Report - dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/login/?_branch_match_id=1111887460475924769&utm_medium=marketing&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXT84vKkrNL9bNzEvL10ssKNDLyczL1vetSA72Dk90TC9NAgC7ALg9KQAAAA==

Report Overview

Submitted URL
dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/login/?_branch_match_id=1111887460475924769&utm_medium=marketing&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXT84vKkrNL9bNzEvL10ssKNDLyczL1vetSA72Dk90TC9NAgC7ALg9KQAAAA==
IP
63.250.43.10
ASN
#22612 NAMECHEAP-NET
Submitted
2022-10-21 22:54:18
Access
Website Title
Final URL
Tags
None
urlquery detections
Phishing - DHL

Detections

urlquery
2
Network Intrusion Detection
0
Threat Detection Systems
20

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp.sectigo.com	487	2019-11-29T12:50:24Z	2023-03-09T11:25:06Z	328 B	963 B	104.18.32.68
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-09T05:09:18Z	758 B	2.8 kB	143.204.55.27
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-09T05:09:05Z	2.3 kB	6.2 kB	23.36.77.32
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-09T11:52:10Z	329 B	797 B	93.184.220.29
dhl-bb14fa.ingress-baronn.ewp.live	unknown			11 kB	128 kB	63.250.43.10
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-09T05:09:13Z	594 B	127 B	44.242.3.166
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-09T10:04:36Z	3.2 kB	66 kB	34.120.237.76
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-09T05:09:49Z	401 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-09T05:09:48Z	321 B	229 B	34.117.237.239

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-10-21	medium	dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/login/?_branch_match_id=1111887460475924769&utm_medium=marketing&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXT84vKkrNL9bNzEvL10ssKNDLyczL1vetSA72Dk90TC9NAgC7ALg9KQAAAA==	DHL Airways, Inc.

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-10-21	medium	dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/js/main.js	Phishing
2022-10-21	medium	dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/fonts/Lato-Regular.woff2	Phishing
2022-10-21	medium	dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/fonts/Lato-Light.woff2	Phishing
2022-10-21	medium	dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/images/glo-footer-logo.svg	Phishing
2022-10-21	medium	dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/images/logo.svg	Phishing
2022-10-21	medium	dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/js/popper.min.js	Phishing
2022-10-21	medium	dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/js/fontawesome.min.js	Phishing
2022-10-21	medium	dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/js/jquery.min.js	Phishing
2022-10-21	medium	dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/js/bootstrap.min.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/js/jquery.min.js	88 kB	2023-03-07	2024-04-23
Pretty URL dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/js/jquery.min.js IP 63.250.43.10 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:42 Last Seen2024-04-23 11:18:50 Times Seen8435 Hash 2f772fed444d5489079f275bd01e26cc a8927ac2830b2fdd4a729eb0eb7f80923539ceb9 2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a Loading...

	dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/js/popper.min.js	20 kB	2023-03-07	2024-04-23
Pretty URL dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/js/popper.min.js IP 63.250.43.10 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:42 Last Seen2024-04-23 11:18:50 Times Seen4093 Hash 5644e6835941af44dcb5cead916c2b79 6eb1840d55338895ce6ecc3eab56132b1d152b93 315ac5479007d2e864a4b51f505fd0785ebbbe931a6b511467fa49504a082c58 Loading...

	dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/js/bootstrap.min.js	136 kB	2023-03-07	2024-04-10
Pretty URL dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/js/bootstrap.min.js IP 63.250.43.10 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:42 Last Seen2024-04-10 19:36:29 Times Seen1639 Hash 5e7d168ed3203dab385e83f97f98f725 6d19a7d83a87b427f2fc5ced2c0e86c92f58a142 2caa6404ddb0de2b9d191b1e2c8b5c35c68ca48f2a9521140bbf83b27c063700 Loading...

	dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/js/fontawesome.min.js	1.1 MB	2023-03-07	2024-04-23
Pretty URL dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/js/fontawesome.min.js IP 63.250.43.10 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:42 Last Seen2024-04-23 11:18:50 Times Seen2650 Hash a6756b0b8637e62f56d9d794b154ca12 5cd7e758e41375d85cef812d4578d5cd9b949ea7 21bd54c766f0a1385f24f0b9a074e83881d82288d9d31bab0e3076721121f52e Loading...

	dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/js/main.js	2.0 kB	2023-03-07	2024-04-02
Pretty URL dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/js/main.js IP 63.250.43.10 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:26:43 Last Seen2024-04-02 19:39:58 Times Seen98 Hash 86d4e935359809f257aec591fe77672a d620ca98ca25f052fcd848205290b2e17856e08c f460a0198dd83df619dbe5089458bb63b80f63dcdf8e7fbdf8ac648e03bdc23a Loading...

HTTP Transactions (35)

URL IP Response Size

firefox.settings.services.mozilla.com/v1/

143.204.55.27

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.27:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bdb8b66c705a7b996496d780f50c00b5
403ae92039fcc933870f51f913f78ccaf9652256
c923ed2539f4ce9f4d43743c402fbb2060a52a4cbedbf14c5f5742ab718073d6

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Content-Length, Retry-After, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 21 Oct 2022 22:19:14 GMT
Expires: Fri, 21 Oct 2022 22:44:05 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 2fKIe-G4zDHDguPi4z4mNOm0rzhHItgRJuacPc7bumzZM9jkpSlSAQ==
Age: 2093

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c19f4a1def760c07cbc4aec1d0d6c050
6ad911a7c02f5e5fdd82fa86cae0453528d53a6d
750bba81910a4bbd78ab484ba03781a36459a0aec147d7c47424e9a9bf152b40

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "750BBA81910A4BBD78AB484BA03781A36459A0AEC147D7C47424E9A9BF152B40"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6831
Expires: Sat, 22 Oct 2022 00:47:58 GMT
Date: Fri, 21 Oct 2022 22:54:07 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9dc4f23f82148797f6d8041bdda3c7f7
6841ded3e2dd94fd762316d01efd43f7aafb8354
e229db1854a85b320cee574e805210f3adf5797136ea820c0a0ce9abcd63d4dd

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E229DB1854A85B320CEE574E805210F3ADF5797136EA820C0A0CE9ABCD63D4DD"
Last-Modified: Thu, 20 Oct 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8742
Expires: Sat, 22 Oct 2022 01:19:49 GMT
Date: Fri, 21 Oct 2022 22:54:07 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: KpuMPVMq09sTT+vdnD5pQxtE5Cnn0WTiqvL8OE3QCzIvP85urrivCbk8gqAVC7MlqQPJkxFxuSE=
x-amz-request-id: VBSVDQDW316R8DHX
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 21 Oct 2022 22:07:23 GMT
age: 2804
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 21 Oct 2022 22:54:07 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
1aa747f2a172f8f60575704c52823685
2c3bca2fc45d369f6c420795f06f720f9aae9ae1
94759d9400f7f492f26a79abee99e382b36c5171a59888ccec4e9f1ff72c76bf

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 21 Oct 2022 22:54:07 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 19 Oct 2022 10:30:17 GMT
Expires: Wed, 26 Oct 2022 10:30:16 GMT
Etag: "2c3bca2fc45d369f6c420795f06f720f9aae9ae1"
Cache-Control: max-age=386768,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75dd92c02cc6b4f7-OSL

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.27

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.27:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Fri, 21 Oct 2022 22:43:40 GMT
Cache-Control: max-age=3600
Expires: Fri, 21 Oct 2022 23:02:59 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: z_5227h59zcCM-cHAaF_iPB7hG8hyci43minbL70SiyLt9lctil6hg==
Age: 627

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
f47cc320695635b544a761f72f3afc6f
b7cee764dcb0a625e0f8e0b4a4fce04548a1bf76
78608be3d0d6aaaf0364aed316b8676ab28d23c9b6a8ac6c147cf5d16e5cc283

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6191
Cache-Control: max-age=125751
Content-Type: application/ocsp-response
Date: Fri, 21 Oct 2022 22:54:07 GMT
Etag: "63525317-1d7"
Expires: Sun, 23 Oct 2022 09:49:58 GMT
Last-Modified: Fri, 21 Oct 2022 08:06:47 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/css/fonts.css

63.250.43.10

200 OK

451 B

URL HTTP/2
dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/css/fonts.css
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with CRLF line terminators
Size
451 B (451 bytes)
Hash
b0f350fb976c8a434fee684374a424e4
c358d0dd0fa812d694e5c2f299a0f1755db9dd10
3bb386cf10f32c046420015d6b95da78616986c8ef6fd4c3a021e8ae05238af4

Detections

Analyzer	Verdict	Alert
urlquery		Phishing - DHL

HTTP Headers

GET /login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/css/fonts.css HTTP/1.1
Host: dhl-bb14fa.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/login/?_branch_match_id=1111887460475924769&utm_medium=marketing&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXT84vKkrNL9bNzEvL10ssKNDLyczL1vetSA72Dk90TC9NAgC7ALg9KQAAAA==
Connection: keep-alive
Cookie: PHPSESSID=hc1ea8u1qbr78mvmkj4cmt2e20
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 21 Oct 2022 22:54:08 GMT
content-type: text/css
last-modified: Wed, 19 Oct 2022 23:48:27 GMT
vary: Accept-Encoding
etag: W/"63508ccb-cf3"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
age: 0
x-cache: MISS
accept-ranges: bytes
content-length: 451
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

push.services.mozilla.com/

44.242.3.166

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
44.242.3.166:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 1kg5SwiTExcZ+a00TkE6Dg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: uLwqmZRGwAbRT+Q/7KPYyKaAma0=

dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/js/main.js

63.250.43.10

200 OK

565 B

URL HTTP/2
dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/js/main.js
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type
Algol 68 source text\012- Pascal source, ASCII text, with CRLF line terminators
Size
565 B (565 bytes)
Hash
f80419a1a989646bddaa104eeda9984f
6ed87c6331f21c268824527cbcc4772a037d3409
1adf68bdda16e702b24e9c7fd96e533e5ed5b8caf2347fec191faa50129152d0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/js/main.js HTTP/1.1
Host: dhl-bb14fa.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/login/?_branch_match_id=1111887460475924769&utm_medium=marketing&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXT84vKkrNL9bNzEvL10ssKNDLyczL1vetSA72Dk90TC9NAgC7ALg9KQAAAA==
Connection: keep-alive
Cookie: PHPSESSID=hc1ea8u1qbr78mvmkj4cmt2e20
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 21 Oct 2022 22:54:08 GMT
content-type: application/javascript
last-modified: Wed, 19 Oct 2022 23:48:27 GMT
vary: Accept-Encoding
etag: W/"63508ccb-7a4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
age: 0
x-cache: MISS
accept-ranges: bytes
content-length: 565
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/fonts/Lato-Regular.woff2

63.250.43.10

200 OK

29 kB

URL HTTP/2
dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/fonts/Lato-Regular.woff2
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type
Web Open Font Format (Version 2), TrueType, length 29188, version 1.0\012- data
Size
29 kB (29188 bytes)
Hash
69279aef7fbc11101022a9f06079bbbf
44118888e95417adcd5da115cdf1fc23e8de85d1
76df5b67646f4f0f999d4e1c482ab2007b948f3b9acc2c8a207bfdb214103855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/fonts/Lato-Regular.woff2 HTTP/1.1
Host: dhl-bb14fa.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/css/fonts.css
Cookie: PHPSESSID=hc1ea8u1qbr78mvmkj4cmt2e20
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 21 Oct 2022 22:54:08 GMT
content-type: font/woff2
content-length: 29188
last-modified: Wed, 19 Oct 2022 23:48:27 GMT
etag: "63508ccb-7204"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
accept-ranges: bytes
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/css/main.css

63.250.43.10

200 OK

30 kB

URL HTTP/2
dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/css/main.css
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type
data
Size
30 kB (29648 bytes)
Hash
5c058b87c761dc7ee6cd35150a3a0a4a
0f008a2269c9e3436619cb1849a5d40655c3295d
b63476da6af5771cb40aae5bbd6707f45e8eb01c627613571b9c117903c808eb

HTTP Headers

GET /login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/css/main.css HTTP/1.1
Host: dhl-bb14fa.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/login/?_branch_match_id=1111887460475924769&utm_medium=marketing&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXT84vKkrNL9bNzEvL10ssKNDLyczL1vetSA72Dk90TC9NAgC7ALg9KQAAAA==
Connection: keep-alive
Cookie: PHPSESSID=hc1ea8u1qbr78mvmkj4cmt2e20
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 21 Oct 2022 22:54:08 GMT
content-type: text/css
last-modified: Wed, 19 Oct 2022 23:48:27 GMT
vary: Accept-Encoding
etag: W/"63508ccb-18c5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
age: 0
x-cache: MISS
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/fonts/Lato-Light.woff2

63.250.43.10

200 OK

25 kB

URL HTTP/2
dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/fonts/Lato-Light.woff2
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type
Web Open Font Format (Version 2), TrueType, length 24880, version 1.0\012- data
Size
25 kB (24880 bytes)
Hash
09201a1cc16b4ea1d1b7c8fdf90d5a60
b2f5abe7583b81206f7f716e0cd53b31b9a07c85
bd4c2248c2087eb5f44a46a67b8b4ce961d0fde9053dbfda30cf6af08a6c70e6

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/fonts/Lato-Light.woff2 HTTP/1.1
Host: dhl-bb14fa.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/css/fonts.css
Cookie: PHPSESSID=hc1ea8u1qbr78mvmkj4cmt2e20
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 21 Oct 2022 22:54:08 GMT
content-type: font/woff2
content-length: 24880
last-modified: Wed, 19 Oct 2022 23:48:27 GMT
etag: "63508ccb-6130"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
accept-ranges: bytes
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/css/helpers.css

63.250.43.10

200 OK

33 kB

URL HTTP/2
dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/css/helpers.css
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type
data
Size
33 kB (33344 bytes)
Hash
b40b9401007fdebfd0c0ac61db94c157
66229f4284b2d390dee128f9dcc80ec2686ca20d
3a528c5f97456f1d67a3a806a3e7dd7bbe658a4006e165faeb9f65658eaa7919

HTTP Headers

GET /login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/css/helpers.css HTTP/1.1
Host: dhl-bb14fa.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/login/?_branch_match_id=1111887460475924769&utm_medium=marketing&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXT84vKkrNL9bNzEvL10ssKNDLyczL1vetSA72Dk90TC9NAgC7ALg9KQAAAA==
Connection: keep-alive
Cookie: PHPSESSID=hc1ea8u1qbr78mvmkj4cmt2e20
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 21 Oct 2022 22:54:08 GMT
content-type: text/css
last-modified: Wed, 19 Oct 2022 23:48:27 GMT
vary: Accept-Encoding
etag: W/"63508ccb-a318"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
age: 0
x-cache: MISS
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
56aa4d33e288d7ec3acf3ac1a61ef7f9
ac2e2f3609cc604dde554e37471567c042bf8191
544823f794ac3e837c81449d896a9dcbe94f4d59a13e293d84b5af44531141d0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "544823F794AC3E837C81449D896A9DCBE94F4D59A13E293D84B5AF44531141D0"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20346
Expires: Sat, 22 Oct 2022 04:33:15 GMT
Date: Fri, 21 Oct 2022 22:54:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
56aa4d33e288d7ec3acf3ac1a61ef7f9
ac2e2f3609cc604dde554e37471567c042bf8191
544823f794ac3e837c81449d896a9dcbe94f4d59a13e293d84b5af44531141d0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "544823F794AC3E837C81449D896A9DCBE94F4D59A13E293D84B5AF44531141D0"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20346
Expires: Sat, 22 Oct 2022 04:33:15 GMT
Date: Fri, 21 Oct 2022 22:54:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
56aa4d33e288d7ec3acf3ac1a61ef7f9
ac2e2f3609cc604dde554e37471567c042bf8191
544823f794ac3e837c81449d896a9dcbe94f4d59a13e293d84b5af44531141d0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "544823F794AC3E837C81449D896A9DCBE94F4D59A13E293D84B5AF44531141D0"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20346
Expires: Sat, 22 Oct 2022 04:33:15 GMT
Date: Fri, 21 Oct 2022 22:54:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
56aa4d33e288d7ec3acf3ac1a61ef7f9
ac2e2f3609cc604dde554e37471567c042bf8191
544823f794ac3e837c81449d896a9dcbe94f4d59a13e293d84b5af44531141d0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "544823F794AC3E837C81449D896A9DCBE94F4D59A13E293D84B5AF44531141D0"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20346
Expires: Sat, 22 Oct 2022 04:33:15 GMT
Date: Fri, 21 Oct 2022 22:54:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
56aa4d33e288d7ec3acf3ac1a61ef7f9
ac2e2f3609cc604dde554e37471567c042bf8191
544823f794ac3e837c81449d896a9dcbe94f4d59a13e293d84b5af44531141d0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "544823F794AC3E837C81449D896A9DCBE94F4D59A13E293D84B5AF44531141D0"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20346
Expires: Sat, 22 Oct 2022 04:33:15 GMT
Date: Fri, 21 Oct 2022 22:54:09 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a5e4785-ab9f-452d-bc24-763f20fb6177.jpeg

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a5e4785-ab9f-452d-bc24-763f20fb6177.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12458 bytes)
Hash
549dca2052f890e6fd93fe72faed3e59
b4518ffaaadd6cdf297c22d196ee59597bef5586
fd9de6393f878755addfb2d4b83cf0c135abb4243ea9834dd013e0ae7662f389

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a5e4785-ab9f-452d-bc24-763f20fb6177.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12458
x-amzn-requestid: 1a738dda-ce4a-4bb5-bc5f-cb6c0ab0fc4a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-pTHeBIAMFsaQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6353116e-12bb631f3657342b0680bb55;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:38:54 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 5lNO9mRmBUiQ1uAp7eg_9xXM2RJxnwrnY1YRE8lwrF8Q1BRVpem2Ug==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:01:51 GMT
age: 3138
etag: "b4518ffaaadd6cdf297c22d196ee59597bef5586"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb5f34cfb-1029-497a-8d09-65db888e6f11.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.8 kB (7821 bytes)
Hash
f4fb0f4c9ac5a88678baf456107f5341
f6c54dbdfad7e243fe38c03f004c4c79f96b2892
b2fc6c453d7ed610521fcf34d7736a20191d86b485fd57236d2d2c4849cbb8d9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb5f34cfb-1029-497a-8d09-65db888e6f11.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7821
x-amzn-requestid: b3b72561-80fd-4b73-862c-ad070f135634
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-LzEkrIAMFmrQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635310b1-73f427947c17f35667c0b443;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:35:45 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: LMoH9qNuDmuriAWS_UIw4XHAUcnNhvxI48pB39I68aypUxeorSft0A==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:00:32 GMT
etag: "f6c54dbdfad7e243fe38c03f004c4c79f96b2892"
content-type: image/jpeg
age: 3217
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F63f136cc-8688-48a8-a173-5f57e08e25bb.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10684 bytes)
Hash
5ef386b42bd6b9efb747cfeb3d64fb7a
db63f62383d513348c1ef231ea4fb58d7e1e044e
988cb73f0fef893d2d65a66fad0b171350102f4496fa5ba22e415d5929373d0f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F63f136cc-8688-48a8-a173-5f57e08e25bb.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10684
x-amzn-requestid: 643c8e7b-15e9-4241-8ba1-e3f4a4592373
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-okE7AoAMFjDQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63531169-705159c619bc23880acd4d42;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:38:49 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Npq_KhYynsGPhwdVvIa_JeWi13m74Qgm7vw5GyWDydH7tzON7p0MYA==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:00:32 GMT
age: 3217
etag: "db63f62383d513348c1ef231ea4fb58d7e1e044e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5f65d4c-2c16-4111-887b-bcae5238faa2.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12012 bytes)
Hash
e44a8dcfdfa8527125ae334ecf2acc2c
c6cf8d68ae9c8c76f072576bca1c271ae70f7525
81386f6c1e64e32069aeeb7a340b0d51851ca907f9db223570e70e5c46f04fed

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5f65d4c-2c16-4111-887b-bcae5238faa2.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12012
x-amzn-requestid: f0a1e367-d30e-488c-82d6-005eb15a21c8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-TLE1MoAMFYbg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635310e0-27ce063b550723635109ca7b;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:36:33 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: VEMcF0HdB5O2-7cLAZGGI4XmWu5RDySUzD9owOQv_T02ZmV8pRpSLQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:36:33 GMT
age: 1056
etag: "c6cf8d68ae9c8c76f072576bca1c271ae70f7525"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F428e118d-55db-4b2d-9dc1-0adbc5a4021a.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.9 kB (8856 bytes)
Hash
a361cef05d531426819a2bffd8ab1e47
9c8050ffd0de58005705219ec70b6e4352e35b5e
0c3c48b96adb7c1dc8a8c3771878dcbab80bbbb9f2d6998038bf5d43831b578b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F428e118d-55db-4b2d-9dc1-0adbc5a4021a.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8856
x-amzn-requestid: 84cc5c28-b71f-4ada-9d3b-e67e820cd080
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-LzHcsoAMFuNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635310b1-6b44e77726dc2003052ce387;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:35:45 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: kV1qS7kI7-DRm5Su-p133YIf_m4n6i16uBSDrGdsbMDPxD_2v1a69Q==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:20:05 GMT
etag: "9c8050ffd0de58005705219ec70b6e4352e35b5e"
content-type: image/jpeg
age: 2044
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd771af0d-55ee-450f-bbb3-a9e419e74a51.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.4 kB (7372 bytes)
Hash
616e14aee034bbf77c3b74b3ea53961b
ebf69c1ff6dc9450f33aef5dc2403d4df17a4c2c
0ae716474e2837c90c658d635fb9db2c8d4cdb7bf025b8e4e9e802e3ff56b0c3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd771af0d-55ee-450f-bbb3-a9e419e74a51.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7372
x-amzn-requestid: 080f5f7f-51a8-4ef5-9acc-0c7f7f64defb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-ojEg2IAMFjPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63531169-5106c8af6e77450c33a0c899;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:38:49 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: -R91mOdVOCkUp-5vOpEyQactO7SrjtbYwxTsvbR1LP6fBlFZFDTP5A==
via: 1.1 2e20768704c71ff3ce2e677251d27f3c.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:00:32 GMT
age: 3217
etag: "ebf69c1ff6dc9450f33aef5dc2403d4df17a4c2c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/images/glo-footer-logo.svg

63.250.43.10

200 OK

0 B

URL HTTP/2
dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/images/glo-footer-logo.svg
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/images/glo-footer-logo.svg HTTP/1.1
Host: dhl-bb14fa.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/login/?_branch_match_id=1111887460475924769&utm_medium=marketing&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXT84vKkrNL9bNzEvL10ssKNDLyczL1vetSA72Dk90TC9NAgC7ALg9KQAAAA==
Connection: keep-alive
Cookie: PHPSESSID=hc1ea8u1qbr78mvmkj4cmt2e20
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 21 Oct 2022 22:54:08 GMT
content-type: image/svg+xml
last-modified: Wed, 19 Oct 2022 23:48:27 GMT
vary: Accept-Encoding
etag: W/"63508ccb-2ec0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
age: 0
x-cache: MISS
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/images/logo.svg

63.250.43.10

200 OK

0 B

URL HTTP/2
dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/images/logo.svg
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/images/logo.svg HTTP/1.1
Host: dhl-bb14fa.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/login/?_branch_match_id=1111887460475924769&utm_medium=marketing&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXT84vKkrNL9bNzEvL10ssKNDLyczL1vetSA72Dk90TC9NAgC7ALg9KQAAAA==
Connection: keep-alive
Cookie: PHPSESSID=hc1ea8u1qbr78mvmkj4cmt2e20
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 21 Oct 2022 22:54:08 GMT
content-type: image/svg+xml
last-modified: Wed, 19 Oct 2022 23:48:27 GMT
vary: Accept-Encoding
etag: W/"63508ccb-643"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
age: 0
x-cache: MISS
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/js/popper.min.js

63.250.43.10

200 OK

0 B

URL HTTP/2
dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/js/popper.min.js
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/js/popper.min.js HTTP/1.1
Host: dhl-bb14fa.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/login/?_branch_match_id=1111887460475924769&utm_medium=marketing&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXT84vKkrNL9bNzEvL10ssKNDLyczL1vetSA72Dk90TC9NAgC7ALg9KQAAAA==
Connection: keep-alive
Cookie: PHPSESSID=hc1ea8u1qbr78mvmkj4cmt2e20
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 21 Oct 2022 22:54:08 GMT
content-type: application/javascript
last-modified: Wed, 19 Oct 2022 23:48:27 GMT
vary: Accept-Encoding
etag: W/"63508ccb-4f74"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
age: 0
x-cache: MISS
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/js/fontawesome.min.js

63.250.43.10

200 OK

0 B

URL HTTP/2
dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/js/fontawesome.min.js
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/js/fontawesome.min.js HTTP/1.1
Host: dhl-bb14fa.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/login/?_branch_match_id=1111887460475924769&utm_medium=marketing&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXT84vKkrNL9bNzEvL10ssKNDLyczL1vetSA72Dk90TC9NAgC7ALg9KQAAAA==
Connection: keep-alive
Cookie: PHPSESSID=hc1ea8u1qbr78mvmkj4cmt2e20
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 21 Oct 2022 22:54:08 GMT
content-type: application/javascript
last-modified: Wed, 19 Oct 2022 23:48:27 GMT
vary: Accept-Encoding
etag: W/"63508ccb-10314e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
age: 0
x-cache: MISS
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/login/?_branch_match_id=1111887460475924769&utm_medium=marketing&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXT84vKkrNL9bNzEvL10ssKNDLyczL1vetSA72Dk90TC9NAgC7ALg9KQAAAA==

63.250.43.10

200 OK

0 B

URL HTTP/2
dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/login/?_branch_match_id=1111887460475924769&utm_medium=marketing&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXT84vKkrNL9bNzEvL10ssKNDLyczL1vetSA72Dk90TC9NAgC7ALg9KQAAAA==
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /login/dhl.de/ch-en/pakete-versenden/privatkunden/login/?_branch_match_id=1111887460475924769&utm_medium=marketing&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXT84vKkrNL9bNzEvL10ssKNDLyczL1vetSA72Dk90TC9NAgC7ALg9KQAAAA== HTTP/1.1
Host: dhl-bb14fa.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: nginx
date: Fri, 21 Oct 2022 22:54:07 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: PHPSESSID=hc1ea8u1qbr78mvmkj4cmt2e20; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, public
pragma: no-cache
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
content-encoding: gzip
age: 0
x-cache: MISS
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/css/bootstrap.min.css

63.250.43.10

200 OK

0 B

URL HTTP/2
dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/css/bootstrap.min.css
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/css/bootstrap.min.css HTTP/1.1
Host: dhl-bb14fa.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/login/?_branch_match_id=1111887460475924769&utm_medium=marketing&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXT84vKkrNL9bNzEvL10ssKNDLyczL1vetSA72Dk90TC9NAgC7ALg9KQAAAA==
Connection: keep-alive
Cookie: PHPSESSID=hc1ea8u1qbr78mvmkj4cmt2e20
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 21 Oct 2022 22:54:08 GMT
content-type: text/css
last-modified: Wed, 19 Oct 2022 23:48:27 GMT
vary: Accept-Encoding
etag: W/"63508ccb-2606e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
age: 0
x-cache: MISS
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/images/favicon.ico

63.250.43.10

200 OK

0 B

URL HTTP/2
dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/images/favicon.ico
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/images/favicon.ico HTTP/1.1
Host: dhl-bb14fa.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/login/?_branch_match_id=1111887460475924769&utm_medium=marketing&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXT84vKkrNL9bNzEvL10ssKNDLyczL1vetSA72Dk90TC9NAgC7ALg9KQAAAA==
Connection: keep-alive
Cookie: PHPSESSID=hc1ea8u1qbr78mvmkj4cmt2e20
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 21 Oct 2022 22:54:09 GMT
content-type: image/x-icon
last-modified: Wed, 19 Oct 2022 23:48:27 GMT
vary: Accept-Encoding
etag: W/"63508ccb-47e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
age: 0
x-cache: MISS
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/js/jquery.min.js

63.250.43.10

200 OK

0 B

URL HTTP/2
dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/js/jquery.min.js
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/js/jquery.min.js HTTP/1.1
Host: dhl-bb14fa.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/login/?_branch_match_id=1111887460475924769&utm_medium=marketing&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXT84vKkrNL9bNzEvL10ssKNDLyczL1vetSA72Dk90TC9NAgC7ALg9KQAAAA==
Connection: keep-alive
Cookie: PHPSESSID=hc1ea8u1qbr78mvmkj4cmt2e20
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 21 Oct 2022 22:54:08 GMT
content-type: application/javascript
last-modified: Wed, 19 Oct 2022 23:48:27 GMT
vary: Accept-Encoding
etag: W/"63508ccb-15851"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
age: 0
x-cache: MISS
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/js/bootstrap.min.js

63.250.43.10

200 OK

0 B

URL HTTP/2
dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/js/bootstrap.min.js
IP
63.250.43.10:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /login/dhl.de/ch-en/pakete-versenden/privatkunden/assets/js/bootstrap.min.js HTTP/1.1
Host: dhl-bb14fa.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dhl-bb14fa.ingress-baronn.ewp.live/login/dhl.de/ch-en/pakete-versenden/privatkunden/login/?_branch_match_id=1111887460475924769&utm_medium=marketing&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXT84vKkrNL9bNzEvL10ssKNDLyczL1vetSA72Dk90TC9NAgC7ALg9KQAAAA==
Connection: keep-alive
Cookie: PHPSESSID=hc1ea8u1qbr78mvmkj4cmt2e20
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 21 Oct 2022 22:54:08 GMT
content-type: application/javascript
last-modified: Wed, 19 Oct 2022 23:48:27 GMT
vary: Accept-Encoding
etag: W/"63508ccb-21388"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
age: 0
x-cache: MISS
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (35)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size