Report - www.ndnmag.fr/en/4878b9ac2701423df7796fffd01be9d1/execution.html?validation=e1s1

Report Overview

URL

www.ndnmag.fr/en/4878b9ac2701423df7796fffd01be9d1/execution.html?validation=e1s1
IP

46.182.4.120

ASN

#204818 Hosteur SAS
Submitted

2023-01-30T17:16:02Z

Access
Tags

dhl logistics phishing suspicious
urlquery detections

Phishing - DHL

Suspicious - Suspicious JS code

Detections

urlquery

34
Network Intrusion Detection

1
Threat Detection Systems

15

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com (1)	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333	391	34.117.237.239
code.jquery.com (1)	634	2012-05-21T19:28:02Z	2023-03-13T05:09:57Z	394	31337	69.16.175.10
ipinfo.io (2)	8136	2013-12-16T08:25:53Z	2023-03-13T05:42:51Z	657	8828	34.117.59.81
img-getpocket.cdn.mozilla.net (5)	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	2705	55902	34.120.237.76
r3.o.lencr.org (10)	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	3380	8861	23.36.76.226
firefox.settings.services.mozilla.com (2)	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782	2374	35.241.9.150
content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413	5844	34.160.144.191
cdn.jsdelivr.net (2)	439	2012-09-30T02:15:09Z	2023-03-13T06:17:54Z	703	1848	104.16.88.20
ocsp.digicert.com (2)	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	682	1210	93.184.220.29
www.ndnmag.fr (17)	unknown	2022-07-05T18:35:05Z	2023-03-05T17:23:18Z	8042	529409	46.182.4.120
ajax.googleapis.com (1)	12905	2013-08-16T11:51:31Z	2023-03-13T08:37:09Z	308	33863	216.58.207.234
push.services.mozilla.com (1)	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606	127	34.211.126.51

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-01-30T17:16:05Z	medium	Client IP	34.117.59.81	ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-30	medium	www.ndnmag.fr/en/4878b9ac2701423df7796fffd01be9d1/execution.html?validation=e1s1	Phishing
2023-01-30	medium	www.ndnmag.fr/en/dist/jquery-lang.js	Phishing
2023-01-30	medium	www.ndnmag.fr/en/dist/js.cookie.js	Phishing
2023-01-30	medium	www.ndnmag.fr/en/dist/load.php	Phishing
2023-01-30	medium	www.ndnmag.fr/en/dist/DHL_head.html	Phishing
2023-01-30	medium	www.ndnmag.fr/en/dist/fonts/default-274a65bae9742377aaf010bb1a7de971.woff	Phishing
2023-01-30	medium	www.ndnmag.fr/en/dist/DHL_footer.html	Phishing
2023-01-30	medium	www.ndnmag.fr/en/dist/fonts/iconfont-e7bece496cd0e6d60e456bc2b48c9446.woff	Phishing
2023-01-30	medium	www.ndnmag.fr/en/dist/fonts/default-815fcbb4d2c57901701125d768f09d67.woff	Phishing
2023-01-30	medium	www.ndnmag.fr/en/dist/fonts/default-3e828e80f6e985c352eba4474518978d.woff	Phishing
2023-01-30	medium	www.ndnmag.fr/en/dist/DHL_track.html	Phishing
2023-01-30	medium	www.ndnmag.fr/en/dist/jquery.validate.min.js	Phishing
2023-01-30	medium	www.ndnmag.fr/en/dist/langpack/en.json	Phishing
2023-01-30	medium	www.ndnmag.fr/en/dist/langpack/en.json	Phishing
2023-01-30	medium	www.ndnmag.fr/en/dist/fonts/default-5a6dd86f272b304a8b83f7df61f11c2f.woff	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

HTTP Transactions (45)

URL IP Response Size

www.ndnmag.fr/en/4878b9ac2701423df7796fffd01be9d1/execution.html?validation=e1s1

46.182.4.120

200 OK

1782

URL HTTP/1.1

www.ndnmag.fr/en/4878b9ac2701423df7796fffd01be9d1/execution.html?validation=e1s1
IP

46.182.4.120:0
ASN

#204818 Hosteur SAS

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators

Size

1782
Hash

6b93961fcf4afedb697680d1abf1cf33

025249a0f6d1fc3192abec4f8f4c089a121534cd

b33e199645f50f4a637971e4a59746df19a8b9abf44e731f24d7e78bb9048d5d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
urlquery	suspicious	Suspicious - Suspicious JS code
fortinet	Phishing

HTTP Headers

                                        GET /en/4878b9ac2701423df7796fffd01be9d1/execution.html?validation=e1s1 HTTP/1.1
Host: www.ndnmag.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 17:15:46 GMT
Content-Type: text/html
Content-Length: 1782
Connection: keep-alive
Set-Cookie: route=1675098947.794.284247.433363|499c8baf302284682cd20328146f4465; Path=/; HttpOnly
Last-Modified: Mon, 30 Jan 2023 17:09:45 GMT
ETag: "1f52-5f37e482b9bd3-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

5eb7c9bc996a0ff420e58af45526f053

8c2614832b8efe1c9da0bbd465d6f3f172d95a9e

c085cf277dd0429fe15e4a4bce5595636e9f2204d5a8e77220f8bf88adf4068f

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C085CF277DD0429FE15E4A4BCE5595636E9F2204D5A8E77220F8BF88ADF4068F"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3376
Expires: Mon, 30 Jan 2023 18:12:07 GMT
Date: Mon, 30 Jan 2023 17:15:51 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

0c35c3ec659d3a26ea97e68d787bb043

d97e3672244efec5b7814f2d8a734cd1a9387854

4c946a026114ff05316d92277750facf3d5f5d162839149da0b7fb1a4cff6b5e

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4C946A026114FF05316D92277750FACF3D5F5D162839149DA0B7FB1A4CFF6B5E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3190
Expires: Mon, 30 Jan 2023 18:09:01 GMT
Date: Mon, 30 Jan 2023 17:15:51 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

bf0c602d32b3c14606f22a86183b5e3c

6eabd8d83475eba731968abe1a05a8bfd272f160

6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 30 Jan 2023 16:43:12 GMT
content-type: application/json
age: 1959
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

09ee4b0fe6cf4ca5ed31b24452338d00

7e62b6e20f0d4737f4a8d94f9818a0883027839e

56da08e18a408d7313de4e598984a251a0ecf85bbba98b421be9aebeb98835af

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "56DA08E18A408D7313DE4E598984A251A0ECF85BBBA98B421BE9AEBEB98835AF"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5763
Expires: Mon, 30 Jan 2023 18:51:54 GMT
Date: Mon, 30 Jan 2023 17:15:51 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

7b922915ebf1fa3639b333f994c74f24

144a3f80b98fd0652d4614f24cf6cbbee40f8938

adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: GELRlQTYdn51eadTrFnaUMJPEktlPri4FnoIoxT0m+lG4fjw2dN0y6iS+KdKaHPRLz9jx97DH8g=
x-amz-request-id: GXKCAHVFN40HS0A9
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 30 Jan 2023 16:21:52 GMT
age: 3239
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js

216.58.207.234

200 OK

32954

URL HTTP/1.1

ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js
IP

216.58.207.234:0
ASN

#15169 GOOGLE

Magic

ASCII text, with very long lines (32072)

Size

32954
Hash

d38e2944bbc9ae54b8947a2bd0b9a932

782a825679b248d38979c2d7ecae257873344437

65a0917567cb7037612cf420629873f2f3594d2e741aaadf90d893d07d8f5fdd

HTTP Headers

                                        GET /ajax/libs/jquery/1.10.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.ndnmag.fr/

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Timing-Allow-Origin: *
Content-Length: 32954
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sun, 29 Jan 2023 10:25:20 GMT
Expires: Mon, 29 Jan 2024 10:25:20 GMT
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Content-Type: text/javascript; charset=UTF-8
Age: 111031

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 17:15:51 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.5.1.min.js

69.16.175.10

200 OK

30879

URL HTTP/2

code.jquery.com/jquery-3.5.1.min.js
IP

69.16.175.10:0
ASN

#20446 STACKPATH-CDN

Magic

ASCII text, with very long lines (65451)

Size

30879
Hash

3700d0b271343804b9b9aa1c13efa521

3d6b03dbd74872ca3dfbb0529f6c80943788f918

fda7541f8e4cf921d20bcd0dc1d0efe69644c79bd18a0be4ce2f34246c83603e

HTTP Headers

                                        GET /jquery-3.5.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.ndnmag.fr
Connection: keep-alive
Referer: http://www.ndnmag.fr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
date: Mon, 30 Jan 2023 17:15:51 GMT
content-encoding: gzip
content-length: 30879
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-15d84"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1675098951.dop024.sk1.t,1675098951.cds247.sk1.hn,1675098951.cds208.sk1.c
X-Firefox-Spdy: h2

www.ndnmag.fr/en/dist/jquery-lang.js

46.182.4.120

200 OK

7000

URL HTTP/1.1

www.ndnmag.fr/en/dist/jquery-lang.js
IP

46.182.4.120:0
ASN

#204818 Hosteur SAS

Magic

ASCII text

Size

7000
Hash

1c1917fafff89489f105f5d8427e6ef5

f6fb0efe5340fb45aeeb5550c1811e8c46cf79fa

50b74f02b7f4852ea8afdf518a07bb264480821da537d26d5fe7dffd5c62ca2f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

                                        GET /en/dist/jquery-lang.js HTTP/1.1
Host: www.ndnmag.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.ndnmag.fr/en/4878b9ac2701423df7796fffd01be9d1/execution.html?validation=e1s1
Cookie: route=1675098947.794.284247.433363|499c8baf302284682cd20328146f4465

                                        HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 17:16:40 GMT
Content-Type: application/javascript
Content-Length: 7000
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 13:25:21 GMT
ETag: "6c2d-5f316906e544e-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

www.ndnmag.fr/en/dist/js.cookie.js

46.182.4.120

200 OK

1387

URL HTTP/1.1

www.ndnmag.fr/en/dist/js.cookie.js
IP

46.182.4.120:0
ASN

#204818 Hosteur SAS

Magic

ASCII text

Size

1387
Hash

bc8cc9c688c4d556936a7fa6ec6fbe12

7c3a045a0256e758345d82062b9d08c6a4d97d2a

d234097e1e7a6e22fa09f7684577c07c861c77485105a1d74daa90646c1d47a7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

                                        GET /en/dist/js.cookie.js HTTP/1.1
Host: www.ndnmag.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.ndnmag.fr/en/4878b9ac2701423df7796fffd01be9d1/execution.html?validation=e1s1
Cookie: route=1675098947.794.284247.433363|499c8baf302284682cd20328146f4465

                                        HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 17:15:17 GMT
Content-Type: application/javascript
Content-Length: 1387
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 13:25:21 GMT
ETag: "d60-5f316906e63ee-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

www.ndnmag.fr/en/dist/dhl.css

46.182.4.120

200 OK

314756

URL HTTP/1.1

www.ndnmag.fr/en/dist/dhl.css
IP

46.182.4.120:0
ASN

#204818 Hosteur SAS

Magic

Unicode text, UTF-8 text, with very long lines (1148), with CRLF line terminators

Size

314756
Hash

91bb51af984823aa997a73805a14c17a

3e466647149a7c376f7df1fc9d921571eac24c9d

4ebc8985f17f3baf5683617c7854fd2132e952ca17ca83312685c7eb0e5d7c54

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL

HTTP Headers

                                        GET /en/dist/dhl.css HTTP/1.1
Host: www.ndnmag.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.ndnmag.fr/en/4878b9ac2701423df7796fffd01be9d1/execution.html?validation=e1s1
Cookie: route=1675098947.794.284247.433363|499c8baf302284682cd20328146f4465

                                        HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 17:15:47 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 13:25:21 GMT
ETag: "15b189-5f316906e44ae-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

www.ndnmag.fr/en/dist/load.php

46.182.4.120

200 OK

1096

URL HTTP/1.1

www.ndnmag.fr/en/dist/load.php
IP

46.182.4.120:0
ASN

#204818 Hosteur SAS

Magic

HTML document, ASCII text, with CRLF line terminators

Size

1096
Hash

443278ad17f9fe35fcaf6044308d9762

0b1b47ec66fff41259da13c19283b366c6f39e29

0d2d38ee6854230889d7e258fff29e7878cd1407ca222fb4b859863579ab9507

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

                                        GET /en/dist/load.php HTTP/1.1
Host: www.ndnmag.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://www.ndnmag.fr/en/4878b9ac2701423df7796fffd01be9d1/execution.html?validation=e1s1
Cookie: route=1675098947.794.284247.433363|499c8baf302284682cd20328146f4465

                                        HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 17:15:18 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 1096
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

www.ndnmag.fr/en/dist/DHL_head.html

46.182.4.120

200 OK

3117

URL HTTP/1.1

www.ndnmag.fr/en/dist/DHL_head.html
IP

46.182.4.120:0
ASN

#204818 Hosteur SAS

Magic

HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (1836)

Size

3117
Hash

dbc0ae6b82b4820f8a6407cee9585694

a4692b59fc059903620afcde4bcb79af49c96cfb

3c3acaa1d4052b6e9dd88d80593a36acf431e998de31a450dd9097413fe85d52

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

                                        GET /en/dist/DHL_head.html HTTP/1.1
Host: www.ndnmag.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://www.ndnmag.fr/en/4878b9ac2701423df7796fffd01be9d1/execution.html?validation=e1s1
Cookie: route=1675098947.794.284247.433363|499c8baf302284682cd20328146f4465

                                        HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 17:15:47 GMT
Content-Type: text/html
Content-Length: 3117
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 13:25:21 GMT
ETag: "2d05-5f316906e44ae-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

www.ndnmag.fr/en/dist/fonts/default-274a65bae9742377aaf010bb1a7de971.woff

46.182.4.120

200 OK

41084

URL HTTP/1.1

www.ndnmag.fr/en/dist/fonts/default-274a65bae9742377aaf010bb1a7de971.woff
IP

46.182.4.120:0
ASN

#204818 Hosteur SAS

Magic

Web Open Font Format, TrueType, length 41084, version 1.66\012- data

Size

41084
Hash

03f859bf58e4d37841070de34be7d978

3436d4fa17e7ee470c3d62b08787cfa7de408408

5af5c3746b03792640b9cafdabddfb2c5407f72988e128541a88fa439607d940

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

                                        GET /en/dist/fonts/default-274a65bae9742377aaf010bb1a7de971.woff HTTP/1.1
Host: www.ndnmag.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.ndnmag.fr/en/dist/dhl.css
Cookie: route=1675098947.794.284247.433363|499c8baf302284682cd20328146f4465

                                        HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 17:16:40 GMT
Content-Type: font/woff
Content-Length: 41084
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 13:25:21 GMT
ETag: "a07c-5f316906e44ae"
Accept-Ranges: bytes

www.ndnmag.fr/en/dist/DHL_footer.html

46.182.4.120

200 OK

6060

URL HTTP/1.1

www.ndnmag.fr/en/dist/DHL_footer.html
IP

46.182.4.120:0
ASN

#204818 Hosteur SAS

Magic

exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (2591)

Size

6060
Hash

2b27879683c6323bcefdd529317cf67f

b3968065a2a00dd7bad17dedf3b88ca316088ff0

34e03a44283630ddd2b3bc39055e662cccf4cf56862b47f6fad72e1956e8f333

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /en/dist/DHL_footer.html HTTP/1.1
Host: www.ndnmag.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://www.ndnmag.fr/en/4878b9ac2701423df7796fffd01be9d1/execution.html?validation=e1s1
Cookie: route=1675098947.794.284247.433363|499c8baf302284682cd20328146f4465

                                        HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 17:15:47 GMT
Content-Type: text/html
Content-Length: 6060
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 13:25:21 GMT
ETag: "3c69-5f316906e44ae-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

www.ndnmag.fr/en/dist/favicon.ico

46.182.4.120

200 OK

1150

URL HTTP/1.1

www.ndnmag.fr/en/dist/favicon.ico
IP

46.182.4.120:0
ASN

#204818 Hosteur SAS

Magic

MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data

Size

1150
Hash

d8106bf3a1d00ab43b01e6e3c92500eb

202b5e8654ab1b28351378293bca3b9d844cc29b

9ada5709e264c31b04a05bd85448a9bd5e91925e8d83df5cef0762ec97cc283e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL

HTTP Headers

                                        GET /en/dist/favicon.ico HTTP/1.1
Host: www.ndnmag.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.ndnmag.fr/en/4878b9ac2701423df7796fffd01be9d1/execution.html?validation=e1s1
Cookie: route=1675098947.794.284247.433363|499c8baf302284682cd20328146f4465

                                        HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 17:16:40 GMT
Content-Type: image/vnd.microsoft.icon
Content-Length: 1150
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 13:25:21 GMT
ETag: "47e-5f316906e44ae"
Accept-Ranges: bytes

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Pragma, ETag, Retry-After, Content-Type, Content-Length, Expires, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 30 Jan 2023 16:41:41 GMT
age: 2051
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

www.ndnmag.fr/en/dist/fonts/iconfont-e7bece496cd0e6d60e456bc2b48c9446.woff

46.182.4.120

200 OK

9316

URL HTTP/1.1

www.ndnmag.fr/en/dist/fonts/iconfont-e7bece496cd0e6d60e456bc2b48c9446.woff
IP

46.182.4.120:0
ASN

#204818 Hosteur SAS

Magic

Web Open Font Format, TrueType, length 9316, version 1.0\012- data

Size

9316
Hash

9355df62a665ef9249036bbccad8c54c

6b7779a10187a1a7473f604fbe3db96350868c6a

6d051536af97fbd33fae0683a1b6ce3749757ab43c8ee8c89295755fd4595807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

                                        GET /en/dist/fonts/iconfont-e7bece496cd0e6d60e456bc2b48c9446.woff HTTP/1.1
Host: www.ndnmag.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.ndnmag.fr/en/dist/dhl.css
Cookie: route=1675098947.794.284247.433363|499c8baf302284682cd20328146f4465

                                        HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 17:16:40 GMT
Content-Type: font/woff
Content-Length: 9316
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 13:25:21 GMT
ETag: "2464-5f316906e544e"
Accept-Ranges: bytes

www.ndnmag.fr/en/dist/fonts/default-815fcbb4d2c57901701125d768f09d67.woff

46.182.4.120

200 OK

41328

URL HTTP/1.1

www.ndnmag.fr/en/dist/fonts/default-815fcbb4d2c57901701125d768f09d67.woff
IP

46.182.4.120:0
ASN

#204818 Hosteur SAS

Magic

Web Open Font Format, TrueType, length 41328, version 1.66\012- data

Size

41328
Hash

e39bd2e2657ce5dd6f9c33df18529233

6db81ebb91bfa67cef8f2f870f03046150568799

19d0bda83ecbc986620468801adf000c77c3c38398650903c63fac8dcbac4383

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

                                        GET /en/dist/fonts/default-815fcbb4d2c57901701125d768f09d67.woff HTTP/1.1
Host: www.ndnmag.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.ndnmag.fr/en/dist/dhl.css
Cookie: route=1675098947.794.284247.433363|499c8baf302284682cd20328146f4465

                                        HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 17:16:40 GMT
Content-Type: font/woff
Content-Length: 41328
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 13:25:21 GMT
ETag: "a170-5f316906e544e"
Accept-Ranges: bytes

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

22b9916fc1fafc9bdc9bb37f9eac8a9a

86f640e134a741a0f906a8e3a0f5c6659dd0e394

a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21143
Expires: Mon, 30 Jan 2023 23:08:15 GMT
Date: Mon, 30 Jan 2023 17:15:52 GMT
Connection: keep-alive

ipinfo.io/country

34.117.59.81

302 Found

URL HTTP/1.1

ipinfo.io/country
IP

34.117.59.81:0
ASN

#15169 GOOGLE

Magic

ASCII text, with no line terminators

Size

72
Hash

b79f12127b13f3298b65130f55033eea

0c5df3d4734c5d754f78df4dd08f329ce38ab901

76d7f55bf215f2132f41391f47b4efd048f7c3b61db2b650e2a0a9b4a02d79f0

HTTP Headers

                                        GET /country HTTP/1.1
Host: ipinfo.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.ndnmag.fr/
Origin: http://www.ndnmag.fr
Connection: keep-alive

                                        HTTP/1.1 302 Found
access-control-allow-origin: *
location: https://ipinfo.io/country
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
date: Mon, 30 Jan 2023 17:15:52 GMT
x-envoy-upstream-service-time: 2
strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: gzip
transfer-encoding: chunked
Via: 1.1 google

www.ndnmag.fr/en/dist/fonts/default-3e828e80f6e985c352eba4474518978d.woff

46.182.4.120

200 OK

44260

URL HTTP/1.1

www.ndnmag.fr/en/dist/fonts/default-3e828e80f6e985c352eba4474518978d.woff
IP

46.182.4.120:0
ASN

#204818 Hosteur SAS

Magic

Web Open Font Format, TrueType, length 44260, version 1.66\012- data

Size

44260
Hash

4a350e02a03ac62e72e9ea575b31ce84

d47b03b96b6e7034a1473a293bb594e597a41dc2

87c40e3961e21f759770615ae67568a3de3ec6e0735f1238a6aae062f4ea15d5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

                                        GET /en/dist/fonts/default-3e828e80f6e985c352eba4474518978d.woff HTTP/1.1
Host: www.ndnmag.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.ndnmag.fr/en/dist/dhl.css
Cookie: route=1675098947.794.284247.433363|499c8baf302284682cd20328146f4465

                                        HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 17:15:47 GMT
Content-Type: font/woff
Content-Length: 44260
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 13:25:21 GMT
ETag: "ace4-5f316906e44ae"
Accept-Ranges: bytes

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

e3471320e289779c0363b89704e0fc4c

6cf978756452372f2a8ff720c2c0f72fcda29563

653cb912f1478e3bb581eddbda3d94ab31c06ae7d785b0e8f4dc6ade8f3e1627

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "653CB912F1478E3BB581EDDBDA3D94AB31C06AE7D785B0E8F4DC6ADE8F3E1627"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8565
Expires: Mon, 30 Jan 2023 19:38:37 GMT
Date: Mon, 30 Jan 2023 17:15:52 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

e3471320e289779c0363b89704e0fc4c

6cf978756452372f2a8ff720c2c0f72fcda29563

653cb912f1478e3bb581eddbda3d94ab31c06ae7d785b0e8f4dc6ade8f3e1627

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "653CB912F1478E3BB581EDDBDA3D94AB31C06AE7D785B0E8F4DC6ADE8F3E1627"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8565
Expires: Mon, 30 Jan 2023 19:38:37 GMT
Date: Mon, 30 Jan 2023 17:15:52 GMT
Connection: keep-alive

push.services.mozilla.com/

34.211.126.51

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

34.211.126.51:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: pqC4gUTh3XfpzAaW/KYwzg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: vSxCgEJMpYtnTXPbrohSzg+MiGU=

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

43bc5afe1d7330aa521e0efc78185a92

f53e9daa0a32e0acf7a10d9494fb383c1d039305

429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6902
Expires: Mon, 30 Jan 2023 19:10:56 GMT
Date: Mon, 30 Jan 2023 17:15:54 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

43bc5afe1d7330aa521e0efc78185a92

f53e9daa0a32e0acf7a10d9494fb383c1d039305

429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6902
Expires: Mon, 30 Jan 2023 19:10:56 GMT
Date: Mon, 30 Jan 2023 17:15:54 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

43bc5afe1d7330aa521e0efc78185a92

f53e9daa0a32e0acf7a10d9494fb383c1d039305

429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6902
Expires: Mon, 30 Jan 2023 19:10:56 GMT
Date: Mon, 30 Jan 2023 17:15:54 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

43bc5afe1d7330aa521e0efc78185a92

f53e9daa0a32e0acf7a10d9494fb383c1d039305

429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6902
Expires: Mon, 30 Jan 2023 19:10:56 GMT
Date: Mon, 30 Jan 2023 17:15:54 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72e6599c-6a41-4dd2-a346-b15fa84cb20a.jpeg

34.120.237.76

200 OK

10997

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72e6599c-6a41-4dd2-a346-b15fa84cb20a.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

10997
Hash

65c02d8a1b0d6a210cb2a649c5c67469

027dbc7a104c922904f067ed15d696c363c11774

89d5443a1d313c632d09a583ef602aa4645a16986076387329f434262d15b0a1

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72e6599c-6a41-4dd2-a346-b15fa84cb20a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 10997
x-amzn-requestid: a6fac0ab-1acf-4808-8785-3b4ec5e32edf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhj30FX7IAMFa5w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e698-005109ec2e76529e793678d6;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:35:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: skGKI_MWvDwpAbGibUcr8wTlimgoPU9ZYhEHltd3uhdJZ_GoNznVAA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:53:08 GMT
age: 69766
etag: "027dbc7a104c922904f067ed15d696c363c11774"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8464

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52796f60-dafe-46ba-9c7a-a08ce5e16c34.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

8464
Hash

fe31ee140c2fd62e616c8a1edc9e78bb

7aa5fbdc8156514770ae620e81f1afef1c77890f

799af4bf9fa07ed27ebdc9d1a3344ee8a2b6529f076c263495b93290c47a1cc4

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52796f60-dafe-46ba-9c7a-a08ce5e16c34.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 8464
x-amzn-requestid: bf2cf356-ebb1-469b-ba35-a79bb009cad6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhj3qGeboAMFzNw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e697-7c96841f52b6a96d1b0eaf34;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:35:19 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UNub7Gd4S0ogn5EJhtJVu8q1qML5_4eL2lIPQXiAuXy_q-XiR4s-5w==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:55:21 GMT
etag: "7aa5fbdc8156514770ae620e81f1afef1c77890f"
content-type: image/jpeg
age: 69633
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ipinfo.io/country

34.117.59.81

429 Too Many Requests

7863

URL HTTP/2

ipinfo.io/country
IP

34.117.59.81:0
ASN

#15169 GOOGLE

Magic

data

Size

7863
Hash

6f3f35be82b696a3033fe38f21a8c3b3

0553e31597342f651cdbbd95bfdc2136addfae30

2ba95875ce16c8a318d6abf8c121ed7d85b68509f693ff892e62bab4ecbbba9c

HTTP Headers

                                        GET /country HTTP/1.1
Host: ipinfo.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Referer: http://www.ndnmag.fr/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 429 Too Many Requests
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-type: application/json; charset=utf-8
date: Mon, 30 Jan 2023 17:15:52 GMT
x-envoy-upstream-service-time: 1
strict-transport-security: max-age=2592000; includeSubDomains
vary: Accept-Encoding
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12507

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F55e9b24d-3c7c-46d8-89b7-084483cc3d1d.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

12507
Hash

5190c0bdc6abe0ee258e9f8c20ddaf51

d60f280f8a742480527dbc32d08f321f972d4fcf

874b38a04aa3736e65aaef72da2cc2efceb208618267107a495bdfe51ec58e58

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F55e9b24d-3c7c-46d8-89b7-084483cc3d1d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 12507
x-amzn-requestid: 85c9adcd-b997-48ca-bbfb-ccdeaf3e8cfb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhklyFaJoAMFqKA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e7be-2bcdd8c353d8429d2b1e95f6;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:40:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: UDJKl99GiUxTW_EgWFDjLaJZbKFhfaJR-XRLsbQphwHuCXczDlxrDA==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:54:37 GMT
age: 69677
etag: "d60f280f8a742480527dbc32d08f321f972d4fcf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9457

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df754eb-70f9-4576-ac48-68a6ae719511.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

9457
Hash

51aa950d5eed7b90cab6632107092edc

e4388ced02e5576867e77547496dec1ac2338ef7

588830e5f725e8e56270565e40f817f2658b0ee7c0425d138e5f65a17ff40483

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df754eb-70f9-4576-ac48-68a6ae719511.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 9457
x-amzn-requestid: 7c48e5ca-2128-43da-ba83-fd91568af1ef
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhkBOGHVoAMFQtw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e6d4-1b850ffd543f51f92dec3894;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:36:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: soTFEnYjNcti77h3FpnztwzR7ypv68NbyoI6DxS0NhU412ykFsWAgA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 22:00:38 GMT
age: 69316
etag: "e4388ced02e5576867e77547496dec1ac2338ef7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9167

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

9167
Hash

3be81f83687ddb6c93d3ff3c09a9dba2

50a48e737310d3f31840db4301b25927fbcc12c5

e78c909e2381898e7f546183784a05dff47c31734c95358aaada8c2777ad47be

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 9167
x-amzn-requestid: f644ca78-a07a-43d1-96e4-95bcdecff7fb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPGLfFtOIAMFp7w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf83e2-202ca7160544acd24259bd5d;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:08:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xRwqrWS66l4qJfg2HnGphN1dbrIUod9XKW3zTk_-Km9AQRPyV2UqWg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 20:46:17 GMT
age: 73777
etag: "50a48e737310d3f31840db4301b25927fbcc12c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.ndnmag.fr/en/dist/DHL_track.html

46.182.4.120

200 OK

2567

URL HTTP/1.1

www.ndnmag.fr/en/dist/DHL_track.html
IP

46.182.4.120:0
ASN

#204818 Hosteur SAS

Magic

HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (356)

Size

2567
Hash

4190a616b637362d5770e5d9371b976e

e473255f06b35e276e2ae9da411d4cb3348b1ffc

a0ab3ac2b56ea3015a0e3f563970ac276fcb835411e4ee37174e2ca2b3d48f4d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /en/dist/DHL_track.html HTTP/1.1
Host: www.ndnmag.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://www.ndnmag.fr/en/4878b9ac2701423df7796fffd01be9d1/execution.html?validation=e1s1
Cookie: route=1675098947.794.284247.433363|499c8baf302284682cd20328146f4465

                                        HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 17:15:49 GMT
Content-Type: text/html
Content-Length: 2567
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 13:25:21 GMT
ETag: "1a9d-5f316906e44ae-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

www.ndnmag.fr/en/dist/jquery.validate.min.js

46.182.4.120

200 OK

7815

URL HTTP/1.1

www.ndnmag.fr/en/dist/jquery.validate.min.js
IP

46.182.4.120:0
ASN

#204818 Hosteur SAS

Magic

Unicode text, UTF-8 text, with very long lines (24237)

Size

7815
Hash

733b253cf585468481e2a1d19b517fc2

bd1c201faf6ff53a44b19e2ef8f6a18b6a36141b

d88829113f706278062864700f82a7b55756af1c0ba4be724122c78fe3fc37fe

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

                                        GET /en/dist/jquery.validate.min.js HTTP/1.1
Host: www.ndnmag.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://www.ndnmag.fr/en/4878b9ac2701423df7796fffd01be9d1/execution.html?validation=e1s1
Cookie: route=1675098947.794.284247.433363|499c8baf302284682cd20328146f4465

                                        HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 17:15:49 GMT
Content-Type: application/javascript
Content-Length: 7815
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 13:25:21 GMT
ETag: "5f38-5f316906e63ee-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js

104.16.88.20

301 Moved Permanently

URL HTTP/1.1

cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js
IP

104.16.88.20:0
ASN

#13335 CLOUDFLARENET

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /npm/popper.js@1.16.1/dist/umd/popper.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.ndnmag.fr/

                                        HTTP/1.1 301 Moved Permanently
Date: Mon, 30 Jan 2023 17:15:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 30 Jan 2023 18:15:54 GMT
Location: https://cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vlla22nzcYjZhasu%2F7w5ksPk5vmclP8MdMgign7DJqA%2B%2FeN5cOkt2i1dJ4TBBLkAVygQzzb%2BDEUYlnMqE%2BFr78RNK%2BXCHW02rh9kcFenQJj4jKQ7kZV8YsvBXTT2vJZBBDg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 791bda3168e8b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

www.ndnmag.fr/en/dist/langpack/en.json

46.182.4.120

200 OK

514

URL HTTP/1.1

www.ndnmag.fr/en/dist/langpack/en.json
IP

46.182.4.120:0
ASN

#204818 Hosteur SAS

Magic

JSON data\012- , ASCII text

Size

514
Hash

e5111c3d242107acc93f71f9c9182079

c648da6b0a6c4f9b89dbee1027cf9a7be36217ca

86f9abd216bc64ead1404975e2b6132aebc42ebd106e5be0f660b7e5852051a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

                                        GET /en/dist/langpack/en.json HTTP/1.1
Host: www.ndnmag.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://www.ndnmag.fr/en/4878b9ac2701423df7796fffd01be9d1/execution.html?validation=e1s1
Cookie: route=1675098947.794.284247.433363|499c8baf302284682cd20328146f4465

                                        HTTP/1.1 200 OK
Date: Mon, 30 Jan 2023 17:15:49 GMT
Content-Type: application/json
Content-Length: 514
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 13:25:21 GMT
ETag: "202-5f316906e63ee"
Accept-Ranges: bytes

ocsp.digicert.com/

93.184.220.29

200 OK

280

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

280
Hash

98a7f980a8d95df1ae26524eceab3fe9

95b25d26a9e8ad740c49495ea16cfb8cba2192f3

7d2a740bdfba0834d0144eea48e2b66bf1fc552e21a7ee84caff33bd4ea3c728

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2169
Cache-Control: max-age=89459
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 17:15:54 GMT
Etag: "63d6ad44-118"
Expires: Tue, 31 Jan 2023 18:06:53 GMT
Last-Modified: Sun, 29 Jan 2023 17:30:44 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 280

www.ndnmag.fr/en/dist/langpack/en.json

46.182.4.120

200 OK

514

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

#1 JS:Script (size: 24377)

#2 JS:Script (size: 2403)

#3 JS:Script (size: 629)

#4 JS:Script (size: 93100)

#5 JS:Script (size: 89476)

#6 JS:Script (size: 3424)

#7 JS:Script (size: 5)

#8 JS:Script (size: 1443)

#9 JS:Script (size: 9)

#10 JS:Script (size: 27693)

#11 JS:Script (size: 1840)

#12 JS:Script (size: 21233)

#13 JS:Script (size: 1015)

#14 JS:Script (size: 1532)

HTTP Transactions (45)

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

Detections

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size