Report - tan-portal.info/sp/a1b2c3/6bcfa853cb20d293df29c95a14c043a7/login/?

Report Overview

Submitted URL
tan-portal.info/sp/a1b2c3/6bcfa853cb20d293df29c95a14c043a7/login/?
IP
94.247.42.19
ASN
#34549 meerfarbig GmbH & Co. KG
Submitted
2023-01-26 20:49:51
Access
Website Title
Final URL
Tags
sparkasse financial phishing
urlquery detections
Phishing - Sparkasse

Detections

urlquery
13
Network Intrusion Detection
1
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
tan-portal.info	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	9.3 kB	352 kB	94.247.42.19
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.2 kB	23.36.76.226
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	34.213.76.197
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	65 kB	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-01-26 20:49:40	low	94.247.42.19	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (9)

	URL	Size	First Seen	Last Seen
	tan-portal.info/sp/bower_components/jquery/dist/jquery.min.js	87 kB	2023-03-07	2024-04-20
Pretty URL tan-portal.info/sp/bower_components/jquery/dist/jquery.min.js IP 94.247.42.19 ASN #34549 meerfarbig GmbH & Co. KG Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-20 00:25:31 Times Seen61211 Hash c9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Loading...

	tan-portal.info/sp/a1b2c3/6bcfa853cb20d293df29c95a14c043a7/login/?	55 kB	2023-03-13	2023-03-13
Pretty URL tan-portal.info/sp/a1b2c3/6bcfa853cb20d293df29c95a14c043a7/login/? IP 94.247.42.19 ASN #34549 meerfarbig GmbH & Co. KG Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:47:09 Last Seen2023-03-13 07:47:09 Times Seen1 Hash 2f7bd75b88cc71bd96f9cef4ea3fc9fc 88526d496cdf4f244f636eac608ca32e14cd80c1 2a8ff280a8eedaa4414995d5c1844dd31f0f56b015715182aa489e0bbc529975 Loading...

	tan-portal.info/sp/a1b2c3/6bcfa853cb20d293df29c95a14c043a7/login/?	434 B	2023-03-13	2023-03-13
Pretty URL tan-portal.info/sp/a1b2c3/6bcfa853cb20d293df29c95a14c043a7/login/? IP 94.247.42.19 ASN #34549 meerfarbig GmbH & Co. KG Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:47:09 Last Seen2023-03-13 07:47:09 Times Seen1 Hash 600ed70cc80fba8d71dcfff54dfddbb0 8f33089a9983ac49c0dc307db0e3fb2939435443 337f832848104401f28837df0d776d1eba3738fa18c4b5eaf84c350efdd01add Loading...

	tan-portal.info/sp/login/form/form.js?v=63d2e764bd488	9.5 kB	2023-03-09	2023-03-13
Pretty URL tan-portal.info/sp/login/form/form.js?v=63d2e764bd488 IP 94.247.42.19 ASN #34549 meerfarbig GmbH & Co. KG Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 17:56:09 Last Seen2023-03-13 07:47:09 Times Seen1 Hash c1fc65131a13fecf6719c588ca1058c7 d80b2baa1fa143347679cc94ed175698b891015a 47c4c7b3fddbf6b4c854f09c3d434da26826a2affeca30874e1846ce275b3bc0 Loading...

	tan-portal.info/sp/login/token/token.js?v=63d2e764bd4ca	11 kB	2023-03-12	2023-03-13
Pretty URL tan-portal.info/sp/login/token/token.js?v=63d2e764bd4ca IP 94.247.42.19 ASN #34549 meerfarbig GmbH & Co. KG Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 23:14:31 Last Seen2023-03-13 07:47:09 Times Seen1 Hash 2d9ef4dcbacbeb012bdd72973c6b3f36 0a4f9f7fb78e208f373ba16100e68d5ee380250a 1c0e40206b0816012eafeb067bbaed3aa7c7e0659eaadbcf220f6dc4ffc9184a Loading...

	tan-portal.info/sp/a1b2c3/6bcfa853cb20d293df29c95a14c043a7/login/?	58 B	2023-03-13	2023-03-13
Pretty URL tan-portal.info/sp/a1b2c3/6bcfa853cb20d293df29c95a14c043a7/login/? IP 94.247.42.19 ASN #34549 meerfarbig GmbH & Co. KG Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:47:09 Last Seen2023-03-13 07:47:09 Times Seen1 Hash f89f662d223bff9c0fa74970def34b4e 5888a6be4b8ab5c4fecc9d3000889161a4483c3d b3968d547cbd82fa168a8d49af0f59ea694ff1c15a93a06330f7bcca16f34750 Loading...

	tan-portal.info/sp/a1b2c3/6bcfa853cb20d293df29c95a14c043a7/login/?	58 B	2023-03-13	2023-03-13
Pretty URL tan-portal.info/sp/a1b2c3/6bcfa853cb20d293df29c95a14c043a7/login/? IP 94.247.42.19 ASN #34549 meerfarbig GmbH & Co. KG Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:47:09 Last Seen2023-03-13 07:47:09 Times Seen1 Hash 1e731fea375373f8442eef87d999c4bc 74fd8d481bc4c9f92110e5fdde95d3e26817eeb1 c12c3b9eaa413767e01e3bdfe1ea9a6d9ff1a6f41341b278fbb0c734f4ac2f0b Loading...

	tan-portal.info/sp/bower_components/ua-parser-js/dist/ua-parser.min.js	17 kB	2023-03-07	2024-04-19
Pretty URL tan-portal.info/sp/bower_components/ua-parser-js/dist/ua-parser.min.js IP 94.247.42.19 ASN #34549 meerfarbig GmbH & Co. KG Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:40 Last Seen2024-04-19 23:46:08 Times Seen666 Hash e0ae48c8ebbe57edeacb5b02f16d0df9 0c5a29a88add39486162e0c16f23e2e06fc7842e 0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896 Loading...

		Size	First Seen	Last Seen
	#1 Write - e2c6fdc116466e954e9b48279aa13c5a	41 kB	2023-03-13	2023-03-13
Pretty Observations First Seen2023-03-13 07:47:09 Last Seen2023-03-13 07:47:09 Times Seen1 Hash e2c6fdc116466e954e9b48279aa13c5a f9d3af35f35bc369afc1f271543ff625f4f663bc bab886f4a6042b3278ec938a784e2e0e3805acdfc3e91ed700250fb7e1641d10 Loading...

HTTP Transactions (42)

URL IP Response Size

tan-portal.info/sp/a1b2c3/6bcfa853cb20d293df29c95a14c043a7/login/?

94.247.42.19

200 OK

9.2 kB

URL HTTP/1.1
tan-portal.info/sp/a1b2c3/6bcfa853cb20d293df29c95a14c043a7/login/?
IP
94.247.42.19:0
ASN
#34549 meerfarbig GmbH & Co. KG

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (54679)
Size
9.2 kB (9241 bytes)
Hash
b308525c1fa67a08b1847c85a25e2568
90f257b939c569188cf3949a4c8294071653cb1e
503224269efad68233ae3d0ed9f365e0bcd5b5d81d8e4b5d9c70cf0e1de1cc79

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /sp/a1b2c3/6bcfa853cb20d293df29c95a14c043a7/login/? HTTP/1.1
Host: tan-portal.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 20:49:40 GMT
Server: Apache/2.4.18 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 9241
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9fbe85f42e8ae8ae41cc12df5f98b141
949fa36ff0f22f72565fd584bef094dd4de23037
184d3e4df4bce559b4d7c4836372f5fd2de9782a96b04d364230b7d695d737d8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "184D3E4DF4BCE559B4D7C4836372F5FD2DE9782A96B04D364230B7D695D737D8"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3708
Expires: Thu, 26 Jan 2023 21:51:28 GMT
Date: Thu, 26 Jan 2023 20:49:40 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2405562765b49b2782ebd2e2994851d5
be7ac8e558f7875bb1fb86ab5ec674424a5ff269
422cfa907461cb7b93b9089d600052f9e94951e5e0c93d97651905002e48ad3e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "422CFA907461CB7B93B9089D600052F9E94951E5E0C93D97651905002E48AD3E"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4951
Expires: Thu, 26 Jan 2023 22:12:11 GMT
Date: Thu, 26 Jan 2023 20:49:40 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 26 Jan 2023 20:42:56 GMT
content-type: application/json
age: 404
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
49049f3c92aad686cd7ff28ecd2a5a4f
9cc2bc9c055450dbc4fae93eabe4ef8509b3ff57
02cf421968192286bb174ff0e6c818a843c4eca61a02cd493e6f95bb58a37015

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "02CF421968192286BB174FF0E6C818A843C4ECA61A02CD493E6F95BB58A37015"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3090
Expires: Thu, 26 Jan 2023 21:41:11 GMT
Date: Thu, 26 Jan 2023 20:49:41 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 1aqvpT1s+PfrsbvsamZkHwibly6mvRL9nJi63SclPMV1pwY/x7amSOWVSqd678K0u0mWojjNlU8=
x-amz-request-id: 65W3FZN7S3RVDZ6G
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 26 Jan 2023 20:20:15 GMT
age: 1766
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 20:49:41 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

tan-portal.info/sp/bower_components/ua-parser-js/dist/ua-parser.min.js

94.247.42.19

200 OK

6.1 kB

URL HTTP/1.1
tan-portal.info/sp/bower_components/ua-parser-js/dist/ua-parser.min.js
IP
94.247.42.19:0
ASN
#34549 meerfarbig GmbH & Co. KG

File type
Unicode text, UTF-8 text, with very long lines (16817)
Size
6.1 kB (6063 bytes)
Hash
14da93cff6d49885bf214d2503f614db
04d64d738cd0fd2b4eee3b8abc5326dfda3f1dea
49e584e9a0aee55b81771b9e010ccf1da6278da03fb8ddba07ef7a1f0a126732

HTTP Headers

GET /sp/bower_components/ua-parser-js/dist/ua-parser.min.js HTTP/1.1
Host: tan-portal.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tan-portal.info/sp/a1b2c3/6bcfa853cb20d293df29c95a14c043a7/login/?

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 20:49:41 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 12 Oct 2017 03:16:22 GMT
ETag: "4298-55b50f6f02d80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6063
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

tan-portal.info/sp/login/form/css.css

94.247.42.19

200 OK

206 B

URL HTTP/1.1
tan-portal.info/sp/login/form/css.css
IP
94.247.42.19:0
ASN
#34549 meerfarbig GmbH & Co. KG

File type
ASCII text
Size
206 B (206 bytes)
Hash
69c5f91bbf488a72de1d2667cf7ae94a
fb95a2c9d98cf627922bb576f845a1b50c9accb0
d9ccc91d006f653f7167d89f18d2297afa1f47f74be3792a61d999d6abf9176d

HTTP Headers

GET /sp/login/form/css.css HTTP/1.1
Host: tan-portal.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tan-portal.info/sp/a1b2c3/6bcfa853cb20d293df29c95a14c043a7/login/?

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 20:49:41 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Fri, 28 Sep 2018 14:28:26 GMT
ETag: "165-576ef44bc3680-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 206
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

tan-portal.info/sp/bower_components/jquery/dist/jquery.min.js

94.247.42.19

200 OK

30 kB

URL HTTP/1.1
tan-portal.info/sp/bower_components/jquery/dist/jquery.min.js
IP
94.247.42.19:0
ASN
#34549 meerfarbig GmbH & Co. KG

File type
ASCII text, with very long lines (32058)
Size
30 kB (30138 bytes)
Hash
3430607b4301113ad9394c9260eef3f0
8c4db68b161b17e31be300e968a30ab0116b3193
31e4d11375322cd6f94dba7338570426f2412d6c5fa670427966d45c3648098c

HTTP Headers

GET /sp/bower_components/jquery/dist/jquery.min.js HTTP/1.1
Host: tan-portal.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tan-portal.info/sp/a1b2c3/6bcfa853cb20d293df29c95a14c043a7/login/?

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 20:49:41 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Sun, 04 Jun 2017 22:55:06 GMT
ETag: "15283-5512a470c0680-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 30138
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

tan-portal.info/sp/bower_components/font-awesome/css/font-awesome.min.css

94.247.42.19

200 OK

7.1 kB

URL HTTP/1.1
tan-portal.info/sp/bower_components/font-awesome/css/font-awesome.min.css
IP
94.247.42.19:0
ASN
#34549 meerfarbig GmbH & Co. KG

File type
ASCII text, with very long lines (30837)
Size
7.1 kB (7053 bytes)
Hash
52f1a8a2ce85fa8432308b33bc1a2e79
fd80917af5371c8ecad0198592a1e7cce4b77b0e
07bd6a9ea0213e20f362485aadc17a88c486ecfb394004b41b8b38db6e6a35f6

HTTP Headers

GET /sp/bower_components/font-awesome/css/font-awesome.min.css HTTP/1.1
Host: tan-portal.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tan-portal.info/sp/a1b2c3/6bcfa853cb20d293df29c95a14c043a7/login/?

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 20:49:41 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Sat, 08 Apr 2017 23:29:24 GMT
ETag: "7918-54cb01cc23d00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7053
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

tan-portal.info/sp/login/index.css

94.247.42.19

200 OK

43 kB

URL HTTP/1.1
tan-portal.info/sp/login/index.css
IP
94.247.42.19:0
ASN
#34549 meerfarbig GmbH & Co. KG

File type
Unicode text, UTF-8 text, with very long lines (882)
Size
43 kB (43320 bytes)
Hash
eb08c1f5571c369bc39032eafcd0f4b4
d287adcc9abf2ca96510cc165039e8117b3b95c4
b82993b3e4c536245e09c04fa04dbdcd481f14d75d68be44e9fd8a47d7f0277a

HTTP Headers

GET /sp/login/index.css HTTP/1.1
Host: tan-portal.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tan-portal.info/sp/a1b2c3/6bcfa853cb20d293df29c95a14c043a7/login/?

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 20:49:41 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Mon, 02 Dec 2019 13:08:08 GMT
ETag: "5649c-598b845529e00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 43320
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

tan-portal.info/sp/login/spk-logo-druck.png

94.247.42.19

200 OK

6.4 kB

URL HTTP/1.1
tan-portal.info/sp/login/spk-logo-druck.png
IP
94.247.42.19:0
ASN
#34549 meerfarbig GmbH & Co. KG

File type
PNG image data, 1155 x 386, 8-bit colormap, non-interlaced\012- data
Size
6.4 kB (6357 bytes)
Hash
a8c622aa02e3f28dfc9cf0ecc79eeba1
df7fd73efdc17be95eb86a4f0f57ab1044cf5fc8
92a47005456ffc3265cfb02b76cfb77edf109347cd59ef3c755aec4ffd4e8e85

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Sparkasse

HTTP Headers

GET /sp/login/spk-logo-druck.png HTTP/1.1
Host: tan-portal.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tan-portal.info/sp/a1b2c3/6bcfa853cb20d293df29c95a14c043a7/login/?

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 20:49:41 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Wed, 26 Sep 2018 01:55:22 GMT
ETag: "18d5-576bc83e05680"
Accept-Ranges: bytes
Content-Length: 6357
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Pragma, ETag, Retry-After, Content-Type, Content-Length, Expires, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 26 Jan 2023 20:49:01 GMT
age: 40
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

tan-portal.info/sp/login/1528717408685.png

94.247.42.19

200 OK

7.0 kB

URL HTTP/1.1
tan-portal.info/sp/login/1528717408685.png
IP
94.247.42.19:0
ASN
#34549 meerfarbig GmbH & Co. KG

File type
PNG image data, 97 x 120, 8-bit/color RGBA, non-interlaced\012- data
Size
7.0 kB (7022 bytes)
Hash
2721743c7ffbcf3723661f5ff5b83897
141885711aace84dc0f0681b5d70d647da0bb128
622cdddf9135812f42c5b6396df2b08c836819bb84d0bcd9e82e779d0a4ad469

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Sparkasse

HTTP Headers

GET /sp/login/1528717408685.png HTTP/1.1
Host: tan-portal.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tan-portal.info/sp/a1b2c3/6bcfa853cb20d293df29c95a14c043a7/login/?

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 20:49:41 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Wed, 26 Sep 2018 01:55:22 GMT
ETag: "1b6e-576bc83e05680"
Accept-Ranges: bytes
Content-Length: 7022
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

tan-portal.info/sp/login/spk-logo-desktop.png

94.247.42.19

200 OK

7.1 kB

URL HTTP/1.1
tan-portal.info/sp/login/spk-logo-desktop.png
IP
94.247.42.19:0
ASN
#34549 meerfarbig GmbH & Co. KG

File type
PNG image data, 320 x 96, 8-bit/color RGBA, non-interlaced\012- data
Size
7.1 kB (7093 bytes)
Hash
eddf2a53114468b60ed853855a904197
3d9d6ad644133640dbf8098ebbe7a5f6f9c52ad1
a4f04574b20972a5b290984c214ff23af7810b73db0a640c75bf11b2a042336b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Sparkasse

HTTP Headers

GET /sp/login/spk-logo-desktop.png HTTP/1.1
Host: tan-portal.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tan-portal.info/sp/a1b2c3/6bcfa853cb20d293df29c95a14c043a7/login/?

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 20:49:41 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Wed, 13 Nov 2019 12:50:18 GMT
ETag: "1bb5-59739ce8f9680"
Accept-Ranges: bytes
Content-Length: 7093
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

tan-portal.info/sp/login/spk-logo-mobile.png

94.247.42.19

200 OK

5.2 kB

URL HTTP/1.1
tan-portal.info/sp/login/spk-logo-mobile.png
IP
94.247.42.19:0
ASN
#34549 meerfarbig GmbH & Co. KG

File type
PNG image data, 220 x 120, 8-bit/color RGBA, non-interlaced\012- data
Size
5.2 kB (5228 bytes)
Hash
c65e0835915ff7437f1a67888ca71667
c246d5a54c9e2646f89d8e02714568b884226a84
723733a7bb6f25194a40769ba4b2c4b4840d707bba89f745984fab9442f72141

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Sparkasse

HTTP Headers

GET /sp/login/spk-logo-mobile.png HTTP/1.1
Host: tan-portal.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tan-portal.info/sp/a1b2c3/6bcfa853cb20d293df29c95a14c043a7/login/?

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 20:49:41 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Wed, 26 Sep 2018 08:46:04 GMT
ETag: "146c-576c240a76b00"
Accept-Ranges: bytes
Content-Length: 5228
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

tan-portal.info/sp/login/form/form.js?v=63d2e764bd488

94.247.42.19

200 OK

2.8 kB

URL HTTP/1.1
tan-portal.info/sp/login/form/form.js?v=63d2e764bd488
IP
94.247.42.19:0
ASN
#34549 meerfarbig GmbH & Co. KG

File type
ASCII text
Size
2.8 kB (2801 bytes)
Hash
c7f29981e3ba18d44abe3ce372ea1157
658ea1f86f504ffaf9b67850ab986baf906a4935
3076b2ab05be7c0efa3d053dc74536bc8c62a8221fbab9557f92d86d0c6699b1

HTTP Headers

GET /sp/login/form/form.js?v=63d2e764bd488 HTTP/1.1
Host: tan-portal.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tan-portal.info/sp/a1b2c3/6bcfa853cb20d293df29c95a14c043a7/login/?

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 20:49:41 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Wed, 26 Sep 2018 09:16:26 GMT
ETag: "2535-576c2ad40ee80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2801
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

tan-portal.info/sp/login/1507888956944.png

94.247.42.19

200 OK

40 kB

URL HTTP/1.1
tan-portal.info/sp/login/1507888956944.png
IP
94.247.42.19:0
ASN
#34549 meerfarbig GmbH & Co. KG

File type
PNG image data, 366 x 212, 8-bit/color RGBA, non-interlaced\012- data
Size
40 kB (40338 bytes)
Hash
8d3b08c4123563080af1701ca1e1de8f
f431946ea854f4b37c1813cd481ed90ac6c27b16
d3d6aefec9d4c8294072e8a246a45716badf57373b71990f6254b4c480245288

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Sparkasse

HTTP Headers

GET /sp/login/1507888956944.png HTTP/1.1
Host: tan-portal.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tan-portal.info/sp/a1b2c3/6bcfa853cb20d293df29c95a14c043a7/login/?

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 20:49:41 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Wed, 26 Sep 2018 01:55:22 GMT
ETag: "9d92-576bc83e05680"
Accept-Ranges: bytes
Content-Length: 40338
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

tan-portal.info/sp/login/token/token.js?v=63d2e764bd4ca

94.247.42.19

200 OK

1.8 kB

URL HTTP/1.1
tan-portal.info/sp/login/token/token.js?v=63d2e764bd4ca
IP
94.247.42.19:0
ASN
#34549 meerfarbig GmbH & Co. KG

File type
Unicode text, UTF-8 text
Size
1.8 kB (1797 bytes)
Hash
d8b0c1da4498449af49544abf6f26d57
00d6a3bc631a0d096723fddfcdfc97b5e0d7d13f
c3308a0acf6fdb65ae44bf8f2e54aa5bade44f5862600cd5aa79926a9bdeb47c

HTTP Headers

GET /sp/login/token/token.js?v=63d2e764bd4ca HTTP/1.1
Host: tan-portal.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tan-portal.info/sp/a1b2c3/6bcfa853cb20d293df29c95a14c043a7/login/?

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 20:49:41 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 18 Feb 2021 21:21:40 GMT
ETag: "2a79-5bba2ebe06100-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1797
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

tan-portal.info/sp/login/1507889499605.jpg

94.247.42.19

200 OK

5.7 kB

URL HTTP/1.1
tan-portal.info/sp/login/1507889499605.jpg
IP
94.247.42.19:0
ASN
#34549 meerfarbig GmbH & Co. KG

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 105x105, components 3\012- data
Size
5.7 kB (5720 bytes)
Hash
7b00c2b44ddd6a84e4903e4105498aef
b0afccad4c70648e49b37f6363ba78126c78c23a
4aed1efbbe0bb753684998625ef250fb40086fa7806930d159d80499a5aaf753

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Sparkasse

HTTP Headers

GET /sp/login/1507889499605.jpg HTTP/1.1
Host: tan-portal.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tan-portal.info/sp/a1b2c3/6bcfa853cb20d293df29c95a14c043a7/login/?

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 20:49:41 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Wed, 26 Sep 2018 01:55:22 GMT
ETag: "1658-576bc83e05680"
Accept-Ranges: bytes
Content-Length: 5720
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/jpeg

tan-portal.info/sp/login/tdg

94.247.42.19

200 OK

45 B

URL HTTP/1.1
tan-portal.info/sp/login/tdg
IP
94.247.42.19:0
ASN
#34549 meerfarbig GmbH & Co. KG

File type
GIF image data, version 89a, 1 x 1\012- data
Size
45 B (45 bytes)
Hash
9323cda5b644259fe90fd8625c7e66c9
b16b47d625d876833220e756403721260923f85f
62cfb054088e29a0e576b434030c236c6101af0599e6f55cfe89b35a6186fba4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Sparkasse

HTTP Headers

GET /sp/login/tdg HTTP/1.1
Host: tan-portal.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tan-portal.info/sp/a1b2c3/6bcfa853cb20d293df29c95a14c043a7/login/?

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 20:49:41 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Wed, 26 Sep 2018 01:55:22 GMT
ETag: "2d-576bc83e05680"
Accept-Ranges: bytes
Content-Length: 45
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive

tan-portal.info/sp/login/sparkasse_web_bd.woff

94.247.42.19

200 OK

40 kB

URL HTTP/1.1
tan-portal.info/sp/login/sparkasse_web_bd.woff
IP
94.247.42.19:0
ASN
#34549 meerfarbig GmbH & Co. KG

File type
Web Open Font Format, TrueType, length 39736, version 2.2031\012- data
Size
40 kB (39736 bytes)
Hash
39389cced4efa9c27ebba65d0e92560d
05d8297cdb145f58954ce455f8186a72704d24b1
e3a096177fdb67dc609921050caec415a389d683674be529f2ba91f6e5514638

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Sparkasse

HTTP Headers

GET /sp/login/sparkasse_web_bd.woff HTTP/1.1
Host: tan-portal.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://tan-portal.info/sp/login/index.css

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 20:49:41 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Wed, 26 Sep 2018 01:55:22 GMT
ETag: "9b38-576bc83e05680"
Accept-Ranges: bytes
Content-Length: 39736
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/font-woff

tan-portal.info/sp/login/sparkasse_web_rg.woff

94.247.42.19

200 OK

40 kB

URL HTTP/1.1
tan-portal.info/sp/login/sparkasse_web_rg.woff
IP
94.247.42.19:0
ASN
#34549 meerfarbig GmbH & Co. KG

File type
Web Open Font Format, TrueType, length 39492, version 2.2031\012- data
Size
40 kB (39492 bytes)
Hash
1ede5f0deb8374f620e3c9b987eea540
b6030ad252b75992b696f06b881be4146202af9d
a9ad5dac2a400c1fb324e09df57325568e98772618ff818ca5344b171c834aa2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Sparkasse

HTTP Headers

GET /sp/login/sparkasse_web_rg.woff HTTP/1.1
Host: tan-portal.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://tan-portal.info/sp/login/index.css

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 20:49:41 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Wed, 26 Sep 2018 01:55:22 GMT
ETag: "9a44-576bc83e05680"
Accept-Ranges: bytes
Content-Length: 39492
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/font-woff

tan-portal.info/sp/login/pictos-if.woff

94.247.42.19

200 OK

65 kB

URL HTTP/1.1
tan-portal.info/sp/login/pictos-if.woff
IP
94.247.42.19:0
ASN
#34549 meerfarbig GmbH & Co. KG

File type
Web Open Font Format, TrueType, length 65388, version 1.0\012- data
Size
65 kB (65388 bytes)
Hash
02558358809437f1bb9101f9f0067ac6
92314956a48821d989df7c2f70413fb4756e283f
d6fff4dce0ed66b0ef96ec5165e4b5fa7d2d193df2537040630dd19606b7b664

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Sparkasse

HTTP Headers

GET /sp/login/pictos-if.woff HTTP/1.1
Host: tan-portal.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://tan-portal.info/sp/login/index.css

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 20:49:41 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Wed, 26 Sep 2018 01:55:22 GMT
ETag: "ff6c-576bc83e05680"
Accept-Ranges: bytes
Content-Length: 65388
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/font-woff

tan-portal.info/sp/login/sparkasse_web_lt.woff

94.247.42.19

200 OK

27 kB

URL HTTP/1.1
tan-portal.info/sp/login/sparkasse_web_lt.woff
IP
94.247.42.19:0
ASN
#34549 meerfarbig GmbH & Co. KG

File type
Web Open Font Format, TrueType, length 27372, version 2.2031\012- data
Size
27 kB (27372 bytes)
Hash
3a1f95e54325b864082cc99628b607e3
908f5e4670b31649c95c236958befd4f9cf9b84e
133ad01e7b25970c5cbcce3d8ffb7f23eef311c5950d9fcf27463c49e9ae3f02

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Sparkasse

HTTP Headers

GET /sp/login/sparkasse_web_lt.woff HTTP/1.1
Host: tan-portal.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://tan-portal.info/sp/login/index.css

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 20:49:41 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Wed, 26 Sep 2018 01:55:22 GMT
ETag: "6aec-576bc83e05680"
Accept-Ranges: bytes
Content-Length: 27372
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/font-woff

tan-portal.info/sp/home.php?pl=token&link=sparkase.de&bid=6bcfa853cb20d293df29c95a14c043a7&callback=jQuery321015484138703394212_1674766181182&data=%7B%22mes%22%3A%22User%20on%20Login%20page%22%7D&_=1674766181183

94.247.42.19

200 OK

58 B

URL HTTP/1.1
tan-portal.info/sp/home.php?pl=token&link=sparkase.de&bid=6bcfa853cb20d293df29c95a14c043a7&callback=jQuery321015484138703394212_1674766181182&data=%7B%22mes%22%3A%22User%20on%20Login%20page%22%7D&_=1674766181183
IP
94.247.42.19:0
ASN
#34549 meerfarbig GmbH & Co. KG

File type
ASCII text, with no line terminators
Size
58 B (58 bytes)
Hash
f89f662d223bff9c0fa74970def34b4e
5888a6be4b8ab5c4fecc9d3000889161a4483c3d
b3968d547cbd82fa168a8d49af0f59ea694ff1c15a93a06330f7bcca16f34750

HTTP Headers

GET /sp/home.php?pl=token&link=sparkase.de&bid=6bcfa853cb20d293df29c95a14c043a7&callback=jQuery321015484138703394212_1674766181182&data=%7B%22mes%22%3A%22User%20on%20Login%20page%22%7D&_=1674766181183 HTTP/1.1
Host: tan-portal.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://tan-portal.info/sp/a1b2c3/6bcfa853cb20d293df29c95a14c043a7/login/?

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 20:49:41 GMT
Server: Apache/2.4.18 (Ubuntu)
Content-Length: 58
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/json

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1e2970e1480a4759282d63bb213051e4
ed5194d4d25dfc199821129be5d74be0ce49197d
18e19ea4c9c262cb9a94f89172eef2604222e779346589d470bf2e95ea295563

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "18E19EA4C9C262CB9A94F89172EEF2604222E779346589D470BF2E95EA295563"
Last-Modified: Tue, 24 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3893
Expires: Thu, 26 Jan 2023 21:54:34 GMT
Date: Thu, 26 Jan 2023 20:49:41 GMT
Connection: keep-alive

tan-portal.info/sp/home.php?pl=token&link=sparkase.de&bid=6bcfa853cb20d293df29c95a14c043a7&callback=jQuery321015484138703394212_1674766181180&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1674766181181

94.247.42.19

200 OK

58 B

URL HTTP/1.1
tan-portal.info/sp/home.php?pl=token&link=sparkase.de&bid=6bcfa853cb20d293df29c95a14c043a7&callback=jQuery321015484138703394212_1674766181180&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1674766181181
IP
94.247.42.19:0
ASN
#34549 meerfarbig GmbH & Co. KG

File type
ASCII text, with no line terminators
Size
58 B (58 bytes)
Hash
1e731fea375373f8442eef87d999c4bc
74fd8d481bc4c9f92110e5fdde95d3e26817eeb1
c12c3b9eaa413767e01e3bdfe1ea9a6d9ff1a6f41341b278fbb0c734f4ac2f0b

HTTP Headers

GET /sp/home.php?pl=token&link=sparkase.de&bid=6bcfa853cb20d293df29c95a14c043a7&callback=jQuery321015484138703394212_1674766181180&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1674766181181 HTTP/1.1
Host: tan-portal.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://tan-portal.info/sp/a1b2c3/6bcfa853cb20d293df29c95a14c043a7/login/?

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 20:49:41 GMT
Server: Apache/2.4.18 (Ubuntu)
Content-Length: 58
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/json

tan-portal.info/sp/login/favicon1x.png

94.247.42.19

200 OK

296 B

URL HTTP/1.1
tan-portal.info/sp/login/favicon1x.png
IP
94.247.42.19:0
ASN
#34549 meerfarbig GmbH & Co. KG

File type
MS Windows icon resource - 1 icon, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel\012- data
Size
296 B (296 bytes)
Hash
47eb2096b512df6bf2295ef2b3ff1bbf
4110aab4d22d8337dbfdb71051f46dc5d4b226a1
e5f816492f591a3d16c6468aaee7710c96f401939fa1041cd78f29a4b80395a1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Sparkasse

HTTP Headers

GET /sp/login/favicon1x.png HTTP/1.1
Host: tan-portal.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tan-portal.info/sp/a1b2c3/6bcfa853cb20d293df29c95a14c043a7/login/?

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 20:49:41 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Wed, 26 Sep 2018 01:55:22 GMT
ETag: "128-576bc83e05680"
Accept-Ranges: bytes
Content-Length: 296
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png

push.services.mozilla.com/

34.213.76.197

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.213.76.197:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: /xIodyx76D1HEUgKSFYbdQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: rCwOpTg55Ae33RYNHQpbQ2kfOqY=

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19099
Expires: Fri, 27 Jan 2023 02:08:01 GMT
Date: Thu, 26 Jan 2023 20:49:42 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19099
Expires: Fri, 27 Jan 2023 02:08:01 GMT
Date: Thu, 26 Jan 2023 20:49:42 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19099
Expires: Fri, 27 Jan 2023 02:08:01 GMT
Date: Thu, 26 Jan 2023 20:49:42 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a8a63ec-e0a4-4297-b143-649ad3968ae8.jpeg

34.120.237.76

200 OK

9.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a8a63ec-e0a4-4297-b143-649ad3968ae8.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.6 kB (9595 bytes)
Hash
f62e9b7bdca82d18c945851912d8fea8
a7ca44d337c43bc5c6145b26778661c71cc50484
5da02cc405c1cada55813ffe376844375f1d6ad222cbb63405348b1f5132a0b1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a8a63ec-e0a4-4297-b143-649ad3968ae8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9595
x-amzn-requestid: c257bfbe-1bd7-4540-bbfa-e4c49a2624a1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUXwfGigoAMFvBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a002-226c08656eeefbfa3c2dddb6;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:32:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: k9njnQmggD7UkVJzZqSzo90HJJjTjGK0QIoPU0HWYKrSstjM6s1rOw==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 21:57:18 GMT
age: 82344
etag: "a7ca44d337c43bc5c6145b26778661c71cc50484"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46a5d7d6-d259-4246-b28c-8e4355fbc747.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.6 kB (6609 bytes)
Hash
b242645f0cc22e3b12c132e6d03722ac
dec70f83182de58e03bfcb95fc240b7c33f20674
59a2d8c972d27598dfe38637197f90053186c4f68b80a5a90283cb11ddaf8a31

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46a5d7d6-d259-4246-b28c-8e4355fbc747.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6609
x-amzn-requestid: 129067f4-c79b-493d-8863-2eb6c1565ee6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fSZABF4IIAMFsig=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d0d533-4908ab6e5c751213084de3c6;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 07:07:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: hUp-Y119Uly8FlGe1Wr8b-_pNoyg_iV-KaNaC7Fo44iN_sDU3BnCbA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 07:35:29 GMT
age: 47653
etag: "dec70f83182de58e03bfcb95fc240b7c33f20674"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd53f06d1-60cf-4ced-8bcd-877162b44d2d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.0 kB (7014 bytes)
Hash
d59b0db3cc1f31f9154d32804a8e3940
498c310e0f4a84c1350bae55aec0d2a0192f8dda
14a2b4e9763a62478015d8f61bf9e44eb67dfe08a58cc94dc836dc8ff3f1b6cf

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd53f06d1-60cf-4ced-8bcd-877162b44d2d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7014
x-amzn-requestid: 689ad8b2-4ec8-4f61-a31e-7813c9143f9b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e-EyFHmEIAMFsHQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c8b4d9-7ce5fef1456ecc73690eff07;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 03:11:21 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: t-84fZv6Btjp5l37tn35lW8fY-jNChCVD6qeKV23KtUwnBSphyRkOw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 17:55:36 GMT
age: 10446
etag: "498c310e0f4a84c1350bae55aec0d2a0192f8dda"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa3e6d9a5-dd7d-4337-a00f-a145350a1a29.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10379 bytes)
Hash
653bf5a34e9f99c9eef73a21d98d792f
c70d46aa2210c4f7c397fa20e1225b7d0734ac35
9f928ec6f194340e5543a4bf757aac31d545def67a56ae804a2039a3effd3fe0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa3e6d9a5-dd7d-4337-a00f-a145350a1a29.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10379
x-amzn-requestid: 419e5a80-cb6d-4904-9545-a0f815149701
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUYMREwmIAMFhQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a0b4-64c49f7d49687d9e5324ec64;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:35:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: rZHSgPIPZyea2griEvL-3semlrUDichGSL8Rin4YeYKN909f9e0lyQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 21:41:09 GMT
age: 83313
etag: "c70d46aa2210c4f7c397fa20e1225b7d0734ac35"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8017df09-37d9-4c4b-9051-0442b3eb8fbf.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.3 kB (9285 bytes)
Hash
17e1b6f3caa98b0e0972802408dd3f93
07e48bf3565e00d093d72dd4ada606f5d39a4838
7094ef64e04573bea7a81bbcc8ab59d721c5ef433e3fa9203e5861040ced549c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8017df09-37d9-4c4b-9051-0442b3eb8fbf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9285
x-amzn-requestid: 526bd945-31d8-490e-af9d-5e6fc6ea3561
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUYT2HzvoAMFYYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a0e5-6812fe4354bbdac4472e7e81;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:36:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: QEH9CmjfV8QZFNxFz_tEk06i_ELUSNC2QjdTF4K3xc3vS651BZ3NlQ==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 21:52:28 GMT
age: 82634
etag: "07e48bf3565e00d093d72dd4ada606f5d39a4838"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.9 kB (5943 bytes)
Hash
ba0a42dadf6a976df148f652e9cc1844
4d825b74865effa4a858ddcad1d0969671facc07
7276a38c9ba6b13a06f24ab8b802f210f98c5541df53fbcd8e879a14d2957d95

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5943
x-amzn-requestid: 6774f4a4-ed83-49df-868f-4517c2af914b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUXxNF2UIAMFlYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a007-75b1e8975c3f4b503e0a1c5b;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:32:55 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: VATQ0SjZfM_btXwR4M5keLmd-EE6717EHEiXrF2zpHNrli93EhN6Rw==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 21:48:42 GMT
age: 82860
etag: "4d825b74865effa4a858ddcad1d0969671facc07"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

94.247.42.19

200 OK

58 B

URL HTTP/1.1
tan-portal.info/sp/home.php?pl=token&link=sparkase.de&bid=6bcfa853cb20d293df29c95a14c043a7&callback=jQuery321015484138703394212_1674766181180&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1674766181184
IP
94.247.42.19:0
ASN
#34549 meerfarbig GmbH & Co. KG

File type
ASCII text, with no line terminators
Size
58 B (58 bytes)
Hash
1e731fea375373f8442eef87d999c4bc
74fd8d481bc4c9f92110e5fdde95d3e26817eeb1
c12c3b9eaa413767e01e3bdfe1ea9a6d9ff1a6f41341b278fbb0c734f4ac2f0b

HTTP Headers

GET /sp/home.php?pl=token&link=sparkase.de&bid=6bcfa853cb20d293df29c95a14c043a7&callback=jQuery321015484138703394212_1674766181180&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1674766181184 HTTP/1.1
Host: tan-portal.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://tan-portal.info/sp/a1b2c3/6bcfa853cb20d293df29c95a14c043a7/login/?

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 20:49:46 GMT
Server: Apache/2.4.18 (Ubuntu)
Content-Length: 58
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/json

34.120.237.76

200 OK

8.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3177e0c-fa06-470b-bb9e-800d246a5096.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.6 kB (8648 bytes)
Hash
4e013ee2e3a5287de55de4c2437a279d
f2b0a5738ec9e3b178b2bf5513de3e604b86eadf
f174d5678154412cdbf71f93c345d28cfb8bad7c190fa31dd78e9314c510f7ca

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3177e0c-fa06-470b-bb9e-800d246a5096.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 8648
x-amzn-requestid: 19beb9c1-4e85-47ba-9275-7fb5d25f055f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUYMlENLoAMFhIg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a0b6-016533de5b42b3a573a66c78;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:35:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: jkExt4JNW6KtzDm8mDdb-AvXWXeyZr14XifDN_XVzKiwFAru_1HcSA==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 21:55:21 GMT
age: 82468
etag: "f2b0a5738ec9e3b178b2bf5513de3e604b86eadf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML