r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash e7a9cb518d929d10c471394adc89cdfa
d609cb0d94e645141ab1372f19c014c1b00b83af
200db48dd5e87cba8dc962e8981f72def9c12e21d5a417361c4f77425e55597a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "200DB48DD5E87CBA8DC962E8981F72DEF9C12E21D5A417361C4F77425E55597A"
Last-Modified: Sun, 12 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13345
Expires: Tue, 14 Mar 2023 14:45:57 GMT
Date: Tue, 14 Mar 2023 11:03:32 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 234b80a5a27f3d377e322e680413479d
3da8ba535ec19898f5b83ece48cd4038ac2bf557
370104df5dd8f739601a4be42ae41bb92f365dcf585823a3c14733f7c394e926
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "370104DF5DD8F739601A4BE42AE41BB92F365DCF585823A3C14733F7C394E926"
Last-Modified: Sun, 12 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7606
Expires: Tue, 14 Mar 2023 13:10:18 GMT
Date: Tue, 14 Mar 2023 11:03:32 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 7f03faaba3392caae6dae54467bfdf6d
57ea1f14e8bfbcca8190c706d708c9fda12442c1
02ac551ba61fcbc6b04f244df065948b181a8a258db5c2e197aae66fdfcea8ee
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 14 Mar 2023 10:09:22 GMT
content-type: application/json
age: 3250
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8b1778005daa3ea807573992adbd0452
4cf2aaf44073506371c1e21970a18b9eab00622f
5f74233b9cc53b0ba6149fce51f6b31c2edb892b0a95b48e66b15ee9f59525ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5F74233B9CC53B0BA6149FCE51F6B31C2EDB892B0A95B48E66B15EE9F59525AD"
Last-Modified: Sun, 12 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20434
Expires: Tue, 14 Mar 2023 16:44:06 GMT
Date: Tue, 14 Mar 2023 11:03:32 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
IP
File type PEM certificate\012- , ASCII text
Hash b5ba6334e73496995e3e3a9ecd0eb323
ad80d3b7718c28364e8c2004fb38a13a1747e462
aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: jQdAU1xKIhi3gR7j+fYYSKb63QULcPBjaTy9QyatpxIRDuHBPNbFBlqlkj6uMK1NZemkw1mTEbltcfF8rmM43A==
x-amz-request-id: R39NRY2HTWS7ZKRE
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 14 Mar 2023 10:46:46 GMT
age: 1006
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash de9134e08ef3defba7351106862cce76
15afd2f2091ba95ace57c3e638e8c7fedf836662
e8df3dd09b45f903cd60dc48333ab3db0267a36b317e4138e18d929b1f5ad167
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Tue, 14 Mar 2023 11:03:32 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 13 Mar 2023 20:22:14 GMT
Expires: Tue, 14 Mar 2023 20:22:14 GMT
ETag: "15afd2f2091ba95ace57c3e638e8c7fedf836662"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 14 Mar 2023 11:03:32 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
u14178730.ct.sendgrid.net/ls/click?upn=5wGz-2FkRhFmpOV3S6FLMxcqMB6ps1YU4Sbs-2BqEmXXBI9vaum-2BtzD6AeQxua3bhlkEds3fIpEz35AxBiuX5TOeBpTmdMVZVrBUAdlLsHHgmsJ6Os0v2An1HLQDtddsXvwamEZRiNBdrOM-2B6moVjfsravMzJkECo7QOrjYipQ8F6qHCdz5-2Fqlr1Ynz6dXTEK6DJ1fO-2BDkH1P96VG4FbsUn2sJUqeiqOYseOIVr1UXFyt-2FBcxcI1vIPLKIr3n-2BLBlcsOOOuoZbKXFupavuDp4-2BTCTBUKkEtbwZ175Tj4zGHjTHdOZd7IXDG3TFKwkGX1HeFDsHfp9keiyBbUeNL8zbjkjKE3B-2Bm4xn78yB0UXxms-2FkE6mMYQUVJ7xcNgWImv48ouQPyVkeD32dM50HGkam0lyGp1SuJxfhRH1yOvwFIr3FozT1tMMZOuxyeGhaLoG76FeEOqtuHwo1NAu8Zy89tGAGYIhNyEo0GVU-2BKs2PKYVwZso0nqZLeexlu7c5akz3ZmrhvjrbaoPZOPqwnHLVxSDvgmb7NW4ze9882mZ47axMEBk85ng6ECCiwAnrq2p-2BK8Q4WUw-2FRGcTYcoqu7v-2FHqGm7lAOHrsVsTYbNqWTSS-2FznpZtB-2FpdqKGKXr5OOuvOsrE4L8AHnu97pHlflBBbhPARhXjfnQHnXZX0Duhc3PHf8fmnXlSDJ6VvPAxpLp5y83nak2BCaQSIRGwsobAnRk3w-3D-3DsJNn_1MawNii78n-2Fxho1O4mdAtJmmBnZy90-2BXc9VQZfCcFCX3IXJ-2B8yulE8GmWOWaeW-2Bb9F6yN3mdUrLLQq8lIolltt5tn60HIY6dkQ1RToR-2Bw5vCSTP8ZfVXDCI-2FQqi3KQNP0UTExMcDj2KvWvTr9K0A0KyurMYseeGvBzxkoLjDsIfIvGzP0yuMXGHIIrvkHlzADdTMxvUnglyn0DX11nV9tK0LSJhRx-2FkEsDKy2CdkuS2oQ8DTP-2BkZ5peuEeyhpNkWneBnKyO7ldoyReJ2VVke0jkpNqdoHShADKndpa3vblwMkkX68lAsd1MxWgihfLjig4CFesTwAPy3apJZwVegsA-3D-3D
302 Found 554 B URL HTTP/1.1 u14178730.ct.sendgrid.net/ls/click?upn=5wGz-2FkRhFmpOV3S6FLMxcqMB6ps1YU4Sbs-2BqEmXXBI9vaum-2BtzD6AeQxua3bhlkEds3fIpEz35AxBiuX5TOeBpTmdMVZVrBUAdlLsHHgmsJ6Os0v2An1HLQDtddsXvwamEZRiNBdrOM-2B6moVjfsravMzJkECo7QOrjYipQ8F6qHCdz5-2Fqlr1Ynz6dXTEK6DJ1fO-2BDkH1P96VG4FbsUn2sJUqeiqOYseOIVr1UXFyt-2FBcxcI1vIPLKIr3n-2BLBlcsOOOuoZbKXFupavuDp4-2BTCTBUKkEtbwZ175Tj4zGHjTHdOZd7IXDG3TFKwkGX1HeFDsHfp9keiyBbUeNL8zbjkjKE3B-2Bm4xn78yB0UXxms-2FkE6mMYQUVJ7xcNgWImv48ouQPyVkeD32dM50HGkam0lyGp1SuJxfhRH1yOvwFIr3FozT1tMMZOuxyeGhaLoG76FeEOqtuHwo1NAu8Zy89tGAGYIhNyEo0GVU-2BKs2PKYVwZso0nqZLeexlu7c5akz3ZmrhvjrbaoPZOPqwnHLVxSDvgmb7NW4ze9882mZ47axMEBk85ng6ECCiwAnrq2p-2BK8Q4WUw-2FRGcTYcoqu7v-2FHqGm7lAOHrsVsTYbNqWTSS-2FznpZtB-2FpdqKGKXr5OOuvOsrE4L8AHnu97pHlflBBbhPARhXjfnQHnXZX0Duhc3PHf8fmnXlSDJ6VvPAxpLp5y83nak2BCaQSIRGwsobAnRk3w-3D-3DsJNn_1MawNii78n-2Fxho1O4mdAtJmmBnZy90-2BXc9VQZfCcFCX3IXJ-2B8yulE8GmWOWaeW-2Bb9F6yN3mdUrLLQq8lIolltt5tn60HIY6dkQ1RToR-2Bw5vCSTP8ZfVXDCI-2FQqi3KQNP0UTExMcDj2KvWvTr9K0A0KyurMYseeGvBzxkoLjDsIfIvGzP0yuMXGHIIrvkHlzADdTMxvUnglyn0DX11nV9tK0LSJhRx-2FkEsDKy2CdkuS2oQ8DTP-2BkZ5peuEeyhpNkWneBnKyO7ldoyReJ2VVke0jkpNqdoHShADKndpa3vblwMkkX68lAsd1MxWgihfLjig4CFesTwAPy3apJZwVegsA-3D-3D
IP
File type HTML document, ASCII text, with very long lines (552)
Hash 1a887383ab0a3c7751d8f01bba3b33d3
e8779342e53690d335173265ca0c390de3d5be28
f45767f38d14cefd8aa5ba38e444342e7b2196c1b39212e8dc7ee14e8af00c67
Analyzer Verdict Alert fortinet Phishing
GET /ls/click?upn=5wGz-2FkRhFmpOV3S6FLMxcqMB6ps1YU4Sbs-2BqEmXXBI9vaum-2BtzD6AeQxua3bhlkEds3fIpEz35AxBiuX5TOeBpTmdMVZVrBUAdlLsHHgmsJ6Os0v2An1HLQDtddsXvwamEZRiNBdrOM-2B6moVjfsravMzJkECo7QOrjYipQ8F6qHCdz5-2Fqlr1Ynz6dXTEK6DJ1fO-2BDkH1P96VG4FbsUn2sJUqeiqOYseOIVr1UXFyt-2FBcxcI1vIPLKIr3n-2BLBlcsOOOuoZbKXFupavuDp4-2BTCTBUKkEtbwZ175Tj4zGHjTHdOZd7IXDG3TFKwkGX1HeFDsHfp9keiyBbUeNL8zbjkjKE3B-2Bm4xn78yB0UXxms-2FkE6mMYQUVJ7xcNgWImv48ouQPyVkeD32dM50HGkam0lyGp1SuJxfhRH1yOvwFIr3FozT1tMMZOuxyeGhaLoG76FeEOqtuHwo1NAu8Zy89tGAGYIhNyEo0GVU-2BKs2PKYVwZso0nqZLeexlu7c5akz3ZmrhvjrbaoPZOPqwnHLVxSDvgmb7NW4ze9882mZ47axMEBk85ng6ECCiwAnrq2p-2BK8Q4WUw-2FRGcTYcoqu7v-2FHqGm7lAOHrsVsTYbNqWTSS-2FznpZtB-2FpdqKGKXr5OOuvOsrE4L8AHnu97pHlflBBbhPARhXjfnQHnXZX0Duhc3PHf8fmnXlSDJ6VvPAxpLp5y83nak2BCaQSIRGwsobAnRk3w-3D-3DsJNn_1MawNii78n-2Fxho1O4mdAtJmmBnZy90-2BXc9VQZfCcFCX3IXJ-2B8yulE8GmWOWaeW-2Bb9F6yN3mdUrLLQq8lIolltt5tn60HIY6dkQ1RToR-2Bw5vCSTP8ZfVXDCI-2FQqi3KQNP0UTExMcDj2KvWvTr9K0A0KyurMYseeGvBzxkoLjDsIfIvGzP0yuMXGHIIrvkHlzADdTMxvUnglyn0DX11nV9tK0LSJhRx-2FkEsDKy2CdkuS2oQ8DTP-2BkZ5peuEeyhpNkWneBnKyO7ldoyReJ2VVke0jkpNqdoHShADKndpa3vblwMkkX68lAsd1MxWgihfLjig4CFesTwAPy3apJZwVegsA-3D-3D HTTP/1.1
Host: u14178730.ct.sendgrid.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
Server: nginx
Date: Tue, 14 Mar 2023 11:03:32 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 554
Connection: keep-alive
Location: https://u1744317.ct.sendgrid.net/ls/click?upn=tRM0VoyQKfhoWnPWD5SXd5vT0OZu334g5iNDRz3j1a484Hob7s-2Bs-2FMLTQ1sl3rMTbw3wanpyXtgK5r4YuOeykw-3D-3Dq4-F_RnWdZPOCeL4A2buAZ7A0LYK325djVxqgGo-2B-2FPxmGyaNuDHxP8ANzpbJ3n4eANPVJqOSHdfP9SLM9DhFFXOAdVVVZ0Z4KssNcFTmkHQ-2FK-2FQWm2DFRD8sUdP-2FqlddIByHVzBVy8tgRd5PCiCBOa-2F6vArhd1fwsVPWUKezCyfL0y2GETgNsbLmGRueVrxXTO3dZfN18SfOZgx2DhbRrP9sxT7OarVnE3jzoAOLy4UJUycl8AaH05keQEqJNy6qkzZM9icp4Ac38EQIfGgqDGMo5Bujs5xw3k6-2Fapjcl2-2Fi-2FU3fJNm2NoDcpf6rc4IQSEyJfx2c0IhbqeuQ13TvRlkMLkUg3HiHk5jPHnYb2zFOw4nY-3D
X-Robots-Tag: noindex, nofollow
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Content-Length, Retry-After, Content-Type, Expires, Alert, Pragma, ETag, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 14 Mar 2023 10:12:32 GMT
age: 3060
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash db27ecc2f481e8871b2e99584e751660
e671ecb839d53e296f4ec303208ddb713c72aecc
5c910268b5c4f0244540c5570056673f8cbe4a0979f301363cb56dc359c147df
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5C910268B5C4F0244540C5570056673F8CBE4A0979F301363CB56DC359C147DF"
Last-Modified: Sun, 12 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8945
Expires: Tue, 14 Mar 2023 13:32:38 GMT
Date: Tue, 14 Mar 2023 11:03:33 GMT
Connection: keep-alive
u1744317.ct.sendgrid.net/ls/click?upn=tRM0VoyQKfhoWnPWD5SXd5vT0OZu334g5iNDRz3j1a484Hob7s-2Bs-2FMLTQ1sl3rMTbw3wanpyXtgK5r4YuOeykw-3D-3Dq4-F_RnWdZPOCeL4A2buAZ7A0LYK325djVxqgGo-2B-2FPxmGyaNuDHxP8ANzpbJ3n4eANPVJqOSHdfP9SLM9DhFFXOAdVVVZ0Z4KssNcFTmkHQ-2FK-2FQWm2DFRD8sUdP-2FqlddIByHVzBVy8tgRd5PCiCBOa-2F6vArhd1fwsVPWUKezCyfL0y2GETgNsbLmGRueVrxXTO3dZfN18SfOZgx2DhbRrP9sxT7OarVnE3jzoAOLy4UJUycl8AaH05keQEqJNy6qkzZM9icp4Ac38EQIfGgqDGMo5Bujs5xw3k6-2Fapjcl2-2Fi-2FU3fJNm2NoDcpf6rc4IQSEyJfx2c0IhbqeuQ13TvRlkMLkUg3HiHk5jPHnYb2zFOw4nY-3D
302 Found 76 B URL HTTP/1.1 u1744317.ct.sendgrid.net/ls/click?upn=tRM0VoyQKfhoWnPWD5SXd5vT0OZu334g5iNDRz3j1a484Hob7s-2Bs-2FMLTQ1sl3rMTbw3wanpyXtgK5r4YuOeykw-3D-3Dq4-F_RnWdZPOCeL4A2buAZ7A0LYK325djVxqgGo-2B-2FPxmGyaNuDHxP8ANzpbJ3n4eANPVJqOSHdfP9SLM9DhFFXOAdVVVZ0Z4KssNcFTmkHQ-2FK-2FQWm2DFRD8sUdP-2FqlddIByHVzBVy8tgRd5PCiCBOa-2F6vArhd1fwsVPWUKezCyfL0y2GETgNsbLmGRueVrxXTO3dZfN18SfOZgx2DhbRrP9sxT7OarVnE3jzoAOLy4UJUycl8AaH05keQEqJNy6qkzZM9icp4Ac38EQIfGgqDGMo5Bujs5xw3k6-2Fapjcl2-2Fi-2FU3fJNm2NoDcpf6rc4IQSEyJfx2c0IhbqeuQ13TvRlkMLkUg3HiHk5jPHnYb2zFOw4nY-3D
IP
File type HTML document, ASCII text
Hash 99565b3917b9000bbd11e8854db06c36
edc1fb641f793fa65f539571206134e82e400c2a
d6d8bf07139c785e9a1f6732abe6423925b587c02e328f8a5ed6ed8475a9826d
GET /ls/click?upn=tRM0VoyQKfhoWnPWD5SXd5vT0OZu334g5iNDRz3j1a484Hob7s-2Bs-2FMLTQ1sl3rMTbw3wanpyXtgK5r4YuOeykw-3D-3Dq4-F_RnWdZPOCeL4A2buAZ7A0LYK325djVxqgGo-2B-2FPxmGyaNuDHxP8ANzpbJ3n4eANPVJqOSHdfP9SLM9DhFFXOAdVVVZ0Z4KssNcFTmkHQ-2FK-2FQWm2DFRD8sUdP-2FqlddIByHVzBVy8tgRd5PCiCBOa-2F6vArhd1fwsVPWUKezCyfL0y2GETgNsbLmGRueVrxXTO3dZfN18SfOZgx2DhbRrP9sxT7OarVnE3jzoAOLy4UJUycl8AaH05keQEqJNy6qkzZM9icp4Ac38EQIfGgqDGMo5Bujs5xw3k6-2Fapjcl2-2Fi-2FU3fJNm2NoDcpf6rc4IQSEyJfx2c0IhbqeuQ13TvRlkMLkUg3HiHk5jPHnYb2zFOw4nY-3D HTTP/1.1
Host: u1744317.ct.sendgrid.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
Server: nginx
Date: Tue, 14 Mar 2023 11:03:33 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 76
Connection: keep-alive
Location: http://www.addhpp.com/de/2/NK/V2/im/hanagde_/NL/_Logo
X-Robots-Tag: noindex, nofollow
www.addhpp.com/de/2/NK/V2/im/hanagde_/NL/_Logo
302 Found 222 B URL HTTP/1.1 www.addhpp.com/de/2/NK/V2/im/hanagde_/NL/_Logo
IP
ASN #19871 NETWORK-SOLUTIONS-HOSTING
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash f73fd10ba683f715d02c2cdbbfa66356
23353891c1bbe03753dd09d157c4cc2fc8957b13
4fea36b9519907622e42fe1e02af6c348821baf6eff9be8b0b823c50856f9022
Analyzer Verdict Alert fortinet Phishing
GET /de/2/NK/V2/im/hanagde_/NL/_Logo HTTP/1.1
Host: www.addhpp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: openresty/1.19.9.1
Date: Tue, 14 Mar 2023 11:03:33 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 222
Connection: keep-alive
Location: https://0ecdf01.wcomhost.com/de-de/us/
X-Webcom-Cache-Status: BYPASS
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: m73CGUUu5i4L54fs66iA+w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: mcH1rrZoJS//vvoSy5ODoGdzVkY=
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8bd8586a0a52f516ac521f2a3752b049
3cfd233164ae5350f2fb61250641b70e788cf58a
8783e071c3f60fbca2bba5260b55a41f1035e150ffd94a66ff6a102ff2bc6783
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8783E071C3F60FBCA2BBA5260B55A41F1035E150FFD94A66FF6A102FF2BC6783"
Last-Modified: Tue, 14 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15513
Expires: Tue, 14 Mar 2023 15:22:07 GMT
Date: Tue, 14 Mar 2023 11:03:34 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8bd8586a0a52f516ac521f2a3752b049
3cfd233164ae5350f2fb61250641b70e788cf58a
8783e071c3f60fbca2bba5260b55a41f1035e150ffd94a66ff6a102ff2bc6783
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8783E071C3F60FBCA2BBA5260B55A41F1035E150FFD94A66FF6A102FF2BC6783"
Last-Modified: Tue, 14 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15513
Expires: Tue, 14 Mar 2023 15:22:07 GMT
Date: Tue, 14 Mar 2023 11:03:34 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8bd8586a0a52f516ac521f2a3752b049
3cfd233164ae5350f2fb61250641b70e788cf58a
8783e071c3f60fbca2bba5260b55a41f1035e150ffd94a66ff6a102ff2bc6783
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8783E071C3F60FBCA2BBA5260B55A41F1035E150FFD94A66FF6A102FF2BC6783"
Last-Modified: Tue, 14 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15513
Expires: Tue, 14 Mar 2023 15:22:07 GMT
Date: Tue, 14 Mar 2023 11:03:34 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc20f2b31-8a32-4e66-bba7-e76e1c14f5ce.jpeg
200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc20f2b31-8a32-4e66-bba7-e76e1c14f5ce.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dd8a4e29260d209803408596cb286f8f
20f6796c0c7064542cc8eefe138076d16d66e8d8
54a328e054b23ddbf531b69a7c5bb817704c0dd98bc7625c9571df19df982a17
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc20f2b31-8a32-4e66-bba7-e76e1c14f5ce.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8091
x-amzn-requestid: 7e6e055a-de20-4f2f-8f76-2fe57747ed08
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BvSgDFEMoAMFXIg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640f9799-1e932e3a10bd39d630310c65;Sampled=0
x-amzn-remapped-date: Mon, 13 Mar 2023 21:37:29 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 8PtI7M0lBQx0BzzkLgbxlRJU-tGNlPtAI-lv-8TLbh7XKMbMOAAw9Q==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 ea699166e6ec77aa410ff505b0a8ce18.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Mar 2023 21:48:49 GMT
age: 47685
etag: "20f6796c0c7064542cc8eefe138076d16d66e8d8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F96e84919-82a6-462c-89aa-5dfd62b065b1.jpeg
200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F96e84919-82a6-462c-89aa-5dfd62b065b1.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 60ae6be476f64653385ee775c2ba5460
4ebff6ea6c7104f16db08ac1e13af5c4d9ecab71
c3a75d6b8f755e734ecc6fcfb5229cb47f7a4d9a6bcdbae6693da0e94b03cafc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F96e84919-82a6-462c-89aa-5dfd62b065b1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6598
x-amzn-requestid: 0b194caa-137d-4f93-8a7b-26cb05bfa3a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BvSpAEHZIAMFedA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640f97d2-2e4dd06a76e1184a2b39188f;Sampled=0
x-amzn-remapped-date: Mon, 13 Mar 2023 21:38:26 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: 1aOuS98SlIgqTJys-TCvzgzDhFobCcNpP9C_-QSI1Y_IwA1x13KpUA==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 548adcda884eed02304ba5d6a1d7f514.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Mar 2023 21:48:49 GMT
etag: "4ebff6ea6c7104f16db08ac1e13af5c4d9ecab71"
content-type: image/jpeg
age: 47685
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg
200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash be71491cee9b47dc3ffb23b4fdff25b3
79c7d22c8df6d305f46c5779ccb9f25169d4d111
e785896e5840fb901ddd0118bef3ccad6b59a96d8eef0e8ccd9c95a3c261ba45
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8487
x-amzn-requestid: 92381f1a-0140-47e9-a971-594a7de36c3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BkEcBGizoAMFgOA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640b1ab3-1a54b65a5d7083e62dcb85ab;Sampled=0
x-amzn-remapped-date: Fri, 10 Mar 2023 11:55:31 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: w_13YsBBteASlPvTrgLhnI-QiuUjEcR9q-bADLbCRl6B-uwcPS3TQA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 c5c7edc18be1805f007e0576da02e554.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Mar 2023 22:59:58 GMT
age: 43416
etag: "79c7d22c8df6d305f46c5779ccb9f25169d4d111"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F26521ff6-85cb-4f66-a570-c1c161a5b9f5.jpeg
200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F26521ff6-85cb-4f66-a570-c1c161a5b9f5.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 93e1b34f4dbbd7b8215af242107281df
91fd7a5a7a2e805cb355705e2fb1e0b91401db0b
e1bd756029248ccd01f1ac240a4a07a2f15e15d6624a6a660a9126767dd6056a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F26521ff6-85cb-4f66-a570-c1c161a5b9f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9203
x-amzn-requestid: 53d1e94f-178f-449d-820e-20db4c52d766
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BvSgFE7foAMFdcA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640f9799-23789aa8567f8c661bea3fb4;Sampled=0
x-amzn-remapped-date: Mon, 13 Mar 2023 21:37:29 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: xSuHAVm51P01HQ6m14PMrGXKy79d1G6Q7rb0BKFox1Tk5SCcsF0v0w==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 1d000d0dfe9d69b4983f619fdc5499d6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Mar 2023 22:05:15 GMT
age: 46699
etag: "91fd7a5a7a2e805cb355705e2fb1e0b91401db0b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F573e9393-2f6e-44a0-85d7-f8e063c3212e.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F573e9393-2f6e-44a0-85d7-f8e063c3212e.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d474cd24982031f4b63b375dfa694b4a
ece8b5cf3abe80c076d47df7a0727ae094fb1c4e
f23accaec29b961ec8a6a4fececb81c7b54a97cc0739ee4112288a9ad62d020f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F573e9393-2f6e-44a0-85d7-f8e063c3212e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10997
x-amzn-requestid: 151a5852-1af5-41a8-ad0a-735b64d8d6b1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BvSwdHWnIAMFpFA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640f9802-506ff4e260774abc1e0eb15f;Sampled=0
x-amzn-remapped-date: Mon, 13 Mar 2023 21:39:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: rIbSk9gc5L_0mcZW9Jpn9OrHQKcow5Ks01IBQXiQJ-uoqWfemjcy_Q==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 9825a45e2b387a61504c0c3df20048ee.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Mar 2023 22:05:59 GMT
age: 46655
etag: "ece8b5cf3abe80c076d47df7a0727ae094fb1c4e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa53063ea-1286-4ae3-9fbc-c058dbf26eab.jpeg
200 OK 3.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa53063ea-1286-4ae3-9fbc-c058dbf26eab.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 698b47dd1706ca66d3da41bfd839cfbc
2062c1b3d8e755a78a4509a195cdda001cff48e1
f62bb48cffd09e0623f854196aebc8ce940bd5c8dff52605fd9518b56597b7b6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa53063ea-1286-4ae3-9fbc-c058dbf26eab.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3294
x-amzn-requestid: 4ff86b35-45cf-4e66-b82e-9e443b5720c4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BtSsXGqQIAMFe_Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640ecb1b-134a775e72ae6b9b2834eab5;Sampled=0
x-amzn-remapped-date: Mon, 13 Mar 2023 07:04:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: AvEZolcvVKzRbNxT6TN9C85jCftnT-ZJM687ow00qrM3_jIYb4ulbg==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 5292c0d5844327feadb38f1efe42ebc6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Mar 2023 18:04:44 GMT
age: 61130
etag: "2062c1b3d8e755a78a4509a195cdda001cff48e1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 471 B IP
Hash 832010f1d40a44d3f3f6e1bb75a733dc
d3019c44053d822638ee439a92bf460b03bd58c4
440b4c591ba9e3034d5978ea531dcb3f2470b6fad4536bf5ab525a14e6001b71
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 14 Mar 2023 11:03:35 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 13 Mar 2023 09:32:11 GMT
Expires: Mon, 20 Mar 2023 09:32:10 GMT
Etag: "d3019c44053d822638ee439a92bf460b03bd58c4"
Cache-Control: max-age=512314,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7a7c07eb291db4ee-OSL
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta2/css/all.min.css
200 OK 14 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta2/css/all.min.css
IP
File type ASCII text, with very long lines (65345)
Hash 642445b86596bdeaa98e92faa2064fc6
6c5539660bf533d34e37b917973c941d1c963374
4a5a39e9f325c5578dccd880c1d516eae190ee39f7539f4a6c6c52d2eee4cbdf
GET /ajax/libs/font-awesome/6.0.0-beta2/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0ecdf01.wcomhost.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 14 Mar 2023 11:03:35 GMT
content-type: text/css; charset=utf-8
content-length: 14374
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61498362-3826"
last-modified: Tue, 21 Sep 2021 07:01:54 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 19671733
expires: Sun, 03 Mar 2024 11:03:35 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iq4TzGgtnht1RLrdTlpgybkeA07%2FDarPK5IU6ZcWQmcjGfhYhc3BdMcHrBjCFpwu5MBRXd91%2FywBqPUb1l9GKWkvsDBvZ22dU2o7932LXrcy7JXS%2FzPCndd2bExXcBcwV18Gc4uP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7a7c07f02de41c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 716c15587a6255b030e8a13c84bc89cb
532ebc64333cba1121d7f2a92d4965ed9dc75a56
8625639a16ffeb9eeef28591575691fd893b23221bc1a70682ece95704c49650
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5539
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 14 Mar 2023 11:03:35 GMT
Last-Modified: Tue, 14 Mar 2023 09:31:16 GMT
Server: ECAcc (ska/F7A7)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
200 OK 471 B IP
Hash 716c15587a6255b030e8a13c84bc89cb
532ebc64333cba1121d7f2a92d4965ed9dc75a56
8625639a16ffeb9eeef28591575691fd893b23221bc1a70682ece95704c49650
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4520
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 14 Mar 2023 11:03:35 GMT
Last-Modified: Tue, 14 Mar 2023 09:48:15 GMT
Server: ECAcc (ska/F73A)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
200 OK 471 B IP
Hash 716c15587a6255b030e8a13c84bc89cb
532ebc64333cba1121d7f2a92d4965ed9dc75a56
8625639a16ffeb9eeef28591575691fd893b23221bc1a70682ece95704c49650
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5539
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 14 Mar 2023 11:03:35 GMT
Last-Modified: Tue, 14 Mar 2023 09:31:16 GMT
Server: ECAcc (ska/F6AF)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
200 OK 471 B IP
Hash 7f915af9cfb8631a5fabaec7ba48d3ea
409bb3dffa08056d845db676dede0ffd9de4838e
53c650c879b592df4758433a39bc98bf360d50c3a7d6d5024094a51486468dca
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5697
Cache-Control: max-age=121162
Content-Type: application/ocsp-response
Date: Tue, 14 Mar 2023 11:03:35 GMT
Etag: "640f7490-1d7"
Expires: Wed, 15 Mar 2023 20:42:57 GMT
Last-Modified: Mon, 13 Mar 2023 19:08:00 GMT
Server: ECAcc (ska/F6D2)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
200 OK 471 B IP
Hash 7f915af9cfb8631a5fabaec7ba48d3ea
409bb3dffa08056d845db676dede0ffd9de4838e
53c650c879b592df4758433a39bc98bf360d50c3a7d6d5024094a51486468dca
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5993
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 14 Mar 2023 11:03:35 GMT
Last-Modified: Tue, 14 Mar 2023 09:23:42 GMT
Server: ECAcc (ska/F73A)
X-Cache: HIT
Content-Length: 471
meine.postbank.de/bundles/@pbs/patternlib_pb/lib/runtime/assets/images/logo.svg
200 OK 1.4 kB URL HTTP/1.1 meine.postbank.de/bundles/@pbs/patternlib_pb/lib/runtime/assets/images/logo.svg
IP
ASN #8373 Deutsche Bank AG
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2718), with no line terminators
Hash 26e0bf00118c1a236eb5e8090d59f19e
ba50d88793c2d4e70f26b8a96b798c3e4134f011
5470e1043f868c2142c33c0acfec49d95a71b1ca263aa9cda0cd5247d6854d90
GET /bundles/@pbs/patternlib_pb/lib/runtime/assets/images/logo.svg HTTP/1.1
Host: meine.postbank.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0ecdf01.wcomhost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 14 Mar 2023 11:03:35 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: origin
X-Frame-Options: deny
Content-Security-Policy: default-src 'self'; connect-src 'self' https://bankapi-public.postbank.de https://bankapi.postbank.de https://smoke-api.postbank.de https://smoke-api-public.postbank.de https://www.postbank.de https://collect.tealiumiq.com https://collect-eu-central-1.tealiumiq.com https://visitor-service-eu-central-1.tealiumiq.com https://delivery.1tag.dentsu.de https://cdn.1tag.dentsu.de https://dan.mgr.consensu.org https://cdn.dan.mgr.consensu.org https://assets.adobedtm.com https://*.usercentrics.eu; img-src 'self' https://www.postbank.de https://tp.postbank.de https://meine.postbank.de https://smoke-meine.postbank.de https://anlagemanager.postbank.de https://smoke-anlagemanager.postbank.de https://delivery.1tag.dentsu.de https://cdn.1tag.dentsu.de https://dan.mgr.consensu.org https://cdn.dan.mgr.consensu.org https://*.usercentrics.eu data: blob:; script-src 'self' https://pb.media01.eu https://tags.tiqcdn.com https://www.postbank.de https://delivery.1tag.dentsu.de https://cdn.1tag.dentsu.de https://dan.mgr.consensu.org https://cdn.dan.mgr.consensu.org https://assets.adobedtm.com https://*.usercentrics.eu 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://delivery.1tag.dentsu.de https://cdn.1tag.dentsu.de https://dan.mgr.consensu.org https://cdn.dan.mgr.consensu.org 'unsafe-inline'
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload;
Vary: Accept-Encoding
Last-Modified: Thu, 16 Feb 2023 08:44:38 GMT
ETag: "568-5f4cd34fca980"
Accept-Ranges: bytes
Content-Length: 1384
Cache-Control: private, max-age=15552000, must-revalidate
Expires: Sun, 10 Sep 2023 11:03:35 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: authorization
Content-Encoding: gzip
Keep-Alive: timeout=10, max=320
Connection: Keep-Alive
Content-Type: image/svg+xml
meine.postbank.de/bundles/@pbs/patternlib_pb/lib/runtime/assets/images/logo-claim.svg
200 OK 1.3 kB URL HTTP/1.1 meine.postbank.de/bundles/@pbs/patternlib_pb/lib/runtime/assets/images/logo-claim.svg
IP
ASN #8373 Deutsche Bank AG
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2317)
Hash eb61ca479b7553fc8bdbdc4a759daecc
34ccf70002c5ecd2de056f8cd405d06ddc883186
c31f0158d2faba0186fd7e206ce540e4f7bb46a461143fe1e51a839641ed3173
GET /bundles/@pbs/patternlib_pb/lib/runtime/assets/images/logo-claim.svg HTTP/1.1
Host: meine.postbank.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0ecdf01.wcomhost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 14 Mar 2023 11:03:35 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: origin
X-Frame-Options: deny
Content-Security-Policy: default-src 'self'; connect-src 'self' https://bankapi-public.postbank.de https://bankapi.postbank.de https://smoke-api.postbank.de https://smoke-api-public.postbank.de https://www.postbank.de https://collect.tealiumiq.com https://collect-eu-central-1.tealiumiq.com https://visitor-service-eu-central-1.tealiumiq.com https://delivery.1tag.dentsu.de https://cdn.1tag.dentsu.de https://dan.mgr.consensu.org https://cdn.dan.mgr.consensu.org https://assets.adobedtm.com https://*.usercentrics.eu; img-src 'self' https://www.postbank.de https://tp.postbank.de https://meine.postbank.de https://smoke-meine.postbank.de https://anlagemanager.postbank.de https://smoke-anlagemanager.postbank.de https://delivery.1tag.dentsu.de https://cdn.1tag.dentsu.de https://dan.mgr.consensu.org https://cdn.dan.mgr.consensu.org https://*.usercentrics.eu data: blob:; script-src 'self' https://pb.media01.eu https://tags.tiqcdn.com https://www.postbank.de https://delivery.1tag.dentsu.de https://cdn.1tag.dentsu.de https://dan.mgr.consensu.org https://cdn.dan.mgr.consensu.org https://assets.adobedtm.com https://*.usercentrics.eu 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://delivery.1tag.dentsu.de https://cdn.1tag.dentsu.de https://dan.mgr.consensu.org https://cdn.dan.mgr.consensu.org 'unsafe-inline'
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload;
Vary: Accept-Encoding
Last-Modified: Thu, 16 Feb 2023 08:44:38 GMT
ETag: "4fd-5f4cd34fca980"
Accept-Ranges: bytes
Content-Length: 1277
Cache-Control: private, max-age=15552000, must-revalidate
Expires: Sun, 10 Sep 2023 11:03:35 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: authorization
Content-Encoding: gzip
Keep-Alive: timeout=10, max=200
Connection: Keep-Alive
Content-Type: image/svg+xml
www.postbank.de/dam/postbank/bilder/iob5/login-alte-anmeldung.jpg
200 OK 16 kB URL HTTP/2 www.postbank.de/dam/postbank/bilder/iob5/login-alte-anmeldung.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x666, components 3\012- data
Hash 71d7f159b3c4e1fb3b7e59ad8c956207
96294325a7ae20f048a3407f96afad53c0d77680
2afc1ff4a798ce317d694abd9ecb5dc5f7e1211f80e3864902c0f6da65746c14
GET /dam/postbank/bilder/iob5/login-alte-anmeldung.jpg HTTP/1.1
Host: www.postbank.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0ecdf01.wcomhost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/jpeg
content-length: 15471
date: Tue, 14 Mar 2023 11:03:35 GMT
set-cookie: AWSALB=KqqFLshEKlPoUj2exs+KBJqo4RJhqiJugsdZjXekqKzHDzOriXtnCuXsiVybF1Npq8Kt2Ug4teat8zNuL7Aw+6R9SHcS1zAliETW332agVdyedNw6IvdniZ+bKlV; Expires=Tue, 21 Mar 2023 11:03:35 GMT; Path=/
AWSALBCORS=KqqFLshEKlPoUj2exs+KBJqo4RJhqiJugsdZjXekqKzHDzOriXtnCuXsiVybF1Npq8Kt2Ug4teat8zNuL7Aw+6R9SHcS1zAliETW332agVdyedNw6IvdniZ+bKlV; Expires=Tue, 21 Mar 2023 11:03:35 GMT; Path=/; SameSite=None; Secure
server: Apache
x-dispatcher: dispatcher3eucentral1
x-dispatcher-version: 1.5.7
strict-transport-security: max-age=63072000; includeSubdomains;
x-xss-protection: 1; mode=block
x-vhost: postbank
vary: Host
x-content-type-options: nosniff
last-modified: Tue, 20 Oct 2020 14:38:35 GMT
etag: "3c6f-5b21b2f8a30c0"
accept-ranges: bytes
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET,HEAD,OPTIONS,POST
access-control-allow-credentials: true
content-disposition: inline
x-cache: Miss from cloudfront
via: 1.1 0fe58376b9b8f183d15a40bca52256e0.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: FNoiw4JNBq2e_nilECGaoEnQCQf0NUiZvZw_943qmB_G73E8TDudEQ==
X-Firefox-Spdy: h2
www.postbank.de/dam/postbank/bilder/iob5/sicherheitshinweis.jpg
200 OK 116 kB URL HTTP/2 www.postbank.de/dam/postbank/bilder/iob5/sicherheitshinweis.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1374x610, components 3\012- data
Size 116 kB (115626 bytes)
Hash 6fff8c1d662e9fd475d8f0907ab0f23b
0d6b947c37a47ef640bcd29439a72354cd87f857
b6fee381207d08fa8d029741f93662cf29622bb040a5d875bab0d68a1e93e6df
GET /dam/postbank/bilder/iob5/sicherheitshinweis.jpg HTTP/1.1
Host: www.postbank.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0ecdf01.wcomhost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/jpeg
content-length: 115626
date: Tue, 14 Mar 2023 11:03:35 GMT
set-cookie: AWSALB=j+hePteaCvOVtqWnHbPWcURNjjZo8PYrkUAtPadtOwlAjgkXqWtOSW7ADHI8Dbk72ubTg9SoalU/H1hW0Kp1ubJYI0YTkfBway0PS9VBqwjYoNUmNuEZ4wGsTyol; Expires=Tue, 21 Mar 2023 11:03:35 GMT; Path=/
AWSALBCORS=j+hePteaCvOVtqWnHbPWcURNjjZo8PYrkUAtPadtOwlAjgkXqWtOSW7ADHI8Dbk72ubTg9SoalU/H1hW0Kp1ubJYI0YTkfBway0PS9VBqwjYoNUmNuEZ4wGsTyol; Expires=Tue, 21 Mar 2023 11:03:35 GMT; Path=/; SameSite=None; Secure
server: Apache
x-dispatcher: dispatcher1eucentral1
x-dispatcher-version: 1.5.7
strict-transport-security: max-age=63072000; includeSubdomains;
x-xss-protection: 1; mode=block
x-vhost: postbank
vary: Host
x-content-type-options: nosniff
last-modified: Wed, 06 Apr 2022 14:11:27 GMT
etag: "1c3aa-5dbfcefebc1c0"
accept-ranges: bytes
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET,HEAD,OPTIONS,POST
access-control-allow-credentials: true
content-disposition: inline
x-cache: Miss from cloudfront
via: 1.1 0fe58376b9b8f183d15a40bca52256e0.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: WQn81PtSKLnA5qSEg5hWT4q7f6voBB9a2-gHi5smUW2_Y7GNxsUN1A==
X-Firefox-Spdy: h2
www.postbank.de/dam/postbank/bilder/iob5/passtbank-privatkredit-kueche-login.jpg
200 OK 161 kB URL HTTP/2 www.postbank.de/dam/postbank/bilder/iob5/passtbank-privatkredit-kueche-login.jpg
IP
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1080x666, components 3\012- data
Size 161 kB (161040 bytes)
Hash cd3780ffb5aebcb23172edaea7ccabcd
73ba1617d2156e16ec2e4e41600bc92fe7f5c431
e006145488a9df2c511a1c4f2db044819cf0e2f539f2c62ea964fc51c38c073f
GET /dam/postbank/bilder/iob5/passtbank-privatkredit-kueche-login.jpg HTTP/1.1
Host: www.postbank.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0ecdf01.wcomhost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/jpeg
content-length: 161040
date: Tue, 14 Mar 2023 11:03:35 GMT
set-cookie: AWSALB=+2kwuwckUb9lYYYle6K3lIvLmq+vrB87bzinTLvDjNNCcjJ7M6w1AhE5rIFLa92HzIY5lrtFbOfZ8vr1kcPzIEluZ3S4Vzf5JsRvx5vFNGL+ACRAib+4PvIjdsef; Expires=Tue, 21 Mar 2023 11:03:35 GMT; Path=/
AWSALBCORS=+2kwuwckUb9lYYYle6K3lIvLmq+vrB87bzinTLvDjNNCcjJ7M6w1AhE5rIFLa92HzIY5lrtFbOfZ8vr1kcPzIEluZ3S4Vzf5JsRvx5vFNGL+ACRAib+4PvIjdsef; Expires=Tue, 21 Mar 2023 11:03:35 GMT; Path=/; SameSite=None; Secure
server: Apache
x-dispatcher: dispatcher2eucentral1
x-dispatcher-version: 1.5.7
strict-transport-security: max-age=63072000; includeSubdomains;
x-xss-protection: 1; mode=block
x-vhost: postbank
vary: Host
x-content-type-options: nosniff
last-modified: Wed, 23 Jun 2021 20:27:00 GMT
etag: "27510-5c574ba896d00"
accept-ranges: bytes
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET,HEAD,OPTIONS,POST
access-control-allow-credentials: true
content-disposition: inline
x-cache: Miss from cloudfront
via: 1.1 0fe58376b9b8f183d15a40bca52256e0.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-C2
x-amz-cf-id: lVKYyXKvMUy-MnfMTab56y_h5msttz_B83nyE1vZbUxRJiNBxanNIw==
X-Firefox-Spdy: h2
0ecdf01.wcomhost.com/de-de/us/assets/svg-icon-sprite.svg
200 OK 47 kB URL HTTP/2 0ecdf01.wcomhost.com/de-de/us/assets/svg-icon-sprite.svg
IP
ASN #19871 NETWORK-SOLUTIONS-HOSTING
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (46876), with no line terminators
Hash b1f6150fc612fea368eb25458e8d46b7
7fed1e815a9c2d2270abe0bfe0fd8eeedddd45ec
fc003d223a8876c13e6a99710847a62db755abe3761e12fa7d083a0cc716ba65
Analyzer Verdict Alert fortinet Phishing
GET /de-de/us/assets/svg-icon-sprite.svg HTTP/1.1
Host: 0ecdf01.wcomhost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://0ecdf01.wcomhost.com/de-de/us/
Connection: keep-alive
Cookie: PHPSESSID=4d1bddc2d6ba28140f90b4080b602adf
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty/1.19.9.1
date: Tue, 14 Mar 2023 11:03:36 GMT
content-type: image/svg+xml
content-length: 46876
last-modified: Sun, 12 Mar 2023 18:17:01 GMT
etag: "b71c-5f6b800354e37"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
x-webcom-cache-status: BYPASS
accept-ranges: bytes
X-Firefox-Spdy: h2
0ecdf01.wcomhost.com/de-de/us/assets/assets/fonts/Frutiger/FrutigerLTW02-65Bold.woff2
200 OK 42 kB URL HTTP/2 0ecdf01.wcomhost.com/de-de/us/assets/assets/fonts/Frutiger/FrutigerLTW02-65Bold.woff2
IP
ASN #19871 NETWORK-SOLUTIONS-HOSTING
File type Web Open Font Format (Version 2), TrueType, length 42008, version 1.0\012- data
Hash 66a825d0bc3b78c378dadbfa19b8ac02
7fb3f4f2d17526585b8440a42eca6d98dbc6ccf6
33f227be2f5d1077c023bf5bfaa69f4498c74c3771d820ac23e2e2ca2a2bcd0d
Analyzer Verdict Alert fortinet Phishing
GET /de-de/us/assets/assets/fonts/Frutiger/FrutigerLTW02-65Bold.woff2 HTTP/1.1
Host: 0ecdf01.wcomhost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://0ecdf01.wcomhost.com/de-de/us/assets/file2.css
Connection: keep-alive
Cookie: PHPSESSID=4d1bddc2d6ba28140f90b4080b602adf
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty/1.19.9.1
date: Tue, 14 Mar 2023 11:03:36 GMT
content-type: font/woff2
content-length: 42008
last-modified: Sun, 12 Mar 2023 18:17:38 GMT
etag: "a418-5f6b80268f6a8"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
x-webcom-cache-status: BYPASS
accept-ranges: bytes
X-Firefox-Spdy: h2
0ecdf01.wcomhost.com/de-de/us/assets/assets/fonts/Frutiger/FrutigerLTW02-55Roman.woff2
200 OK 22 kB URL HTTP/2 0ecdf01.wcomhost.com/de-de/us/assets/assets/fonts/Frutiger/FrutigerLTW02-55Roman.woff2
IP
ASN #19871 NETWORK-SOLUTIONS-HOSTING
File type Web Open Font Format (Version 2), TrueType, length 22044, version 1.0\012- data
Hash 69ab8b03b8d3d1b10ab427d6fe54170c
f442d9cea16b501be170c8ddd7b267648fefb675
0f66f8ce126c929397fa9ac166cf8b46c2f250272c321008913168fb1902212e
Analyzer Verdict Alert fortinet Phishing
GET /de-de/us/assets/assets/fonts/Frutiger/FrutigerLTW02-55Roman.woff2 HTTP/1.1
Host: 0ecdf01.wcomhost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://0ecdf01.wcomhost.com/de-de/us/assets/file2.css
Connection: keep-alive
Cookie: PHPSESSID=4d1bddc2d6ba28140f90b4080b602adf
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty/1.19.9.1
date: Tue, 14 Mar 2023 11:03:36 GMT
content-type: font/woff2
content-length: 22044
last-modified: Sun, 12 Mar 2023 18:17:35 GMT
etag: "561c-5f6b8023ec991"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
x-webcom-cache-status: BYPASS
accept-ranges: bytes
X-Firefox-Spdy: h2
meine.postbank.de/assets/images/favicons/apple-touch-icon.png
200 OK 5.2 kB URL HTTP/1.1 meine.postbank.de/assets/images/favicons/apple-touch-icon.png
IP
ASN #8373 Deutsche Bank AG
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Hash 0bddf20e953d1c21bf018dbe4b1d9851
f936532773127f93421c57d0db0ad2dd6e61c4f2
193666adf1dd29973731f290efc41f08ab468e14597996162a3d793aed8b9584
GET /assets/images/favicons/apple-touch-icon.png HTTP/1.1
Host: meine.postbank.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0ecdf01.wcomhost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 14 Mar 2023 11:03:36 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: origin
X-Frame-Options: deny
Content-Security-Policy: default-src 'self'; connect-src 'self' https://bankapi-public.postbank.de https://bankapi.postbank.de https://smoke-api.postbank.de https://smoke-api-public.postbank.de https://www.postbank.de https://collect.tealiumiq.com https://collect-eu-central-1.tealiumiq.com https://visitor-service-eu-central-1.tealiumiq.com https://delivery.1tag.dentsu.de https://cdn.1tag.dentsu.de https://dan.mgr.consensu.org https://cdn.dan.mgr.consensu.org https://assets.adobedtm.com https://*.usercentrics.eu; img-src 'self' https://www.postbank.de https://tp.postbank.de https://meine.postbank.de https://smoke-meine.postbank.de https://anlagemanager.postbank.de https://smoke-anlagemanager.postbank.de https://delivery.1tag.dentsu.de https://cdn.1tag.dentsu.de https://dan.mgr.consensu.org https://cdn.dan.mgr.consensu.org https://*.usercentrics.eu data: blob:; script-src 'self' https://pb.media01.eu https://tags.tiqcdn.com https://www.postbank.de https://delivery.1tag.dentsu.de https://cdn.1tag.dentsu.de https://dan.mgr.consensu.org https://cdn.dan.mgr.consensu.org https://assets.adobedtm.com https://*.usercentrics.eu 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://delivery.1tag.dentsu.de https://cdn.1tag.dentsu.de https://dan.mgr.consensu.org https://cdn.dan.mgr.consensu.org 'unsafe-inline'
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload;
Last-Modified: Thu, 16 Feb 2023 08:44:38 GMT
ETag: "1471-5f4cd34fca980"
Accept-Ranges: bytes
Content-Length: 5233
Cache-Control: private, max-age=15552000, must-revalidate
Expires: Sun, 10 Sep 2023 11:03:36 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: authorization
Keep-Alive: timeout=10, max=168
Connection: Keep-Alive
Content-Type: image/png
meine.postbank.de/assets/images/favicons/favicon-16x16.png
200 OK 763 B URL HTTP/1.1 meine.postbank.de/assets/images/favicons/favicon-16x16.png
IP
ASN #8373 Deutsche Bank AG
File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Hash 7928dcbd4ef94be62d92d6218e8b917d
93768c3b84bc447a0f4b3449f93e386001106431
705e422f4c2ca8ff8521e6ca5bedf071785a13505c4cfe90693f539cead2b1f7
GET /assets/images/favicons/favicon-16x16.png HTTP/1.1
Host: meine.postbank.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0ecdf01.wcomhost.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 14 Mar 2023 11:03:36 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: origin
X-Frame-Options: deny
Content-Security-Policy: default-src 'self'; connect-src 'self' https://bankapi-public.postbank.de https://bankapi.postbank.de https://smoke-api.postbank.de https://smoke-api-public.postbank.de https://www.postbank.de https://collect.tealiumiq.com https://collect-eu-central-1.tealiumiq.com https://visitor-service-eu-central-1.tealiumiq.com https://delivery.1tag.dentsu.de https://cdn.1tag.dentsu.de https://dan.mgr.consensu.org https://cdn.dan.mgr.consensu.org https://assets.adobedtm.com https://*.usercentrics.eu; img-src 'self' https://www.postbank.de https://tp.postbank.de https://meine.postbank.de https://smoke-meine.postbank.de https://anlagemanager.postbank.de https://smoke-anlagemanager.postbank.de https://delivery.1tag.dentsu.de https://cdn.1tag.dentsu.de https://dan.mgr.consensu.org https://cdn.dan.mgr.consensu.org https://*.usercentrics.eu data: blob:; script-src 'self' https://pb.media01.eu https://tags.tiqcdn.com https://www.postbank.de https://delivery.1tag.dentsu.de https://cdn.1tag.dentsu.de https://dan.mgr.consensu.org https://cdn.dan.mgr.consensu.org https://assets.adobedtm.com https://*.usercentrics.eu 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://delivery.1tag.dentsu.de https://cdn.1tag.dentsu.de https://dan.mgr.consensu.org https://cdn.dan.mgr.consensu.org 'unsafe-inline'
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload;
Last-Modified: Thu, 16 Feb 2023 08:44:38 GMT
ETag: "2fb-5f4cd34fca980"
Accept-Ranges: bytes
Content-Length: 763
Cache-Control: private, max-age=15552000, must-revalidate
Expires: Sun, 10 Sep 2023 11:03:36 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: authorization
Keep-Alive: timeout=10, max=122
Connection: Keep-Alive
Content-Type: image/png
0ecdf01.wcomhost.com/de-de/us/
200 OK 0 B URL HTTP/2 0ecdf01.wcomhost.com/de-de/us/
IP
ASN #19871 NETWORK-SOLUTIONS-HOSTING
Analyzer Verdict Alert openphish Deutsche Postbank AG
fortinet Phishing
GET /de-de/us/ HTTP/1.1
Host: 0ecdf01.wcomhost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: openresty/1.19.9.1
date: Tue, 14 Mar 2023 11:03:35 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/8.0.23
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=4d1bddc2d6ba28140f90b4080b602adf; path=/
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
x-webcom-cache-status: BYPASS
content-encoding: gzip
X-Firefox-Spdy: h2
0ecdf01.wcomhost.com/de-de/us/assets/file1.css
200 OK 0 B URL HTTP/2 0ecdf01.wcomhost.com/de-de/us/assets/file1.css
IP
ASN #19871 NETWORK-SOLUTIONS-HOSTING
GET /de-de/us/assets/file1.css HTTP/1.1
Host: 0ecdf01.wcomhost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://0ecdf01.wcomhost.com/de-de/us/
Connection: keep-alive
Cookie: PHPSESSID=4d1bddc2d6ba28140f90b4080b602adf
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty/1.19.9.1
date: Tue, 14 Mar 2023 11:03:35 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Sun, 12 Mar 2023 18:16:58 GMT
etag: W/"86e-5f6b8000e5593"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
x-webcom-cache-status: BYPASS
content-encoding: gzip
X-Firefox-Spdy: h2
0ecdf01.wcomhost.com/de-de/us/assets/jquery-3.6.0.min.js
200 OK 0 B URL HTTP/2 0ecdf01.wcomhost.com/de-de/us/assets/jquery-3.6.0.min.js
IP
ASN #19871 NETWORK-SOLUTIONS-HOSTING
Analyzer Verdict Alert fortinet Phishing
GET /de-de/us/assets/jquery-3.6.0.min.js HTTP/1.1
Host: 0ecdf01.wcomhost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://0ecdf01.wcomhost.com/de-de/us/
Connection: keep-alive
Cookie: PHPSESSID=4d1bddc2d6ba28140f90b4080b602adf
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty/1.19.9.1
date: Tue, 14 Mar 2023 11:03:35 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sun, 12 Mar 2023 18:17:00 GMT
etag: W/"15d9c-5f6b80020e774"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
x-webcom-cache-status: BYPASS
content-encoding: gzip
X-Firefox-Spdy: h2
0ecdf01.wcomhost.com/de-de/us/assets/file2.css
200 OK 0 B URL HTTP/2 0ecdf01.wcomhost.com/de-de/us/assets/file2.css
IP
ASN #19871 NETWORK-SOLUTIONS-HOSTING
GET /de-de/us/assets/file2.css HTTP/1.1
Host: 0ecdf01.wcomhost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://0ecdf01.wcomhost.com/de-de/us/
Connection: keep-alive
Cookie: PHPSESSID=4d1bddc2d6ba28140f90b4080b602adf
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty/1.19.9.1
date: Tue, 14 Mar 2023 11:03:35 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Sun, 12 Mar 2023 18:17:00 GMT
etag: W/"5b402-5f6b800218f60"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
x-webcom-cache-status: BYPASS
content-encoding: gzip
X-Firefox-Spdy: h2
167.89.123.16
185.157.32.20
23.36.77.32
104.18.32.68