Report - dhl.249221.guitartone.ch/dlogin.php

Report Overview

Submitted URL
dhl.249221.guitartone.ch/dlogin.php
IP
157.230.242.66
ASN
#14061 DIGITALOCEAN-ASN
Submitted
2023-03-23 16:30:57
Access
public
Website Title
Final URL
Tags
dhl logistics phishing
urlquery detections
Phishing - DHL

Detections

urlquery
27
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
shavar.services.mozilla.com	3602	2015-09-28T08:30:01Z	2023-03-29T05:09:31Z	453 B	204 B	54.214.73.137
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-29T05:09:32Z	606 B	127 B	52.26.112.186
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-29T05:09:12Z	3.2 kB	50 kB	34.120.237.76
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-29T05:09:03Z	8.1 kB	280 kB	35.241.9.150
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-29T05:09:31Z	333 B	391 B	34.117.237.239
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-29T11:45:01Z	341 B	798 B	192.229.221.95
dhl.249221.guitartone.ch	unknown	2023-03-23T06:27:27Z	2023-03-23T21:07:18Z	14 kB	860 kB	157.230.242.66
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-29T05:09:31Z	840 B	12 kB	34.160.144.191
firefox-settings-attachments.cdn.mozilla.net	11509	2019-11-30T10:32:57Z	2023-03-29T09:43:54Z	412 B	808 kB	34.111.73.144
detectportal.firefox.com	1601	2018-08-30T11:52:03Z	2023-03-29T05:09:30Z	909 B	642 B	34.107.221.82
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-29T05:09:11Z	4.1 kB	11 kB	23.36.77.32
getpocket.cdn.mozilla.net	1369	2018-08-28T15:15:36Z	2023-03-29T09:09:45Z	435 B	46 kB	34.120.5.221

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	dhl.249221.guitartone.ch/verfolgung/js/jquery-1.12.2.min.js	97 kB	2023-03-07	2024-05-10
Pretty URL dhl.249221.guitartone.ch/verfolgung/js/jquery-1.12.2.min.js IP 157.230.242.66 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:39:30 Last Seen2024-05-10 19:13:26 Times Seen31199 Hash bdc2b7efb1faf219d65edfe253a103e9 4921529fc15b8133f2fe65b3bebf53d1e9ef8579 95914789b5f3307a3718679e867d61b9d4c03f749cd2e2970570331d7d6c8ed9 Loading...

	dhl.249221.guitartone.ch/verfolgung/tracking.php?id=4988114&page=007	827 B	2023-03-29	2023-03-29
Pretty URL dhl.249221.guitartone.ch/verfolgung/tracking.php?id=4988114&page=007 IP 157.230.242.66 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 21:03:16 Last Seen2023-03-29 21:03:16 Times Seen1 Hash a7bc9b5e9d213e7b3e7932794bdf213c 301371fb90aed6d5b04d6933516426327ac88094 a639a674abd3a8e402807c392c7aa41edc7669272715077f43492c144d82ab8c Loading...

HTTP Transactions (75)

URL IP Response Size

detectportal.firefox.com/success.txt?ipv4

34.107.221.82

200 OK

8 B

URL HTTP/1.1
detectportal.firefox.com/success.txt?ipv4
IP
34.107.221.82:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
8 B (8 bytes)
Hash
ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5

HTTP Headers

GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Thu, 23 Mar 2023 11:35:00 GMT
Age: 17741
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bea3185dd820a31c1981317f37c3456d
1a548a5d27270fc11df9011837a7149571cedd78
469b97bf9f57401b3c9571039483589f2815f4794212b75c7c85cfefe0ae71e9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "469B97BF9F57401B3C9571039483589F2815F4794212B75C7C85CFEFE0AE71E9"
Last-Modified: Wed, 22 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16417
Expires: Thu, 23 Mar 2023 21:04:18 GMT
Date: Thu, 23 Mar 2023 16:30:41 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
deecaea812dfbb4ccdcbbf4a849031ea
b5ba2eff3d045570cb4e12d04f57735b6fedae6f
6fda8a09d53925dfc656987d115624a5a50ffeb1a3b25ffe29b82b079edf7796

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6FDA8A09D53925DFC656987D115624A5A50FFEB1A3B25FFE29B82B079EDF7796"
Last-Modified: Thu, 23 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11123
Expires: Thu, 23 Mar 2023 19:36:04 GMT
Date: Thu, 23 Mar 2023 16:30:41 GMT
Connection: keep-alive

getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30

34.120.5.221

200 OK

46 kB

URL HTTP/2
getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30
IP
34.120.5.221:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Size
46 kB (45742 bytes)
Hash
d6fa8283c91ff2be83f9bec5e97a0c29
f0a7e575e6088266e03a9f30c59ac0ad8b836c2a
bca4db9486e21b7e0fd573ffa4305b57ce11e7d0fe702aca77260f5526b12ae7

HTTP Headers

GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30 HTTP/1.1
Host: getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-location: global-recs.php
tcn: choice
x-frame-options: SAMEORIGIN
status: 200 OK
x-source: Pocket
pragma: cache
p3p: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa OUR IND UNI COM NAV INT STA PRE"
x-cache: Hit from cloudfront
x-amz-cf-pop: SEA73-P2
x-amz-cf-id: ck9uHfYCmsYBRq9-mOiTMb4ELUHLLxllHabf5x6XtfeFxVI6UrNWLg==
content-encoding: gzip
via: 1.1 de8fc80b494d3d381f7e006918dcc588.cloudfront.net (CloudFront), 1.1 google
content-length: 45742
date: Thu, 23 Mar 2023 16:20:03 GMT
age: 638
content-type: application/json
vary: Accept-Encoding
cache-control: s-maxage=900,public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

dhl.249221.guitartone.ch/dlogin.php

157.230.242.66

301 Moved Permanently

169 B

URL HTTP/1.1
dhl.249221.guitartone.ch/dlogin.php
IP
157.230.242.66:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
169 B (169 bytes)
Hash
0f952b73d3f5586637ea9a5a789d48f4
b29aff4ffa1d4decd77db5160f920e1c6417e5e9
69d11528ee32902d0c47ed215877f0610399536f755db03ed02a77ecedd74751

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /dlogin.php HTTP/1.1
Host: dhl.249221.guitartone.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:30:41 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://dhl.249221.guitartone.ch/dlogin.php

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
51a5d4696a6090c295850554508b51ce
c44e143c2223546e64b19f543b8101aaf3b11e97
8794223d5e8d4d276c35e2fdcc24bf99694240634dd749cd9b5bf874dec055cf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8794223D5E8D4D276C35E2FDCC24BF99694240634DD749CD9B5BF874DEC055CF"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17052
Expires: Thu, 23 Mar 2023 21:14:53 GMT
Date: Thu, 23 Mar 2023 16:30:41 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: oLq9RPcIkamt438Tv7CspkndG0UWG7IJPYpb6/oPOGlh/rJyz3YAI6MGum0C7ye6HanIbMBWY9M=
x-amz-request-id: 565BB4P8PXHV00MM
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 23 Mar 2023 15:32:16 GMT
age: 3505
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
65fc860bc043f3fb83bdc3debdcd322d
418010755deae099ef1284e402813c5837a10f42
d93d50c523c7f735987aba09db628259441eb75efe713a2df3c214e1fb8b5171

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D93D50C523C7F735987ABA09DB628259441EB75EFE713A2DF3C214E1FB8B5171"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15739
Expires: Thu, 23 Mar 2023 20:53:00 GMT
Date: Thu, 23 Mar 2023 16:30:41 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bc86ef2a0cee04915bc360f5821adc8f
3658f9028cce204d38f7f48fcfaa2a8e4f54383a
aeecd718d03811322457de4f20828bdba86b277e7e0e328cae9c0a8075638454

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Backoff, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 23 Mar 2023 16:27:34 GMT
content-type: application/json
age: 187
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:30:41 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

detectportal.firefox.com/success.txt?ipv4

34.107.221.82

200 OK

8 B

URL HTTP/1.1
detectportal.firefox.com/success.txt?ipv4
IP
34.107.221.82:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
8 B (8 bytes)
Hash
ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5

HTTP Headers

GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Thu, 23 Mar 2023 11:35:00 GMT
Age: 17742
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5a0da8702f786e4504a661994a5567e8
92628951bd00bb6b974f4d53a088f33165367159
ad565dbda2d77f7334417e29e4456643e53527794db650596fd78667f0371ec1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AD565DBDA2D77F7334417E29E4456643E53527794DB650596FD78667F0371EC1"
Last-Modified: Thu, 23 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19410
Expires: Thu, 23 Mar 2023 21:54:12 GMT
Date: Thu, 23 Mar 2023 16:30:42 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, ETag, Content-Type, Cache-Control, Pragma, Alert, Last-Modified, Retry-After, Backoff, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 23 Mar 2023 16:17:23 GMT
age: 799
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

192.229.221.95

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
192.229.221.95:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
c6f7c518dbbcb19a325e251d68170cb2
7f8340a25fac1bd72773608a9a072029f27a6ce5
570b9a9f3e6cf59753a906e65f1cf46bc2383abb143311c4d1f4a27d01dfd70e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5438
Cache-Control: max-age=89716
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 16:30:42 GMT
Etag: "641b24e8-1d7"
Expires: Fri, 24 Mar 2023 17:25:58 GMT
Last-Modified: Wed, 22 Mar 2023 15:55:20 GMT
Server: ECAcc (ska/F7A3)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
050ca4dc2182e0a27573b0d9f32b7834
bec14dc5af0d0b32210470673511acd8db404308
b6129b9d1848f75265dca4446c5399927bdaf15c7b49c083765847b0fe276eaf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B6129B9D1848F75265DCA4446C5399927BDAF15C7B49C083765847B0FE276EAF"
Last-Modified: Wed, 22 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4451
Expires: Thu, 23 Mar 2023 17:44:53 GMT
Date: Thu, 23 Mar 2023 16:30:42 GMT
Connection: keep-alive

shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2

54.214.73.137

200 OK

8 B

URL HTTP/1.1
shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2
IP
54.214.73.137:0
ASN
#16509 AMAZON-02

File type
ASCII text
Size
8 B (8 bytes)
Hash
29fc57841962e407cb50c1be60284bf7
ce968a77e2996da5eee8925182318f171ccdce47
ae7e7075247dcfad763f1e131aeac3d2e756bb03d48b0d315a50c69636e5dc8b

HTTP Headers

POST /downloads?client=Firefox&appver=96.0a&pver=2.2 HTTP/1.1
Host: shavar.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 773
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/octet-stream
Date: Thu, 23 Mar 2023 16:30:42 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 8
Connection: Close

push.services.mozilla.com/

52.26.112.186

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.26.112.186:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: CxkH2xQRA5d50A4HaICiPw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: zTE1wOs6/z5eEw7tR6vGxmuSj9I=

dhl.249221.guitartone.ch/dlogin.php

157.230.242.66

302 Found

65 B

URL HTTP/1.1
dhl.249221.guitartone.ch/dlogin.php
IP
157.230.242.66:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document, ASCII text, with no line terminators
Size
65 B (65 bytes)
Hash
6d716b2bedae87601757e5c25ed631a7
68e58121425bee30a95c0cd6a713ea2a13caa25d
ca2fe0655e530b741abfc5b16bf9bf02f4ee423a033a86c01f86280d0c0370d0

HTTP Headers

GET /dlogin.php HTTP/1.1
Host: dhl.249221.guitartone.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 302 Found
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:30:42 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 65
Connection: keep-alive
X-Powered-By: PHP/5.4.16
location: verfolgung/4988114?page=007

firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221679586213252%22

35.241.9.150

200 OK

22 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221679586213252%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (22067), with no line terminators
Size
22 kB (22067 bytes)
Hash
50802b586c9ded641d998f9235a03533
ad5743985138ddeea40ffbe4678bc4fbfc4d5423
dab126b6a0b9af48f9c27dc077488f17f41a9a4ff8f3d85360b66f927126963d

HTTP Headers

GET /v1/buckets/monitor/collections/changes/changeset?_expected=%221679586213252%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 22067
via: 1.1 google
date: Thu, 23 Mar 2023 15:46:59 GMT
last-modified: Thu, 23 Mar 2023 15:43:33 GMT
content-type: application/json
age: 2624
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/gfx/changeset?_expected=1677879347585&_since=%221643818378440%22

35.241.9.150

200 OK

9.1 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/gfx/changeset?_expected=1677879347585&_since=%221643818378440%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (9105), with no line terminators
Size
9.1 kB (9105 bytes)
Hash
3bf8b222f5f31c3ab484dbb4bf3c90bd
3a90ff55f82f7136aca51508621ff791c1c270bc
f08329d6b4438dc9bbf89b29a5b8537881bbd081000a90a66e031cd575fb5d9d

HTTP Headers

GET /v1/buckets/blocklists/collections/gfx/changeset?_expected=1677879347585&_since=%221643818378440%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Backoff, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 9105
via: 1.1 google
date: Thu, 23 Mar 2023 16:24:41 GMT
age: 362
last-modified: Sat, 18 Mar 2023 16:36:44 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: yGUEDdJ/Bow/grrrcwabRfwh2/E9k0E/yxsnoxHTJ9QgFaCkVLpjVqdPY2WF/Q/vtK7dc4bZ70Y=
x-amz-request-id: V46HDERQ269DMEKX
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 23 Mar 2023 16:00:01 GMT
age: 1842
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1679013443657&_since=%221666204638208%22

35.241.9.150

200 OK

40 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1679013443657&_since=%221666204638208%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (40041), with no line terminators
Size
40 kB (40041 bytes)
Hash
698d46ecc1de32df2852df324d4b72d3
e41fdce23323d1f9227e8ebb11f012b07124dfc2
ae0e5e0bc68eaed69d1d5e8ba1d2c6dac4262abba683c1d13b3d870a6e2936a4

HTTP Headers

GET /v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1679013443657&_since=%221666204638208%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 40041
via: 1.1 google
date: Thu, 23 Mar 2023 16:19:40 GMT
age: 663
last-modified: Fri, 17 Mar 2023 00:37:23 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

dhl.249221.guitartone.ch/verfolgung/4988114?page=007

157.230.242.66

302 Found

70 B

URL HTTP/1.1
dhl.249221.guitartone.ch/verfolgung/4988114?page=007
IP
157.230.242.66:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document, ASCII text, with no line terminators
Size
70 B (70 bytes)
Hash
7e743aa6e1a004f5b4ff75ebb8ecbcb3
b7656462f42b5ca2bcc32d3fc5353a5152e348c9
b1fbaec4bf9986fa1e7feb9bf3fa67caa9e85e00acc1a412068a1c83c1ec9926

HTTP Headers

GET /verfolgung/4988114?page=007 HTTP/1.1
Host: dhl.249221.guitartone.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 302 Found
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:30:43 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 70
Connection: keep-alive
X-Powered-By: PHP/5.4.16
location: tracking.php?id=4988114&page=007

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bc86ef2a0cee04915bc360f5821adc8f
3658f9028cce204d38f7f48fcfaa2a8e4f54383a
aeecd718d03811322457de4f20828bdba86b277e7e0e328cae9c0a8075638454

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Backoff, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 23 Mar 2023 16:27:34 GMT
content-type: application/json
age: 189
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c074a94d2bb02f30c753db6b7bca5383
d1c3af6556fa3928f6cfa98b018670fe6b3ef304
184eb300b65e9fe1ec77487925130ef11b16785b5b110c43f32952e2923cf064

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "184EB300B65E9FE1EC77487925130EF11B16785B5B110C43F32952E2923CF064"
Last-Modified: Wed, 22 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9686
Expires: Thu, 23 Mar 2023 19:12:09 GMT
Date: Thu, 23 Mar 2023 16:30:43 GMT
Connection: keep-alive

firefox-settings-attachments.cdn.mozilla.net/staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin

34.111.73.144

200 OK

807 kB

URL HTTP/2
firefox-settings-attachments.cdn.mozilla.net/staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin
IP
34.111.73.144:0
ASN
#15169 GOOGLE

File type
data
Size
807 kB (807180 bytes)
Hash
914be443bdfbe8a1c3ded61e1c114bd6
4fe7c5ff83f6a29e6699f4cebc17550891504661
41b036d0c889509d547296b238027a063c313261ad52d5f7bb81922011791857

HTTP Headers

GET /staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin HTTP/1.1
Host: firefox-settings-attachments.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: Hnii+wRxXeZzuzuYOtRN/mjR5kVGV5of/S6hNyBMDGBxXf66VxPScQJd9yaNggDVo98kFYCiXac=
x-amz-request-id: FZT5CYXRQ8WNW498
x-amz-server-side-encryption: AES256
x-amz-version-id: K1ODzappZsD35qeu0OM5zvs_BP1eybj7
accept-ranges: bytes
server: AmazonS3
content-length: 807180
via: 1.1 google
date: Mon, 20 Mar 2023 13:46:51 GMT
last-modified: Tue, 10 Jan 2023 12:38:46 GMT
etag: "914be443bdfbe8a1c3ded61e1c114bd6"
content-type: application/octet-stream
age: 269032
cache-control: public,max-age=604800
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1679586213252&_since=%221666279968541%22

35.241.9.150

200 OK

90 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1679586213252&_since=%221666279968541%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65536), with no line terminators
Size
90 kB (90381 bytes)
Hash
cef1b57bd268dea272fe350653714813
c06aabf448e047a54dcac29b7c76a62053cbe39e
ed80270657bde00b31ebfe59943c924823206a03274383a4f18aba26ad0c92cb

HTTP Headers

GET /v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1679586213252&_since=%221666279968541%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 90381
via: 1.1 google
date: Thu, 23 Mar 2023 15:49:54 GMT
last-modified: Thu, 23 Mar 2023 15:43:33 GMT
content-type: application/json
age: 2449
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1679529664549&_since=%221666483264567%22

35.241.9.150

200 OK

64 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1679529664549&_since=%221666483264567%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (64316), with no line terminators
Size
64 kB (64316 bytes)
Hash
c5737c392fec8ab9e2820ec996875a7a
543c7af7c9e3a0165cbaff7162202b485af617da
9e5bdc355682998dee839d109d215bd7858720013b90ef3281235ed6c852b8e1

HTTP Headers

GET /v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1679529664549&_since=%221666483264567%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 64316
via: 1.1 google
date: Thu, 23 Mar 2023 16:10:36 GMT
age: 1207
last-modified: Thu, 23 Mar 2023 00:01:04 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1678202119172&_since=%221662044085942%22

35.241.9.150

200 OK

7.0 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1678202119172&_since=%221662044085942%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (6983), with no line terminators
Size
7.0 kB (6983 bytes)
Hash
259c63666839343d666a293de9e3d7b3
2eb4f6399be8ec867b36714423e06929b8a04213
8f4521fb02b3f081367469a39f6d5dca0a14c8bcc8e66f3e374adf6d0ecabeba

HTTP Headers

GET /v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1678202119172&_since=%221662044085942%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Backoff, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 6983
via: 1.1 google
date: Thu, 23 Mar 2023 16:00:25 GMT
age: 1818
last-modified: Tue, 21 Mar 2023 16:36:44 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1678736907773&_since=%221656585893704%22

35.241.9.150

200 OK

1.6 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1678736907773&_since=%221656585893704%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (1647), with no line terminators
Size
1.6 kB (1647 bytes)
Hash
b6a9d93923579c92355cde6a0247ebe4
5aacc09f19d3fda30e47c55995b19d22e77d6764
ff32dcc803a931b38db625bbf50f169860022bdebb652ea949ddf1f8659c34c6

HTTP Headers

GET /v1/buckets/main/collections/query-stripping/changeset?_expected=1678736907773&_since=%221656585893704%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Alert, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1647
via: 1.1 google
date: Thu, 23 Mar 2023 15:59:28 GMT
age: 1876
last-modified: Tue, 21 Mar 2023 16:36:43 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

detectportal.firefox.com/success.txt?ipv4

34.107.221.82

200 OK

8 B

URL HTTP/1.1
detectportal.firefox.com/success.txt?ipv4
IP
34.107.221.82:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
8 B (8 bytes)
Hash
ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5

HTTP Headers

GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Thu, 23 Mar 2023 11:35:00 GMT
Age: 17744
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600

firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258

35.241.9.150

200 OK

682 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (682), with no line terminators
Size
682 B (682 bytes)
Hash
01b690964dee95d05c2514fbd8e0ca10
7095b979dd9ac6675ae4d1cf0130826045e03266
254b3294433c758c9591b6cba0e31d8453a6eec372af315d0f39056d020a6acd

HTTP Headers

GET /v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Last-Modified, Retry-After, Content-Length, Alert, Cache-Control, Expires, Content-Type, Backoff, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 682
via: 1.1 google
date: Thu, 23 Mar 2023 16:14:23 GMT
age: 981
last-modified: Fri, 17 Mar 2023 16:36:59 GMT
etag: "1679071019113"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

dhl.249221.guitartone.ch/verfolgung/tracking.php?id=4988114&page=007

157.230.242.66

200 OK

120 kB

URL HTTP/1.1
dhl.249221.guitartone.ch/verfolgung/tracking.php?id=4988114&page=007
IP
157.230.242.66:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1304), with CRLF line terminators
Size
120 kB (119922 bytes)
Hash
b07b98832b1a98cd5bd52a28433dbc0f
54de7a38032d54a1e32dea8b8fe61d5e440c0b8f
891de6fd5beb5c3dab0362ae6c08835abe5da7229342487498d3f181e771eee1

HTTP Headers

GET /verfolgung/tracking.php?id=4988114&page=007 HTTP/1.1
Host: dhl.249221.guitartone.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:30:43 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.16

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9895
Expires: Thu, 23 Mar 2023 19:15:39 GMT
Date: Thu, 23 Mar 2023 16:30:44 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9895
Expires: Thu, 23 Mar 2023 19:15:39 GMT
Date: Thu, 23 Mar 2023 16:30:44 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9927
Expires: Thu, 23 Mar 2023 19:16:11 GMT
Date: Thu, 23 Mar 2023 16:30:44 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9927
Expires: Thu, 23 Mar 2023 19:16:11 GMT
Date: Thu, 23 Mar 2023 16:30:44 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9895
Expires: Thu, 23 Mar 2023 19:15:39 GMT
Date: Thu, 23 Mar 2023 16:30:44 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5be1b286-007a-44a5-a6fd-872190ecfa0b.jpeg

34.120.237.76

200 OK

6.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5be1b286-007a-44a5-a6fd-872190ecfa0b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.7 kB (6692 bytes)
Hash
c05bfdf1411a931d8ea9adc64b07bc74
156ef59e53564a4f2b27002b2695fafecd578d82
15d17c0df2d2b0625ecf5f576a7ff630ae8b923b28be354ad23aec6a284a801a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5be1b286-007a-44a5-a6fd-872190ecfa0b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6692
x-amzn-requestid: 3a0f6a8d-89b1-43f4-8a15-8749bdbc047b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM9d9FcOoAMFaFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b75f2-3540256d6be3d4f85bba65ea;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:41:06 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Jj5lAwItWYm45j5kLqQnd3fhsiGsiuSiSVtrBUOolyHvPAmCc0S71A==
via: 1.1 e92cc925fc8895560cd0628c67f58828.cloudfront.net (CloudFront), 1.1 b23fb37cd7fff033ab21e3284f558a28.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 07:54:24 GMT
age: 30980
etag: "156ef59e53564a4f2b27002b2695fafecd578d82"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08561a1f-1d19-45db-be98-107d6b1ed25d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10480 bytes)
Hash
6f0b9e85381489dcf646c251722b21d4
5f7ea91288a2170bcabdca6be296718c4191eacd
911f803271ad9053ebac3787bdde9b75ec604acc6aa28692cc8e4c5c4fb61483

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08561a1f-1d19-45db-be98-107d6b1ed25d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10480
x-amzn-requestid: 58aa8272-4b4e-4a2f-9d6e-d47f70891c49
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJptHG7JoAMFSwA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2320-2fd6502b1271d5c13b4ebbe9;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:28 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: pFCYGtd2b7lK7OBFHjCsgqqLfhtMAQDB0vyYFyf1sv-3CkSHbEh3mA==
via: 1.1 2241406ac19fffc8f35d6ddef8e22f56.cloudfront.net (CloudFront), 1.1 4c48e9fb20d53d40e9fe273dbdae1098.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 21:59:52 GMT
age: 66652
etag: "5f7ea91288a2170bcabdca6be296718c4191eacd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a816157-9568-4e7f-a034-14b2f1982949.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.9 kB (4912 bytes)
Hash
f4a771935927950222124e14b56046df
d07fe53e4ac41048497b2732c017f6666c3eda9e
4e8388626074646c2336711be0a170ceab367c343648a32d2389dd87640251d0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a816157-9568-4e7f-a034-14b2f1982949.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4912
x-amzn-requestid: d8fcf495-12af-42ae-ad69-0ea07b1a8669
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM8H3Fl1IAMFYgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b73cb-01cbd1981a57e53b3d3cde93;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:31:55 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: soxgrR0B6Rz79QysB7qbMTsNYmkYfG8doOMPpTEd9uLlrE6WTcDKdw==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 995664ee945c06fc706b5cb8e0e650dc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 21:47:44 GMT
age: 67380
etag: "d07fe53e4ac41048497b2732c017f6666c3eda9e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93c300c4-e707-428c-9ae5-d4699c20a7ef.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.0 kB (5950 bytes)
Hash
800c2662fd6ab8829a02b7d63084c38d
0917d2c376f8d2af2a436a33ce2bfe1cbdb8b239
76545e9f75dc558fdb7b54550934c7775318fb4150a9309f60e65d982d2e576e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93c300c4-e707-428c-9ae5-d4699c20a7ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5950
x-amzn-requestid: ce85112e-428d-4ca1-9dac-1d6c8c6dc74a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CKyF9EI3oAMFtyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a96f2-05c5948d6f74948b1c67d68c;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 05:49:38 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: tu0ENc_6tfykYc23nLfwYEMsi5HIfaDWF6dvzVTfX5rfjr3JrmMrCA==
via: 1.1 59456abf79b201034ab5c9cfef7355e2.cloudfront.net (CloudFront), 1.1 aabd01c4a20dae837d162bd972422efc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 22:02:44 GMT
age: 66480
etag: "0917d2c376f8d2af2a436a33ce2bfe1cbdb8b239"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F772d9c75-9796-494f-9fc4-91d04e2bac53.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.9 kB (4905 bytes)
Hash
90f64fe111aa6e90ebf52e0335d21b75
4f25bdbffca3803b02c196c38491223684d36b4d
37894e16112286470b7fd2e0bbd5ca74944e6cb5ca6e8aff189c4515122a0d40

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F772d9c75-9796-494f-9fc4-91d04e2bac53.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4905
x-amzn-requestid: f2297c3e-1187-48f5-bffb-c5ea1a79a10b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CBFgcF4_oAMFd6A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6416b602-02696af01c0d586c631c5b45;Sampled=0
x-amzn-remapped-date: Sun, 19 Mar 2023 07:13:06 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: R9mjcik3i0kISOeO4gVZP6XhhvZO00mriabAtJ8vv1kNhRpz_lfsHQ==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 618052a0d9c86c1a3bf663f82d041d1c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 06:31:03 GMT
age: 35981
etag: "4f25bdbffca3803b02c196c38491223684d36b4d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F261caab9-983c-4eb1-9fca-fd73dc738e9e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10284 bytes)
Hash
4e89d0b1281259e7399294fb5fa19d2b
5035ed41f497c97faefae9cdaf42dc07ab468557
f404d286deab5b4759be6e554e6488faab3b4f7988a86eb57520dac4e0d6a192

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F261caab9-983c-4eb1-9fca-fd73dc738e9e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10284
x-amzn-requestid: e4d2c324-d0b0-436d-9739-29269e62aed0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM6hjEqtIAMFvXA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b713c-5a5bd6b60c1f52ab580f1757;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:21:00 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Pv-MA9gQ4PmXuY3EWSC77_g2fn_C9-bYUQ4azcrxLNvtwY6CZZg1nA==
via: 1.1 ffc1e24c06bfbb135c0a4d240b382048.cloudfront.net (CloudFront), 1.1 174acb08636ac7d9e9a778bbf1bcbc52.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 07:55:01 GMT
age: 30943
etag: "5035ed41f497c97faefae9cdaf42dc07ab468557"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22

35.241.9.150

200 OK

1.3 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (1250), with no line terminators
Size
1.3 kB (1250 bytes)
Hash
6e9207f14bc4e1dacd75ae700db68d24
83e39f11d653a520e625f85ee1bfc792dfcb0252
18dc7a0b3c12d96a4a26b31a47e0bdf22509ec2727eabbba9457dc9102c30044

HTTP Headers

GET /v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1250
via: 1.1 google
date: Thu, 23 Mar 2023 16:08:13 GMT
age: 1351
last-modified: Fri, 17 Mar 2023 16:36:48 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22

35.241.9.150

200 OK

1.7 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (1742), with no line terminators
Size
1.7 kB (1742 bytes)
Hash
15fac2acaa5e46514ba26b94c9120bb3
84ad721feea570de94a40fec3d0e176937829f4e
fa5eb055710eff6d1f9a27b71a6424ee6213bb4b5243da7cc1b1470270ad95c8

HTTP Headers

GET /v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Backoff, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1742
via: 1.1 google
date: Thu, 23 Mar 2023 16:01:44 GMT
age: 1740
last-modified: Fri, 17 Mar 2023 16:36:47 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

dhl.249221.guitartone.ch/verfolgung/js/jquery-1.12.2.min.js

157.230.242.66

200 OK

97 kB

URL HTTP/1.1
dhl.249221.guitartone.ch/verfolgung/js/jquery-1.12.2.min.js
IP
157.230.242.66:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with very long lines (32029)
Size
97 kB (97244 bytes)
Hash
bdc2b7efb1faf219d65edfe253a103e9
4921529fc15b8133f2fe65b3bebf53d1e9ef8579
95914789b5f3307a3718679e867d61b9d4c03f749cd2e2970570331d7d6c8ed9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /verfolgung/js/jquery-1.12.2.min.js HTTP/1.1
Host: dhl.249221.guitartone.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl.249221.guitartone.ch/verfolgung/tracking.php?id=4988114&page=007
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:30:44 GMT
Content-Type: application/javascript
Content-Length: 97244
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 15:27:22 GMT
ETag: "17bdc-5e8a4c3deea80"
Accept-Ranges: bytes

firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1675943045406&_since=%221657747510534%22

35.241.9.150

200 OK

2.4 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1675943045406&_since=%221657747510534%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (2387), with no line terminators
Size
2.4 kB (2387 bytes)
Hash
8433183bfaa3cc12d07724843f7b08ac
8583ff32a05d04833f0c9f1e0ea8b95571a7367c
8fffd47f59b9894dd9703fefb151b4047d99bf8d6d844c1f7302633da2d9d1cf

HTTP Headers

GET /v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1675943045406&_since=%221657747510534%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 2387
via: 1.1 google
date: Thu, 23 Mar 2023 15:27:05 GMT
age: 3819
last-modified: Fri, 17 Mar 2023 16:36:46 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/changeset?_expected=1678922485545&_since=%221661199949574%22

35.241.9.150

200 OK

25 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/changeset?_expected=1678922485545&_since=%221661199949574%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (25354), with no line terminators
Size
25 kB (25354 bytes)
Hash
350cfa5488b9cfce345b6410b04d5307
fc3ee8d31aa9ba9353beff9a42c93855da3bf5e9
103e8b0147854a1236e477dd5e951246463f098592a5549560c20fc98d8c1f35

HTTP Headers

GET /v1/buckets/main/collections/search-config/changeset?_expected=1678922485545&_since=%221661199949574%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Alert, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 25354
via: 1.1 google
date: Thu, 23 Mar 2023 16:06:53 GMT
age: 1431
last-modified: Wed, 15 Mar 2023 23:21:25 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

dhl.249221.guitartone.ch/verfolgung/css/6.css

157.230.242.66

200 OK

4.3 kB

URL HTTP/1.1
dhl.249221.guitartone.ch/verfolgung/css/6.css
IP
157.230.242.66:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with CRLF line terminators
Size
4.3 kB (4271 bytes)
Hash
8eb7809b45d4079fbaa48175f64c7441
f865a99867d1eac58a575a518996ae2e9ca1de95
00d16054bb78393fecfbeff7eed0d44e005ebe51f034c838c1f69bdfddf40b01

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /verfolgung/css/6.css HTTP/1.1
Host: dhl.249221.guitartone.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl.249221.guitartone.ch/verfolgung/tracking.php?id=4988114&page=007
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:30:44 GMT
Content-Type: text/css
Content-Length: 4271
Connection: keep-alive
Last-Modified: Sat, 19 Nov 2022 09:18:34 GMT
ETag: "10af-5edcf4e772e80"
Accept-Ranges: bytes

firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22

35.241.9.150

200 OK

1.5 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (1506), with no line terminators
Size
1.5 kB (1506 bytes)
Hash
2c6deb199b3a43e62e4423bde1127c13
3bdb809be246e6a226ab6af05e6cb7ecca621d7d
200bc6608eaa3cdb6d274d84655ac94f1d1d5f33249c2d33a0155629900ce507

HTTP Headers

GET /v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1506
via: 1.1 google
date: Thu, 23 Mar 2023 16:26:54 GMT
age: 230
last-modified: Wed, 15 Mar 2023 16:36:49 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22

35.241.9.150

200 OK

934 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (934), with no line terminators
Size
934 B (934 bytes)
Hash
c88ba032388de9b5463fd8ee96221426
792e2a7e9bf312a80eb3799b807588aaae55ec42
c7b5a104191bcf5c6ea0b7fe78b2b71b5c438c14af5e3a38bab31b431371d556

HTTP Headers

GET /v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Alert, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 934
via: 1.1 google
date: Thu, 23 Mar 2023 16:30:18 GMT
age: 26
last-modified: Wed, 15 Mar 2023 16:36:48 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

dhl.249221.guitartone.ch/verfolgung/css/3.css

157.230.242.66

200 OK

22 kB

URL HTTP/1.1
dhl.249221.guitartone.ch/verfolgung/css/3.css
IP
157.230.242.66:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with CRLF line terminators
Size
22 kB (22046 bytes)
Hash
c54f6668454402879168d2782296d35e
dd3c72855079f3d074cfe6fd500959874650c736
d40a85d0988ad1b83645365ac9bd5ef15ed33517733d847317f86c6ea271ad32

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /verfolgung/css/3.css HTTP/1.1
Host: dhl.249221.guitartone.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl.249221.guitartone.ch/verfolgung/tracking.php?id=4988114&page=007
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:30:44 GMT
Content-Type: text/css
Content-Length: 22046
Connection: keep-alive
Last-Modified: Sat, 19 Nov 2022 09:05:56 GMT
ETag: "561e-5edcf21490500"
Accept-Ranges: bytes

dhl.249221.guitartone.ch/verfolgung/css/5.css

157.230.242.66

200 OK

48 kB

URL HTTP/1.1
dhl.249221.guitartone.ch/verfolgung/css/5.css
IP
157.230.242.66:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with very long lines (661), with CRLF line terminators
Size
48 kB (48507 bytes)
Hash
67f662870fef3deea83c75f68622a1e4
45bdedb38dca005081238b4cf80fa10c90778465
8fd91a16c9b120c1f43fecdb1d40a9adf7e6dc05b69c3261c342ea76ecc50c2d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /verfolgung/css/5.css HTTP/1.1
Host: dhl.249221.guitartone.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl.249221.guitartone.ch/verfolgung/tracking.php?id=4988114&page=007
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:30:44 GMT
Content-Type: text/css
Content-Length: 48507
Connection: keep-alive
Last-Modified: Sat, 19 Nov 2022 09:05:56 GMT
ETag: "bd7b-5edcf21490500"
Accept-Ranges: bytes

dhl.249221.guitartone.ch/verfolgung/css/2.css

157.230.242.66

200 OK

48 kB

URL HTTP/1.1
dhl.249221.guitartone.ch/verfolgung/css/2.css
IP
157.230.242.66:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with very long lines (661), with CRLF line terminators
Size
48 kB (48503 bytes)
Hash
68bb9d41de0ac82959f8f90c552e4948
fb4e7fd67a692ae70e6b3813fe7913f0c3800103
a0879b822817892ccecb11bc4c475d4bf3aad5e03a37a49eae46dfbdcf9e8fb3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /verfolgung/css/2.css HTTP/1.1
Host: dhl.249221.guitartone.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl.249221.guitartone.ch/verfolgung/tracking.php?id=4988114&page=007
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:30:44 GMT
Content-Type: text/css
Content-Length: 48503
Connection: keep-alive
Last-Modified: Sat, 19 Nov 2022 09:05:56 GMT
ETag: "bd77-5edcf21490500"
Accept-Ranges: bytes

dhl.249221.guitartone.ch/verfolgung/css/1.css

157.230.242.66

200 OK

54 kB

URL HTTP/1.1
dhl.249221.guitartone.ch/verfolgung/css/1.css
IP
157.230.242.66:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with very long lines (23076), with CRLF line terminators
Size
54 kB (53751 bytes)
Hash
c773c2e44cb33bd02d04987a8017056b
af122938b5fab20abed2fd9df00af09e66294222
a116a577d744fd0c240b7f1c1b3139cc0d61b953d36fe2b61506e379e9c8bc0a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /verfolgung/css/1.css HTTP/1.1
Host: dhl.249221.guitartone.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl.249221.guitartone.ch/verfolgung/tracking.php?id=4988114&page=007
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:30:44 GMT
Content-Type: text/css
Content-Length: 53751
Connection: keep-alive
Last-Modified: Sat, 19 Nov 2022 09:05:56 GMT
ETag: "d1f7-5edcf21490500"
Accept-Ranges: bytes

dhl.249221.guitartone.ch/verfolgung/img/dhl-official.svg

157.230.242.66

200 OK

2.0 kB

URL HTTP/1.1
dhl.249221.guitartone.ch/verfolgung/img/dhl-official.svg
IP
157.230.242.66:0
ASN
#14061 DIGITALOCEAN-ASN

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document, ASCII text, with very long lines (2040), with no line terminators
Size
2.0 kB (2040 bytes)
Hash
d5a053f0005dd58489a461f599b5a508
ba71dd77800ef3d410beb8282d790642bec8193b
aeed178a287002e32c4a7767dc24b3c732a812cdd42017835055e42db4d2eae1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /verfolgung/img/dhl-official.svg HTTP/1.1
Host: dhl.249221.guitartone.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl.249221.guitartone.ch/verfolgung/tracking.php?id=4988114&page=007
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:30:45 GMT
Content-Type: image/svg+xml
Content-Length: 2040
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 15:27:22 GMT
ETag: "7f8-5e8a4c3deea80"
Accept-Ranges: bytes

dhl.249221.guitartone.ch/verfolgung/img/rating-play-store.svg

157.230.242.66

200 OK

904 B

URL HTTP/1.1
dhl.249221.guitartone.ch/verfolgung/img/rating-play-store.svg
IP
157.230.242.66:0
ASN
#14061 DIGITALOCEAN-ASN

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (512)
Size
904 B (904 bytes)
Hash
19a24c818ad0e0eab9418b77ff8e7c1c
3787691d98fd4b9f494664274a641226e33c1588
a6b35b6b7cabb9d33c2e1d6afef2d5f546a2fd3912f5f3e96495cd64218b9251

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /verfolgung/img/rating-play-store.svg HTTP/1.1
Host: dhl.249221.guitartone.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl.249221.guitartone.ch/verfolgung/tracking.php?id=4988114&page=007
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:30:45 GMT
Content-Type: image/svg+xml
Content-Length: 904
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 15:27:22 GMT
ETag: "388-5e8a4c3deea80"
Accept-Ranges: bytes

dhl.249221.guitartone.ch/verfolgung/img/amex.svg

157.230.242.66

200 OK

734 B

URL HTTP/1.1
dhl.249221.guitartone.ch/verfolgung/img/amex.svg
IP
157.230.242.66:0
ASN
#14061 DIGITALOCEAN-ASN

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (565)
Size
734 B (734 bytes)
Hash
1c003076f46fc215f19de22568f3b5a1
112caa9374e6c1d0f8325cdcf2bde5b073f0f1ad
b64feafef2104c77f092f2bbfa526bad76e17fb053591284984e86a28ed721a2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /verfolgung/img/amex.svg HTTP/1.1
Host: dhl.249221.guitartone.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl.249221.guitartone.ch/verfolgung/tracking.php?id=4988114&page=007
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:30:45 GMT
Content-Type: image/svg+xml
Content-Length: 734
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 15:27:22 GMT
ETag: "2de-5e8a4c3deea80"
Accept-Ranges: bytes

dhl.249221.guitartone.ch/verfolgung/img/paypal.svg

157.230.242.66

200 OK

3.4 kB

URL HTTP/1.1
dhl.249221.guitartone.ch/verfolgung/img/paypal.svg
IP
157.230.242.66:0
ASN
#14061 DIGITALOCEAN-ASN

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (3369), with no line terminators
Size
3.4 kB (3369 bytes)
Hash
4ac4e26be0277fab62f57835bca7ee1e
edef7e834db1d63bd5290adf1f0308522cced7e0
5e9402048b0efae8235057fc5db4276b0472c9a42c59c0b759e059ffbdafb32b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /verfolgung/img/paypal.svg HTTP/1.1
Host: dhl.249221.guitartone.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl.249221.guitartone.ch/verfolgung/tracking.php?id=4988114&page=007
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:30:45 GMT
Content-Type: image/svg+xml
Content-Length: 3369
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 15:27:22 GMT
ETag: "d29-5e8a4c3deea80"
Accept-Ranges: bytes

dhl.249221.guitartone.ch/verfolgung/img/visa.svg

157.230.242.66

200 OK

4.6 kB

URL HTTP/1.1
dhl.249221.guitartone.ch/verfolgung/img/visa.svg
IP
157.230.242.66:0
ASN
#14061 DIGITALOCEAN-ASN

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text, with very long lines (1577)
Size
4.6 kB (4586 bytes)
Hash
09d8b96a0853e0bc8cec7c677c0da93b
a6aebdb9c339cac93762338353517b67e23f1903
a60079ce89803190740ddcf6e03eace0492b8f73ec57ffb4132b72a9736b68fe

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /verfolgung/img/visa.svg HTTP/1.1
Host: dhl.249221.guitartone.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl.249221.guitartone.ch/verfolgung/tracking.php?id=4988114&page=007
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:30:45 GMT
Content-Type: image/svg+xml
Content-Length: 4586
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 15:27:22 GMT
ETag: "11ea-5e8a4c3deea80"
Accept-Ranges: bytes

dhl.249221.guitartone.ch/verfolgung/fonts/delivery-rg.woff2

157.230.242.66

200 OK

34 kB

URL HTTP/1.1
dhl.249221.guitartone.ch/verfolgung/fonts/delivery-rg.woff2
IP
157.230.242.66:0
ASN
#14061 DIGITALOCEAN-ASN

File type
Web Open Font Format (Version 2), TrueType, length 33580, version 1.0\012- data
Size
34 kB (33580 bytes)
Hash
1a05a4d2566dc2490cae801e9d885ec6
2fae1307a017a9afe73d351cf15932e51dc57887
2a2dc315ce559a3636bcbfaf666ee1ac382222798eceeef8d464c8d1e4e18de7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /verfolgung/fonts/delivery-rg.woff2 HTTP/1.1
Host: dhl.249221.guitartone.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://dhl.249221.guitartone.ch/verfolgung/tracking.php?id=4988114&page=007
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:30:45 GMT
Content-Length: 33580
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 15:27:22 GMT
ETag: "832c-5e8a4c3deea80"
Accept-Ranges: bytes

dhl.249221.guitartone.ch/verfolgung/fonts/delivery-bd.woff2

157.230.242.66

200 OK

34 kB

URL HTTP/1.1
dhl.249221.guitartone.ch/verfolgung/fonts/delivery-bd.woff2
IP
157.230.242.66:0
ASN
#14061 DIGITALOCEAN-ASN

File type
Web Open Font Format (Version 2), TrueType, length 33840, version 1.0\012- data
Size
34 kB (33840 bytes)
Hash
682ea1d6962cd47974cd715fa3b80b4a
94a563948862a70f4d1be0a3aebc3a9f7aa800a6
4d5879466a996b0bc74a71e513a743e240b69199449fa59e51d32d133b99576f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /verfolgung/fonts/delivery-bd.woff2 HTTP/1.1
Host: dhl.249221.guitartone.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://dhl.249221.guitartone.ch/verfolgung/tracking.php?id=4988114&page=007
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:30:45 GMT
Content-Length: 33840
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 15:27:22 GMT
ETag: "8430-5e8a4c3deea80"
Accept-Ranges: bytes

dhl.249221.guitartone.ch/verfolgung/phplib/ajax.php?id=4988114

157.230.242.66

200 OK

0 B

URL HTTP/1.1
dhl.249221.guitartone.ch/verfolgung/phplib/ajax.php?id=4988114
IP
157.230.242.66:0
ASN
#14061 DIGITALOCEAN-ASN

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

POST /verfolgung/phplib/ajax.php?id=4988114 HTTP/1.1
Host: dhl.249221.guitartone.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 12
Origin: https://dhl.249221.guitartone.ch
Connection: keep-alive
Referer: https://dhl.249221.guitartone.ch/verfolgung/tracking.php?id=4988114&page=007
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:30:45 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
X-Powered-By: PHP/5.4.16
Set-Cookie: PHPSESSID=51i1980eodegmnvru9blphpch4; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache

dhl.249221.guitartone.ch/verfolgung/img/1.png

157.230.242.66

200 OK

108 kB

URL HTTP/1.1
dhl.249221.guitartone.ch/verfolgung/img/1.png
IP
157.230.242.66:0
ASN
#14061 DIGITALOCEAN-ASN

File type
PNG image data, 366 x 206, 8-bit/color RGB, non-interlaced\012- data
Size
108 kB (108508 bytes)
Hash
634c39f2a51e26d2ac85598a2103e16d
1badf4773207d7238f8808f1bd42e355dd4b3a01
afcc3febb5b047b9f7d691e6e92c2239c2feee6cdb5e56a910e8a9e62387d430

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /verfolgung/img/1.png HTTP/1.1
Host: dhl.249221.guitartone.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl.249221.guitartone.ch/verfolgung/tracking.php?id=4988114&page=007
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:30:45 GMT
Content-Type: image/png
Content-Length: 108508
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 15:27:22 GMT
ETag: "1a7dc-5e8a4c3deea80"
Accept-Ranges: bytes

dhl.249221.guitartone.ch/verfolgung/img/sprite.svg

157.230.242.66

200 OK

41 kB

URL HTTP/1.1
dhl.249221.guitartone.ch/verfolgung/img/sprite.svg
IP
157.230.242.66:0
ASN
#14061 DIGITALOCEAN-ASN

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (28844), with CRLF line terminators
Size
41 kB (41430 bytes)
Hash
cebbc77896c22e29f2a223a9efe685e3
ab3e7dc74207c4bb1f45a712d334c3d3ef8bdce8
07908237900ec13b078abee11041a05af9a7c8930a9a0e1c7d85f2c5f8ca9425

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /verfolgung/img/sprite.svg HTTP/1.1
Host: dhl.249221.guitartone.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl.249221.guitartone.ch/verfolgung/tracking.php?id=4988114&page=007
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:30:45 GMT
Content-Type: image/svg+xml
Content-Length: 41430
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 15:27:22 GMT
ETag: "a1d6-5e8a4c3deea80"
Accept-Ranges: bytes

dhl.249221.guitartone.ch/verfolgung/img/dhl-ssl-logo.svg

157.230.242.66

200 OK

4.5 kB

URL HTTP/1.1
dhl.249221.guitartone.ch/verfolgung/img/dhl-ssl-logo.svg
IP
157.230.242.66:0
ASN
#14061 DIGITALOCEAN-ASN

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document, ASCII text, with very long lines (403)
Size
4.5 kB (4470 bytes)
Hash
f0e3cb96921af370a3ce18d1a1ded9b9
1fedecbb71184bc23dfdac38ef5b27d31da7f420
dc0fa4b8eaff05882b34c64260a6f630a3398a3a77584ef2ae6297ef10353578

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /verfolgung/img/dhl-ssl-logo.svg HTTP/1.1
Host: dhl.249221.guitartone.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl.249221.guitartone.ch/verfolgung/tracking.php?id=4988114&page=007
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:30:45 GMT
Content-Type: image/svg+xml
Content-Length: 4470
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 15:27:22 GMT
ETag: "1176-5e8a4c3deea80"
Accept-Ranges: bytes

dhl.249221.guitartone.ch/verfolgung/img/icons-nepal.svg

157.230.242.66

200 OK

26 kB

URL HTTP/1.1
dhl.249221.guitartone.ch/verfolgung/img/icons-nepal.svg
IP
157.230.242.66:0
ASN
#14061 DIGITALOCEAN-ASN

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document, ASCII text, with very long lines (25753), with CRLF line terminators
Size
26 kB (25893 bytes)
Hash
953dd00cb38ca1767d1145caf35a035b
8510eeee5a546b92d2cb4413f065aa5d49d0bfdb
2691d1e5392f267802498adb1ddc58e4d8a95a5fc69de8380e0d4ae7850c2e1c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /verfolgung/img/icons-nepal.svg HTTP/1.1
Host: dhl.249221.guitartone.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl.249221.guitartone.ch/verfolgung/tracking.php?id=4988114&page=007
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:30:45 GMT
Content-Type: image/svg+xml
Content-Length: 25893
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 15:27:22 GMT
ETag: "6525-5e8a4c3deea80"
Accept-Ranges: bytes

dhl.249221.guitartone.ch/verfolgung/img/mastercard.svg

157.230.242.66

200 OK

15 kB

URL HTTP/1.1
dhl.249221.guitartone.ch/verfolgung/img/mastercard.svg
IP
157.230.242.66:0
ASN
#14061 DIGITALOCEAN-ASN

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text, with very long lines (1435)
Size
15 kB (14915 bytes)
Hash
b81045f3a463d4aabc0a41fef3bc55ef
0cf6c882fac621b65b627cb39c3bbc9d669e20d3
f4551892c81a15874332cfa9639f76a41356c9ed4ca79ff682c9114aeb12563e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /verfolgung/img/mastercard.svg HTTP/1.1
Host: dhl.249221.guitartone.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl.249221.guitartone.ch/verfolgung/tracking.php?id=4988114&page=007
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:30:45 GMT
Content-Type: image/svg+xml
Content-Length: 14915
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 15:27:22 GMT
ETag: "3a43-5e8a4c3deea80"
Accept-Ranges: bytes

dhl.249221.guitartone.ch/verfolgung/fonts/delivery-cdblk.woff2

157.230.242.66

200 OK

37 kB

URL HTTP/1.1
dhl.249221.guitartone.ch/verfolgung/fonts/delivery-cdblk.woff2
IP
157.230.242.66:0
ASN
#14061 DIGITALOCEAN-ASN

File type
Web Open Font Format (Version 2), TrueType, length 36652, version 1.0\012- data
Size
37 kB (36652 bytes)
Hash
774e0efbb9da45395efa24c9ca4248de
04eab63ba86f912514fc0ea04b025b7f2df6145b
ccdf7761ca4d7eaa78f7135627c83d85ed7324d9e12a36258f1f21a5842c27b1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /verfolgung/fonts/delivery-cdblk.woff2 HTTP/1.1
Host: dhl.249221.guitartone.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://dhl.249221.guitartone.ch/verfolgung/tracking.php?id=4988114&page=007
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:30:45 GMT
Content-Length: 36652
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 15:27:22 GMT
ETag: "8f2c-5e8a4c3deea80"
Accept-Ranges: bytes

dhl.249221.guitartone.ch/verfolgung/img/sepapay.svg

157.230.242.66

200 OK

12 kB

URL HTTP/1.1
dhl.249221.guitartone.ch/verfolgung/img/sepapay.svg
IP
157.230.242.66:0
ASN
#14061 DIGITALOCEAN-ASN

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (12024), with no line terminators
Size
12 kB (12024 bytes)
Hash
176e69bbf00a8da5fe4921dbff1a30eb
384bbdee655135ef9a290f1365902ed6c9316969
b1764022abfe9e716542e55a05b94b851e369cd75407474874a439c61f5bd982

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /verfolgung/img/sepapay.svg HTTP/1.1
Host: dhl.249221.guitartone.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl.249221.guitartone.ch/verfolgung/tracking.php?id=4988114&page=007
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:30:45 GMT
Content-Type: image/svg+xml
Content-Length: 12024
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 15:27:22 GMT
ETag: "2ef8-5e8a4c3deea80"
Accept-Ranges: bytes

dhl.249221.guitartone.ch/verfolgung/img/giropay.svg

157.230.242.66

200 OK

2.4 kB

URL HTTP/1.1
dhl.249221.guitartone.ch/verfolgung/img/giropay.svg
IP
157.230.242.66:0
ASN
#14061 DIGITALOCEAN-ASN

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2396), with no line terminators
Size
2.4 kB (2396 bytes)
Hash
9b9e19be4be87ab5a0b96cd99754747e
edc3926e9431d362d794de7388fb4d78b156c4e8
2ef06fae9ac89777a220421e87980ef61b2a914e3eb1dec5b5c06a93531a9e38

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /verfolgung/img/giropay.svg HTTP/1.1
Host: dhl.249221.guitartone.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl.249221.guitartone.ch/verfolgung/tracking.php?id=4988114&page=007
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:30:45 GMT
Content-Type: image/svg+xml
Content-Length: 2396
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 15:27:22 GMT
ETag: "95c-5e8a4c3deea80"
Accept-Ranges: bytes

dhl.249221.guitartone.ch/verfolgung/img/icon-sprite.svg

157.230.242.66

200 OK

116 kB

URL HTTP/1.1
dhl.249221.guitartone.ch/verfolgung/img/icon-sprite.svg
IP
157.230.242.66:0
ASN
#14061 DIGITALOCEAN-ASN

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (65536), with no line terminators
Size
116 kB (116511 bytes)
Hash
a2f73421956e77814bc75b9f1ef7978c
76fff6b10243ee8b0d9f2b8c281e5023bef29816
616309a0321797f048d134f8c83c2ad6a94170f166093baa5fa6fd999461772e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /verfolgung/img/icon-sprite.svg HTTP/1.1
Host: dhl.249221.guitartone.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl.249221.guitartone.ch/verfolgung/tracking.php?id=4988114&page=007
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:30:45 GMT
Content-Type: image/svg+xml
Content-Length: 116511
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 15:27:22 GMT
ETag: "1c71f-5e8a4c3deea80"
Accept-Ranges: bytes

dhl.249221.guitartone.ch/verfolgung/img/dhl-group.svg

157.230.242.66

200 OK

8.7 kB

URL HTTP/1.1
dhl.249221.guitartone.ch/verfolgung/img/dhl-group.svg
IP
157.230.242.66:0
ASN
#14061 DIGITALOCEAN-ASN

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (724)
Size
8.7 kB (8715 bytes)
Hash
56ceadc8919cd52c7b19d6bfd2ed1a96
5716fe99efb512515553b02fc4ca7f858aa5c980
55de7fa1d7d120cab791bbbeadf10fe0f15783b296aceee56dc72c80896e4114

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /verfolgung/img/dhl-group.svg HTTP/1.1
Host: dhl.249221.guitartone.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl.249221.guitartone.ch/verfolgung/tracking.php?id=4988114&page=007
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:30:45 GMT
Content-Type: image/svg+xml
Content-Length: 8715
Connection: keep-alive
Last-Modified: Wed, 14 Sep 2022 15:27:22 GMT
ETag: "220b-5e8a4c3deea80"
Accept-Ranges: bytes

dhl.249221.guitartone.ch/verfolgung/favicon.ico

157.230.242.66

200 OK

7.4 kB

URL HTTP/1.1
dhl.249221.guitartone.ch/verfolgung/favicon.ico
IP
157.230.242.66:0
ASN
#14061 DIGITALOCEAN-ASN

File type
MS Windows icon resource - 3 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel\012- data
Size
7.4 kB (7406 bytes)
Hash
bbba65f5c0e656750df8c649749447c8
107d1dc536e768776a10d20b362e253ec684832a
c4caa8b38ca6962dfeaa34445597ba59d691d60633f4dda63630f27738c06497

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /verfolgung/favicon.ico HTTP/1.1
Host: dhl.249221.guitartone.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl.249221.guitartone.ch/verfolgung/tracking.php?id=4988114&page=007
Cookie: PHPSESSID=51i1980eodegmnvru9blphpch4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:30:45 GMT
Content-Type: image/vnd.microsoft.icon
Content-Length: 7406
Connection: keep-alive
Last-Modified: Sat, 29 Oct 2022 02:03:10 GMT
ETag: "1cee-5ec22c6afb380"
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (75)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL HTTP/1.1

IP

ASN