Report - commune-zahretmedien.tn/-/8cfce1f1cffe804839b5e551bbde8b53/execution.html?validation=e1s1

Report Overview

Submitted URL
commune-zahretmedien.tn/-/8cfce1f1cffe804839b5e551bbde8b53/execution.html?validation=e1s1
IP
213.186.33.186
ASN
#16276 OVH SAS
Submitted
2023-02-08 13:38:05
Access
Website Title
Final URL
Tags
dhl logistics phishing suspicious
urlquery detections
Phishing - DHL
Suspicious - Suspicious JS code

Detections

urlquery
16
Network Intrusion Detection
0
Threat Detection Systems
30

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
code.jquery.com	634	2012-05-21T19:28:02Z	2023-03-13T05:09:57Z	416 B	31 kB	69.16.175.42
commune-zahretmedien.tn	452688	2021-02-03T22:35:31Z	2023-03-08T23:45:56Z	8.5 kB	499 kB	213.186.33.186
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	54.186.71.207
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	59 kB	34.120.237.76
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2.4 kB	6.2 kB	23.36.77.32
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-02-08	medium	commune-zahretmedien.tn/-/8cfce1f1cffe804839b5e551bbde8b53/execution.html?validation=e1s1	DHL Airways, Inc.

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-08	medium	commune-zahretmedien.tn/-/dist/js.cookie.js	Phishing
2023-02-08	medium	commune-zahretmedien.tn/-/dist/jquery-lang.js	Phishing
2023-02-08	medium	commune-zahretmedien.tn/-/dist/fonts/default-274a65bae9742377aaf010bb1a7de971.woff	Phishing
2023-02-08	medium	commune-zahretmedien.tn/-/dist/DHL_footer.html	Phishing
2023-02-08	medium	commune-zahretmedien.tn/-/dist/fonts/iconfont-e7bece496cd0e6d60e456bc2b48c9446.woff	Phishing
2023-02-08	medium	commune-zahretmedien.tn/-/dist/langpack/en.json	Phishing
2023-02-08	medium	commune-zahretmedien.tn/-/dist/fonts/default-815fcbb4d2c57901701125d768f09d67.woff	Phishing
2023-02-08	medium	commune-zahretmedien.tn/-/dist/fonts/default-3e828e80f6e985c352eba4474518978d.woff	Phishing
2023-02-08	medium	commune-zahretmedien.tn/-/dist/load.php	Phishing
2023-02-08	medium	commune-zahretmedien.tn/-/dist/DHL_head.html	Phishing
2023-02-08	medium	commune-zahretmedien.tn/-/dist/jquery.validate.min.js	Phishing
2023-02-08	medium	commune-zahretmedien.tn/-/dist/fonts/default-5a6dd86f272b304a8b83f7df61f11c2f.woff	Phishing
2023-02-08	medium	commune-zahretmedien.tn/-/8cfce1f1cffe804839b5e551bbde8b53/execution.html?validation=e1s1	Phishing
2023-02-08	medium	commune-zahretmedien.tn/-/dist/DHL_track.html	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (11)

	URL	Size	First Seen	Last Seen
	commune-zahretmedien.tn/-/8cfce1f1cffe804839b5e551bbde8b53/execution.html?validation=e1s1	1.8 kB	2023-03-07	2023-04-05
Pretty URL commune-zahretmedien.tn/-/8cfce1f1cffe804839b5e551bbde8b53/execution.html?validation=e1s1 IP 213.186.33.186 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2023-04-05 02:10:37 Times Seen37 Hash 9ddee2a191326dc2605ceb1cc094990b d422115883d943f7449a253f252a830efdfeee71 c8504d5af9e4a9db87d3b945f0a2d75188098d24a3f87e99dcb7c01b98bd4029 Loading...

	commune-zahretmedien.tn/-/8cfce1f1cffe804839b5e551bbde8b53/execution.html?validation=e1s1	1.4 kB	2023-03-07	2023-04-05
Pretty URL commune-zahretmedien.tn/-/8cfce1f1cffe804839b5e551bbde8b53/execution.html?validation=e1s1 IP 213.186.33.186 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2023-04-05 02:10:37 Times Seen37 Hash 5329f7468d15783c00be6fe3f9b06b32 34a468c9ba09e58351afa6c0021e454245699815 6ebae2c4b8815818d94884a0939c122eb1b81a1b17add5fda8aa0904aa81025b Loading...

	commune-zahretmedien.tn/-/8cfce1f1cffe804839b5e551bbde8b53/execution.html?validation=e1s1	24 kB	2023-03-07	2023-04-05
Pretty URL commune-zahretmedien.tn/-/8cfce1f1cffe804839b5e551bbde8b53/execution.html?validation=e1s1 IP 213.186.33.186 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:05 Last Seen2023-04-05 02:10:37 Times Seen48 Hash be2688fe29eb5135f6f36c94e2e53820 15364bc930a8e0f87a09b5aa645a312984a9da73 0ca6e9d89d18b037dcce799d02a32f53aca9497adba83f93ea6d8751fe2fa217 Loading...

	commune-zahretmedien.tn/-/8cfce1f1cffe804839b5e551bbde8b53/execution.html?validation=e1s1	2.4 kB	2023-03-13	2023-03-26
Pretty URL commune-zahretmedien.tn/-/8cfce1f1cffe804839b5e551bbde8b53/execution.html?validation=e1s1 IP 213.186.33.186 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 02:47:08 Last Seen2023-03-26 09:41:39 Times Seen32 Hash ab2291df6547d506300829be2c64038c 95984563a9ea462358820ee91a163ed30f4cc62c fa37564ade8f9c940a1992306f5314e87c9825e0a4fabac4a854a24ea466bbbd Loading...

	commune-zahretmedien.tn/-/8cfce1f1cffe804839b5e551bbde8b53/execution.html?validation=e1s1	1.5 kB	2023-03-08	2024-04-03
Pretty URL commune-zahretmedien.tn/-/8cfce1f1cffe804839b5e551bbde8b53/execution.html?validation=e1s1 IP 213.186.33.186 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:35:52 Last Seen2024-04-03 07:26:38 Times Seen126 Hash 333b1a68e11af5c6f3517aca58a09c79 e4116574c2f340348c8c29c326d55cdbec6f38dd 938c892b8d5aa6c4f123664ee91c8e209fc873138b56a722ff1a08a002e3f473 Loading...

	commune-zahretmedien.tn/-/8cfce1f1cffe804839b5e551bbde8b53/execution.html?validation=e1s1	629 B	2023-03-07	2024-04-22
Pretty URL commune-zahretmedien.tn/-/8cfce1f1cffe804839b5e551bbde8b53/execution.html?validation=e1s1 IP 213.186.33.186 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:05 Last Seen2024-04-22 02:04:43 Times Seen194 Hash 40caf4b9db3eeb421d7639f1c1cb39e0 d0afc8f3fef2cf87946a0eca6461a4a2d55a5680 4443f9401c6a316d9ac2cb120686003f32a7933a52b29894609185f058a5308e Loading...

	code.jquery.com/jquery-3.5.1.min.js	90 kB	2023-03-07	2024-04-25
Pretty URL code.jquery.com/jquery-3.5.1.min.js IP 69.16.175.42 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-25 00:40:36 Times Seen139042 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	commune-zahretmedien.tn/-/dist/jquery-lang.js	28 kB	2023-03-07	2024-04-22
Pretty URL commune-zahretmedien.tn/-/dist/jquery-lang.js IP 213.186.33.186 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-22 02:04:43 Times Seen478 Hash 1062fb1e2ffb1b8b6c596da423b9aef6 e0f54f2cdfce6d3861506744d6c52fbc23f612e9 67829a15eafd08a53376a78dc3574724e4bf87455bdc7b52c9b01828df272ca2 Loading...

	commune-zahretmedien.tn/-/dist/js.cookie.js	3.4 kB	2023-03-07	2024-04-22
Pretty URL commune-zahretmedien.tn/-/dist/js.cookie.js IP 213.186.33.186 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-22 02:04:43 Times Seen471 Hash 19d988c6d1e7cd9d601639a616dc769b 2cf3f170a083a3e4538a6f55b1064eaf737f6180 9df6e8c4bc8ea670d2f4da40a35a41772cc8857aca288a77acfa891cf1a54c36 Loading...

	commune-zahretmedien.tn/-/8cfce1f1cffe804839b5e551bbde8b53/execution.html?validation=e1s1	1.0 kB	2023-03-07	2024-04-07
Pretty URL commune-zahretmedien.tn/-/8cfce1f1cffe804839b5e551bbde8b53/execution.html?validation=e1s1 IP 213.186.33.186 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-07 07:13:32 Times Seen66 Hash 1d175bf3c30c7a41b8f0f6c60e2fcefc 1e1ac5cb8a33370b0eff734a461cf2bae98e1244 4323901acf3473e6164e79dcb144d4c5f97709819c0c572056c09174aa78dce9 Loading...

	commune-zahretmedien.tn/-/8cfce1f1cffe804839b5e551bbde8b53/execution.html?validation=e1s1	5 B	2023-03-07	2024-04-24
Pretty URL commune-zahretmedien.tn/-/8cfce1f1cffe804839b5e551bbde8b53/execution.html?validation=e1s1 IP 213.186.33.186 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-24 21:17:40 Times Seen2674 Hash 230a091930a82c5ae47e29610ee98ceb 6376b33e5123bf09a271789a272103f957c8f38d 4dc501d66cd78903b81b1a53459d0432939728c537bbe9ffab55ab81521cb352 Loading...

HTTP Transactions (35)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2a3918bd6042915a14bda8953f130338
e35451cfecd720f8812c17f6bca4cc49e14fc702
794cbe0edac31898096c96850fb6c17d533df67f2d70dabf2c9b827fdea2e1b8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "794CBE0EDAC31898096C96850FB6C17D533DF67F2D70DABF2C9B827FDEA2E1B8"
Last-Modified: Wed, 08 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21199
Expires: Wed, 08 Feb 2023 19:31:12 GMT
Date: Wed, 08 Feb 2023 13:37:53 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b7407cc102d62a5acd5e61f8a79bed36
c2f4890a62454e514962b55b7fc14228339c8e90
be282de92da261128a7c8471f3067466aa9930fd0ab2a2cdda8cd2d6ce2bbd74

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE282DE92DA261128A7C8471F3067466AA9930FD0AB2A2CDDA8CD2D6CE2BBD74"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2931
Expires: Wed, 08 Feb 2023 14:26:45 GMT
Date: Wed, 08 Feb 2023 13:37:54 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3575
Expires: Wed, 08 Feb 2023 14:37:29 GMT
Date: Wed, 08 Feb 2023 13:37:54 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13913
Expires: Wed, 08 Feb 2023 17:29:47 GMT
Date: Wed, 08 Feb 2023 13:37:54 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 08 Feb 2023 13:34:13 GMT
content-type: application/json
age: 221
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 7NDkKdEQUcufTecqrY3DzPpyQScKQZ44qrlYcdNQWxruWhIOAq5BTs8t+6WmpIEoJ1VFutVelO8=
x-amz-request-id: RBEAT8CBAK90P8PD
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 08 Feb 2023 13:35:57 GMT
age: 117
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 13:37:54 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.5.1.min.js

69.16.175.42

200 OK

31 kB

URL HTTP/2
code.jquery.com/jquery-3.5.1.min.js
IP
69.16.175.42:0
ASN
#20446 STACKPATH-CDN

File type
ASCII text, with very long lines (65451)
Size
31 kB (30879 bytes)
Hash
3700d0b271343804b9b9aa1c13efa521
3d6b03dbd74872ca3dfbb0529f6c80943788f918
fda7541f8e4cf921d20bcd0dc1d0efe69644c79bd18a0be4ce2f34246c83603e

HTTP Headers

GET /jquery-3.5.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://commune-zahretmedien.tn
Connection: keep-alive
Referer: https://commune-zahretmedien.tn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 08 Feb 2023 13:37:54 GMT
content-encoding: gzip
content-length: 30879
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-15d84"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1675863474.dop065.sk1.t,1675863474.cds249.sk1.hn,1675863474.cds208.sk1.c
X-Firefox-Spdy: h2

commune-zahretmedien.tn/-/dist/dhl.css

213.186.33.186

200 OK

289 kB

URL HTTP/2
commune-zahretmedien.tn/-/dist/dhl.css
IP
213.186.33.186:0
ASN
#16276 OVH SAS

File type
Unicode text, UTF-8 text, with very long lines (1148), with CRLF line terminators
Size
289 kB (288672 bytes)
Hash
7630ad50e7cca6adb8906ac6071ae294
16c06f87da7484d6f83f63767d1d844018998016
352096d750bbc6c1e921097cd5cccc39061d644aa4b4502886ffc160bb32cd0f

HTTP Headers

GET /-/dist/dhl.css HTTP/1.1
Host: commune-zahretmedien.tn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://commune-zahretmedien.tn/-/8cfce1f1cffe804839b5e551bbde8b53/execution.html?validation=e1s1
Cookie: langCookie=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 12:34:13 GMT
expires: Wed, 08 Feb 2023 12:49:13 GMT
cache-control: max-age=900
x-request-id: 110920620
content-type: text/css
last-modified: Wed, 08 Feb 2023 01:14:20 GMT
vary: Accept-Encoding
content-encoding: br
x-grace: full
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 288672
X-Firefox-Spdy: h2

commune-zahretmedien.tn/-/dist/js.cookie.js

213.186.33.186

200 OK

1.2 kB

URL HTTP/2
commune-zahretmedien.tn/-/dist/js.cookie.js
IP
213.186.33.186:0
ASN
#16276 OVH SAS

File type
ASCII text
Size
1.2 kB (1248 bytes)
Hash
c6fa186af4787c5da36a9988b97a439a
ec596d359ba699e7c5c24f161d692c842ae0752a
7a60c97aa49e298ca58e642f4fe5bab574a2d903f5f3bd36d6b58fa7695f47af

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /-/dist/js.cookie.js HTTP/1.1
Host: commune-zahretmedien.tn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://commune-zahretmedien.tn/-/8cfce1f1cffe804839b5e551bbde8b53/execution.html?validation=e1s1
Cookie: langCookie=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 12:34:13 GMT
expires: Wed, 08 Feb 2023 12:49:13 GMT
cache-control: max-age=900
x-request-id: 110920621
content-type: application/javascript
last-modified: Wed, 08 Feb 2023 01:14:20 GMT
vary: Accept-Encoding
content-encoding: br
x-grace: full
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 1248
X-Firefox-Spdy: h2

commune-zahretmedien.tn/-/dist/jquery-lang.js

213.186.33.186

200 OK

6.7 kB

URL HTTP/2
commune-zahretmedien.tn/-/dist/jquery-lang.js
IP
213.186.33.186:0
ASN
#16276 OVH SAS

File type
ASCII text
Size
6.7 kB (6668 bytes)
Hash
d2725871ce12396096756ff80e1fb286
5f17d78cb2334915b9df96bc8a914cb5de34e0a7
a6399c3c1cd25af7f6a6ecb5a612d2da2828768e4ac0b207cdf98a0220b5ba81

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /-/dist/jquery-lang.js HTTP/1.1
Host: commune-zahretmedien.tn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://commune-zahretmedien.tn/-/8cfce1f1cffe804839b5e551bbde8b53/execution.html?validation=e1s1
Cookie: langCookie=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 12:34:13 GMT
expires: Wed, 08 Feb 2023 12:49:13 GMT
cache-control: max-age=900
x-request-id: 110920622
content-type: application/javascript
last-modified: Wed, 08 Feb 2023 01:14:20 GMT
vary: Accept-Encoding
content-encoding: br
x-grace: full
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 6668
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Content-Type, Pragma, ETag, Retry-After, Backoff, Expires, Alert, Cache-Control, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 08 Feb 2023 12:51:20 GMT
age: 2794
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

commune-zahretmedien.tn/-/dist/fonts/default-274a65bae9742377aaf010bb1a7de971.woff

213.186.33.186

200 OK

41 kB

URL HTTP/2
commune-zahretmedien.tn/-/dist/fonts/default-274a65bae9742377aaf010bb1a7de971.woff
IP
213.186.33.186:0
ASN
#16276 OVH SAS

File type
Web Open Font Format, TrueType, length 41084, version 1.66\012- data
Size
41 kB (41084 bytes)
Hash
03f859bf58e4d37841070de34be7d978
3436d4fa17e7ee470c3d62b08787cfa7de408408
5af5c3746b03792640b9cafdabddfb2c5407f72988e128541a88fa439607d940

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

GET /-/dist/fonts/default-274a65bae9742377aaf010bb1a7de971.woff HTTP/1.1
Host: commune-zahretmedien.tn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://commune-zahretmedien.tn/-/dist/dhl.css
Cookie: langCookie=en
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 13:37:54 GMT
content-type: application/x-font-woff
content-length: 41084
last-modified: Wed, 08 Feb 2023 01:14:20 GMT
x-request-id: 370737169
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Cacheable
accept-ranges: bytes
X-Firefox-Spdy: h2

commune-zahretmedien.tn/-/dist/DHL_footer.html

213.186.33.186

200 OK

5.7 kB

URL HTTP/2
commune-zahretmedien.tn/-/dist/DHL_footer.html
IP
213.186.33.186:0
ASN
#16276 OVH SAS

File type
exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (2591)
Size
5.7 kB (5728 bytes)
Hash
38fe1f66fad161ef4999be1f39d4fe46
47a5059954416af57dbb9bb1a3d5a4a4e89f597e
4ca9022ca6c8ba7da2ca577b62d4d168efa55a451a1bd7a641ac7d60703a817e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /-/dist/DHL_footer.html HTTP/1.1
Host: commune-zahretmedien.tn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://commune-zahretmedien.tn/-/8cfce1f1cffe804839b5e551bbde8b53/execution.html?validation=e1s1
Cookie: langCookie=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 13:37:54 GMT
content-type: text/html
vary: Accept-Encoding
x-request-id: 370737172
content-encoding: br
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Cacheable
accept-ranges: bytes
content-length: 5728
X-Firefox-Spdy: h2

commune-zahretmedien.tn/-/dist/favicon.ico

213.186.33.186

200 OK

1.2 kB

URL HTTP/2
commune-zahretmedien.tn/-/dist/favicon.ico
IP
213.186.33.186:0
ASN
#16276 OVH SAS

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
1.2 kB (1150 bytes)
Hash
d8106bf3a1d00ab43b01e6e3c92500eb
202b5e8654ab1b28351378293bca3b9d844cc29b
9ada5709e264c31b04a05bd85448a9bd5e91925e8d83df5cef0762ec97cc283e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /-/dist/favicon.ico HTTP/1.1
Host: commune-zahretmedien.tn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://commune-zahretmedien.tn/-/8cfce1f1cffe804839b5e551bbde8b53/execution.html?validation=e1s1
Cookie: langCookie=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 13:37:54 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Wed, 08 Feb 2023 01:14:20 GMT
cache-control: max-age=900
expires: Wed, 08 Feb 2023 13:52:54 GMT
x-request-id: 370737173
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Cacheable
accept-ranges: bytes
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8688
Expires: Wed, 08 Feb 2023 16:02:42 GMT
Date: Wed, 08 Feb 2023 13:37:54 GMT
Connection: keep-alive

commune-zahretmedien.tn/-/dist/fonts/iconfont-e7bece496cd0e6d60e456bc2b48c9446.woff

213.186.33.186

200 OK

9.3 kB

URL HTTP/2
commune-zahretmedien.tn/-/dist/fonts/iconfont-e7bece496cd0e6d60e456bc2b48c9446.woff
IP
213.186.33.186:0
ASN
#16276 OVH SAS

File type
Web Open Font Format, TrueType, length 9316, version 1.0\012- data
Size
9.3 kB (9316 bytes)
Hash
9355df62a665ef9249036bbccad8c54c
6b7779a10187a1a7473f604fbe3db96350868c6a
6d051536af97fbd33fae0683a1b6ce3749757ab43c8ee8c89295755fd4595807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

GET /-/dist/fonts/iconfont-e7bece496cd0e6d60e456bc2b48c9446.woff HTTP/1.1
Host: commune-zahretmedien.tn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://commune-zahretmedien.tn/-/dist/dhl.css
Cookie: langCookie=en
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 13:37:54 GMT
content-type: application/x-font-woff
content-length: 9316
last-modified: Wed, 08 Feb 2023 01:14:20 GMT
x-request-id: 370737174
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Cacheable
accept-ranges: bytes
X-Firefox-Spdy: h2

commune-zahretmedien.tn/-/dist/langpack/en.json

213.186.33.186

200 OK

273 B

URL HTTP/2
commune-zahretmedien.tn/-/dist/langpack/en.json
IP
213.186.33.186:0
ASN
#16276 OVH SAS

File type
JSON data\012- , ASCII text
Size
273 B (273 bytes)
Hash
3c469ae7da927263ddb2fc1b9682ec1f
8d4bc96361d493d4d493e0928cc3eb46d7c36f9d
cb27a3e69096b7f9e6c9ca11796af1b3c541ae2e035d97c031ee06ba7892d53c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /-/dist/langpack/en.json HTTP/1.1
Host: commune-zahretmedien.tn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://commune-zahretmedien.tn/-/8cfce1f1cffe804839b5e551bbde8b53/execution.html?validation=e1s1
Cookie: langCookie=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 12:34:17 GMT
x-request-id: 110920633
content-type: application/json
last-modified: Wed, 08 Feb 2023 01:14:20 GMT
content-encoding: br
x-grace: full
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 273
X-Firefox-Spdy: h2

commune-zahretmedien.tn/-/dist/fonts/default-815fcbb4d2c57901701125d768f09d67.woff

213.186.33.186

200 OK

41 kB

URL HTTP/2
commune-zahretmedien.tn/-/dist/fonts/default-815fcbb4d2c57901701125d768f09d67.woff
IP
213.186.33.186:0
ASN
#16276 OVH SAS

File type
Web Open Font Format, TrueType, length 41328, version 1.66\012- data
Size
41 kB (41328 bytes)
Hash
e39bd2e2657ce5dd6f9c33df18529233
6db81ebb91bfa67cef8f2f870f03046150568799
19d0bda83ecbc986620468801adf000c77c3c38398650903c63fac8dcbac4383

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

GET /-/dist/fonts/default-815fcbb4d2c57901701125d768f09d67.woff HTTP/1.1
Host: commune-zahretmedien.tn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://commune-zahretmedien.tn/-/dist/dhl.css
Cookie: langCookie=en
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 13:37:54 GMT
content-type: application/x-font-woff
content-length: 41328
last-modified: Wed, 08 Feb 2023 01:14:20 GMT
x-request-id: 370737175
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Cacheable
accept-ranges: bytes
X-Firefox-Spdy: h2

commune-zahretmedien.tn/-/dist/fonts/default-3e828e80f6e985c352eba4474518978d.woff

213.186.33.186

200 OK

44 kB

URL HTTP/2
commune-zahretmedien.tn/-/dist/fonts/default-3e828e80f6e985c352eba4474518978d.woff
IP
213.186.33.186:0
ASN
#16276 OVH SAS

File type
Web Open Font Format, TrueType, length 44260, version 1.66\012- data
Size
44 kB (44260 bytes)
Hash
4a350e02a03ac62e72e9ea575b31ce84
d47b03b96b6e7034a1473a293bb594e597a41dc2
87c40e3961e21f759770615ae67568a3de3ec6e0735f1238a6aae062f4ea15d5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

GET /-/dist/fonts/default-3e828e80f6e985c352eba4474518978d.woff HTTP/1.1
Host: commune-zahretmedien.tn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://commune-zahretmedien.tn/-/dist/dhl.css
Cookie: langCookie=en
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 13:37:54 GMT
content-type: application/x-font-woff
content-length: 44260
last-modified: Wed, 08 Feb 2023 01:14:20 GMT
x-request-id: 370737176
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Cacheable
accept-ranges: bytes
X-Firefox-Spdy: h2

push.services.mozilla.com/

54.186.71.207

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.186.71.207:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: nV4Gejb6LMpInitITU8fLw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Ho4Y7fkQSMLm3ohdfFELU4DOkEc=

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13019
Expires: Wed, 08 Feb 2023 17:14:55 GMT
Date: Wed, 08 Feb 2023 13:37:56 GMT
Connection: keep-alive

commune-zahretmedien.tn/-/dist/load.php

213.186.33.186

200 OK

1.5 kB

URL HTTP/2
commune-zahretmedien.tn/-/dist/load.php
IP
213.186.33.186:0
ASN
#16276 OVH SAS

File type
HTML document, ASCII text, with CRLF line terminators
Size
1.5 kB (1470 bytes)
Hash
ed55dbd889dbb653e3752730e4227a79
feafdb065c61e6130d37b08de0051be4969ce7ff
83685fbd8cc9f2ad70e91ff56d712b7a9c04c0a0cc6470e8aee137a4a56626e3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /-/dist/load.php HTTP/1.1
Host: commune-zahretmedien.tn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://commune-zahretmedien.tn/-/8cfce1f1cffe804839b5e551bbde8b53/execution.html?validation=e1s1
Cookie: langCookie=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 13:37:54 GMT
content-type: text/html
vary: Accept-Encoding
x-request-id: 370737170
content-encoding: br
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Cacheable
accept-ranges: bytes
X-Firefox-Spdy: h2

commune-zahretmedien.tn/-/dist/DHL_head.html

213.186.33.186

200 OK

3.3 kB

URL HTTP/2
commune-zahretmedien.tn/-/dist/DHL_head.html
IP
213.186.33.186:0
ASN
#16276 OVH SAS

File type
HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (1836)
Size
3.3 kB (3309 bytes)
Hash
1f3930698c732402a11f600f108da61b
44f9f402bbe22b31ab31c36e080a7a11855b04c8
bd98556491afbf009174cc5a1f27061d5fe750dc4e34fddbde85fc3c540b97b3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /-/dist/DHL_head.html HTTP/1.1
Host: commune-zahretmedien.tn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://commune-zahretmedien.tn/-/8cfce1f1cffe804839b5e551bbde8b53/execution.html?validation=e1s1
Cookie: langCookie=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 13:37:54 GMT
content-type: text/html
vary: Accept-Encoding
x-request-id: 370737171
content-encoding: br
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Cacheable
accept-ranges: bytes
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13019
Expires: Wed, 08 Feb 2023 17:14:55 GMT
Date: Wed, 08 Feb 2023 13:37:56 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e2b00c2-f304-42e8-b98d-20fe408448f0.jpeg

34.120.237.76

200 OK

3.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e2b00c2-f304-42e8-b98d-20fe408448f0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.4 kB (3379 bytes)
Hash
c65144dcdaf688643761916851b151c0
1419c4eefac8032e8cfaf2d65dd4a57bff5b25a1
974b5a62f2d051b2dd2c609f7bd08a4ef339dab0d31bccaa0f9898893c3ba6b4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e2b00c2-f304-42e8-b98d-20fe408448f0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3379
x-amzn-requestid: 6f8c97bc-c1f9-4681-9544-f2863dc7f782
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f5aSYH47oAMF-ow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e070db-4a730cd079f03c8b1cf77997;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 03:15:39 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Qnk0MflT4eIxNuooDKhm0uauKq1dYj1iG9O_prtNU8c0IoAwODZxig==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 03:28:45 GMT
age: 36551
etag: "1419c4eefac8032e8cfaf2d65dd4a57bff5b25a1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5416f10c-2a0c-46e5-a76b-853a2be4c374.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12216 bytes)
Hash
fe800d6af728cd622a6192ad5e7dda6a
3a301dd894fc428c7d1863c9d5eaf2652f5c2083
f4923c211ef24e933bbe73bd8d2033d6b6da4a9fa0c9d4699a1041a7bd8bf5a2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5416f10c-2a0c-46e5-a76b-853a2be4c374.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12216
x-amzn-requestid: cc61a63b-35fe-4bfa-ad20-1db3f4165446
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O7LFrCIAMFoYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c514-2b5e27c62218510b74ea0989;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Cf13Lp2SFHQ4SSF6_KpC4zx339tZRkMmnmF-OKM_2hbWbIoR3OLJ_g==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:50:49 GMT
age: 56827
etag: "3a301dd894fc428c7d1863c9d5eaf2652f5c2083"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F308abacb-8d5b-49bf-9e2b-59b6b40157cb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (12772 bytes)
Hash
2bf626b824fefec1ecaceb9243f2e5ec
f222976d76d889a0cd767bfd73075ee114c531ce
3f981850c6e6628245be7f7e26418d8b945dbeaf45e06492d8e2ee9409245195

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F308abacb-8d5b-49bf-9e2b-59b6b40157cb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12772
x-amzn-requestid: a4603c5c-c842-4a1d-bf09-550f160e1082
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O7OEz8oAMFbOg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c514-763b7ecf50411a4d13dd8a25;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ECAdRS7as57pL15HxK4Ep0YOho8Kba8RFhMVnXGdJuKYItQHNf2yHA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:54:14 GMT
age: 56622
etag: "f222976d76d889a0cd767bfd73075ee114c531ce"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe56753b9-ced9-4038-88f6-9ea3a7bc9f04.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11205 bytes)
Hash
aa6c416b3a87ded887c9dcf7c51e5dd0
45f4ef9e68591c00669043abe96959bead8f17ae
9e10394b387916e40c44d4e02fbc1ea72214d870df189ce16d24015de00682bf

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe56753b9-ced9-4038-88f6-9ea3a7bc9f04.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11205
x-amzn-requestid: abdf9c40-a2b7-49ae-bea1-ff5abfcea781
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fvszZFOZoAMFkNg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc8e7b-6e508da05ff6f33e691de130;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 04:33:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hLrbI5Acy2RBlg7VqGE2b83zuqgt-bx0kD0nlH8uYaJ8tii2FqMLfw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:55:58 GMT
age: 56518
etag: "45f4ef9e68591c00669043abe96959bead8f17ae"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a8e532-be72-47cc-8389-e8f28ffc3c2a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.3 kB (4269 bytes)
Hash
33b061f03be149fea0df63b42a8ec226
e5e491c6ef8b6234450a34ee5df28b9a58a8ad43
a5970bbb40be173878cd2e920bd1a6ed27775fbdc222bb66ccbc5969984882f1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a8e532-be72-47cc-8389-e8f28ffc3c2a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4269
x-amzn-requestid: df152b3a-fa15-4dac-96f9-41b9ea8e5136
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_OkQH5PoAMFl1g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c481-63636a42419209fb0c17eceb;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:37:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 0hu3nATq26ngjS5942rJgt7AcT4wjG0mFfNrtsajSN2PpdAOYhTjFg==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:43:42 GMT
age: 57254
etag: "e5e491c6ef8b6234450a34ee5df28b9a58a8ad43"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06b5f2a3-c53c-4690-b548-2c3d0f556f73.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.6 kB (8629 bytes)
Hash
02fde25be5ded120af759d19d8304f73
8d2a4d9ab5947113ce0737d4d4bed3e30a971026
7cdf26668cca22f28eee047d3fcf30cea8d97b1d8804fe2132728f26cd11558d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06b5f2a3-c53c-4690-b548-2c3d0f556f73.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8629
x-amzn-requestid: cc20d28e-3937-4826-97ef-100fb5dd2645
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O7LFn3oAMF61A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c514-6e764236604212fa26dab38a;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0sEMzqETD-gbgXOXb_CJmLjYQmNGMN4-_ggiB7ifbifltHJYsTRRsQ==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:52:22 GMT
age: 56734
etag: "8d2a4d9ab5947113ce0737d4d4bed3e30a971026"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

commune-zahretmedien.tn/-/dist/jquery.validate.min.js

213.186.33.186

200 OK

7.5 kB

URL HTTP/2
commune-zahretmedien.tn/-/dist/jquery.validate.min.js
IP
213.186.33.186:0
ASN
#16276 OVH SAS

File type
Unicode text, UTF-8 text, with very long lines (24237)
Size
7.5 kB (7528 bytes)
Hash
a82ad840530571b053ebe396441f7cd3
cd54652a819307bb7e0ca2b74bfa4bb35a1e3374
0f262950acc296d35184daae6f132f492f48e1cb164e48aad8bff6222c66c30f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /-/dist/jquery.validate.min.js HTTP/1.1
Host: commune-zahretmedien.tn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://commune-zahretmedien.tn/-/8cfce1f1cffe804839b5e551bbde8b53/execution.html?validation=e1s1
Cookie: langCookie=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 12:34:17 GMT
expires: Wed, 08 Feb 2023 12:49:17 GMT
cache-control: max-age=900
x-request-id: 110920632
content-type: application/javascript
last-modified: Wed, 08 Feb 2023 01:14:20 GMT
vary: Accept-Encoding
content-encoding: br
x-grace: full
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 7528
X-Firefox-Spdy: h2

commune-zahretmedien.tn/-/dist/fonts/default-5a6dd86f272b304a8b83f7df61f11c2f.woff

213.186.33.186

200 OK

41 kB

URL HTTP/2
commune-zahretmedien.tn/-/dist/fonts/default-5a6dd86f272b304a8b83f7df61f11c2f.woff
IP
213.186.33.186:0
ASN
#16276 OVH SAS

File type
Web Open Font Format, TrueType, length 41352, version 1.66\012- data
Size
41 kB (41352 bytes)
Hash
4e23ecf085132857bdb54b4da7373151
a50215c22a591536b21e509100d1707c6886ffd6
b033eff45e6e8ecd5c5bccd8ef9a96c4dc37325adc64c5aed8b1d909b24c4eb4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

GET /-/dist/fonts/default-5a6dd86f272b304a8b83f7df61f11c2f.woff HTTP/1.1
Host: commune-zahretmedien.tn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://commune-zahretmedien.tn/-/dist/dhl.css
Cookie: langCookie=en
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 13:37:56 GMT
content-type: application/x-font-woff
content-length: 41352
last-modified: Wed, 08 Feb 2023 01:14:20 GMT
x-request-id: 370737180
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Cacheable
accept-ranges: bytes
X-Firefox-Spdy: h2

commune-zahretmedien.tn/-/8cfce1f1cffe804839b5e551bbde8b53/execution.html?validation=e1s1

213.186.33.186

200 OK

0 B

URL HTTP/2
commune-zahretmedien.tn/-/8cfce1f1cffe804839b5e551bbde8b53/execution.html?validation=e1s1
IP
213.186.33.186:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Suspicious JS code
openphish	DHL Airways, Inc.
fortinet	Phishing

HTTP Headers

GET /-/8cfce1f1cffe804839b5e551bbde8b53/execution.html?validation=e1s1 HTTP/1.1
Host: commune-zahretmedien.tn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: langCookie=en
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Wed, 08 Feb 2023 13:37:54 GMT
content-type: text/html
vary: Accept-Encoding
x-request-id: 370737165
content-encoding: br
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Cacheable
accept-ranges: bytes
X-Firefox-Spdy: h2

commune-zahretmedien.tn/-/dist/DHL_track.html

213.186.33.186

200 OK

0 B

URL HTTP/2
commune-zahretmedien.tn/-/dist/DHL_track.html
IP
213.186.33.186:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /-/dist/DHL_track.html HTTP/1.1
Host: commune-zahretmedien.tn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://commune-zahretmedien.tn/-/8cfce1f1cffe804839b5e551bbde8b53/execution.html?validation=e1s1
Cookie: langCookie=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 13:37:56 GMT
content-type: text/html
vary: Accept-Encoding
x-request-id: 370737178
content-encoding: br
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Cacheable
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (11)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML