Report - dk.domholding.kz/lnkl/ios/oauth2/index.php

Report Overview

Submitted URL
dk.domholding.kz/lnkl/ios/oauth2/index.php
IP
185.98.5.178
ASN
#207333 LLP Kompaniya Hoster.KZ
Submitted
2022-09-08 09:50:40
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
12

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.35
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.110
ocsp.serverpass.telesec.de	29467	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	343 B	1.8 kB	80.158.61.91
pix.telekom.de	165388	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	559 B	920 B	185.54.150.52
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	35.160.51.228
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	326 B	886 B	23.36.77.32
dk.domholding.kz	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.5 kB	240 kB	185.98.5.178
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	328 B	963 B	172.64.155.188
xdn-ttp.de	309350	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	417 B	462 B	80.82.200.32

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-09-07	medium	dk.domholding.kz/lnkl/ios/oauth2/index.php	Deutsche Telekom

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-08	medium	dk.domholding.kz/lnkl/ios/oauth2/index.php	Phishing
2022-09-08	medium	dk.domholding.kz/lnkl/ios/static/factorx/js/jquery-matchheight-0.7.2.min.js	Phishing
2022-09-08	medium	dk.domholding.kz/lnkl/ios/static/factorx/js/login.js	Phishing
2022-09-08	medium	dk.domholding.kz/lnkl/ios/static/factorx/js/components.min.js	Phishing
2022-09-08	medium	dk.domholding.kz/lnkl/ios/static/factorx/js/jquery-3.2.1.min.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	dk.domholding.kz/lnkl/ios/oauth2/index.php	156 B	2023-03-07	2024-05-05
Pretty URL dk.domholding.kz/lnkl/ios/oauth2/index.php IP 185.98.5.178 ASN #207333 LLP Kompaniya Hoster.KZ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:27:42 Last Seen2024-05-05 06:09:43 Times Seen91 Hash 2b464024fb37722468d82877d77301df 56669685bdbc696ca248d03ef84059af25e74b1b eb30f29d0241a6617af445116127d2351ba39f3ccd5229efb98364f2aa68b387 Loading...

	dk.domholding.kz/lnkl/ios/static/factorx/js/login.js	18 kB	2023-03-07	2024-05-04
Pretty URL dk.domholding.kz/lnkl/ios/static/factorx/js/login.js IP 185.98.5.178 ASN #207333 LLP Kompaniya Hoster.KZ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:27:42 Last Seen2024-05-04 07:50:38 Times Seen33 Hash 7e034152ccf2f01381a696c2f6e3ed9a 652cf0442283382bc37a647a7b854b1da27e5f92 295d169c7fffd85246d74c76766fe54f5f28658c0229d5ad2294a561ccf45340 Loading...

	dk.domholding.kz/lnkl/ios/static/factorx/js/components.min.js	78 kB	2023-03-07	2024-05-10
Pretty URL dk.domholding.kz/lnkl/ios/static/factorx/js/components.min.js IP 185.98.5.178 ASN #207333 LLP Kompaniya Hoster.KZ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:27:42 Last Seen2024-05-10 09:35:50 Times Seen236 Hash 86ccc7913cdb65bebdce717ee74888cb ec056f2c92b0aea18f6a2cfabe197139d84a07b6 42d274b3c3f7c6565c2f3cc9b009770f143ceca121b91bc25f844f7040f18c94 Loading...

	dk.domholding.kz/lnkl/ios/static/factorx/js/jquery-3.2.1.min.js	87 kB	2023-03-07	2024-05-11
Pretty URL dk.domholding.kz/lnkl/ios/static/factorx/js/jquery-3.2.1.min.js IP 185.98.5.178 ASN #207333 LLP Kompaniya Hoster.KZ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-11 04:21:40 Times Seen65857 Hash c9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Loading...

	dk.domholding.kz/lnkl/ios/static/factorx/js/jquery-matchheight-0.7.2.min.js	3.4 kB	2023-03-07	2024-05-04
Pretty URL dk.domholding.kz/lnkl/ios/static/factorx/js/jquery-matchheight-0.7.2.min.js IP 185.98.5.178 ASN #207333 LLP Kompaniya Hoster.KZ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:27:42 Last Seen2024-05-04 07:50:38 Times Seen206 Hash 65ff1cbc70086a20b9658570355b1115 99e414bb56c5a6ae55eea044836b44e9ad465029 6ebd3995a2d04fc1550f8d025400411954fdb51dcaa24def899d8fc33b2504a7 Loading...

HTTP Transactions (20)

URL IP Response Size

firefox.settings.services.mozilla.com/v1/

143.204.55.35

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 08 Sep 2022 09:10:02 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: gSAfrp4J52ksLKY3RZmIjM3owWIA334IAazrh-JuQuk4u2e41-JY-g==
Age: 2427

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b9adda4796e3cda8d92753c46964621c
5f1eba1f6085b23dea088a91fe6f8947172f9f62
a0577a8fcfa81b3f86d99566eb4429655b93a238ffd1a3752bc9aae3d969deea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A0577A8FCFA81B3F86D99566EB4429655B93A238FFD1A3752BC9AAE3D969DEEA"
Last-Modified: Tue, 06 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7293
Expires: Thu, 08 Sep 2022 11:52:02 GMT
Date: Thu, 08 Sep 2022 09:50:29 GMT
Connection: keep-alive

dk.domholding.kz/lnkl/ios/oauth2/index.php

185.98.5.178

200 OK

3.7 kB

URL HTTP/1.1
dk.domholding.kz/lnkl/ios/oauth2/index.php
IP
185.98.5.178:0
ASN
#207333 LLP Kompaniya Hoster.KZ

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (894)
Size
3.7 kB (3652 bytes)
Hash
d7179233f5e487a06976450f4d7d39cd
eb99dba6c70cb3444cc370a016fa81300fa7baab
a76c37be2976ebadbf05a65815251ded03d973d9f44b2a42ce5e14dc192e937f

Detections

Analyzer	Verdict	Alert
openphish	Deutsche Telekom
fortinet	Phishing

HTTP Headers

GET /lnkl/ios/oauth2/index.php HTTP/1.1
Host: dk.domholding.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 09:50:29 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=7162405c0d6ec3558567574cebef641a; path=/
X-Powered-By: PleskLin
Content-Encoding: gzip

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.110

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.110:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 08 Sep 2022 03:46:35 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: t1cIqkpRRV3GOWCAGF2pkzxTOyUbTrXCF2b1uW4Q_924EJEsVdNYyg==
age: 21835
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 09:50:29 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

dk.domholding.kz/lnkl/ios/static/factorx/css/login-24.05.1.css

185.98.5.178

200 OK

4.1 kB

URL HTTP/1.1
dk.domholding.kz/lnkl/ios/static/factorx/css/login-24.05.1.css
IP
185.98.5.178:0
ASN
#207333 LLP Kompaniya Hoster.KZ

File type
ASCII text, with very long lines (18251)
Size
4.1 kB (4105 bytes)
Hash
0ba23d6ef97875b8bc0cf5d344ecea6d
d3d157ddf456686e924c97e93cbaa28a80e6866f
773d886f38c3726837f7882ab708c2f8e415c332039b2aaccf32b7bfe60de480

HTTP Headers

GET /lnkl/ios/static/factorx/css/login-24.05.1.css HTTP/1.1
Host: dk.domholding.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dk.domholding.kz/lnkl/ios/oauth2/index.php
Cookie: PHPSESSID=7162405c0d6ec3558567574cebef641a

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 09:50:29 GMT
Content-Type: text/css
Last-Modified: Wed, 07 Sep 2022 11:40:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"63188333-474c"
X-Powered-By: PleskLin
Content-Encoding: gzip

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
88716d318d55a2b6555742ef1a886913
ad437c1122ea6f0641b2150adc78cfdc65dfb668
ef8151f1d41febc25da9c079075d9f0d780c03e6df700777659503e95b65dce8

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 08 Sep 2022 09:50:29 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 06 Sep 2022 13:14:39 GMT
Expires: Tue, 13 Sep 2022 13:14:38 GMT
Etag: "ad437c1122ea6f0641b2150adc78cfdc65dfb668"
Cache-Control: max-age=443648,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7476c7bae9841c12-OSL

dk.domholding.kz/lnkl/ios/static/factorx/css/components.min.css

185.98.5.178

200 OK

21 kB

URL HTTP/1.1
dk.domholding.kz/lnkl/ios/static/factorx/css/components.min.css
IP
185.98.5.178:0
ASN
#207333 LLP Kompaniya Hoster.KZ

File type
ASCII text, with very long lines (65442)
Size
21 kB (21405 bytes)
Hash
3160d427bac9f4f1691b22393328940b
ecf7a89c9b6fa1c761e3f90d2a8f856fc1185c5d
e15a985c83376589cd073795f0e75219094430a4f6d4604697aee9407ad07512

HTTP Headers

GET /lnkl/ios/static/factorx/css/components.min.css HTTP/1.1
Host: dk.domholding.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dk.domholding.kz/lnkl/ios/oauth2/index.php
Cookie: PHPSESSID=7162405c0d6ec3558567574cebef641a

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 09:50:29 GMT
Content-Type: text/css
Last-Modified: Wed, 07 Sep 2022 11:40:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"63188333-188ab"
X-Powered-By: PleskLin
Content-Encoding: gzip

dk.domholding.kz/lnkl/ios/static/factorx/js/jquery-matchheight-0.7.2.min.js

185.98.5.178

200 OK

3.4 kB

URL HTTP/1.1
dk.domholding.kz/lnkl/ios/static/factorx/js/jquery-matchheight-0.7.2.min.js
IP
185.98.5.178:0
ASN
#207333 LLP Kompaniya Hoster.KZ

File type
ASCII text, with very long lines (3284)
Size
3.4 kB (3376 bytes)
Hash
65ff1cbc70086a20b9658570355b1115
99e414bb56c5a6ae55eea044836b44e9ad465029
6ebd3995a2d04fc1550f8d025400411954fdb51dcaa24def899d8fc33b2504a7

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /lnkl/ios/static/factorx/js/jquery-matchheight-0.7.2.min.js HTTP/1.1
Host: dk.domholding.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dk.domholding.kz/lnkl/ios/oauth2/index.php
Cookie: PHPSESSID=7162405c0d6ec3558567574cebef641a

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 09:50:29 GMT
Content-Type: application/javascript
Content-Length: 3376
Last-Modified: Wed, 07 Sep 2022 11:40:35 GMT
Connection: keep-alive
ETag: "63188333-d30"
X-Powered-By: PleskLin
Accept-Ranges: bytes

ocsp.serverpass.telesec.de/ocspr

80.158.61.91

200 OK

1.6 kB

URL HTTP/1.1
ocsp.serverpass.telesec.de/ocspr
IP
80.158.61.91:0
ASN
#6878 T-Systems International GmbH

File type
data
Size
1.6 kB (1583 bytes)
Hash
75d2cedd42b0a71273e00a01cc841fad
1ef31573e9da32f39c08438f4c1b36ee61a9cb56
215fbb867ec71f10da81f939f97a72caad73f67f6685a80baec142a35d71dbcf

HTTP Headers

POST /ocspr HTTP/1.1
Host: ocsp.serverpass.telesec.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 08 Sep 2022 09:50:29 GMT
Server: Apache
Cache-Control: must-revalidate,no-cache,no-store
Content-Type: application/ocsp-response
Content-Length: 1583
Connection: close

pix.telekom.de/196380495960676/wt?p=441,www.telekom.de.privatkunden.login-idm-id,0,0,0,0,0,0,0,0&cg1=www.telekom.de&cg2=login&cg8=privatkunden&cg9=login-idm-id&cp19=653721ea-4998-4e08-8208-8d9e1dedf6ff

185.54.150.52

200 OK

43 B

URL HTTP/2
pix.telekom.de/196380495960676/wt?p=441,www.telekom.de.privatkunden.login-idm-id,0,0,0,0,0,0,0,0&cg1=www.telekom.de&cg2=login&cg8=privatkunden&cg9=login-idm-id&cp19=653721ea-4998-4e08-8208-8d9e1dedf6ff
IP
185.54.150.52:0
ASN
#60164 Webtrekk GmbH

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

HTTP Headers

GET /196380495960676/wt?p=441,www.telekom.de.privatkunden.login-idm-id,0,0,0,0,0,0,0,0&cg1=www.telekom.de&cg2=login&cg8=privatkunden&cg9=login-idm-id&cp19=653721ea-4998-4e08-8208-8d9e1dedf6ff HTTP/1.1
Host: pix.telekom.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dk.domholding.kz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
set-cookie: wteid_196380495960676=4166263062900450669; Max-Age=15552000; Expires=Tue, 7 Mar 2023 09:50:29 GMT; Domain=.telekom.de; Path=/; Httponly; Secure; SameSite=None
wtsid_196380495960676=1; Domain=.telekom.de; Path=/; Httponly; Secure; SameSite=None
wt_nbg_Q3=!QIGWhx1ow+J7oa27MOh2eXQWYSomxufwyjiX4gTflC7leoaH69u2ZPlTb1Tbvm9bcVRjoVodhM6jHQ==; path=/; Httponly; Secure; SameSite=None
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, private, post-check=0, pre-check=0
pragma: no-cache
last-modified: Thu, 08 Sep 2022 09:50:29 GMT
p3p: policyref="https://q3.webtrekk.net/w3c/p3p.xml", CP="NOI DSP IND COM NAV INT"
x-robots-tag: noindex, nofollow, noarchive
content-type: image/gif;charset=UTF-8
content-length: 43
date: Thu, 08 Sep 2022 09:50:29 GMT
server: c74d97b0
X-Firefox-Spdy: h2

dk.domholding.kz/lnkl/ios/static/factorx/js/login.js

185.98.5.178

200 OK

18 kB

URL HTTP/1.1
dk.domholding.kz/lnkl/ios/static/factorx/js/login.js
IP
185.98.5.178:0
ASN
#207333 LLP Kompaniya Hoster.KZ

File type
ASCII text
Size
18 kB (17512 bytes)
Hash
7e034152ccf2f01381a696c2f6e3ed9a
652cf0442283382bc37a647a7b854b1da27e5f92
295d169c7fffd85246d74c76766fe54f5f28658c0229d5ad2294a561ccf45340

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /lnkl/ios/static/factorx/js/login.js HTTP/1.1
Host: dk.domholding.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dk.domholding.kz/lnkl/ios/oauth2/index.php
Cookie: PHPSESSID=7162405c0d6ec3558567574cebef641a

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 09:50:29 GMT
Content-Type: application/javascript
Content-Length: 17512
Last-Modified: Wed, 07 Sep 2022 11:40:35 GMT
Connection: keep-alive
ETag: "63188333-4468"
X-Powered-By: PleskLin
Accept-Ranges: bytes

dk.domholding.kz/lnkl/ios/static/factorx/js/components.min.js

185.98.5.178

200 OK

78 kB

URL HTTP/1.1
dk.domholding.kz/lnkl/ios/static/factorx/js/components.min.js
IP
185.98.5.178:0
ASN
#207333 LLP Kompaniya Hoster.KZ

File type
ASCII text, with very long lines (32048)
Size
78 kB (77706 bytes)
Hash
86ccc7913cdb65bebdce717ee74888cb
ec056f2c92b0aea18f6a2cfabe197139d84a07b6
42d274b3c3f7c6565c2f3cc9b009770f143ceca121b91bc25f844f7040f18c94

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /lnkl/ios/static/factorx/js/components.min.js HTTP/1.1
Host: dk.domholding.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dk.domholding.kz/lnkl/ios/oauth2/index.php
Cookie: PHPSESSID=7162405c0d6ec3558567574cebef641a

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 09:50:29 GMT
Content-Type: application/javascript
Content-Length: 77706
Last-Modified: Wed, 07 Sep 2022 11:40:35 GMT
Connection: keep-alive
ETag: "63188333-12f8a"
X-Powered-By: PleskLin
Accept-Ranges: bytes

dk.domholding.kz/lnkl/ios/static/factorx/js/jquery-3.2.1.min.js

185.98.5.178

200 OK

87 kB

URL HTTP/1.1
dk.domholding.kz/lnkl/ios/static/factorx/js/jquery-3.2.1.min.js
IP
185.98.5.178:0
ASN
#207333 LLP Kompaniya Hoster.KZ

File type
ASCII text, with very long lines (32058)
Size
87 kB (86659 bytes)
Hash
c9f5aeeca3ad37bf2aa006139b935f0a
1055018c28ab41087ef9ccefe411606893dabea2
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /lnkl/ios/static/factorx/js/jquery-3.2.1.min.js HTTP/1.1
Host: dk.domholding.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dk.domholding.kz/lnkl/ios/oauth2/index.php
Cookie: PHPSESSID=7162405c0d6ec3558567574cebef641a

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 09:50:29 GMT
Content-Type: application/javascript
Content-Length: 86659
Last-Modified: Wed, 07 Sep 2022 11:40:35 GMT
Connection: keep-alive
ETag: "63188333-15283"
X-Powered-By: PleskLin
Accept-Ranges: bytes

xdn-ttp.de/lns/import-event-0746?zid=653721ea-4998-4e08-8208-8d9e1dedf6ff

80.82.200.32

302 Found

0 B

URL HTTP/1.1
xdn-ttp.de/lns/import-event-0746?zid=653721ea-4998-4e08-8208-8d9e1dedf6ff
IP
80.82.200.32:0
ASN
#48173 The Unbelievable Machine Company GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /lns/import-event-0746?zid=653721ea-4998-4e08-8208-8d9e1dedf6ff HTTP/1.1
Host: xdn-ttp.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dk.domholding.kz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Date: Thu, 08 Sep 2022 09:50:29 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS, PUT
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
Location: https://lns-ev.xplosion.de/xdn-import/import-event?zid=653721ea-4998-4e08-8208-8d9e1dedf6ff&partner=0746
Content-Length: 0
Server: Jetty(9.4.48.v20220622)

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.35

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Thu, 08 Sep 2022 09:38:18 GMT
Expires: Thu, 08 Sep 2022 10:06:58 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: BZpEed6c5sGkOljvZICvycylNN2J9ZcGSDlx060DtzaVOTZT3TIPow==
Age: 732

dk.domholding.kz/lnkl/ios/static/factorx/images/services.png

185.98.5.178

200 OK

23 kB

URL HTTP/1.1
dk.domholding.kz/lnkl/ios/static/factorx/images/services.png
IP
185.98.5.178:0
ASN
#207333 LLP Kompaniya Hoster.KZ

File type
PNG image data, 270 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
23 kB (22647 bytes)
Hash
70e3abc323721940a3fde12ec5a337cb
cd37490fee37309e370e0a4d73a29eac2b49d007
14977cb7057352ad7715b93dec52f4993fc16980836d03b64f79566e8c9bec22

HTTP Headers

GET /lnkl/ios/static/factorx/images/services.png HTTP/1.1
Host: dk.domholding.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dk.domholding.kz/lnkl/ios/oauth2/index.php
Cookie: PHPSESSID=7162405c0d6ec3558567574cebef641a

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 09:50:30 GMT
Content-Type: image/png
Content-Length: 22647
Last-Modified: Wed, 07 Sep 2022 11:40:35 GMT
Connection: keep-alive
ETag: "63188333-5877"
X-Powered-By: PleskLin
Accept-Ranges: bytes

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
a81b0f5b5d11bf95fc176833b2f6e808
5b194aa5a8bf3a6b0d117ccfd0f487f6db0587b5
8f6ae83f2b85db7174bbbc6553e2921617b5c8a401315e76082682949a0bd9cc

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6245
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 09:50:30 GMT
Last-Modified: Thu, 08 Sep 2022 08:06:25 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

35.160.51.228

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.160.51.228:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 57CZUb0NqRCRwsXt8cfgdg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: BifFr5OaaXivS0OPjtM4i5xaTro=

dk.domholding.kz/favicon.ico

185.98.5.178

302 Moved Temporarily

63 B

URL HTTP/1.1
dk.domholding.kz/favicon.ico
IP
185.98.5.178:0
ASN
#207333 LLP Kompaniya Hoster.KZ

File type
HTML document, ASCII text, with no line terminators
Size
63 B (63 bytes)
Hash
745666bf37e95e0e516821e8546733cb
e420699dd67e91082f8d36d1ee776a665ee60177
e007de6be34121029f66c1931482c58afda5505b8ac53a4805f39ae230d3ce5c

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: dk.domholding.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dk.domholding.kz/lnkl/ios/oauth2/index.php
Cookie: PHPSESSID=7162405c0d6ec3558567574cebef641a

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 08 Sep 2022 09:50:31 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://bit.ly/3AAXYh6
X-Powered-By: PleskLin

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (20)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size