00:26:01Z	2023-03-13T08:09:51Z	1.2 kB	1.6 kB	104.16.125.175
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	1.4 kB	2.8 kB	142.250.74.131
www.googletagmanager.com	75	2013-05-22T04:07:37Z	2023-03-13T08:28:24Z	397 B	63 kB	142.250.74.40
stats.g.doubleclick.net	96	2013-06-10T22:21:11Z	2023-03-13T08:02:41Z	636 B	607 B	64.233.162.156
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2.7 kB	7.1 kB	23.36.77.32
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
tags.tiqcdn.com	969	2013-01-15T06:04:26Z	2023-03-13T05:18:20Z	419 B	520 B	23.38.200.249
notification.builderallwppro.com	unknown	2023-01-30T01:34:37Z	2023-02-02T19:35:17Z	4.9 kB	247 kB	65.111.164.149
region1.google-analytics.com	unknown	2022-03-17T12:26:33Z	2023-03-13T05:09:18Z	1.0 kB	462 B	216.239.32.36
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
www.post.ch	513731	2012-06-25T18:03:17Z	2023-03-11T17:48:28Z	1.7 kB	58 kB	194.41.184.148
fonts.post.ch	763813	2019-10-29T12:30:56Z	2023-03-11T17:48:29Z	1.6 kB	95 kB	194.41.184.89

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-01-31	medium	notification.builderallwppro.com/dee0/dechu/Verifiera_din_leveransadress/	PostFinance

PhishTank

Scan Date	Severity	Indicator	Alert
2023-01-31	medium	notification.builderallwppro.com/dee0/dechu/Verifiera_din_leveransadress/	Other

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-01-31	medium	builderallwppro.com	Sinkholed
2023-01-31	medium	builderallwppro.com	Sinkholed
2023-01-31	medium	builderallwppro.com	Sinkholed
2023-01-31	medium	builderallwppro.com	Sinkholed
2023-01-31	medium	builderallwppro.com	Sinkholed
2023-01-31	medium	builderallwppro.com	Sinkholed
2023-01-31	medium	builderallwppro.com	Sinkholed
2023-01-31	medium	builderallwppro.com	Sinkholed
2023-01-31	medium	builderallwppro.com	Sinkholed
2023-01-31	medium	builderallwppro.com	Sinkholed
2023-01-31	medium	builderallwppro.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (28)

	URL	Size	First Seen	Last Seen
	tags.tiqcdn.com/utag/schweizerischepost/postportal/prod/utag.sync.js	109 B	2023-03-13	2023-03-13
Pretty URL tags.tiqcdn.com/utag/schweizerischepost/postportal/prod/utag.sync.js IP 23.38.200.249 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 03:50:03 Last Seen2023-03-13 14:23:58 Times Seen1 Hash b382a82f881dccc352a7dfb651952c7a 352a58cd79392c8593999f5dd45968ed039491be 5ca19dd6adc1cf82e4cae4c8161547b7216c55bf6356b60131061b5dfdb48f9f Loading...

	notification.builderallwppro.com/dee0/dechu/Verifiera_din_leveransadress/Files/staticasset	11 kB	2023-03-13	2023-05-22
Pretty URL notification.builderallwppro.com/dee0/dechu/Verifiera_din_leveransadress/Files/staticasset IP 65.111.164.149 ASN #15083 INFOLINK-MIA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 13:49:17 Last Seen2023-05-22 04:39:01 Times Seen10 Hash 31434b7a377d89ebda5888d96b5c376e 7b3b4ca906ce38c4f2376c3b5350c43ba798e376 f11f38e78440aaef27e2c9787486287837d09a5920bfd05cc1f602f7f2204410 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-K25QCX2&l=dataLayer	120 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-K25QCX2&l=dataLayer IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 14:05:41 Last Seen2023-03-13 14:05:41 Times Seen1 Hash 98f7b0dee8364ead36c8a5df058d2f12 fd10ece3d2ab2877ee8c236c07bad87f2c3110e3 bf46d28e79e6957451afae873f2bec8b5782bc207e40601b21315b6b6d27b88f Loading...

	unpkg.com/imask	138 kB	2023-03-08	2023-10-24
Pretty URL unpkg.com/imask IP 104.16.125.175 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:26:52 Last Seen2023-10-24 16:21:44 Times Seen30 Hash 9922107c70833dc00b85c3dcfaadc982 2aa4985f163ef58e66cc20f5d5ce9b299b1198dd 0a4c2ecf677f70d4d9d1b3ef31558bb18a0bee17b8f1f38ce5ca65f8871118ba Loading...

	www.googletagmanager.com/gtm.js?id=GTM-WKSKHGJ	190 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-WKSKHGJ IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 14:05:41 Last Seen2023-03-13 14:05:41 Times Seen1 Hash 5dc5d038561512cb782079ef2c799507 252ea5b92a971a41349db2d9e5d8a10983b11287 78deda87b0800411c1066a58f1ba4628b605c431dbb408b2c30d21721a535ede Loading...

	www.googletagmanager.com/gtm.js?id=GTM-TK76FKH&l=dataLayer	270 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-TK76FKH&l=dataLayer IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 14:05:41 Last Seen2023-03-13 14:05:41 Times Seen1 Hash 672358ff94d47f47a9559456443c6b41 b8b08d6198118a7eacbe484ea546a7b47ed1fa38 69c11d85b76a27c58670e27322b171d1c5efcf19769e04e1745059969f1f3e90 Loading...

	www.post.ch/assets-portal/js/head.min.js?v=e7a971ebef6f9a335c2eca8c94ac4825	3.3 kB	2023-03-08	2024-01-18
Pretty URL www.post.ch/assets-portal/js/head.min.js?v=e7a971ebef6f9a335c2eca8c94ac4825 IP 194.41.184.148 ASN #12511 Die Schweizerische Post AG Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:49:14 Last Seen2024-01-18 10:49:20 Times Seen66 Hash 6d3152045a4ae617a3f7d4784a2bfae0 b414174488cedf0c9da58dc8fd11b073f4812991 55f66e591f4960477c6012c6d4d72dc00392b9c2dac009eb2f6e1ec736f0a9fd Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-12	2024-04-15
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.110 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 21:46:21 Last Seen2024-04-15 18:54:35 Times Seen35101 Hash 54e51056211dda674100cc5b323a58ad 26dc5034cb6c7f3bbe061edd37c7fc6006cb835b 5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de Loading...

	notification.builderallwppro.com/dee0/dechu/Verifiera_din_leveransadress/	448 B	2023-03-08	2024-01-18
Pretty URL notification.builderallwppro.com/dee0/dechu/Verifiera_din_leveransadress/ IP 65.111.164.149 ASN #15083 INFOLINK-MIA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 19:38:25 Last Seen2024-01-18 10:49:18 Times Seen15 Hash c14004676f626ddf06b9f085c32d7be2 93e538a96acf98001fa51289a19cac2360a884b1 a5e6e7832ae26a8eaa9affdd771a0b80a740252425f700ca776fe96213f3e1d4 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-N85NWPK&l=dataLayer	137 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-N85NWPK&l=dataLayer IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 14:05:41 Last Seen2023-03-13 14:05:44 Times Seen1 Hash 93c823acb97ffbddba24142ccfe0979c 7a0e56507810ed96c82f2390a38a03421655a295 066e47b9b648e96f0413755755642642d67c47c2545f4b9b044522937c840787 Loading...

	notification.builderallwppro.com/dee0/dechu/Verifiera_din_leveransadress/	862 B	2023-03-08	2024-03-13
Pretty URL notification.builderallwppro.com/dee0/dechu/Verifiera_din_leveransadress/ IP 65.111.164.149 ASN #15083 INFOLINK-MIA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 19:38:25 Last Seen2024-03-13 16:47:16 Times Seen34 Hash de5daea21eff6823332f1b23f50eedd6 dd829e964789e138df7479bda4c58a0e8d007e1b a852732632dcedfd580d7d938acb0b3c38fa11d171f7d85900c452d3751fd040 Loading...

	www.googletagmanager.com/gtag/js?id=G-NKBFQY6H40&l=dataLayer&cx=c	185 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=G-NKBFQY6H40&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 14:05:41 Last Seen2023-03-13 14:05:43 Times Seen1 Hash 8acd47d6d53f5165da47c3762b6fb1ff 438404f41442ce19de0ca37866becb87fe0379b3 19d808b1533afb59d4034bfb97870968cfffaab6673b0606b348657797f4170a Loading...

	www.post.ch/assets-portal/js/main.min.js?v=e7a971ebef6f9a335c2eca8c94ac4825	188 kB	2023-03-13	2023-08-29
Pretty URL www.post.ch/assets-portal/js/main.min.js?v=e7a971ebef6f9a335c2eca8c94ac4825 IP 194.41.184.148 ASN #12511 Die Schweizerische Post AG Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 13:49:17 Last Seen2023-08-29 03:01:36 Times Seen5 Hash e0af93c716150f52ef91cb41f17e2978 6070e8f208d65bc45cb09abad11156fa69dfb13b a238659d42f3e13f9fa021d317994445752e7017704486fc7c86e241ee6ae664 Loading...

	notification.builderallwppro.com/dee0/dechu/Verifiera_din_leveransadress/	515 B	2023-03-13	2023-05-22
Pretty URL notification.builderallwppro.com/dee0/dechu/Verifiera_din_leveransadress/ IP 65.111.164.149 ASN #15083 INFOLINK-MIA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 13:49:16 Last Seen2023-05-22 04:39:00 Times Seen5 Hash f2e3083846faab701ddbaa25ea952c01 1ce971698f3b34a6ae6b0ebd313b993d2bf841fe b0c37e5fffde948aab1d5d11fb1e53e3cf89f7c9b946a4f74ee2364bdda9f421 Loading...

	notification.builderallwppro.com/dee0/dechu/Verifiera_din_leveransadress/	139 B	2023-03-13	2023-03-26
Pretty URL notification.builderallwppro.com/dee0/dechu/Verifiera_din_leveransadress/ IP 65.111.164.149 ASN #15083 INFOLINK-MIA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 13:49:17 Last Seen2023-03-26 03:14:49 Times Seen2 Hash d22b4af29810908ef4c8c2d2dba6ca6f 9aa246fca64a7d21ea4b879e9f9a7dc2f1037fae ab7a2fb7b3dfb2186949d1a8f1c9c06fa4b410f12edcd4124beb6519e0a09b92 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 78b81c560b0cf80a1fe6cde2e53fa610	248 B	2023-03-09	2023-03-26
Pretty Observations First Seen2023-03-09 14:58:15 Last Seen2023-03-26 03:14:49 Times Seen2 Hash 78b81c560b0cf80a1fe6cde2e53fa610 c078c66de56e3db9cd8844586bed6f030464b1bf 1f5dafd08d99e2a48c73b0386906409396693329d59fca1140417c2019f6e7ba Loading...

	#2 Eval - 20dcd58e770a470c827c840c5db95f23	43 B	2023-03-07	2024-04-23
Pretty Observations First Seen2023-03-07 12:55:10 Last Seen2024-04-23 09:58:20 Times Seen1294 Hash 20dcd58e770a470c827c840c5db95f23 e3c25cd4d1dcdc26fd6b5e670ca893cd06479c5d 79db7032ffc2ce206ab5a0a82b5bdb8e69fa36a77510276616ecd94d8dca6d53 Loading...

	#3 Eval - 5fb2ce43c0ea997a0ab62856739cc7fe	71 B	2023-03-07	2024-04-22
Pretty Observations First Seen2023-03-07 12:05:33 Last Seen2024-04-22 14:06:01 Times Seen106 Hash 5fb2ce43c0ea997a0ab62856739cc7fe fb1961efa280fe718e886d10dfd72e3f5d37b9eb a430701efd987bfffc98f2bc6b8d3e93f616e805c4818070ff7d9d456428b4bd Loading...

	#4 Eval - bb3657239207880af85db0fc82bb7774	1.2 kB	2023-03-09	2023-03-26
Pretty Observations First Seen2023-03-09 14:58:15 Last Seen2023-03-26 03:14:49 Times Seen2 Hash bb3657239207880af85db0fc82bb7774 ff119fcf49ed74b8ae32f6677c0dc81bae4f03f4 5fa92fded4ba5ac122e18aa09e1ee9299eb1bd348d55b1441037277ad66caf18 Loading...

	#5 Eval - fc01f23fd8a619e0ea574b389e768de1	137 B	2023-03-09	2023-03-26
Pretty Observations First Seen2023-03-09 14:58:15 Last Seen2023-03-26 03:14:49 Times Seen2 Hash fc01f23fd8a619e0ea574b389e768de1 d5c1ab1a76fd5215845f4c16fa0b38d39b536b71 b9c0837d67d54b397eb4d8551edb385ca7df89e1f15dcde527d301d67bbe2bcf Loading...

	#6 Eval - 36c48c9282035ea0542eaddbcfbdff21	1.2 kB	2023-03-09	2023-03-26
Pretty Observations First Seen2023-03-09 14:58:15 Last Seen2023-03-26 03:14:49 Times Seen2 Hash 36c48c9282035ea0542eaddbcfbdff21 7444eb49f42821fd86862053ea18e84e827e1aee 2d50eee2de8d51ddf0bb8d96b3f078ce4c926209763ac60b337b9fcd8005a499 Loading...

	#7 Eval - 3e9eb0c95b2d7d0d1b1f8327932bbbd5	171 B	2023-03-09	2023-03-26
Pretty Observations First Seen2023-03-09 14:58:15 Last Seen2023-03-26 03:14:49 Times Seen2 Hash 3e9eb0c95b2d7d0d1b1f8327932bbbd5 f9341cce70694b7d9c24f8ae15059ccd99c22695 960df396e4259829920861078392af328afca38dc485f8f824f0236e1304f943 Loading...

	#8 Eval - 55a8b32932ab40f00dd85d9c0807f22a	1.8 kB	2023-03-08	2023-03-26
Pretty Observations First Seen2023-03-08 07:49:14 Last Seen2023-03-26 03:14:53 Times Seen4 Hash 55a8b32932ab40f00dd85d9c0807f22a df150f7ae0ebc0aa9aa089e4ff1220fa3768a6a6 fee77aaa2671e135fc53a17d324d8e96cab198675675d243d1a017cb45297396 Loading...

	#9 Eval - b2154205d0611b30b62d35d2c6799872	246 B	2023-03-13	2023-03-26
Pretty Observations First Seen2023-03-13 13:49:17 Last Seen2023-03-26 03:14:49 Times Seen2 Hash b2154205d0611b30b62d35d2c6799872 b172d4c70b94904220d7916bd8f42a426e61a1d5 fe0597d87b3b35010367ef649c51acfc6c60a3da27c52771debbdc864d235695 Loading...

	#10 Eval - 8ddba9e78f79bbd0078ed442936e54cf	58 B	2023-03-07	2024-03-06
Pretty Observations First Seen2023-03-07 14:37:09 Last Seen2024-03-06 19:22:00 Times Seen37 Hash 8ddba9e78f79bbd0078ed442936e54cf c01aa253b9a8c76d4bfa466d9f9ab0af9803bcad cef6317e4b87f09ff8e6fc3c1821477f838485b78c5a3f93ca7f4566b89ea76f Loading...

	#11 Eval - 73575845a3c1eac6ff2dd05191490c86	227 B	2023-03-09	2023-03-26
Pretty Observations First Seen2023-03-09 14:58:15 Last Seen2023-03-26 03:14:49 Times Seen2 Hash 73575845a3c1eac6ff2dd05191490c86 19e5b501f00c8df301ba08f347064873c38b3df2 5ebd93e2bde2454be35f29236efd1cc368ce5648cfba4eba6f0769eba86078ad Loading...

	#12 Eval - 782df48863ac47c3e5c107a21bb1981f	300 B	2023-03-07	2024-04-21
Pretty Observations First Seen2023-03-07 01:03:19 Last Seen2024-04-21 22:16:48 Times Seen2219 Hash 782df48863ac47c3e5c107a21bb1981f b168ef536a75014f6ae9f2a57d66d069b7dfa56a d41e1dcde991113b31463b01bf26258e4a9ff50dc530bd1a66eb61d1c685bb7f Loading...

	#13 Eval - 441fc886b368adcf89da8c1f3baa4df0	248 B	2023-03-13	2023-05-10
Pretty Observations First Seen2023-03-13 13:49:17 Last Seen2023-05-10 17:49:33 Times Seen3 Hash 441fc886b368adcf89da8c1f3baa4df0 d1ce485022c3fb44d965af740da78363c7e5dba8 9480596d31b866cee32773b9bb5116f5642eae2788d3e61f13f6f59d06228258 Loading...

HTTP Transactions (49)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7e05c8461bd2dc5a149f71e2c465ea29
705983959c887e243cb55a8a1796757b579ee977
4d9ea085d5dda9dabed11af9847c2b0aa6182358673b356a4e2bd631e22a9922

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4D9EA085D5DDA9DABED11AF9847C2B0AA6182358673B356A4E2BD631E22A9922"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9957
Expires: Wed, 01 Feb 2023 12:55:37 GMT
Date: Wed, 01 Feb 2023 10:09:40 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
0c35c3ec659d3a26ea97e68d787bb043
d97e3672244efec5b7814f2d8a734cd1a9387854
4c946a026114ff05316d92277750facf3d5f5d162839149da0b7fb1a4cff6b5e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4C946A026114FF05316D92277750FACF3D5F5D162839149DA0B7FB1A4CFF6B5E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2695
Expires: Wed, 01 Feb 2023 10:54:35 GMT
Date: Wed, 01 Feb 2023 10:09:40 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
09ee4b0fe6cf4ca5ed31b24452338d00
7e62b6e20f0d4737f4a8d94f9818a0883027839e
56da08e18a408d7313de4e598984a251a0ecf85bbba98b421be9aebeb98835af

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "56DA08E18A408D7313DE4E598984A251A0ECF85BBBA98B421BE9AEBEB98835AF"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5788
Expires: Wed, 01 Feb 2023 11:46:08 GMT
Date: Wed, 01 Feb 2023 10:09:40 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 01 Feb 2023 09:36:01 GMT
content-type: application/json
age: 2019
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 6XvJsG94TSZFkbn4XSq4Zf8R/0sgx0B2Z9bgIBw7MSXSLEdYKFgdvRPNn1Bzd9FeKLUcbqodOaw=
x-amz-request-id: T8T9VBVACFJ9KN6A
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 01 Feb 2023 09:51:31 GMT
age: 1089
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 10:09:40 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 01 Feb 2023 09:41:42 GMT
age: 1678
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
22b9916fc1fafc9bdc9bb37f9eac8a9a
86f640e134a741a0f906a8e3a0f5c6659dd0e394
a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3181
Expires: Wed, 01 Feb 2023 11:02:41 GMT
Date: Wed, 01 Feb 2023 10:09:40 GMT
Connection: keep-alive

push.services.mozilla.com/

44.226.39.149

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
44.226.39.149:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: MAbddkg8pX0hfAI3GHHYOg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ZuD2dwNTTQtUWeq0fzBppF3TPco=

tags.tiqcdn.com/utag/schweizerischepost/postportal/prod/utag.sync.js

23.38.200.249

200 OK

118 B

URL HTTP/2
tags.tiqcdn.com/utag/schweizerischepost/postportal/prod/utag.sync.js
IP
23.38.200.249:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
118 B (118 bytes)
Hash
66cfad4336c3530f695b8fa703b06b14
b1cad42523918036b688d38020c3ac907c9cf496
1c10597970f54dd05abd66fbc0d4e084b99d487c5423b7ebd9e8658eb95af277

HTTP Headers

GET /utag/schweizerischepost/postportal/prod/utag.sync.js HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://notification.builderallwppro.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "b382a82f881dccc352a7dfb651952c7a:1674134910.236365"
last-modified: Thu, 19 Jan 2023 13:28:30 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 118
cache-control: max-age=300
expires: Wed, 01 Feb 2023 10:14:41 GMT
date: Wed, 01 Feb 2023 10:09:41 GMT
X-Firefox-Spdy: h2

notification.builderallwppro.com/dee0/dechu/Verifiera_din_leveransadress/Files/staticasset

65.111.164.149

200 OK

11 kB

URL HTTP/1.1
notification.builderallwppro.com/dee0/dechu/Verifiera_din_leveransadress/Files/staticasset
IP
65.111.164.149:0
ASN
#15083 INFOLINK-MIA

File type
HTML document text\012- HTML document, ASCII text, with very long lines (10997), with no line terminators
Size
11 kB (10997 bytes)
Hash
31434b7a377d89ebda5888d96b5c376e
7b3b4ca906ce38c4f2376c3b5350c43ba798e376
f11f38e78440aaef27e2c9787486287837d09a5920bfd05cc1f602f7f2204410

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /dee0/dechu/Verifiera_din_leveransadress/Files/staticasset HTTP/1.1
Host: notification.builderallwppro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://notification.builderallwppro.com/
Connection: keep-alive

HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 10:09:41 GMT
Server: Apache/2.4.38 (Debian)
Strict-Transport-Security: max-age=15768000
Last-Modified: Tue, 10 May 2022 19:07:16 GMT
Accept-Ranges: bytes
Content-Length: 10997
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c004ef398fc2138876eac9e202e6e7c9
9b695108fe043113ee8dc3369be58234f1a73323
ab71d4c6d64f3c7a0114070414615b26843c22de34b0f04c9ad932ca112031c7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 10:09:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtm.js?id=GTM-WKSKHGJ

142.250.74.40

200 OK

63 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-WKSKHGJ
IP
142.250.74.40:0
ASN
#15169 GOOGLE

File type
Unicode text, UTF-8 text, with very long lines (19077)
Size
63 kB (62757 bytes)
Hash
ebd63e2a114cdaa4aab6453a6633cee5
860703616c296da44557a91b248bb7b0278fc588
ef51177b7e76b53fd5099d6d63fbc17002ed362a3e4c65cf746136e31b0d09fe

HTTP Headers

GET /gtm.js?id=GTM-WKSKHGJ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://notification.builderallwppro.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 01 Feb 2023 10:09:41 GMT
expires: Wed, 01 Feb 2023 10:09:41 GMT
cache-control: private, max-age=900
last-modified: Wed, 01 Feb 2023 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 62757
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c004ef398fc2138876eac9e202e6e7c9
9b695108fe043113ee8dc3369be58234f1a73323
ab71d4c6d64f3c7a0114070414615b26843c22de34b0f04c9ad932ca112031c7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 10:09:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.post.ch/assets-portal/js/main.min.js?v=e7a971ebef6f9a335c2eca8c94ac4825

194.41.184.148

200 OK

50 kB

URL HTTP/1.1
www.post.ch/assets-portal/js/main.min.js?v=e7a971ebef6f9a335c2eca8c94ac4825
IP
194.41.184.148:0
ASN
#12511 Die Schweizerische Post AG

File type
Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Size
50 kB (50426 bytes)
Hash
ef4ceef4157cfbde5425334a4cf0b8ee
a15865950988f7b2ff573b56793a0a1deb2b5740
c5689a9962601251892627283e3f5f1d92f7801d77a95d64cd02854eb0f7cb11

HTTP Headers

GET /assets-portal/js/main.min.js?v=e7a971ebef6f9a335c2eca8c94ac4825 HTTP/1.1
Host: www.post.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://notification.builderallwppro.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Tue, 24 Jan 2023 10:20:39 GMT
Server: Delivery3
Strict-Transport-Security: max-age=31536000
Set-Cookie: ittrksessid=b49884a7.5f3a0a595aa4e;HttpOnly;Secure; path=/
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
X-Content-Type-Options: nosniff
Cache-Control: max-age=2592000
Content-Type: application/javascript
Last-Modified: Tue, 10 Jan 2023 06:48:24 GMT
Vary: Accept-Encoding
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
Age: 690541
ETag: W/"06c089bf24d91:0-gzip"
Accept-Ranges: bytes
Content-Encoding: gzip
X-RP-UNIQUE_ID: Y9o6ZcQWsv-o6NR2LrjmAQAAAhA
Content-Length: 50426
Keep-Alive: timeout=5
Connection: Keep-Alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2662
Expires: Wed, 01 Feb 2023 10:54:04 GMT
Date: Wed, 01 Feb 2023 10:09:42 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2662
Expires: Wed, 01 Feb 2023 10:54:04 GMT
Date: Wed, 01 Feb 2023 10:09:42 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2694
Expires: Wed, 01 Feb 2023 10:54:36 GMT
Date: Wed, 01 Feb 2023 10:09:42 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2662
Expires: Wed, 01 Feb 2023 10:54:04 GMT
Date: Wed, 01 Feb 2023 10:09:42 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg

34.120.237.76

200 OK

9.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.6 kB (9600 bytes)
Hash
3366ef4f8733cb9c89a5c88f63a0a441
7da46843b6d885f38a4759a08e6c899906ab7b97
7114397ee5c251cc5cb46f3433c2cc17ff68a08e0872e227671198e9b61eba0a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9600
x-amzn-requestid: 48094e1a-d550-4a91-b87c-4a08505f7cce
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVsWcFN7IAMF2pg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d2275c-5ced593a7e2126c9494563df;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 07:10:20 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: aZOeDFqBJQoGwLpIs-GpPvY0FKGCAOXY6MgzG32qzX-kVzUCKKv-kw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 02:29:58 GMT
age: 27584
etag: "7da46843b6d885f38a4759a08e6c899906ab7b97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb28b8703-d49a-4e2e-80e7-cf4d081d6dba.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.7 kB (5736 bytes)
Hash
2998f7f50ac0eec931c348e8a0fb0c60
f5e411cda74cb7fb4a662f4787e9543b9749c8b5
0c81413a819e379212bf757b1c9469415aec2ac8fdf47f94ff23c420a1da20e1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb28b8703-d49a-4e2e-80e7-cf4d081d6dba.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5736
x-amzn-requestid: 895ee89b-8d2e-42f9-a392-466557f8a0d3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffEtEGk_oAMFYPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5e7ed-026a1b0d79dc7eb572317bd2;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 03:28:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 64EbarGrn6AIpXOE8TIfiBeGFQinx-P9lUIvmiQ1ivZgFrxl7_W4EQ==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 10:37:05 GMT
age: 84757
etag: "f5e411cda74cb7fb4a662f4787e9543b9749c8b5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49ea501c-c491-40c1-82ec-c750680af9df.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.3 kB (9282 bytes)
Hash
e4354120b504a8b1d1c3f4e206eb4611
ba854dec74347525b20dbf3b4e5c13876d56aa1c
bc921fe78a71864819998207c13b5c3ca7913275a4503119c5d105ad7827c377

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49ea501c-c491-40c1-82ec-c750680af9df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9282
x-amzn-requestid: f448477b-b445-46fa-8aee-8c5c527ee95b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: feqp8FuToAMFxDw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5be3f-30fbf0dd70d17878651809a0;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 00:30:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XGTtVMp42cyJ-Xmh0D-ECG50tJe_AZWIir602PjdJ1CwsAygJpbJyA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 04:00:34 GMT
age: 22148
etag: "ba854dec74347525b20dbf3b4e5c13876d56aa1c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc960001-158a-4a74-b6ce-f28cd110ca9c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8735 bytes)
Hash
23db22ce2120fbb0ae6109e1a046062d
2068c8d9a5bc30a17be658e198e26c64a80703cf
f307ba6c4929d9f0c9354334b7baea878da379138489d9689bb777c4da308dab

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc960001-158a-4a74-b6ce-f28cd110ca9c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8735
x-amzn-requestid: f466c962-7b12-4923-a4be-7ff9fce372a0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: foJaWFP_IAMF9wA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9890e-7a8c027d58f5b9132bb68a33;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 21:33:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: XtqfgDxskGIUmZdRj2nrGDpo9KvECk528eLZV29xNx3h7CLOu49mnQ==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 21:42:19 GMT
age: 44843
etag: "2068c8d9a5bc30a17be658e198e26c64a80703cf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

16 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
16 kB (15857 bytes)
Hash
4bb3a6fba496d54cdbbccaf2b9600386
8e30002699e9fbf2047f9ac11a36d2175fc9c591
927bf3a04b011b4e3bc8d8772a3d5813507f7f523312d43627767b64615562f3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 15857
x-amzn-requestid: cfe36b9d-34f6-4f3f-896e-e70ec45c4a04
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmJ2JGGWoAMFSLA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8bcf3-0dd68dd778b9aba268a129b0;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:02:11 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: pU_436f27nMZKPxZZWqZekERHFTvcG5NT5p_CYEXHRPtIWjDtSA-uA==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 07:27:41 GMT
age: 9721
etag: "8e30002699e9fbf2047f9ac11a36d2175fc9c591"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82a4ade3-0c43-4f21-9738-0bc1dbb9a6a6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.6 kB (8597 bytes)
Hash
27e95b7912edc909d6b031e36fe83534
eb27fae0bb17dbe0929a620002195233ef50c1d0
b32e7e1a2eee367c5bf9e99bcb38f4c74c4e9e7bdfe7fb0f8f2a657060c0624c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82a4ade3-0c43-4f21-9738-0bc1dbb9a6a6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8597
x-amzn-requestid: e7bf4ac9-d86d-4ee9-9e10-8a42e5dfe2c6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fcRaNEW4IAMFatA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d4c90d-7731312f630b00ba028836ca;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 07:04:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: z3ZJ7bq6LuJd-9I9D22VIs0avctNGVDKnYmt-fxevCheQibivmUomQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 13:15:35 GMT
age: 75247
etag: "eb27fae0bb17dbe0929a620002195233ef50c1d0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.post.ch/assets-portal/js/head.min.js?v=e7a971ebef6f9a335c2eca8c94ac4825

194.41.184.148

200 OK

1.4 kB

URL HTTP/1.1
www.post.ch/assets-portal/js/head.min.js?v=e7a971ebef6f9a335c2eca8c94ac4825
IP
194.41.184.148:0
ASN
#12511 Die Schweizerische Post AG

File type
ASCII text, with very long lines (3255), with no line terminators
Size
1.4 kB (1402 bytes)
Hash
470036923a9ecadfadb46381aba7cded
bdd49e705eec62b6ed41a6ac526e1f17858f7cfa
6b83a0da3e6d4a0b1fe87ccf96ae21e3b8e95bcfb04cefc6c3f19b186e2d6050

HTTP Headers

GET /assets-portal/js/head.min.js?v=e7a971ebef6f9a335c2eca8c94ac4825 HTTP/1.1
Host: www.post.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://notification.builderallwppro.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 07:22:16 GMT
Server: Delivery1
Strict-Transport-Security: max-age=31536000
Set-Cookie: ittrksessid=fdb20167.5f3a0a59b0bb2;HttpOnly;Secure; path=/
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
X-Content-Type-Options: nosniff
Cache-Control: max-age=2592000
Content-Type: application/javascript
Last-Modified: Tue, 10 Jan 2023 06:48:18 GMT
Vary: Accept-Encoding
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
Age: 528445
ETag: W/"0e56c85bf24d91:0-gzip"
Accept-Ranges: bytes
Content-Encoding: gzip
X-RP-UNIQUE_ID: Y9o6Zn_AfFs3ikQXn_xMcAAAAdk
Content-Length: 1402
Keep-Alive: timeout=5
Connection: Keep-Alive

notification.builderallwppro.com/dee0/dechu/Verifiera_din_leveransadress/Files/post.css

65.111.164.149

200 OK

220 kB

URL HTTP/1.1
notification.builderallwppro.com/dee0/dechu/Verifiera_din_leveransadress/Files/post.css
IP
65.111.164.149:0
ASN
#15083 INFOLINK-MIA

File type
Unicode text, UTF-8 text, with very long lines (63732)
Size
220 kB (220089 bytes)
Hash
1c490eeaf5db3a780d1bdd6e105c6785
41c311ecd07862b858a9805303d80efdc1ffce03
f74cb2d815ec13735c93fbfdf9f8fb9c5de09e15ec57ae7dff575e67eb911719

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /dee0/dechu/Verifiera_din_leveransadress/Files/post.css HTTP/1.1
Host: notification.builderallwppro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://notification.builderallwppro.com/
Connection: keep-alive

HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 10:09:41 GMT
Server: Apache/2.4.38 (Debian)
Strict-Transport-Security: max-age=15768000
Last-Modified: Tue, 10 May 2022 19:07:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css

www.post.ch/api/nothing/image?sc_site=post-portal&sc_lang=de

194.41.184.148

200 OK

42 B

URL HTTP/1.1
www.post.ch/api/nothing/image?sc_site=post-portal&sc_lang=de
IP
194.41.184.148:0
ASN
#12511 Die Schweizerische Post AG

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /api/nothing/image?sc_site=post-portal&sc_lang=de HTTP/1.1
Host: www.post.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://notification.builderallwppro.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 10:09:42 GMT
Server: Delivery2
Strict-Transport-Security: max-age=31536000
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
X-Content-Type-Options: nosniff
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 42
Content-Type: image/gif
Expires: -1
X-UA-Compatible: IE=Edge
Age: 0
Accept-Ranges: bytes
Set-Cookie: ittrksessid=c4e483c3.5f3a0a59febc4;HttpOnly;Secure; path=/
post-portal#lang=de; path=/; secure
ScApplLB=Delivery2; Domain=www.post.ch; Path=/;
X-RP-UNIQUE_ID: Y9o6ZsQWsv-o6NR2LrjmKQAAAhI
Keep-Alive: timeout=5
Connection: Keep-Alive

notification.builderallwppro.com/dee0/dechu/Verifiera_din_leveransadress/img/CreditCardLogos.png

65.111.164.149

200 OK

11 kB

URL HTTP/1.1
notification.builderallwppro.com/dee0/dechu/Verifiera_din_leveransadress/img/CreditCardLogos.png
IP
65.111.164.149:0
ASN
#15083 INFOLINK-MIA

File type
PNG image data, 190 x 51, 8-bit/color RGBA, non-interlaced\012- data
Size
11 kB (10752 bytes)
Hash
3de3024978e9059350d652e5a0992e91
1012ba282fdb0685bb82257684bfd21218e692bd
e453b0e9200f25fc2b0bad9feb741c0240662f20ab3f4f016e706285b0637ecd

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /dee0/dechu/Verifiera_din_leveransadress/img/CreditCardLogos.png HTTP/1.1
Host: notification.builderallwppro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://notification.builderallwppro.com/
Connection: keep-alive

HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 10:09:42 GMT
Server: Apache/2.4.38 (Debian)
Strict-Transport-Security: max-age=15768000
Last-Modified: Mon, 01 Aug 2022 21:31:06 GMT
Accept-Ranges: bytes
Content-Length: 10752
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

notification.builderallwppro.com/dee0/dechu/Verifiera_din_leveransadress/Files/saved_resource.html

65.111.164.149

404 Not Found

196 B

URL HTTP/1.1
notification.builderallwppro.com/dee0/dechu/Verifiera_din_leveransadress/Files/saved_resource.html
IP
65.111.164.149:0
ASN
#15083 INFOLINK-MIA

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /dee0/dechu/Verifiera_din_leveransadress/Files/saved_resource.html HTTP/1.1
Host: notification.builderallwppro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://notification.builderallwppro.com/
Connection: keep-alive
Cookie: _gcl_au=1.1.1071989732.1675246203
Upgrade-Insecure-Requests: 1

HTTP/1.1 404 Not Found
Date: Wed, 01 Feb 2023 10:09:42 GMT
Server: Apache/2.4.38 (Debian)
Strict-Transport-Security: max-age=15768000
Content-Length: 196
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

notification.builderallwppro.com/dee0/dechu/Verifiera_din_leveransadress/Files/bframe.html

65.111.164.149

404 Not Found

196 B

URL HTTP/1.1
notification.builderallwppro.com/dee0/dechu/Verifiera_din_leveransadress/Files/bframe.html
IP
65.111.164.149:0
ASN
#15083 INFOLINK-MIA

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /dee0/dechu/Verifiera_din_leveransadress/Files/bframe.html HTTP/1.1
Host: notification.builderallwppro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://notification.builderallwppro.com/
Connection: keep-alive
Cookie: _gcl_au=1.1.1071989732.1675246203
Upgrade-Insecure-Requests: 1

HTTP/1.1 404 Not Found
Date: Wed, 01 Feb 2023 10:09:42 GMT
Server: Apache/2.4.38 (Debian)
Strict-Transport-Security: max-age=15768000
Content-Length: 196
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

notification.builderallwppro.com/dee0/dechu/Verifiera_din_leveransadress/Files/saved_resource(1).html

65.111.164.149

404 Not Found

196 B

URL HTTP/1.1
notification.builderallwppro.com/dee0/dechu/Verifiera_din_leveransadress/Files/saved_resource(1).html
IP
65.111.164.149:0
ASN
#15083 INFOLINK-MIA

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /dee0/dechu/Verifiera_din_leveransadress/Files/saved_resource(1).html HTTP/1.1
Host: notification.builderallwppro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://notification.builderallwppro.com/
Connection: keep-alive
Cookie: _gcl_au=1.1.1071989732.1675246203
Upgrade-Insecure-Requests: 1

HTTP/1.1 404 Not Found
Date: Wed, 01 Feb 2023 10:09:42 GMT
Server: Apache/2.4.38 (Debian)
Strict-Transport-Security: max-age=15768000
Content-Length: 196
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

notification.builderallwppro.com/dee0/dechu/Verifiera_din_leveransadress/Files/saved_resource(2).html

65.111.164.149

404 Not Found

196 B

URL HTTP/1.1
notification.builderallwppro.com/dee0/dechu/Verifiera_din_leveransadress/Files/saved_resource(2).html
IP
65.111.164.149:0
ASN
#15083 INFOLINK-MIA

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /dee0/dechu/Verifiera_din_leveransadress/Files/saved_resource(2).html HTTP/1.1
Host: notification.builderallwppro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://notification.builderallwppro.com/
Connection: keep-alive
Cookie: _gcl_au=1.1.1071989732.1675246203
Upgrade-Insecure-Requests: 1

HTTP/1.1 404 Not Found
Date: Wed, 01 Feb 2023 10:09:42 GMT
Server: Apache/2.4.38 (Debian)
Strict-Transport-Security: max-age=15768000
Content-Length: 196
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

notification.builderallwppro.com/dee0/dechu/Verifiera_din_leveransadress/undefinedjs/async/bootstrap-modal.451229934ac7fb97bd57.min.js

65.111.164.149

404 Not Found

196 B

URL HTTP/1.1
notification.builderallwppro.com/dee0/dechu/Verifiera_din_leveransadress/undefinedjs/async/bootstrap-modal.451229934ac7fb97bd57.min.js
IP
65.111.164.149:0
ASN
#15083 INFOLINK-MIA

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /dee0/dechu/Verifiera_din_leveransadress/undefinedjs/async/bootstrap-modal.451229934ac7fb97bd57.min.js HTTP/1.1
Host: notification.builderallwppro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://notification.builderallwppro.com/
Connection: keep-alive
Cookie: _gcl_au=1.1.1071989732.1675246203

HTTP/1.1 404 Not Found
Date: Wed, 01 Feb 2023 10:09:42 GMT
Server: Apache/2.4.38 (Debian)
Strict-Transport-Security: max-age=15768000
Content-Length: 196
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

notification.builderallwppro.com/dee0/dechu/Verifiera_din_leveransadress/undefinedjs/async/jquery.6204f1ccc1aaffa1e130.min.js

65.111.164.149

404 Not Found

196 B

URL HTTP/1.1
notification.builderallwppro.com/dee0/dechu/Verifiera_din_leveransadress/undefinedjs/async/jquery.6204f1ccc1aaffa1e130.min.js
IP
65.111.164.149:0
ASN
#15083 INFOLINK-MIA

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /dee0/dechu/Verifiera_din_leveransadress/undefinedjs/async/jquery.6204f1ccc1aaffa1e130.min.js HTTP/1.1
Host: notification.builderallwppro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://notification.builderallwppro.com/
Connection: keep-alive
Cookie: _gcl_au=1.1.1071989732.1675246203

HTTP/1.1 404 Not Found
Date: Wed, 01 Feb 2023 10:09:42 GMT
Server: Apache/2.4.38 (Debian)
Strict-Transport-Security: max-age=15768000
Content-Length: 196
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

fonts.post.ch/frutigerneueforpost/v2/FrutigerNeueforPostW05-Rg.woff2

194.41.184.89

200 OK

31 kB

URL HTTP/1.1
fonts.post.ch/frutigerneueforpost/v2/FrutigerNeueforPostW05-Rg.woff2
IP
194.41.184.89:0
ASN
#12511 Die Schweizerische Post AG

File type
Web Open Font Format (Version 2), TrueType, length 30652, version 0.0\012- data
Size
31 kB (30652 bytes)
Hash
9b406a700f4b12ceca63b33b356f9808
74919fe2630f0cee8ca3df5dc75ea8e9817cd5b9
c0dff120512a8b623a3dbc0b98fcc028d8380961dbb89c0f9ad391b47a2a13b7

HTTP Headers

GET /frutigerneueforpost/v2/FrutigerNeueforPostW05-Rg.woff2 HTTP/1.1
Host: fonts.post.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: http://notification.builderallwppro.com/
Origin: http://notification.builderallwppro.com
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 10:09:43 GMT
Server: Apache
Set-Cookie: ittrksessid=bbf6b83b.5f3a0a5a68cb4;HttpOnly;Secure; path=/; domain=.pnet.ch; SameSite=None; Secure; HttpOnly
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
X-Content-Type-Options: nosniff
Last-Modified: Thu, 19 Jan 2023 14:18:03 GMT
ETag: "77bc-5f29e99d23cc0"
Accept-Ranges: bytes
Content-Length: 30652
X-RP-UNIQUE_ID: Y9o6Z2WUuQ7fhDxhtIO4-QAAADQ
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000, immutable
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: font/woff2

fonts.post.ch/frutigerneueforpost/v2/FrutigerNeueforPostW05-Lt.woff2

194.41.184.89

200 OK

31 kB

URL HTTP/1.1
fonts.post.ch/frutigerneueforpost/v2/FrutigerNeueforPostW05-Lt.woff2
IP
194.41.184.89:0
ASN
#12511 Die Schweizerische Post AG

File type
Web Open Font Format (Version 2), TrueType, length 31252, version 0.0\012- data
Size
31 kB (31252 bytes)
Hash
20095c545ddf5f7369975c90636a1bfa
494379fc5011a3290fe6e256eb09e38b76cebe92
f241569fa67822be0a1d7fcf2406745c9c196d62fd5cdb9826f2e071ca3bb8ff

HTTP Headers

GET /frutigerneueforpost/v2/FrutigerNeueforPostW05-Lt.woff2 HTTP/1.1
Host: fonts.post.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: http://notification.builderallwppro.com/
Origin: http://notification.builderallwppro.com
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 10:09:43 GMT
Server: Apache
Set-Cookie: ittrksessid=cd978818.5f3a0a5a6a46f;HttpOnly;Secure; path=/; domain=.pnet.ch; SameSite=None; Secure; HttpOnly
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
X-Content-Type-Options: nosniff
Last-Modified: Thu, 19 Jan 2023 14:18:03 GMT
ETag: "7a14-5f29e99d23cc0"
Accept-Ranges: bytes
Content-Length: 31252
X-RP-UNIQUE_ID: Y9o6Z2WUuQ7fhDxhtIO4-gAAACw
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000, immutable
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: font/woff2

fonts.post.ch/frutigerneueforpost/v2/FrutigerNeueforPostW05-Bold.woff2

194.41.184.89

200 OK

31 kB

URL HTTP/1.1
fonts.post.ch/frutigerneueforpost/v2/FrutigerNeueforPostW05-Bold.woff2
IP
194.41.184.89:0
ASN
#12511 Die Schweizerische Post AG

File type
Web Open Font Format (Version 2), TrueType, length 30688, version 0.0\012- data
Size
31 kB (30688 bytes)
Hash
6732dfb5b865370a13b8c4767418fb84
61fc621e93854a38ed889d8023fd660baf0f4766
6dbba61ebcd011f90651705072296582ef12065838be406c1033a7b198b1ea1b

HTTP Headers

GET /frutigerneueforpost/v2/FrutigerNeueforPostW05-Bold.woff2 HTTP/1.1
Host: fonts.post.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: http://notification.builderallwppro.com/
Origin: http://notification.builderallwppro.com
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 10:09:43 GMT
Server: Apache
Set-Cookie: ittrksessid=bfb20a5e.5f3a0a5a6d203;HttpOnly;Secure; path=/; domain=.pnet.ch; SameSite=None; Secure; HttpOnly
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
X-Content-Type-Options: nosniff
Last-Modified: Thu, 19 Jan 2023 14:18:03 GMT
ETag: "77e0-5f29e99d23cc0"
Accept-Ranges: bytes
Content-Length: 30688
X-RP-UNIQUE_ID: Y9o6Zzj_hbbcyVxyB9VotQAAALo
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000, immutable
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: font/woff2

www.post.ch/-/media/portal-opp/global/logos/logo---die-post.svg?vs=2&sc_lang=de

194.41.184.148

200 OK

3.6 kB

URL HTTP/1.1
www.post.ch/-/media/portal-opp/global/logos/logo---die-post.svg?vs=2&sc_lang=de
IP
194.41.184.148:0
ASN
#12511 Die Schweizerische Post AG

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (3550), with no line terminators
Size
3.6 kB (3550 bytes)
Hash
23ebd819b6d3b9f66d71d77d0e5d44d7
3a84e4c7b0ef078f2a91e3a5dbfd37ec8aa581b0
b1d8e73aeaca62e519b792ade3c0400821a86647bb75095a1367ae0301af807d

HTTP Headers

GET /-/media/portal-opp/global/logos/logo---die-post.svg?vs=2&sc_lang=de HTTP/1.1
Host: www.post.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://notification.builderallwppro.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 07:22:17 GMT
Server: Delivery3
Strict-Transport-Security: max-age=31536000
Set-Cookie: ittrksessid=9e6136f5.5f3a0a5a32045;HttpOnly;Secure; path=/
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
X-Content-Type-Options: nosniff
Cache-Control: public, max-age=2592000
Content-Type: image/svg+xml
Last-Modified: Wed, 09 Jun 2021 15:58:20 GMT
ETag: 41b682f4f4b1400ca46fa4709c8e6904
Link: <https://www.post.ch/-/media/portal-opp/global/logos/logo---die-post.svg?sc_lang=de&hash=5ED5B2DC34A706740DB5C0996242A471>; rel="canonical"
Content-Disposition: inline; filename="Logo - Die Post.svg"
X-UA-Compatible: IE=Edge
Content-Length: 3550
Age: 528445
Accept-Ranges: bytes
X-RP-UNIQUE_ID: Y9o6Zn_AfFs3ikQXn_xMdAAAAdk
Keep-Alive: timeout=5
Connection: Keep-Alive

notification.builderallwppro.com/dee0/dechu/Verifiera_din_leveransadress/Files/icon.png

65.111.164.149

200 OK

352 B

URL HTTP/1.1
notification.builderallwppro.com/dee0/dechu/Verifiera_din_leveransadress/Files/icon.png
IP
65.111.164.149:0
ASN
#15083 INFOLINK-MIA

File type
PNG image data, 16 x 16, 8-bit/color RGB, non-interlaced\012- data
Size
352 B (352 bytes)
Hash
2535c91be5088a2396f1d39a2cb757aa
df41e618ac2c0e9c598605d7bb90ca5c5965cf18
e22b3ad4a91589f9ee77e74c992445336d7aa18073f9960b883ad6614ca70a68

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /dee0/dechu/Verifiera_din_leveransadress/Files/icon.png HTTP/1.1
Host: notification.builderallwppro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://notification.builderallwppro.com/
Connection: keep-alive
Cookie: _gcl_au=1.1.1071989732.1675246203

HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 10:09:43 GMT
Server: Apache/2.4.38 (Debian)
Strict-Transport-Security: max-age=15768000
Last-Modified: Mon, 12 Apr 2021 18:18:38 GMT
Accept-Ranges: bytes
Content-Length: 352
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

www.google-analytics.com/analytics.js

142.250.74.110

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.110:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1490)
Size
20 kB (20085 bytes)
Hash
ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://notification.builderallwppro.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Wed, 01 Feb 2023 09:46:59 GMT
expires: Wed, 01 Feb 2023 11:46:59 GMT
cache-control: public, max-age=7200
age: 1364
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
46e2bec06a11406d5cdcec9c0e76911d
edc777878dca7029c70577edae741264a22ab010
21f7443ebf888a28fb0f0010d1c83ca833b42c06f7d2c755f83a4b418de96854

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 10:09:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-193689541-3&cid=78012913.1675246204&jid=446144069&gjid=788649233&_gid=167528681.1675246204&_u=YCDACUAABAAAACgHKg~&z=1917265891

64.233.162.156

200 OK

1 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-193689541-3&cid=78012913.1675246204&jid=446144069&gjid=788649233&_gid=167528681.1675246204&_u=YCDACUAABAAAACgHKg~&z=1917265891
IP
64.233.162.156:0
ASN
#15169 GOOGLE

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-193689541-3&cid=78012913.1675246204&jid=446144069&gjid=788649233&_gid=167528681.1675246204&_u=YCDACUAABAAAACgHKg~&z=1917265891 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://notification.builderallwppro.com/
Content-Type: text/plain
Content-Length: 0
Origin: http://notification.builderallwppro.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: http://notification.builderallwppro.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 01 Feb 2023 10:09:43 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
46e2bec06a11406d5cdcec9c0e76911d
edc777878dca7029c70577edae741264a22ab010
21f7443ebf888a28fb0f0010d1c83ca833b42c06f7d2c755f83a4b418de96854

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 10:09:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

region1.google-analytics.com/g/collect?v=2&tid=G-NKBFQY6H40&gtm=2oe1u0&_p=46412205&cid=78012913.1675246204&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675246204&sct=1&seg=0&dl=http%3A%2F%2Fnotification.builderallwppro.com%2Fdee0%2Fdechu%2FVerifiera_din_leveransadress%2F&dt=SwissPost&en=page_view&_fv=1&_nsi=1&_ss=1&ep.content_geo_region=national&ep.internal=false&ep.login_status=false&ep.gtm_container_id=GTM-TK76FKH&ep.query_string=&ep.full_referrer=&ep.internal_adddress=false&ep.clean_url=http%3A%2F%2Fnotification.builderallwppro.com%2Fdee0%2Fdechu%2FVerifiera_din_leveransadress%2F&ep.gtm_tag_name=ga4_event_page_view

216.239.32.36

204 No Content

0 B

URL HTTP/2
region1.google-analytics.com/g/collect?v=2&tid=G-NKBFQY6H40&gtm=2oe1u0&_p=46412205&cid=78012913.1675246204&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675246204&sct=1&seg=0&dl=http%3A%2F%2Fnotification.builderallwppro.com%2Fdee0%2Fdechu%2FVerifiera_din_leveransadress%2F&dt=SwissPost&en=page_view&_fv=1&_nsi=1&_ss=1&ep.content_geo_region=national&ep.internal=false&ep.login_status=false&ep.gtm_container_id=GTM-TK76FKH&ep.query_string=&ep.full_referrer=&ep.internal_adddress=false&ep.clean_url=http%3A%2F%2Fnotification.builderallwppro.com%2Fdee0%2Fdechu%2FVerifiera_din_leveransadress%2F&ep.gtm_tag_name=ga4_event_page_view
IP
216.239.32.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-NKBFQY6H40&gtm=2oe1u0&_p=46412205&cid=78012913.1675246204&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675246204&sct=1&seg=0&dl=http%3A%2F%2Fnotification.builderallwppro.com%2Fdee0%2Fdechu%2FVerifiera_din_leveransadress%2F&dt=SwissPost&en=page_view&_fv=1&_nsi=1&_ss=1&ep.content_geo_region=national&ep.internal=false&ep.login_status=false&ep.gtm_container_id=GTM-TK76FKH&ep.query_string=&ep.full_referrer=&ep.internal_adddress=false&ep.clean_url=http%3A%2F%2Fnotification.builderallwppro.com%2Fdee0%2Fdechu%2FVerifiera_din_leveransadress%2F&ep.gtm_tag_name=ga4_event_page_view HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://notification.builderallwppro.com/
Origin: http://notification.builderallwppro.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: http://notification.builderallwppro.com
date: Wed, 01 Feb 2023 10:09:43 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

unpkg.com/imask

104.16.125.175

302 Found

0 B

URL HTTP/2
unpkg.com/imask
IP
104.16.125.175:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /imask HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://notification.builderallwppro.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Wed, 01 Feb 2023 10:09:42 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /imask@6.4.3
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01GR676MZYVWFSPYWBMXJMMR3W-ams
cf-cache-status: HIT
age: 52
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7929e49e2bdbb524-OSL
X-Firefox-Spdy: h2

unpkg.com/imask@6.4.3

104.16.125.175

302 Found

0 B

URL HTTP/2
unpkg.com/imask@6.4.3
IP
104.16.125.175:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /imask@6.4.3 HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://notification.builderallwppro.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 302 Found
date: Wed, 01 Feb 2023 10:09:42 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
location: /imask@6.4.3/dist/imask.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01GDBEE47MQ11YR53NRTXZ8572-fra
cf-cache-status: HIT
age: 11635855
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7929e49e4bfab524-OSL
X-Firefox-Spdy: h2

unpkg.com/imask@6.4.3/dist/imask.js

104.16.125.175

200 OK

0 B

URL HTTP/2
unpkg.com/imask@6.4.3/dist/imask.js
IP
104.16.125.175:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /imask@6.4.3/dist/imask.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://notification.builderallwppro.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 10:09:42 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"21ac7-KqSYXxY+9Y5mzCD11c6bKZsRmN0"
via: 1.1 fly.io
fly-request-id: 01GDBEE4B7WT8G39YJXPQTN6JH-fra
cf-cache-status: HIT
age: 11635855
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7929e49eccbdb524-OSL
content-encoding: br
X-Firefox-Spdy: h2

notification.builderallwppro.com/dee0/dechu/Verifiera_din_leveransadress/

65.111.164.149

200 OK

0 B

URL HTTP/1.1
notification.builderallwppro.com/dee0/dechu/Verifiera_din_leveransadress/
IP
65.111.164.149:0
ASN
#15083 INFOLINK-MIA

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	PostFinance
phishtank	Other
quad9	Sinkholed

HTTP Headers

GET /dee0/dechu/Verifiera_din_leveransadress/ HTTP/1.1
Host: notification.builderallwppro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 10:09:39 GMT
Server: Apache/2.4.38 (Debian)
Strict-Transport-Security: max-age=15768000
Vary: Accept-Encoding
Content-Encoding: gzip
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (28)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML