urlquery - report: pjeoxjkigm.crasalkohol.se/vnafvra97w?q=3392995232&id=u2.6

Fully Qualifying Domain Name	Rank	First Seen	Last Seen	IP	Comment
r3.o.lencr.org (7)	344	No data	No data	95.101.11.115
firefox.settings.services.mozilla.com (2)	867	No data	No data	35.241.9.150
content-signature-2.cdn.mozilla.net (1)	1152	No data	No data	34.160.144.191
ocsp.digicert.com (1)	86	2012-05-21 07:02:23 UTC	2015-05-08 15:27:43 UTC	93.184.220.29
img-getpocket.cdn.mozilla.net (6)	1631	No data	No data	34.120.237.76
dhl.track1.wpuser.org (14)	0	2022-12-07 15:39:22 UTC	2022-12-07 15:41:35 UTC	45.95.232.3	Unknown ranking
contile.services.mozilla.com (1)	1114	No data	No data	34.117.237.239
pjeoxjkigm.crasalkohol.se (1)	0	No data	No data	31.41.244.107	Unknown ranking
push.services.mozilla.com (1)	2140	2015-08-03 07:36:16 UTC	2015-10-22 06:43:00 UTC	52.13.173.34

Scan Date	Severity	Indicator	Comment
2022-12-08	2	dhl.track1.wpuser.org/verfolgung/efbd98aacca611ecaebeb178?page=u2.6	Phishing
2022-12-08	2	dhl.track1.wpuser.org/verfolgung/js/jquery-1.12.2.min.js	Phishing
2022-12-08	2	dhl.track1.wpuser.org/verfolgung/img/dhl-official.svg	Phishing
2022-12-08	2	dhl.track1.wpuser.org/verfolgung/img/amex.svg	Phishing
2022-12-08	2	dhl.track1.wpuser.org/verfolgung/img/rating-play-store.svg	Phishing
2022-12-08	2	dhl.track1.wpuser.org/verfolgung/img/visa.svg	Phishing
2022-12-08	2	dhl.track1.wpuser.org/verfolgung/img/paypal.svg	Phishing

Date	UQ / IDS / BL	URL	IP
2023-01-31 10:36:48 +0000	0 - 0 - 2	yqwdgjlhup.sgdixon.co.uk/	31.41.244.107
2023-01-29 16:47:53 +0000	53 - 0 - 17	nhillkfsrw.salez.pk/vnafvra97w?q=6737759324	31.41.244.107
2023-01-29 16:47:25 +0000	53 - 0 - 17	fipujdsdgu.arti-help.xyz/vnafvra97w?q=8037874340	31.41.244.107
2023-01-29 16:47:20 +0000	53 - 0 - 17	yiycdweynm.healthsuppliesdirect.co.uk/vnafvra (...)	31.41.244.107
2023-01-29 02:50:16 +0000	53 - 0 - 19	oqprwacaxe.eb-5.law/vnafvra97w?q=7113210777	31.41.244.107

Date	UQ / IDS / BL	URL	IP
2023-01-31 15:53:51 +0000	0 - 0 - 2	18.160.17.85/	18.160.17.85
2023-01-31 15:51:11 +0000	0 - 0 - 4	commbanksecure-help.com/pages	31.41.244.37
2023-01-31 15:35:49 +0000	2 - 4 - 0	ag-d-konto-login.itsaol.com/de-ag/privat/848d (...)	185.196.223.18
2023-01-31 15:24:39 +0000	0 - 2 - 4	pasvoroud.icu/	185.149.120.137
2023-01-31 15:24:30 +0000	0 - 0 - 4	pesaraabi.net/	185.149.120.137

Date	UQ / IDS / BL	URL	IP
2022-12-08 04:50:05 +0000	13 - 0 - 7	pjeoxjkigm.crasalkohol.se/vnafvra97w?q=339299 (...)	31.41.244.107

HTTP Transactions (34)

Request	Response
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 95.101.11.115 HASH: 89c5c0e2d6890798644174a8e31976aec03a1b3deb03812afbb520e5ed68f522 95.101.11.115 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "89C5C0E2D6890798644174A8E31976AEC03A1B3DEB03812AFBB520E5ED68F522" Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=19651 Expires: Thu, 08 Dec 2022 10:17:25 GMT Date: Thu, 08 Dec 2022 04:49:54 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 7181eff9c60e83eb0004ece591e47dca Sha1: 0fd8cd0c9d10b0547938982e57d2c43e2d98679f Sha256: 89c5c0e2d6890798644174a8e31976aec03a1b3deb03812afbb520e5ed68f522
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 95.101.11.115 HASH: a597afb4d4f7f3c82f0f2857322226fc69dc92e099bfd0605f7a0cd562be9d21 95.101.11.115 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21" Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=11262 Expires: Thu, 08 Dec 2022 07:57:36 GMT Date: Thu, 08 Dec 2022 04:49:54 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 388f6fea5bafa378266622b72311a6ee Sha1: 447f102dc12172ce1ba44c5e94e1d7bb49d43372 Sha256: a597afb4d4f7f3c82f0f2857322226fc69dc92e099bfd0605f7a0cd562be9d21
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 95.101.11.115 HASH: 593bc437ff8a8233516c62613d50220fcb25b9f967ed5fb384c253f0db135103 95.101.11.115 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "593BC437FF8A8233516C62613D50220FCB25B9F967ED5FB384C253F0DB135103" Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=15408 Expires: Thu, 08 Dec 2022 09:06:42 GMT Date: Thu, 08 Dec 2022 04:49:54 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 00e7703bd74975689fc9050356aaca6b Sha1: 9788fe6a36d6f278e8da329ebc5dd87bcd212317 Sha256: 593bc437ff8a8233516c62613d50220fcb25b9f967ed5fb384c253f0db135103
GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: firefox.settings.services.mozilla.com/v1/ FQDN: firefox.settings.services.mozilla.com IP: 35.241.9.150 HASH: b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e 35.241.9.150 HTTP/2 200 OK content-type: application/json access-control-allow-origin: * access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 939 via: 1.1 google date: Thu, 08 Dec 2022 04:08:08 GMT age: 2506 cache-control: max-age=3600,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (939), with no line terminators Size: 939 Md5: 30db107dcf4380cef05efea409c2e6a3 Sha1: 96e6a306fbc07299aba64e5c14e2bfca35872fa9 Sha256: b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: content-signature-2.cdn.mozilla.net/chains/remote-setti (...) FQDN: content-signature-2.cdn.mozilla.net IP: 34.160.144.191 HASH: 651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0 34.160.144.191 HTTP/2 200 OK content-type: binary/octet-stream x-amz-id-2: s8/d2ZDA84fVXR9sgnP4aEv1LfPdSizzSM6WmC9v9GWbConGNgCGZWOV1rDjms5XLIqGKY2pVRc= x-amz-request-id: M090REDENB38XJ5J content-disposition: attachment accept-ranges: bytes server: AmazonS3 content-length: 5348 via: 1.1 google date: Thu, 08 Dec 2022 04:49:38 GMT age: 16 last-modified: Wed, 30 Nov 2022 10:06:34 GMT etag: "53341dea33f4f3d9b4966f80589f429a" cache-control: public,max-age=3600 alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: PEM certificate\012- , ASCII text Size: 5348 Md5: 53341dea33f4f3d9b4966f80589f429a Sha1: 20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d Sha256: 651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /v1/tiles HTTP/1.1 Host: contile.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: contile.services.mozilla.com/v1/tiles FQDN: contile.services.mozilla.com IP: 34.117.237.239 HASH: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3 34.117.237.239 HTTP/2 200 OK content-type: application/json server: nginx date: Thu, 08 Dec 2022 04:49:54 GMT content-length: 12 access-control-expose-headers: content-type vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers access-control-allow-credentials: true strict-transport-security: max-age=31536000 via: 1.1 google alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with no line terminators Size: 12 Md5: 23e88fb7b99543fb33315b29b1fad9d6 Sha1: a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /vnafvra97w?q=3392995232&id=u2.6 HTTP/1.1 Host: pjeoxjkigm.crasalkohol.se User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1	URL: pjeoxjkigm.crasalkohol.se/vnafvra97w?q=3392995232&id=u2.6 FQDN: pjeoxjkigm.crasalkohol.se IP: 31.41.244.107 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 31.41.244.107 HTTP/1.1 302 Found Content-Type: text/html; charset=UTF-8 Server: nginx/1.14.0 (Ubuntu) Date: Thu, 08 Dec 2022 04:49:54 GMT Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Origin: * Set-Cookie: 48052dcb0ebaea57d9b5d2db8580e47d=0; expires=Fri, 09-Dec-2022 04:49:54 GMT; Max-Age=86400; path=/; secure; HttpOnly; SameSite=None Location: https://dhl.track1.wpuser.org/verfolgung/efbd98aacca611ecaebeb178?page=u2.6 --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Alerts: urlquery: - Phishing - DHL
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: firefox.settings.services.mozilla.com/v1/buckets/main/c (...) FQDN: firefox.settings.services.mozilla.com IP: 35.241.9.150 HASH: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300 35.241.9.150 HTTP/2 200 OK content-type: application/json access-control-allow-origin: * access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 329 via: 1.1 google date: Thu, 08 Dec 2022 04:07:58 GMT age: 2517 last-modified: Fri, 25 Mar 2022 17:45:46 GMT etag: "1648230346554" cache-control: max-age=3600,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (329), with no line terminators Size: 329 Md5: 0333b0655111aa68de771adfcc4db243 Sha1: 63f295a144ac87a7c8e23417626724eeca68a7eb Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
POST / HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.digicert.com/ FQDN: ocsp.digicert.com IP: 93.184.220.29 HASH: 24114ca560fe70d03185bd66985603fd5a03dc310aa9a8ea7a7b3723ed46ce3e 93.184.220.29 HTTP/1.1 200 OK Content-Type: application/ocsp-response Accept-Ranges: bytes Age: 6443 Cache-Control: max-age=108258 Date: Thu, 08 Dec 2022 04:49:55 GMT Etag: "639057aa-1d7" Expires: Fri, 09 Dec 2022 10:54:13 GMT Last-Modified: Wed, 07 Dec 2022 09:06:50 GMT Server: ECS (ska/F70D) X-Cache: HIT Content-Length: 471 --- Additional Info --- Magic: data Size: 471 Md5: 053aff7451e55d4269dd9610ab070f3f Sha1: b3376256d11d159b0c7280ba1515b78d7d9e12ca Sha256: 24114ca560fe70d03185bd66985603fd5a03dc310aa9a8ea7a7b3723ed46ce3e
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 95.101.11.115 HASH: 5d969420da8068f193b384bced4bb9dd89ab6b8585cda203b7ac4f2eaa32a397 95.101.11.115 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "5D969420DA8068F193B384BCED4BB9DD89AB6B8585CDA203B7AC4F2EAA32A397" Last-Modified: Thu, 08 Dec 2022 04:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=21600 Expires: Thu, 08 Dec 2022 10:49:55 GMT Date: Thu, 08 Dec 2022 04:49:55 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: dbd147bc9c1536248e98798201ce8872 Sha1: 5ee7a50236bd5d903efc79b00cafde1c70e207e1 Sha256: 5d969420da8068f193b384bced4bb9dd89ab6b8585cda203b7ac4f2eaa32a397
GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: bbj/8Yqan1SN5A3iXarhYw== Connection: keep-alive, Upgrade Sec-Fetch-Dest: websocket Sec-Fetch-Mode: websocket Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache Upgrade: websocket	URL: push.services.mozilla.com/ FQDN: push.services.mozilla.com IP: 52.13.173.34 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 52.13.173.34 HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept: FkkJ56FQZjKBfuHhEIduq1oB5WA= --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 95.101.11.115 HASH: f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38 95.101.11.115 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38" Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=19693 Expires: Thu, 08 Dec 2022 10:18:09 GMT Date: Thu, 08 Dec 2022 04:49:56 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 7b8c1870f03a90aac6370fc69516f95f Sha1: 1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb Sha256: f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 95.101.11.115 HASH: f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38 95.101.11.115 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38" Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=19693 Expires: Thu, 08 Dec 2022 10:18:09 GMT Date: Thu, 08 Dec 2022 04:49:56 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 7b8c1870f03a90aac6370fc69516f95f Sha1: 1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb Sha256: f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 95.101.11.115 HASH: f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38 95.101.11.115 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38" Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=19693 Expires: Thu, 08 Dec 2022 10:18:09 GMT Date: Thu, 08 Dec 2022 04:49:56 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 7b8c1870f03a90aac6370fc69516f95f Sha1: 1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb Sha256: f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc231183-b100-4921-9a48-0bac91da0d2b.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 451a816aa2129c3a7712a01b96daee492ae2ab25c4940405063098f3b7ad10ae 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 6032 x-amzn-requestid: 22b80af7-87cf-4719-8bc8-927077cc3aa1 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: cy4hoFraoAMFpVA= x-content-type-options: nosniff x-amzn-trace-id: Root=1-639107a3-42927c064ee65d3b23121b36;Sampled=0 x-amzn-remapped-date: Wed, 07 Dec 2022 21:37:39 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: -6j01fDKCX0VuXQjVKCm1nPOqSRuh9_Pd-3cgxbEKWhLzlL27hs0fA== via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google date: Wed, 07 Dec 2022 22:07:32 GMT age: 24144 etag: "c15a4519a69eb6b5cc624344a7c3d99335a095d9" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 6032 Md5: 280c788841ca669f2c8556f03ee85b68 Sha1: c15a4519a69eb6b5cc624344a7c3d99335a095d9 Sha256: 451a816aa2129c3a7712a01b96daee492ae2ab25c4940405063098f3b7ad10ae
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9301ee5-df75-4967-a2c7-597f869e557b.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: a20081b64fc019372843360b15aa3461ec9dd3deb50ab398bca0a5e74d5468c2 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 12534 x-amzn-requestid: 2a01f2ba-cf3a-4f59-8339-214c66bcc0d2 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: czDbyGTcoAMF_TQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63911918-5d3eba8d01e4175a71acc6cd;Sampled=0 x-amzn-remapped-date: Wed, 07 Dec 2022 22:52:08 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: NoZlZ8WFfOuIbkWaC2pJPJQrWtjzz2gCHJWr-u-nMNYmu8MkTf6_PA== via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google date: Wed, 07 Dec 2022 23:03:58 GMT age: 20758 etag: "04e32eb45581201a6a1863200e4d139df48285e6" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 12534 Md5: 57be99ac898a37d73f2ba4a24f56248f Sha1: 04e32eb45581201a6a1863200e4d139df48285e6 Sha256: a20081b64fc019372843360b15aa3461ec9dd3deb50ab398bca0a5e74d5468c2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F377ab47f-a48d-4112-a562-b49a358636f1.png HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 7fe19657e1add41e913e9a326023ff484180ca17615175ddc5d2ab57217566bc 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 4538 x-amzn-requestid: 143f359f-c0fd-4d32-8de5-cc2c2804bb39 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: cy4gIHzXoAMFqmg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6391079a-27db2e3c6de7216e3c17caea;Sampled=0 x-amzn-remapped-date: Wed, 07 Dec 2022 21:37:30 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: ba2tqr7qzoTbVkNM_hFETgyCLbCLvAEQjFA2jSU83qYRz6j-uIpk6Q== via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google date: Wed, 07 Dec 2022 22:14:58 GMT age: 23698 etag: "77cf1dd30e86f5568a8e64cb42f536cf2af9301c" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 4538 Md5: 2f5ce4070e5050733be6bded399afe53 Sha1: 77cf1dd30e86f5568a8e64cb42f536cf2af9301c Sha256: 7fe19657e1add41e913e9a326023ff484180ca17615175ddc5d2ab57217566bc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 64410e13759cdfa24976dcba0c64aca27edc3ee56358f344e55f60793422e3ea 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 6557 x-amzn-requestid: 0232ddcd-8274-431e-a55e-8298fbfd6dfc x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: cmcuMG6bIAMFUng= x-content-type-options: nosniff x-amzn-trace-id: Root=1-638c0e5a-3cc17121425f87321ce7ae7e;Sampled=0 x-amzn-remapped-date: Sun, 04 Dec 2022 03:04:58 GMT x-amz-cf-pop: SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: va_vly0iX6rzm_aTWrryPRjoTWlI-_0m6rpS6VrTx-nsd71dk1cSZw== via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google date: Wed, 07 Dec 2022 06:11:41 GMT age: 81495 etag: "08d241e56622cb900754d95bc5d58ed8826d9f32" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 6557 Md5: 210b27f5f6310d8fad640acce3d9ae0e Sha1: 08d241e56622cb900754d95bc5d58ed8826d9f32 Sha256: 64410e13759cdfa24976dcba0c64aca27edc3ee56358f344e55f60793422e3ea
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feaa98459-9507-4e55-9fad-ef4a6111e4fc.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 9ae0779879235abd98a87fd4a25b0e2c1961d7e37ae2481867393e47ac871947 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 8295 x-amzn-requestid: e13ec956-9996-44d1-b216-1138c273d557 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: cy42XHI_oAMFfCw= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63910828-532765c65249a4b339abfad4;Sampled=0 x-amzn-remapped-date: Wed, 07 Dec 2022 21:39:52 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: eDebLHlPV0psvVes0bmmBPmwqPlAA8LTNBvmMQIQhxNtM2bTqThGQg== via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google date: Wed, 07 Dec 2022 22:06:53 GMT etag: "d64877f85440c5b7ab98bd29589f273b2b003608" age: 24183 cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 8295 Md5: 911f9077bb888e775390cd5f34825f93 Sha1: d64877f85440c5b7ab98bd29589f273b2b003608 Sha256: 9ae0779879235abd98a87fd4a25b0e2c1961d7e37ae2481867393e47ac871947
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F74e98e03-fa9f-4e56-a8ba-5411568d88c8.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 077eb8c8739f527828c71c25a1c3aaae46afead3aac093ec11a6d5488ef2f0ec 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 9596 x-amzn-requestid: e5e6ceb2-5bad-4146-a9de-92a859716029 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: cy3_qH63oAMFfLg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-639106ca-678bed1b7729b8aa2645688d;Sampled=0 x-amzn-remapped-date: Wed, 07 Dec 2022 21:34:02 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: dcHU93cetsY4-vWHpT2xXozH1T7J3_1X8n6Yjd6lOuF8HbkpTQDerg== via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google date: Wed, 07 Dec 2022 22:13:24 GMT etag: "a51bbb49ebd862d04eaee465d0a35b22dcd21391" age: 23792 cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 9596 Md5: c408efaa98ac2ce63bb1618368d10c15 Sha1: a51bbb49ebd862d04eaee465d0a35b22dcd21391 Sha256: 077eb8c8739f527828c71c25a1c3aaae46afead3aac093ec11a6d5488ef2f0ec
GET /verfolgung/efbd98aacca611ecaebeb178?page=u2.6 HTTP/1.1 Host: dhl.track1.wpuser.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1	URL: dhl.track1.wpuser.org/verfolgung/efbd98aacca611ecaebeb1 (...) FQDN: dhl.track1.wpuser.org IP: 45.95.232.3 HASH: 5576a445b65a57f021f10457ba06ce94b51d05d0f3fa9f75d35ed4980c4654c0 45.95.232.3 HTTP/1.1 302 Found Content-Type: text/html; charset=utf-8 Server: nginx/1.20.1 Date: Thu, 08 Dec 2022 04:49:58 GMT Content-Length: 88 Connection: keep-alive X-Powered-By: PHP/5.4.16 location: tracking.php?id=efbd98aacca611ecaebeb178&page=u2.6 --- Additional Info --- Magic: HTML document, ASCII text, with no line terminators Size: 88 Md5: b2f1d2c280eab6823dbd9ddfffa08748 Sha1: 84f2fc1091ff9f83d85cad8af300a5edf9f4b74f Sha256: 5576a445b65a57f021f10457ba06ce94b51d05d0f3fa9f75d35ed4980c4654c0 Alerts: Blocklists: - fortinet: Phishing
GET /verfolgung/tracking.php?id=efbd98aacca611ecaebeb178&page=u2.6 HTTP/1.1 Host: dhl.track1.wpuser.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1	URL: dhl.track1.wpuser.org/verfolgung/tracking.php?id=efbd98 (...) FQDN: dhl.track1.wpuser.org IP: 45.95.232.3 HASH: 99bfcb4e37c8c054b5dc8bccb52a59f9d8c5a0feaa64c401c8028460b281b9de 45.95.232.3 HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: nginx/1.20.1 Date: Thu, 08 Dec 2022 04:50:01 GMT Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/5.4.16 --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1304), with CRLF line terminators Size: 120762 Md5: b4b6f6045e0712640c0b5c88b5ac01f2 Sha1: 0d88f6d70f99b67e8e10b7351dd61294d47b58be Sha256: 99bfcb4e37c8c054b5dc8bccb52a59f9d8c5a0feaa64c401c8028460b281b9de
GET /verfolgung/css/6.css HTTP/1.1 Host: dhl.track1.wpuser.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://dhl.track1.wpuser.org/verfolgung/tracking.php?id=efbd98aacca611ecaebeb178&page=u2.6 Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: dhl.track1.wpuser.org/verfolgung/css/6.css FQDN: dhl.track1.wpuser.org IP: 45.95.232.3 HASH: 00d16054bb78393fecfbeff7eed0d44e005ebe51f034c838c1f69bdfddf40b01 45.95.232.3 HTTP/1.1 200 OK Content-Type: text/css Server: nginx/1.20.1 Date: Thu, 08 Dec 2022 04:50:02 GMT Content-Length: 4271 Connection: keep-alive Last-Modified: Fri, 18 Nov 2022 17:18:34 GMT ETag: "10af-5edc1e53cee80" Accept-Ranges: bytes --- Additional Info --- Magic: ASCII text, with CRLF line terminators Size: 4271 Md5: 8eb7809b45d4079fbaa48175f64c7441 Sha1: f865a99867d1eac58a575a518996ae2e9ca1de95 Sha256: 00d16054bb78393fecfbeff7eed0d44e005ebe51f034c838c1f69bdfddf40b01 Alerts: urlquery: - Phishing - DHL
GET /verfolgung/css/3.css HTTP/1.1 Host: dhl.track1.wpuser.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://dhl.track1.wpuser.org/verfolgung/tracking.php?id=efbd98aacca611ecaebeb178&page=u2.6 Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: dhl.track1.wpuser.org/verfolgung/css/3.css FQDN: dhl.track1.wpuser.org IP: 45.95.232.3 HASH: d40a85d0988ad1b83645365ac9bd5ef15ed33517733d847317f86c6ea271ad32 45.95.232.3 HTTP/1.1 200 OK Content-Type: text/css Server: nginx/1.20.1 Date: Thu, 08 Dec 2022 04:50:02 GMT Content-Length: 22046 Connection: keep-alive Last-Modified: Fri, 18 Nov 2022 17:05:56 GMT ETag: "561e-5edc1b80ec500" Accept-Ranges: bytes --- Additional Info --- Magic: ASCII text, with CRLF line terminators Size: 22046 Md5: c54f6668454402879168d2782296d35e Sha1: dd3c72855079f3d074cfe6fd500959874650c736 Sha256: d40a85d0988ad1b83645365ac9bd5ef15ed33517733d847317f86c6ea271ad32 Alerts: urlquery: - Phishing - DHL
GET /verfolgung/css/5.css HTTP/1.1 Host: dhl.track1.wpuser.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://dhl.track1.wpuser.org/verfolgung/tracking.php?id=efbd98aacca611ecaebeb178&page=u2.6 Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: dhl.track1.wpuser.org/verfolgung/css/5.css FQDN: dhl.track1.wpuser.org IP: 45.95.232.3 HASH: 8fd91a16c9b120c1f43fecdb1d40a9adf7e6dc05b69c3261c342ea76ecc50c2d 45.95.232.3 HTTP/1.1 200 OK Content-Type: text/css Server: nginx/1.20.1 Date: Thu, 08 Dec 2022 04:50:02 GMT Content-Length: 48507 Connection: keep-alive Last-Modified: Fri, 18 Nov 2022 17:05:56 GMT ETag: "bd7b-5edc1b80ec500" Accept-Ranges: bytes --- Additional Info --- Magic: ASCII text, with very long lines (661), with CRLF line terminators Size: 48507 Md5: 67f662870fef3deea83c75f68622a1e4 Sha1: 45bdedb38dca005081238b4cf80fa10c90778465 Sha256: 8fd91a16c9b120c1f43fecdb1d40a9adf7e6dc05b69c3261c342ea76ecc50c2d Alerts: urlquery: - Phishing - DHL
GET /verfolgung/css/2.css HTTP/1.1 Host: dhl.track1.wpuser.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://dhl.track1.wpuser.org/verfolgung/tracking.php?id=efbd98aacca611ecaebeb178&page=u2.6 Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: dhl.track1.wpuser.org/verfolgung/css/2.css FQDN: dhl.track1.wpuser.org IP: 45.95.232.3 HASH: a0879b822817892ccecb11bc4c475d4bf3aad5e03a37a49eae46dfbdcf9e8fb3 45.95.232.3 HTTP/1.1 200 OK Content-Type: text/css Server: nginx/1.20.1 Date: Thu, 08 Dec 2022 04:50:02 GMT Content-Length: 48503 Connection: keep-alive Last-Modified: Fri, 18 Nov 2022 17:05:56 GMT ETag: "bd77-5edc1b80ec500" Accept-Ranges: bytes --- Additional Info --- Magic: ASCII text, with very long lines (661), with CRLF line terminators Size: 48503 Md5: 68bb9d41de0ac82959f8f90c552e4948 Sha1: fb4e7fd67a692ae70e6b3813fe7913f0c3800103 Sha256: a0879b822817892ccecb11bc4c475d4bf3aad5e03a37a49eae46dfbdcf9e8fb3 Alerts: urlquery: - Phishing - DHL
GET /verfolgung/css/1.css HTTP/1.1 Host: dhl.track1.wpuser.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://dhl.track1.wpuser.org/verfolgung/tracking.php?id=efbd98aacca611ecaebeb178&page=u2.6 Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: dhl.track1.wpuser.org/verfolgung/css/1.css FQDN: dhl.track1.wpuser.org IP: 45.95.232.3 HASH: a116a577d744fd0c240b7f1c1b3139cc0d61b953d36fe2b61506e379e9c8bc0a 45.95.232.3 HTTP/1.1 200 OK Content-Type: text/css Server: nginx/1.20.1 Date: Thu, 08 Dec 2022 04:50:02 GMT Content-Length: 53751 Connection: keep-alive Last-Modified: Fri, 18 Nov 2022 17:05:56 GMT ETag: "d1f7-5edc1b80ec500" Accept-Ranges: bytes --- Additional Info --- Magic: ASCII text, with very long lines (23076), with CRLF line terminators Size: 53751 Md5: c773c2e44cb33bd02d04987a8017056b Sha1: af122938b5fab20abed2fd9df00af09e66294222 Sha256: a116a577d744fd0c240b7f1c1b3139cc0d61b953d36fe2b61506e379e9c8bc0a Alerts: urlquery: - Phishing - DHL
GET /verfolgung/js/jquery-1.12.2.min.js HTTP/1.1 Host: dhl.track1.wpuser.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://dhl.track1.wpuser.org/verfolgung/tracking.php?id=efbd98aacca611ecaebeb178&page=u2.6 Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: dhl.track1.wpuser.org/verfolgung/js/jquery-1.12.2.min.js FQDN: dhl.track1.wpuser.org IP: 45.95.232.3 HASH: 95914789b5f3307a3718679e867d61b9d4c03f749cd2e2970570331d7d6c8ed9 45.95.232.3 HTTP/1.1 200 OK Content-Type: application/javascript Server: nginx/1.20.1 Date: Thu, 08 Dec 2022 04:50:02 GMT Content-Length: 97244 Connection: keep-alive Last-Modified: Wed, 14 Sep 2022 01:27:22 GMT ETag: "17bdc-5e89907cbf280" Accept-Ranges: bytes --- Additional Info --- Magic: ASCII text, with very long lines (32029) Size: 97244 Md5: bdc2b7efb1faf219d65edfe253a103e9 Sha1: 4921529fc15b8133f2fe65b3bebf53d1e9ef8579 Sha256: 95914789b5f3307a3718679e867d61b9d4c03f749cd2e2970570331d7d6c8ed9 Alerts: urlquery: - Phishing - DHL Blocklists: - fortinet: Phishing
GET /verfolgung/img/dhl-official.svg HTTP/1.1 Host: dhl.track1.wpuser.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://dhl.track1.wpuser.org/verfolgung/tracking.php?id=efbd98aacca611ecaebeb178&page=u2.6 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: dhl.track1.wpuser.org/verfolgung/img/dhl-official.svg FQDN: dhl.track1.wpuser.org IP: 45.95.232.3 HASH: aeed178a287002e32c4a7767dc24b3c732a812cdd42017835055e42db4d2eae1 45.95.232.3 HTTP/1.1 200 OK Content-Type: image/svg+xml Server: nginx/1.20.1 Date: Thu, 08 Dec 2022 04:50:03 GMT Content-Length: 2040 Connection: keep-alive Last-Modified: Wed, 14 Sep 2022 01:27:22 GMT ETag: "7f8-5e89907cbf280" Accept-Ranges: bytes --- Additional Info --- Magic: SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document, ASCII text, with very long lines (2040), with no line terminators Size: 2040 Md5: d5a053f0005dd58489a461f599b5a508 Sha1: ba71dd77800ef3d410beb8282d790642bec8193b Sha256: aeed178a287002e32c4a7767dc24b3c732a812cdd42017835055e42db4d2eae1 Alerts: urlquery: - Phishing - DHL Blocklists: - fortinet: Phishing
GET /verfolgung/img/amex.svg HTTP/1.1 Host: dhl.track1.wpuser.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://dhl.track1.wpuser.org/verfolgung/tracking.php?id=efbd98aacca611ecaebeb178&page=u2.6 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: dhl.track1.wpuser.org/verfolgung/img/amex.svg FQDN: dhl.track1.wpuser.org IP: 45.95.232.3 HASH: b64feafef2104c77f092f2bbfa526bad76e17fb053591284984e86a28ed721a2 45.95.232.3 HTTP/1.1 200 OK Content-Type: image/svg+xml Server: nginx/1.20.1 Date: Thu, 08 Dec 2022 04:50:03 GMT Content-Length: 734 Connection: keep-alive Last-Modified: Wed, 14 Sep 2022 01:27:22 GMT ETag: "2de-5e89907cbf280" Accept-Ranges: bytes --- Additional Info --- Magic: SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (565) Size: 734 Md5: 1c003076f46fc215f19de22568f3b5a1 Sha1: 112caa9374e6c1d0f8325cdcf2bde5b073f0f1ad Sha256: b64feafef2104c77f092f2bbfa526bad76e17fb053591284984e86a28ed721a2 Alerts: urlquery: - Phishing - DHL Blocklists: - fortinet: Phishing
GET /verfolgung/img/rating-play-store.svg HTTP/1.1 Host: dhl.track1.wpuser.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://dhl.track1.wpuser.org/verfolgung/tracking.php?id=efbd98aacca611ecaebeb178&page=u2.6 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: dhl.track1.wpuser.org/verfolgung/img/rating-play-store.svg FQDN: dhl.track1.wpuser.org IP: 45.95.232.3 HASH: a6b35b6b7cabb9d33c2e1d6afef2d5f546a2fd3912f5f3e96495cd64218b9251 45.95.232.3 HTTP/1.1 200 OK Content-Type: image/svg+xml Server: nginx/1.20.1 Date: Thu, 08 Dec 2022 04:50:03 GMT Content-Length: 904 Connection: keep-alive Last-Modified: Wed, 14 Sep 2022 01:27:22 GMT ETag: "388-5e89907cbf280" Accept-Ranges: bytes --- Additional Info --- Magic: SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (512) Size: 904 Md5: 19a24c818ad0e0eab9418b77ff8e7c1c Sha1: 3787691d98fd4b9f494664274a641226e33c1588 Sha256: a6b35b6b7cabb9d33c2e1d6afef2d5f546a2fd3912f5f3e96495cd64218b9251 Alerts: urlquery: - Phishing - DHL Blocklists: - fortinet: Phishing
GET /verfolgung/img/visa.svg HTTP/1.1 Host: dhl.track1.wpuser.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://dhl.track1.wpuser.org/verfolgung/tracking.php?id=efbd98aacca611ecaebeb178&page=u2.6 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: dhl.track1.wpuser.org/verfolgung/img/visa.svg FQDN: dhl.track1.wpuser.org IP: 45.95.232.3 HASH: a60079ce89803190740ddcf6e03eace0492b8f73ec57ffb4132b72a9736b68fe 45.95.232.3 HTTP/1.1 200 OK Content-Type: image/svg+xml Server: nginx/1.20.1 Date: Thu, 08 Dec 2022 04:50:03 GMT Content-Length: 4586 Connection: keep-alive Last-Modified: Wed, 14 Sep 2022 01:27:22 GMT ETag: "11ea-5e89907cbf280" Accept-Ranges: bytes --- Additional Info --- Magic: SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text, with very long lines (1577) Size: 4586 Md5: 09d8b96a0853e0bc8cec7c677c0da93b Sha1: a6aebdb9c339cac93762338353517b67e23f1903 Sha256: a60079ce89803190740ddcf6e03eace0492b8f73ec57ffb4132b72a9736b68fe Alerts: urlquery: - Phishing - DHL Blocklists: - fortinet: Phishing
GET /verfolgung/img/paypal.svg HTTP/1.1 Host: dhl.track1.wpuser.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://dhl.track1.wpuser.org/verfolgung/tracking.php?id=efbd98aacca611ecaebeb178&page=u2.6 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: dhl.track1.wpuser.org/verfolgung/img/paypal.svg FQDN: dhl.track1.wpuser.org IP: 45.95.232.3 HASH: 5e9402048b0efae8235057fc5db4276b0472c9a42c59c0b759e059ffbdafb32b 45.95.232.3 HTTP/1.1 200 OK Content-Type: image/svg+xml Server: nginx/1.20.1 Date: Thu, 08 Dec 2022 04:50:03 GMT Content-Length: 3369 Connection: keep-alive Last-Modified: Wed, 14 Sep 2022 01:27:22 GMT ETag: "d29-5e89907cbf280" Accept-Ranges: bytes --- Additional Info --- Magic: SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (3369), with no line terminators Size: 3369 Md5: 4ac4e26be0277fab62f57835bca7ee1e Sha1: edef7e834db1d63bd5290adf1f0308522cced7e0 Sha256: 5e9402048b0efae8235057fc5db4276b0472c9a42c59c0b759e059ffbdafb32b Alerts: urlquery: - Phishing - DHL Blocklists: - fortinet: Phishing
GET /verfolgung/img/1.png HTTP/1.1 Host: dhl.track1.wpuser.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://dhl.track1.wpuser.org/verfolgung/tracking.php?id=efbd98aacca611ecaebeb178&page=u2.6 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin	URL: dhl.track1.wpuser.org/verfolgung/img/1.png FQDN: dhl.track1.wpuser.org IP: 45.95.232.3 45.95.232.3 HTTP/1.1 200 OK Content-Type: image/png Server: nginx/1.20.1 Date: Thu, 08 Dec 2022 04:50:03 GMT Content-Length: 108508 Connection: keep-alive Last-Modified: Wed, 14 Sep 2022 01:27:22 GMT ETag: "1a7dc-5e89907cbf280" Accept-Ranges: bytes --- Additional Info ---

URL	pjeoxjkigm.crasalkohol.se/vnafvra97w?q=3392995232&id=u2.6
IP	31.41.244.107 (Russia)
ASN	#0
UserAgent	Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed	2022-12-08 04:50:05 UTC
Status	Loading report..
IDS alerts	0
Blocklist alert	7
urlquery alerts	13 Phishing - DHL
Tags	None

Overview

Domain Summary (9)

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 31.41.244.107

Last 5 reports on ASN:

Last 1 reports on domain: crasalkohol.se

No other reports with similar screenshot

JavaScript

Executed Scripts (4)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (34)

Overview

Domain Summary (9)

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 31.41.244.107

Last 5 reports on ASN:

Last 1 reports on domain: crasalkohol.se

No other reports with similar screenshot

JavaScript

Executed Scripts (4)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (34)

Network Intrusion Detection Systems