Overview

URLpjeoxjkigm.crasalkohol.se/vnafvra97w?q=3392995232&id=u2.6
IP 31.41.244.107 (Russia)
ASN#0
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-12-08 04:50:05 UTC
StatusLoading report..
IDS alerts0
Blocklist alert7
urlquery alerts
13
Phishing - DHL
Tags None

Domain Summary (9)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
r3.o.lencr.org (7) 344 No data No data 95.101.11.115
firefox.settings.services.mozilla.com (2) 867 No data No data 35.241.9.150
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2015-05-08 15:27:43 UTC 93.184.220.29
img-getpocket.cdn.mozilla.net (6) 1631 No data No data 34.120.237.76
dhl.track1.wpuser.org (14) 0 2022-12-07 15:39:22 UTC 2022-12-07 15:41:35 UTC 45.95.232.3 Unknown ranking
contile.services.mozilla.com (1) 1114 No data No data 34.117.237.239
pjeoxjkigm.crasalkohol.se (1) 0 No data No data 31.41.244.107 Unknown ranking
push.services.mozilla.com (1) 2140 2015-08-03 07:36:16 UTC 2015-10-22 06:43:00 UTC 52.13.173.34

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-12-08 2 dhl.track1.wpuser.org/verfolgung/efbd98aacca611ecaebeb178?page=u2.6 Phishing
2022-12-08 2 dhl.track1.wpuser.org/verfolgung/js/jquery-1.12.2.min.js Phishing
2022-12-08 2 dhl.track1.wpuser.org/verfolgung/img/dhl-official.svg Phishing
2022-12-08 2 dhl.track1.wpuser.org/verfolgung/img/amex.svg Phishing
2022-12-08 2 dhl.track1.wpuser.org/verfolgung/img/rating-play-store.svg Phishing
2022-12-08 2 dhl.track1.wpuser.org/verfolgung/img/visa.svg Phishing
2022-12-08 2 dhl.track1.wpuser.org/verfolgung/img/paypal.svg Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 31.41.244.107
Date UQ / IDS / BL URL IP
2023-01-31 10:36:48 +0000 0 - 0 - 2 yqwdgjlhup.sgdixon.co.uk/ 31.41.244.107
2023-01-29 16:47:53 +0000 53 - 0 - 17 nhillkfsrw.salez.pk/vnafvra97w?q=6737759324 31.41.244.107
2023-01-29 16:47:25 +0000 53 - 0 - 17 fipujdsdgu.arti-help.xyz/vnafvra97w?q=8037874340 31.41.244.107
2023-01-29 16:47:20 +0000 53 - 0 - 17 yiycdweynm.healthsuppliesdirect.co.uk/vnafvra (...) 31.41.244.107
2023-01-29 02:50:16 +0000 53 - 0 - 19 oqprwacaxe.eb-5.law/vnafvra97w?q=7113210777 31.41.244.107


Last 5 reports on ASN:
Date UQ / IDS / BL URL IP
2023-01-31 15:53:51 +0000 0 - 0 - 2 18.160.17.85/ 18.160.17.85
2023-01-31 15:51:11 +0000 0 - 0 - 4 commbanksecure-help.com/pages 31.41.244.37
2023-01-31 15:35:49 +0000 2 - 4 - 0 ag-d-konto-login.itsaol.com/de-ag/privat/848d (...) 185.196.223.18
2023-01-31 15:24:39 +0000 0 - 2 - 4 pasvoroud.icu/ 185.149.120.137
2023-01-31 15:24:30 +0000 0 - 0 - 4 pesaraabi.net/ 185.149.120.137


Last 1 reports on domain: crasalkohol.se
Date UQ / IDS / BL URL IP
2022-12-08 04:50:05 +0000 13 - 0 - 7 pjeoxjkigm.crasalkohol.se/vnafvra97w?q=339299 (...) 31.41.244.107


No other reports with similar screenshot

JavaScript

Executed Scripts (4)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (34)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "89C5C0E2D6890798644174A8E31976AEC03A1B3DEB03812AFBB520E5ED68F522"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19651
Expires: Thu, 08 Dec 2022 10:17:25 GMT
Date: Thu, 08 Dec 2022 04:49:54 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11262
Expires: Thu, 08 Dec 2022 07:57:36 GMT
Date: Thu, 08 Dec 2022 04:49:54 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "593BC437FF8A8233516C62613D50220FCB25B9F967ED5FB384C253F0DB135103"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15408
Expires: Thu, 08 Dec 2022 09:06:42 GMT
Date: Thu, 08 Dec 2022 04:49:54 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         35.241.9.150
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 08 Dec 2022 04:08:08 GMT
age: 2506
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    30db107dcf4380cef05efea409c2e6a3
Sha1:   96e6a306fbc07299aba64e5c14e2bfca35872fa9
Sha256: b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: s8/d2ZDA84fVXR9sgnP4aEv1LfPdSizzSM6WmC9v9GWbConGNgCGZWOV1rDjms5XLIqGKY2pVRc=
x-amz-request-id: M090REDENB38XJ5J
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 08 Dec 2022 04:49:38 GMT
age: 16
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    53341dea33f4f3d9b4966f80589f429a
Sha1:   20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
Sha256: 651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Thu, 08 Dec 2022 04:49:54 GMT
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /vnafvra97w?q=3392995232&id=u2.6 HTTP/1.1 
Host: pjeoxjkigm.crasalkohol.se
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         31.41.244.107
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.14.0 (Ubuntu)
Date: Thu, 08 Dec 2022 04:49:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Set-Cookie: 48052dcb0ebaea57d9b5d2db8580e47d=0; expires=Fri, 09-Dec-2022 04:49:54 GMT; Max-Age=86400; path=/; secure; HttpOnly; SameSite=None
Location: https://dhl.track1.wpuser.org/verfolgung/efbd98aacca611ecaebeb178?page=u2.6


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  urlquery:
    - Phishing - DHL
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         35.241.9.150
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 08 Dec 2022 04:07:58 GMT
age: 2517
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6443
Cache-Control: max-age=108258
Date: Thu, 08 Dec 2022 04:49:55 GMT
Etag: "639057aa-1d7"
Expires: Fri, 09 Dec 2022 10:54:13 GMT
Last-Modified: Wed, 07 Dec 2022 09:06:50 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "5D969420DA8068F193B384BCED4BB9DD89AB6B8585CDA203B7AC4F2EAA32A397"
Last-Modified: Thu, 08 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Thu, 08 Dec 2022 10:49:55 GMT
Date: Thu, 08 Dec 2022 04:49:55 GMT
Connection: keep-alive

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: bbj/8Yqan1SN5A3iXarhYw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         52.13.173.34
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: FkkJ56FQZjKBfuHhEIduq1oB5WA=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19693
Expires: Thu, 08 Dec 2022 10:18:09 GMT
Date: Thu, 08 Dec 2022 04:49:56 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19693
Expires: Thu, 08 Dec 2022 10:18:09 GMT
Date: Thu, 08 Dec 2022 04:49:56 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19693
Expires: Thu, 08 Dec 2022 10:18:09 GMT
Date: Thu, 08 Dec 2022 04:49:56 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc231183-b100-4921-9a48-0bac91da0d2b.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6032
x-amzn-requestid: 22b80af7-87cf-4719-8bc8-927077cc3aa1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy4hoFraoAMFpVA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639107a3-42927c064ee65d3b23121b36;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 21:37:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: -6j01fDKCX0VuXQjVKCm1nPOqSRuh9_Pd-3cgxbEKWhLzlL27hs0fA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 22:07:32 GMT
age: 24144
etag: "c15a4519a69eb6b5cc624344a7c3d99335a095d9"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6032
Md5:    280c788841ca669f2c8556f03ee85b68
Sha1:   c15a4519a69eb6b5cc624344a7c3d99335a095d9
Sha256: 451a816aa2129c3a7712a01b96daee492ae2ab25c4940405063098f3b7ad10ae
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9301ee5-df75-4967-a2c7-597f869e557b.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12534
x-amzn-requestid: 2a01f2ba-cf3a-4f59-8339-214c66bcc0d2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czDbyGTcoAMF_TQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911918-5d3eba8d01e4175a71acc6cd;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 22:52:08 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NoZlZ8WFfOuIbkWaC2pJPJQrWtjzz2gCHJWr-u-nMNYmu8MkTf6_PA==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 23:03:58 GMT
age: 20758
etag: "04e32eb45581201a6a1863200e4d139df48285e6"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   12534
Md5:    57be99ac898a37d73f2ba4a24f56248f
Sha1:   04e32eb45581201a6a1863200e4d139df48285e6
Sha256: a20081b64fc019372843360b15aa3461ec9dd3deb50ab398bca0a5e74d5468c2
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F377ab47f-a48d-4112-a562-b49a358636f1.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4538
x-amzn-requestid: 143f359f-c0fd-4d32-8de5-cc2c2804bb39
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy4gIHzXoAMFqmg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6391079a-27db2e3c6de7216e3c17caea;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 21:37:30 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ba2tqr7qzoTbVkNM_hFETgyCLbCLvAEQjFA2jSU83qYRz6j-uIpk6Q==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 22:14:58 GMT
age: 23698
etag: "77cf1dd30e86f5568a8e64cb42f536cf2af9301c"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4538
Md5:    2f5ce4070e5050733be6bded399afe53
Sha1:   77cf1dd30e86f5568a8e64cb42f536cf2af9301c
Sha256: 7fe19657e1add41e913e9a326023ff484180ca17615175ddc5d2ab57217566bc
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6557
x-amzn-requestid: 0232ddcd-8274-431e-a55e-8298fbfd6dfc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cmcuMG6bIAMFUng=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c0e5a-3cc17121425f87321ce7ae7e;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 03:04:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: va_vly0iX6rzm_aTWrryPRjoTWlI-_0m6rpS6VrTx-nsd71dk1cSZw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 06:11:41 GMT
age: 81495
etag: "08d241e56622cb900754d95bc5d58ed8826d9f32"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6557
Md5:    210b27f5f6310d8fad640acce3d9ae0e
Sha1:   08d241e56622cb900754d95bc5d58ed8826d9f32
Sha256: 64410e13759cdfa24976dcba0c64aca27edc3ee56358f344e55f60793422e3ea
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feaa98459-9507-4e55-9fad-ef4a6111e4fc.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8295
x-amzn-requestid: e13ec956-9996-44d1-b216-1138c273d557
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy42XHI_oAMFfCw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63910828-532765c65249a4b339abfad4;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 21:39:52 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: eDebLHlPV0psvVes0bmmBPmwqPlAA8LTNBvmMQIQhxNtM2bTqThGQg==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 22:06:53 GMT
etag: "d64877f85440c5b7ab98bd29589f273b2b003608"
age: 24183
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8295
Md5:    911f9077bb888e775390cd5f34825f93
Sha1:   d64877f85440c5b7ab98bd29589f273b2b003608
Sha256: 9ae0779879235abd98a87fd4a25b0e2c1961d7e37ae2481867393e47ac871947
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F74e98e03-fa9f-4e56-a8ba-5411568d88c8.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9596
x-amzn-requestid: e5e6ceb2-5bad-4146-a9de-92a859716029
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy3_qH63oAMFfLg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639106ca-678bed1b7729b8aa2645688d;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 21:34:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dcHU93cetsY4-vWHpT2xXozH1T7J3_1X8n6Yjd6lOuF8HbkpTQDerg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 22:13:24 GMT
etag: "a51bbb49ebd862d04eaee465d0a35b22dcd21391"
age: 23792
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9596
Md5:    c408efaa98ac2ce63bb1618368d10c15
Sha1:   a51bbb49ebd862d04eaee465d0a35b22dcd21391
Sha256: 077eb8c8739f527828c71c25a1c3aaae46afead3aac093ec11a6d5488ef2f0ec
                                        
                                            GET /verfolgung/efbd98aacca611ecaebeb178?page=u2.6 HTTP/1.1 
Host: dhl.track1.wpuser.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         45.95.232.3
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Server: nginx/1.20.1
Date: Thu, 08 Dec 2022 04:49:58 GMT
Content-Length: 88
Connection: keep-alive
X-Powered-By: PHP/5.4.16
location: tracking.php?id=efbd98aacca611ecaebeb178&page=u2.6


--- Additional Info ---
Magic:  HTML document, ASCII text, with no line terminators
Size:   88
Md5:    b2f1d2c280eab6823dbd9ddfffa08748
Sha1:   84f2fc1091ff9f83d85cad8af300a5edf9f4b74f
Sha256: 5576a445b65a57f021f10457ba06ce94b51d05d0f3fa9f75d35ed4980c4654c0

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /verfolgung/tracking.php?id=efbd98aacca611ecaebeb178&page=u2.6 HTTP/1.1 
Host: dhl.track1.wpuser.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         45.95.232.3
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: nginx/1.20.1
Date: Thu, 08 Dec 2022 04:50:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.16


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1304), with CRLF line terminators
Size:   120762
Md5:    b4b6f6045e0712640c0b5c88b5ac01f2
Sha1:   0d88f6d70f99b67e8e10b7351dd61294d47b58be
Sha256: 99bfcb4e37c8c054b5dc8bccb52a59f9d8c5a0feaa64c401c8028460b281b9de
                                        
                                            GET /verfolgung/css/6.css HTTP/1.1 
Host: dhl.track1.wpuser.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl.track1.wpuser.org/verfolgung/tracking.php?id=efbd98aacca611ecaebeb178&page=u2.6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         45.95.232.3
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx/1.20.1
Date: Thu, 08 Dec 2022 04:50:02 GMT
Content-Length: 4271
Connection: keep-alive
Last-Modified: Fri, 18 Nov 2022 17:18:34 GMT
ETag: "10af-5edc1e53cee80"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   4271
Md5:    8eb7809b45d4079fbaa48175f64c7441
Sha1:   f865a99867d1eac58a575a518996ae2e9ca1de95
Sha256: 00d16054bb78393fecfbeff7eed0d44e005ebe51f034c838c1f69bdfddf40b01

Alerts:
  urlquery:
    - Phishing - DHL
                                        
                                            GET /verfolgung/css/3.css HTTP/1.1 
Host: dhl.track1.wpuser.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl.track1.wpuser.org/verfolgung/tracking.php?id=efbd98aacca611ecaebeb178&page=u2.6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         45.95.232.3
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx/1.20.1
Date: Thu, 08 Dec 2022 04:50:02 GMT
Content-Length: 22046
Connection: keep-alive
Last-Modified: Fri, 18 Nov 2022 17:05:56 GMT
ETag: "561e-5edc1b80ec500"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   22046
Md5:    c54f6668454402879168d2782296d35e
Sha1:   dd3c72855079f3d074cfe6fd500959874650c736
Sha256: d40a85d0988ad1b83645365ac9bd5ef15ed33517733d847317f86c6ea271ad32

Alerts:
  urlquery:
    - Phishing - DHL
                                        
                                            GET /verfolgung/css/5.css HTTP/1.1 
Host: dhl.track1.wpuser.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl.track1.wpuser.org/verfolgung/tracking.php?id=efbd98aacca611ecaebeb178&page=u2.6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         45.95.232.3
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx/1.20.1
Date: Thu, 08 Dec 2022 04:50:02 GMT
Content-Length: 48507
Connection: keep-alive
Last-Modified: Fri, 18 Nov 2022 17:05:56 GMT
ETag: "bd7b-5edc1b80ec500"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (661), with CRLF line terminators
Size:   48507
Md5:    67f662870fef3deea83c75f68622a1e4
Sha1:   45bdedb38dca005081238b4cf80fa10c90778465
Sha256: 8fd91a16c9b120c1f43fecdb1d40a9adf7e6dc05b69c3261c342ea76ecc50c2d

Alerts:
  urlquery:
    - Phishing - DHL
                                        
                                            GET /verfolgung/css/2.css HTTP/1.1 
Host: dhl.track1.wpuser.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl.track1.wpuser.org/verfolgung/tracking.php?id=efbd98aacca611ecaebeb178&page=u2.6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         45.95.232.3
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx/1.20.1
Date: Thu, 08 Dec 2022 04:50:02 GMT
Content-Length: 48503
Connection: keep-alive
Last-Modified: Fri, 18 Nov 2022 17:05:56 GMT
ETag: "bd77-5edc1b80ec500"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (661), with CRLF line terminators
Size:   48503
Md5:    68bb9d41de0ac82959f8f90c552e4948
Sha1:   fb4e7fd67a692ae70e6b3813fe7913f0c3800103
Sha256: a0879b822817892ccecb11bc4c475d4bf3aad5e03a37a49eae46dfbdcf9e8fb3

Alerts:
  urlquery:
    - Phishing - DHL
                                        
                                            GET /verfolgung/css/1.css HTTP/1.1 
Host: dhl.track1.wpuser.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl.track1.wpuser.org/verfolgung/tracking.php?id=efbd98aacca611ecaebeb178&page=u2.6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         45.95.232.3
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx/1.20.1
Date: Thu, 08 Dec 2022 04:50:02 GMT
Content-Length: 53751
Connection: keep-alive
Last-Modified: Fri, 18 Nov 2022 17:05:56 GMT
ETag: "d1f7-5edc1b80ec500"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (23076), with CRLF line terminators
Size:   53751
Md5:    c773c2e44cb33bd02d04987a8017056b
Sha1:   af122938b5fab20abed2fd9df00af09e66294222
Sha256: a116a577d744fd0c240b7f1c1b3139cc0d61b953d36fe2b61506e379e9c8bc0a

Alerts:
  urlquery:
    - Phishing - DHL
                                        
                                            GET /verfolgung/js/jquery-1.12.2.min.js HTTP/1.1 
Host: dhl.track1.wpuser.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl.track1.wpuser.org/verfolgung/tracking.php?id=efbd98aacca611ecaebeb178&page=u2.6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         45.95.232.3
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.20.1
Date: Thu, 08 Dec 2022 04:50:02 GMT
Content-Length: 97244
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 01:27:22 GMT
ETag: "17bdc-5e89907cbf280"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (32029)
Size:   97244
Md5:    bdc2b7efb1faf219d65edfe253a103e9
Sha1:   4921529fc15b8133f2fe65b3bebf53d1e9ef8579
Sha256: 95914789b5f3307a3718679e867d61b9d4c03f749cd2e2970570331d7d6c8ed9

Alerts:
  urlquery:
    - Phishing - DHL
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /verfolgung/img/dhl-official.svg HTTP/1.1 
Host: dhl.track1.wpuser.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl.track1.wpuser.org/verfolgung/tracking.php?id=efbd98aacca611ecaebeb178&page=u2.6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         45.95.232.3
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx/1.20.1
Date: Thu, 08 Dec 2022 04:50:03 GMT
Content-Length: 2040
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 01:27:22 GMT
ETag: "7f8-5e89907cbf280"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document, ASCII text, with very long lines (2040), with no line terminators
Size:   2040
Md5:    d5a053f0005dd58489a461f599b5a508
Sha1:   ba71dd77800ef3d410beb8282d790642bec8193b
Sha256: aeed178a287002e32c4a7767dc24b3c732a812cdd42017835055e42db4d2eae1

Alerts:
  urlquery:
    - Phishing - DHL
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /verfolgung/img/amex.svg HTTP/1.1 
Host: dhl.track1.wpuser.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl.track1.wpuser.org/verfolgung/tracking.php?id=efbd98aacca611ecaebeb178&page=u2.6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         45.95.232.3
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx/1.20.1
Date: Thu, 08 Dec 2022 04:50:03 GMT
Content-Length: 734
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 01:27:22 GMT
ETag: "2de-5e89907cbf280"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (565)
Size:   734
Md5:    1c003076f46fc215f19de22568f3b5a1
Sha1:   112caa9374e6c1d0f8325cdcf2bde5b073f0f1ad
Sha256: b64feafef2104c77f092f2bbfa526bad76e17fb053591284984e86a28ed721a2

Alerts:
  urlquery:
    - Phishing - DHL
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /verfolgung/img/rating-play-store.svg HTTP/1.1 
Host: dhl.track1.wpuser.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl.track1.wpuser.org/verfolgung/tracking.php?id=efbd98aacca611ecaebeb178&page=u2.6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         45.95.232.3
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx/1.20.1
Date: Thu, 08 Dec 2022 04:50:03 GMT
Content-Length: 904
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 01:27:22 GMT
ETag: "388-5e89907cbf280"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (512)
Size:   904
Md5:    19a24c818ad0e0eab9418b77ff8e7c1c
Sha1:   3787691d98fd4b9f494664274a641226e33c1588
Sha256: a6b35b6b7cabb9d33c2e1d6afef2d5f546a2fd3912f5f3e96495cd64218b9251

Alerts:
  urlquery:
    - Phishing - DHL
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /verfolgung/img/visa.svg HTTP/1.1 
Host: dhl.track1.wpuser.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl.track1.wpuser.org/verfolgung/tracking.php?id=efbd98aacca611ecaebeb178&page=u2.6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         45.95.232.3
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx/1.20.1
Date: Thu, 08 Dec 2022 04:50:03 GMT
Content-Length: 4586
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 01:27:22 GMT
ETag: "11ea-5e89907cbf280"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text, with very long lines (1577)
Size:   4586
Md5:    09d8b96a0853e0bc8cec7c677c0da93b
Sha1:   a6aebdb9c339cac93762338353517b67e23f1903
Sha256: a60079ce89803190740ddcf6e03eace0492b8f73ec57ffb4132b72a9736b68fe

Alerts:
  urlquery:
    - Phishing - DHL
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /verfolgung/img/paypal.svg HTTP/1.1 
Host: dhl.track1.wpuser.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl.track1.wpuser.org/verfolgung/tracking.php?id=efbd98aacca611ecaebeb178&page=u2.6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         45.95.232.3
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx/1.20.1
Date: Thu, 08 Dec 2022 04:50:03 GMT
Content-Length: 3369
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 01:27:22 GMT
ETag: "d29-5e89907cbf280"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (3369), with no line terminators
Size:   3369
Md5:    4ac4e26be0277fab62f57835bca7ee1e
Sha1:   edef7e834db1d63bd5290adf1f0308522cced7e0
Sha256: 5e9402048b0efae8235057fc5db4276b0472c9a42c59c0b759e059ffbdafb32b

Alerts:
  urlquery:
    - Phishing - DHL
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /verfolgung/img/1.png HTTP/1.1 
Host: dhl.track1.wpuser.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl.track1.wpuser.org/verfolgung/tracking.php?id=efbd98aacca611ecaebeb178&page=u2.6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         45.95.232.3
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx/1.20.1
Date: Thu, 08 Dec 2022 04:50:03 GMT
Content-Length: 108508
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 01:27:22 GMT
ETag: "1a7dc-5e89907cbf280"
Accept-Ranges: bytes


--- Additional Info ---