Report - www.ndnmag.fr/en/44ca10cec3aec8d04d47d9c3dd1af0ea/execution.html?validation=e1s1

Report Overview

URL

www.ndnmag.fr/en/44ca10cec3aec8d04d47d9c3dd1af0ea/execution.html?validation=e1s1
IP

46.182.4.120

ASN

#204818 Hosteur SAS
Submitted

2023-02-09T15:35:02Z

Access
Tags

dhl logistics phishing suspicious
urlquery detections

Phishing - DHL

Suspicious - Suspicious JS code

Detections

urlquery

32
Network Intrusion Detection

1
Threat Detection Systems

14

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413	5844	34.160.144.191
contile.services.mozilla.com (1)	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333	391	34.117.237.239
code.jquery.com (1)	634	2012-05-21T19:28:02Z	2023-03-13T05:09:57Z	394	31337	69.16.175.10
img-getpocket.cdn.mozilla.net (6)	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3246	61527	34.120.237.76
cdn.jsdelivr.net (2)	439	2012-09-30T02:15:09Z	2023-03-13T06:17:54Z	703	8652	151.101.193.229
www.ndnmag.fr (16)	unknown	2022-07-05T18:35:05Z	2023-03-05T17:23:18Z	7535	528124	46.182.4.120
r3.o.lencr.org (8)	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2704	7090	23.36.77.32
firefox.settings.services.mozilla.com (2)	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782	2374	35.241.9.150
ocsp.globalsign.com (1)	2075	2012-07-20T19:46:16Z	2023-03-13T05:09:19Z	368	1920	104.18.21.226
ajax.googleapis.com (1)	12905	2013-08-16T11:51:31Z	2023-03-13T08:37:09Z	308	33863	142.250.74.74
ipinfo.io (2)	8136	2013-12-16T08:25:53Z	2023-03-13T05:42:51Z	657	918	34.117.59.81
push.services.mozilla.com (1)	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606	127	54.186.236.115

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-02-09T15:35:52Z	medium	Client IP	34.117.59.81	ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-09	medium	www.ndnmag.fr/en/44ca10cec3aec8d04d47d9c3dd1af0ea/execution.html?validation=e1s1	Phishing
2023-02-09	medium	www.ndnmag.fr/en/dist/js.cookie.js	Phishing
2023-02-09	medium	www.ndnmag.fr/en/dist/jquery-lang.js	Phishing
2023-02-09	medium	www.ndnmag.fr/en/dist/fonts/default-274a65bae9742377aaf010bb1a7de971.woff	Phishing
2023-02-09	medium	www.ndnmag.fr/en/dist/DHL_head.html	Phishing
2023-02-09	medium	www.ndnmag.fr/en/dist/DHL_footer.html	Phishing
2023-02-09	medium	www.ndnmag.fr/en/dist/fonts/iconfont-e7bece496cd0e6d60e456bc2b48c9446.woff	Phishing
2023-02-09	medium	www.ndnmag.fr/en/dist/fonts/default-815fcbb4d2c57901701125d768f09d67.woff	Phishing
2023-02-09	medium	www.ndnmag.fr/en/dist/fonts/default-3e828e80f6e985c352eba4474518978d.woff	Phishing
2023-02-09	medium	www.ndnmag.fr/en/dist/DHL_track.html	Phishing
2023-02-09	medium	www.ndnmag.fr/en/dist/jquery.validate.min.js	Phishing
2023-02-09	medium	www.ndnmag.fr/en/dist/langpack/en.json	Phishing
2023-02-09	medium	www.ndnmag.fr/en/dist/fonts/default-5a6dd86f272b304a8b83f7df61f11c2f.woff	Phishing
2023-02-09	medium	www.ndnmag.fr/en/dist/langpack/en.json	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

HTTP Transactions (42)

URL IP Response Size

www.ndnmag.fr/en/44ca10cec3aec8d04d47d9c3dd1af0ea/execution.html?validation=e1s1

46.182.4.120

200 OK

1782

URL HTTP/1.1

www.ndnmag.fr/en/44ca10cec3aec8d04d47d9c3dd1af0ea/execution.html?validation=e1s1
IP

46.182.4.120:0
ASN

#204818 Hosteur SAS

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators

Size

1782
Hash

6b93961fcf4afedb697680d1abf1cf33

025249a0f6d1fc3192abec4f8f4c089a121534cd

b33e199645f50f4a637971e4a59746df19a8b9abf44e731f24d7e78bb9048d5d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
urlquery	suspicious	Suspicious - Suspicious JS code
fortinet	Phishing

HTTP Headers

                                        GET /en/44ca10cec3aec8d04d47d9c3dd1af0ea/execution.html?validation=e1s1 HTTP/1.1
Host: www.ndnmag.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 15:33:36 GMT
Content-Type: text/html
Content-Length: 1782
Connection: keep-alive
Set-Cookie: route=1675956817.21.13994.750336|499c8baf302284682cd20328146f4465; Path=/; HttpOnly
Last-Modified: Thu, 09 Feb 2023 13:30:25 GMT
ETag: "1f52-5f44462240667-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

565c1bbc5c1c40be1988b3bf6fd9dc1a

cfdba5bc597130461dd67bf6cda53183be592493

60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2278
Expires: Thu, 09 Feb 2023 16:12:49 GMT
Date: Thu, 09 Feb 2023 15:34:51 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

b7407cc102d62a5acd5e61f8a79bed36

c2f4890a62454e514962b55b7fc14228339c8e90

be282de92da261128a7c8471f3067466aa9930fd0ab2a2cdda8cd2d6ce2bbd74

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE282DE92DA261128A7C8471F3067466AA9930FD0AB2A2CDDA8CD2D6CE2BBD74"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13557
Expires: Thu, 09 Feb 2023 19:20:48 GMT
Date: Thu, 09 Feb 2023 15:34:51 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

bf0c602d32b3c14606f22a86183b5e3c

6eabd8d83475eba731968abe1a05a8bfd272f160

6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 09 Feb 2023 14:36:49 GMT
content-type: application/json
age: 3482
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

50a2f8cdbbd1059f5318753155bba7ef

405e63ea4683be44f876feae34b5cb645ff751f2

f6ac743a5a17d64d2858fec5791050d2dc8074ddd823826c93e67bffdb2f0868

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6AC743A5A17D64D2858FEC5791050D2DC8074DDD823826C93E67BFFDB2F0868"
Last-Modified: Thu, 09 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8397
Expires: Thu, 09 Feb 2023 17:54:48 GMT
Date: Thu, 09 Feb 2023 15:34:51 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

e76071a28ee566dababb3834f46d68ed

aebb4e68c1ba2de0f90025283e8ed8470944fde0

78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: Pu7Li3p2pevJ0WSafmjX2alk7Az4tEOC0YHy2lL4XiJPYOWztvah2F8NzhhRqaUvucCWeUAZBXU=
x-amz-request-id: V3QP995XW1XBY3QA
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 09 Feb 2023 14:46:26 GMT
age: 2905
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js

142.250.74.74

200 OK

32954

URL HTTP/1.1

ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js
IP

142.250.74.74:0
ASN

#15169 GOOGLE

Magic

ASCII text, with very long lines (32072)

Size

32954
Hash

d38e2944bbc9ae54b8947a2bd0b9a932

782a825679b248d38979c2d7ecae257873344437

65a0917567cb7037612cf420629873f2f3594d2e741aaadf90d893d07d8f5fdd

HTTP Headers

                                        GET /ajax/libs/jquery/1.10.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.ndnmag.fr/

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Timing-Allow-Origin: *
Content-Length: 32954
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 08 Feb 2023 10:41:05 GMT
Expires: Thu, 08 Feb 2024 10:41:05 GMT
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Content-Type: text/javascript; charset=UTF-8
Age: 104026

www.ndnmag.fr/en/dist/js.cookie.js

46.182.4.120

200 OK

1387

URL HTTP/1.1

www.ndnmag.fr/en/dist/js.cookie.js
IP

46.182.4.120:0
ASN

#204818 Hosteur SAS

Magic

ASCII text

Size

1387
Hash

bc8cc9c688c4d556936a7fa6ec6fbe12

7c3a045a0256e758345d82062b9d08c6a4d97d2a

d234097e1e7a6e22fa09f7684577c07c861c77485105a1d74daa90646c1d47a7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

                                        GET /en/dist/js.cookie.js HTTP/1.1
Host: www.ndnmag.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.ndnmag.fr/en/44ca10cec3aec8d04d47d9c3dd1af0ea/execution.html?validation=e1s1
Cookie: route=1675956817.21.13994.750336|499c8baf302284682cd20328146f4465

                                        HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 15:33:36 GMT
Content-Type: application/javascript
Content-Length: 1387
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 13:25:21 GMT
ETag: "d60-5f316906e63ee-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 15:34:51 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.5.1.min.js

69.16.175.10

200 OK

30879

URL HTTP/2

code.jquery.com/jquery-3.5.1.min.js
IP

69.16.175.10:0
ASN

#20446 STACKPATH-CDN

Magic

ASCII text, with very long lines (65451)

Size

30879
Hash

3700d0b271343804b9b9aa1c13efa521

3d6b03dbd74872ca3dfbb0529f6c80943788f918

fda7541f8e4cf921d20bcd0dc1d0efe69644c79bd18a0be4ce2f34246c83603e

HTTP Headers

                                        GET /jquery-3.5.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.ndnmag.fr
Connection: keep-alive
Referer: http://www.ndnmag.fr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
date: Thu, 09 Feb 2023 15:34:51 GMT
content-encoding: gzip
content-length: 30879
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-15d84"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1675956891.dop232.sk1.t,1675956891.cds022.sk1.hn,1675956891.cds208.sk1.c
X-Firefox-Spdy: h2

www.ndnmag.fr/en/dist/jquery-lang.js

46.182.4.120

200 OK

7000

URL HTTP/1.1

www.ndnmag.fr/en/dist/jquery-lang.js
IP

46.182.4.120:0
ASN

#204818 Hosteur SAS

Magic

ASCII text

Size

7000
Hash

1c1917fafff89489f105f5d8427e6ef5

f6fb0efe5340fb45aeeb5550c1811e8c46cf79fa

50b74f02b7f4852ea8afdf518a07bb264480821da537d26d5fe7dffd5c62ca2f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

                                        GET /en/dist/jquery-lang.js HTTP/1.1
Host: www.ndnmag.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.ndnmag.fr/en/44ca10cec3aec8d04d47d9c3dd1af0ea/execution.html?validation=e1s1
Cookie: route=1675956817.21.13994.750336|499c8baf302284682cd20328146f4465

                                        HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 15:34:47 GMT
Content-Type: application/javascript
Content-Length: 7000
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 13:25:21 GMT
ETag: "6c2d-5f316906e544e-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

www.ndnmag.fr/en/dist/dhl.css

46.182.4.120

200 OK

314756

URL HTTP/1.1

www.ndnmag.fr/en/dist/dhl.css
IP

46.182.4.120:0
ASN

#204818 Hosteur SAS

Magic

Unicode text, UTF-8 text, with very long lines (1148), with CRLF line terminators

Size

314756
Hash

91bb51af984823aa997a73805a14c17a

3e466647149a7c376f7df1fc9d921571eac24c9d

4ebc8985f17f3baf5683617c7854fd2132e952ca17ca83312685c7eb0e5d7c54

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL

HTTP Headers

                                        GET /en/dist/dhl.css HTTP/1.1
Host: www.ndnmag.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.ndnmag.fr/en/44ca10cec3aec8d04d47d9c3dd1af0ea/execution.html?validation=e1s1
Cookie: route=1675956817.21.13994.750336|499c8baf302284682cd20328146f4465

                                        HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 15:34:51 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 13:25:21 GMT
ETag: "15b189-5f316906e44ae-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

www.ndnmag.fr/en/dist/fonts/default-274a65bae9742377aaf010bb1a7de971.woff

46.182.4.120

200 OK

41084

URL HTTP/1.1

www.ndnmag.fr/en/dist/fonts/default-274a65bae9742377aaf010bb1a7de971.woff
IP

46.182.4.120:0
ASN

#204818 Hosteur SAS

Magic

Web Open Font Format, TrueType, length 41084, version 1.66\012- data

Size

41084
Hash

03f859bf58e4d37841070de34be7d978

3436d4fa17e7ee470c3d62b08787cfa7de408408

5af5c3746b03792640b9cafdabddfb2c5407f72988e128541a88fa439607d940

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

                                        GET /en/dist/fonts/default-274a65bae9742377aaf010bb1a7de971.woff HTTP/1.1
Host: www.ndnmag.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.ndnmag.fr/en/dist/dhl.css
Cookie: route=1675956817.21.13994.750336|499c8baf302284682cd20328146f4465

                                        HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 15:34:52 GMT
Content-Type: font/woff
Content-Length: 41084
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 13:25:21 GMT
ETag: "a07c-5f316906e44ae"
Accept-Ranges: bytes

www.ndnmag.fr/en/dist/DHL_head.html

46.182.4.120

200 OK

3117

URL HTTP/1.1

www.ndnmag.fr/en/dist/DHL_head.html
IP

46.182.4.120:0
ASN

#204818 Hosteur SAS

Magic

HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (1836)

Size

3117
Hash

dbc0ae6b82b4820f8a6407cee9585694

a4692b59fc059903620afcde4bcb79af49c96cfb

3c3acaa1d4052b6e9dd88d80593a36acf431e998de31a450dd9097413fe85d52

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

                                        GET /en/dist/DHL_head.html HTTP/1.1
Host: www.ndnmag.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://www.ndnmag.fr/en/44ca10cec3aec8d04d47d9c3dd1af0ea/execution.html?validation=e1s1
Cookie: route=1675956817.21.13994.750336|499c8baf302284682cd20328146f4465

                                        HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 15:33:37 GMT
Content-Type: text/html
Content-Length: 3117
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 13:25:21 GMT
ETag: "2d05-5f316906e44ae-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Expires, Pragma, Retry-After, Last-Modified, ETag, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 09 Feb 2023 15:14:53 GMT
age: 1199
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

www.ndnmag.fr/en/dist/DHL_footer.html

46.182.4.120

200 OK

6060

URL HTTP/1.1

www.ndnmag.fr/en/dist/DHL_footer.html
IP

46.182.4.120:0
ASN

#204818 Hosteur SAS

Magic

exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (2591)

Size

6060
Hash

2b27879683c6323bcefdd529317cf67f

b3968065a2a00dd7bad17dedf3b88ca316088ff0

34e03a44283630ddd2b3bc39055e662cccf4cf56862b47f6fad72e1956e8f333

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /en/dist/DHL_footer.html HTTP/1.1
Host: www.ndnmag.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://www.ndnmag.fr/en/44ca10cec3aec8d04d47d9c3dd1af0ea/execution.html?validation=e1s1
Cookie: route=1675956817.21.13994.750336|499c8baf302284682cd20328146f4465

                                        HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 15:34:52 GMT
Content-Type: text/html
Content-Length: 6060
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 13:25:21 GMT
ETag: "3c69-5f316906e44ae-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

www.ndnmag.fr/en/dist/fonts/iconfont-e7bece496cd0e6d60e456bc2b48c9446.woff

46.182.4.120

200 OK

9316

URL HTTP/1.1

www.ndnmag.fr/en/dist/fonts/iconfont-e7bece496cd0e6d60e456bc2b48c9446.woff
IP

46.182.4.120:0
ASN

#204818 Hosteur SAS

Magic

Web Open Font Format, TrueType, length 9316, version 1.0\012- data

Size

9316
Hash

9355df62a665ef9249036bbccad8c54c

6b7779a10187a1a7473f604fbe3db96350868c6a

6d051536af97fbd33fae0683a1b6ce3749757ab43c8ee8c89295755fd4595807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

                                        GET /en/dist/fonts/iconfont-e7bece496cd0e6d60e456bc2b48c9446.woff HTTP/1.1
Host: www.ndnmag.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.ndnmag.fr/en/dist/dhl.css
Cookie: route=1675956817.21.13994.750336|499c8baf302284682cd20328146f4465

                                        HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 15:34:52 GMT
Content-Type: font/woff
Content-Length: 9316
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 13:25:21 GMT
ETag: "2464-5f316906e544e"
Accept-Ranges: bytes

www.ndnmag.fr/en/dist/fonts/default-815fcbb4d2c57901701125d768f09d67.woff

46.182.4.120

200 OK

41328

URL HTTP/1.1

www.ndnmag.fr/en/dist/fonts/default-815fcbb4d2c57901701125d768f09d67.woff
IP

46.182.4.120:0
ASN

#204818 Hosteur SAS

Magic

Web Open Font Format, TrueType, length 41328, version 1.66\012- data

Size

41328
Hash

e39bd2e2657ce5dd6f9c33df18529233

6db81ebb91bfa67cef8f2f870f03046150568799

19d0bda83ecbc986620468801adf000c77c3c38398650903c63fac8dcbac4383

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

                                        GET /en/dist/fonts/default-815fcbb4d2c57901701125d768f09d67.woff HTTP/1.1
Host: www.ndnmag.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.ndnmag.fr/en/dist/dhl.css
Cookie: route=1675956817.21.13994.750336|499c8baf302284682cd20328146f4465

                                        HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 15:34:52 GMT
Content-Type: font/woff
Content-Length: 41328
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 13:25:21 GMT
ETag: "a170-5f316906e544e"
Accept-Ranges: bytes

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

248ce16379b12f11927ecc3142aec450

fa5b189f2d9182479170cb61cc1723571e437bd2

a8d259b331bdefb00625b9bf057d44d0b3290fda0734c57eda187b04e23d59d4

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8D259B331BDEFB00625B9BF057D44D0B3290FDA0734C57EDA187B04E23D59D4"
Last-Modified: Wed, 08 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12626
Expires: Thu, 09 Feb 2023 19:05:18 GMT
Date: Thu, 09 Feb 2023 15:34:52 GMT
Connection: keep-alive

www.ndnmag.fr/en/dist/fonts/default-3e828e80f6e985c352eba4474518978d.woff

46.182.4.120

200 OK

44260

URL HTTP/1.1

www.ndnmag.fr/en/dist/fonts/default-3e828e80f6e985c352eba4474518978d.woff
IP

46.182.4.120:0
ASN

#204818 Hosteur SAS

Magic

Web Open Font Format, TrueType, length 44260, version 1.66\012- data

Size

44260
Hash

4a350e02a03ac62e72e9ea575b31ce84

d47b03b96b6e7034a1473a293bb594e597a41dc2

87c40e3961e21f759770615ae67568a3de3ec6e0735f1238a6aae062f4ea15d5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

                                        GET /en/dist/fonts/default-3e828e80f6e985c352eba4474518978d.woff HTTP/1.1
Host: www.ndnmag.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.ndnmag.fr/en/dist/dhl.css
Cookie: route=1675956817.21.13994.750336|499c8baf302284682cd20328146f4465

                                        HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 15:33:37 GMT
Content-Type: font/woff
Content-Length: 44260
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 13:25:21 GMT
ETag: "ace4-5f316906e44ae"
Accept-Ranges: bytes

ipinfo.io/country

34.117.59.81

302 Found

URL HTTP/1.1

ipinfo.io/country
IP

34.117.59.81:0
ASN

#15169 GOOGLE

Magic

ASCII text, with no line terminators

Size

72
Hash

b79f12127b13f3298b65130f55033eea

0c5df3d4734c5d754f78df4dd08f329ce38ab901

76d7f55bf215f2132f41391f47b4efd048f7c3b61db2b650e2a0a9b4a02d79f0

HTTP Headers

                                        GET /country HTTP/1.1
Host: ipinfo.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.ndnmag.fr/
Origin: http://www.ndnmag.fr
Connection: keep-alive

                                        HTTP/1.1 302 Found
access-control-allow-origin: *
location: https://ipinfo.io/country
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
date: Thu, 09 Feb 2023 15:34:52 GMT
x-envoy-upstream-service-time: 1
strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: gzip
transfer-encoding: chunked
Via: 1.1 google

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

802df672d7d34aaafca6e7e5594a2bf4

0bca64025527e2a6fa92b4cfdcf36e91b531c868

c2bd8918ea58155707e630b138833ff09a4e7375917e738677ef3a7e85d4fe7f

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2BD8918EA58155707E630B138833FF09A4E7375917E738677EF3A7E85D4FE7F"
Last-Modified: Tue, 07 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2522
Expires: Thu, 09 Feb 2023 16:16:54 GMT
Date: Thu, 09 Feb 2023 15:34:52 GMT
Connection: keep-alive

ipinfo.io/country

34.117.59.81

200 OK

URL HTTP/2

ipinfo.io/country
IP

34.117.59.81:0
ASN

#15169 GOOGLE

Magic

ASCII text

Size

3
Hash

19541a2746e08a6b8f5145bdbaa23e45

00b970928589b6bdb02743a4bb8400e429e26abe

cfe72034a9f298fb79a6c1f2302673bb449c826d446b3efafdde95e6c48dc3ca

HTTP Headers

                                        GET /country HTTP/1.1
Host: ipinfo.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Referer: http://www.ndnmag.fr/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-type: text/html; charset=utf-8
content-length: 3
date: Thu, 09 Feb 2023 15:34:52 GMT
x-envoy-upstream-service-time: 2
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

802df672d7d34aaafca6e7e5594a2bf4

0bca64025527e2a6fa92b4cfdcf36e91b531c868

c2bd8918ea58155707e630b138833ff09a4e7375917e738677ef3a7e85d4fe7f

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2BD8918EA58155707E630B138833FF09A4E7375917E738677EF3A7E85D4FE7F"
Last-Modified: Tue, 07 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2522
Expires: Thu, 09 Feb 2023 16:16:54 GMT
Date: Thu, 09 Feb 2023 15:34:52 GMT
Connection: keep-alive

push.services.mozilla.com/

54.186.236.115

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

54.186.236.115:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 79d8GycUio82cckvnS369g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ZMrDDhS3CpilQeTfFQ1GH97xLno=

www.ndnmag.fr/en/dist/favicon.ico

46.182.4.120

200 OK

1150

URL HTTP/1.1

www.ndnmag.fr/en/dist/favicon.ico
IP

46.182.4.120:0
ASN

#204818 Hosteur SAS

Magic

MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data

Size

1150
Hash

d8106bf3a1d00ab43b01e6e3c92500eb

202b5e8654ab1b28351378293bca3b9d844cc29b

9ada5709e264c31b04a05bd85448a9bd5e91925e8d83df5cef0762ec97cc283e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL

HTTP Headers

                                        GET /en/dist/favicon.ico HTTP/1.1
Host: www.ndnmag.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.ndnmag.fr/en/44ca10cec3aec8d04d47d9c3dd1af0ea/execution.html?validation=e1s1
Cookie: route=1675956817.21.13994.750336|499c8baf302284682cd20328146f4465

                                        HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 15:34:52 GMT
Content-Type: image/vnd.microsoft.icon
Content-Length: 1150
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 13:25:21 GMT
ETag: "47e-5f316906e44ae"
Accept-Ranges: bytes

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

1d885cfc22a04f1216c98dd64df5338a

589916a844b81fac40af88a772865b8e28dfb64e

40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4810
Expires: Thu, 09 Feb 2023 16:55:03 GMT
Date: Thu, 09 Feb 2023 15:34:53 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

1d885cfc22a04f1216c98dd64df5338a

589916a844b81fac40af88a772865b8e28dfb64e

40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4810
Expires: Thu, 09 Feb 2023 16:55:03 GMT
Date: Thu, 09 Feb 2023 15:34:53 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc03326d1-bbfd-4654-a9db-ac431757b9f6.jpeg

34.120.237.76

200 OK

8150

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc03326d1-bbfd-4654-a9db-ac431757b9f6.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

8150
Hash

764b732e88dd1e9c1824529b24b3dffc

2ba954a51c2972b267ae0536e343e608aa9aa7f4

a1efdf03b14bb05cf8e407b92476592c35fa2d27c5e66705322abdb4c6412a06

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc03326d1-bbfd-4654-a9db-ac431757b9f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 8150
x-amzn-requestid: 3834493a-4162-4cc9-b67c-541cc9be895b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fwD8IH0TIAMFWqQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dcb380-3746ff7b0a6894366efa848e;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 07:10:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: HNuUU4SaVvuPbW0clgJa6UZ-0zefgWJWfIJEsz_yCfKiCrx2wsu6vA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Thu, 09 Feb 2023 09:31:09 GMT
age: 21824
etag: "2ba954a51c2972b267ae0536e343e608aa9aa7f4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10472

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ec996f6-8867-41f0-9850-ad04d05e22e6.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

10472
Hash

464812429ec9f5c766def4ac26e86e4f

170a5d6fcaa69c78896ed8a37442a27c6309c09a

1248df6127626b254420b6ddabba6fba12066c9b7f314386c25ac51781f59060

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ec996f6-8867-41f0-9850-ad04d05e22e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 10472
x-amzn-requestid: f43c32c6-0bb3-4154-934d-cd0ad1e3edf7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fv73mHmooAMFRFA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dca696-700ab104674033036aba0878;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 06:15:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 2kp0tBfU8v-pe5Tft8WnSQKV5deSlUbRVEGthGejjT4uXlbbv1IiAg==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 19:00:11 GMT
age: 74082
etag: "170a5d6fcaa69c78896ed8a37442a27c6309c09a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7450

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ac74c9c-b95e-40f4-a5ca-7180c40cc241.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

7450
Hash

ce710ab5746832fe637fada3e6d63abf

d545c85d4a8cf92dc8b88db0a056623d1ef7a943

40bae4a2fb9dd60e9339d15ad0838f3ca83b5b6275c35cd22878b6783fcd6247

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ac74c9c-b95e-40f4-a5ca-7180c40cc241.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 7450
x-amzn-requestid: c3dabd4b-797b-4bbe-8824-5f502ff477b0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmJ2aG-IoAMFfnQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8bcf5-68de905b2ed5bfe46a87e688;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:02:13 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: AX-TsURes3Bn0RrAnH7TnsouJdkcOpbq7f7KAzPMWq4RMBH8FWMz7g==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 17:45:22 GMT
age: 78571
etag: "d545c85d4a8cf92dc8b88db0a056623d1ef7a943"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8717

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F844d5320-b850-4dd9-87c4-2b4f17eb895e.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

8717
Hash

82ed633b05ccadc8b87e83413641f1ef

aafed39990cf6a3391d53355085d816167a500fa

c9202e36b231d0a9a9cba1ff8f570e5b0fbba215eb6b28e3989fd442ee7f5835

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F844d5320-b850-4dd9-87c4-2b4f17eb895e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 8717
x-amzn-requestid: dbb8b5a2-d3f6-42e2-8778-da19de081cb8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f2c0LHaiIAMF5cA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63df41b4-309b6b1f651f68453dd52f55;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 05:42:12 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hBfl0rPzn_iOD9xRlc236_IEvyGlK5WteH1y4cd0aYxlFzd3RVfgkQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:42:47 GMT
age: 64326
etag: "aafed39990cf6a3391d53355085d816167a500fa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11760

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ab2faf0-d9a7-41a6-b5cf-bf6189f66342.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

11760
Hash

9203cfb9f0c1c958dd008eac55a9d3c4

6bdd1047590dd3fb54c15d5d6d38e7c86274b203

09770229be5ff3037708543e3204c66de84253b3a858a83a0e1672a04c0e9cb1

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ab2faf0-d9a7-41a6-b5cf-bf6189f66342.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 11760
x-amzn-requestid: b2863a01-4714-4554-a478-5402467b3448
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AChJKHc_oAMFwlw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e4156d-1c5a3edf37bc7cc937c800d2;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 21:34:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: euok7HXthk9GEynD8n9wXgf85lD0shxOdtT5VZvj-xHkoxEMxuohmA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:42:38 GMT
age: 64335
etag: "6bdd1047590dd3fb54c15d5d6d38e7c86274b203"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8637

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb92005b3-7a69-411c-9afb-60b86ab8c5da.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

8637
Hash

b0c5e12696e3ee13041d043084828210

c48927fb23f59e0949d388086c197699c8f19d1b

47838e958555ff6799d4d1d3994913943726daba5294cd89afe9036628ef6fdb

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb92005b3-7a69-411c-9afb-60b86ab8c5da.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 8637
x-amzn-requestid: fa797448-32c3-4438-a192-5291c48b1d85
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AChJKFq9oAMFgog=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e4156d-46ff32923a2763b45a5194f4;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 21:34:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2olwTLHKbCas7GcQiRz22bk_I646VcTxN3Yv_ObBVgeGC0l73GNh8A==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:42:27 GMT
age: 64346
etag: "c48927fb23f59e0949d388086c197699c8f19d1b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.ndnmag.fr/en/dist/DHL_track.html

46.182.4.120

200 OK

2567

URL HTTP/1.1

www.ndnmag.fr/en/dist/DHL_track.html
IP

46.182.4.120:0
ASN

#204818 Hosteur SAS

Magic

HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (356)

Size

2567
Hash

4190a616b637362d5770e5d9371b976e

e473255f06b35e276e2ae9da411d4cb3348b1ffc

a0ab3ac2b56ea3015a0e3f563970ac276fcb835411e4ee37174e2ca2b3d48f4d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /en/dist/DHL_track.html HTTP/1.1
Host: www.ndnmag.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://www.ndnmag.fr/en/44ca10cec3aec8d04d47d9c3dd1af0ea/execution.html?validation=e1s1
Cookie: route=1675956817.21.13994.750336|499c8baf302284682cd20328146f4465

                                        HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 15:34:54 GMT
Content-Type: text/html
Content-Length: 2567
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 13:25:21 GMT
ETag: "1a9d-5f316906e44ae-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

www.ndnmag.fr/en/dist/jquery.validate.min.js

46.182.4.120

200 OK

7815

URL HTTP/1.1

www.ndnmag.fr/en/dist/jquery.validate.min.js
IP

46.182.4.120:0
ASN

#204818 Hosteur SAS

Magic

Unicode text, UTF-8 text, with very long lines (24237)

Size

7815
Hash

733b253cf585468481e2a1d19b517fc2

bd1c201faf6ff53a44b19e2ef8f6a18b6a36141b

d88829113f706278062864700f82a7b55756af1c0ba4be724122c78fe3fc37fe

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

                                        GET /en/dist/jquery.validate.min.js HTTP/1.1
Host: www.ndnmag.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://www.ndnmag.fr/en/44ca10cec3aec8d04d47d9c3dd1af0ea/execution.html?validation=e1s1
Cookie: route=1675956817.21.13994.750336|499c8baf302284682cd20328146f4465

                                        HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 15:34:54 GMT
Content-Type: application/javascript
Content-Length: 7815
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 13:25:21 GMT
ETag: "5f38-5f316906e63ee-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

www.ndnmag.fr/en/dist/langpack/en.json

46.182.4.120

200 OK

514

URL HTTP/1.1

www.ndnmag.fr/en/dist/langpack/en.json
IP

46.182.4.120:0
ASN

#204818 Hosteur SAS

Magic

JSON data\012- , ASCII text

Size

514
Hash

e5111c3d242107acc93f71f9c9182079

c648da6b0a6c4f9b89dbee1027cf9a7be36217ca

86f9abd216bc64ead1404975e2b6132aebc42ebd106e5be0f660b7e5852051a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

                                        GET /en/dist/langpack/en.json HTTP/1.1
Host: www.ndnmag.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://www.ndnmag.fr/en/44ca10cec3aec8d04d47d9c3dd1af0ea/execution.html?validation=e1s1
Cookie: route=1675956817.21.13994.750336|499c8baf302284682cd20328146f4465

                                        HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 15:34:54 GMT
Content-Type: application/json
Content-Length: 514
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 13:25:21 GMT
ETag: "202-5f316906e63ee"
Accept-Ranges: bytes

www.ndnmag.fr/en/dist/fonts/default-5a6dd86f272b304a8b83f7df61f11c2f.woff

46.182.4.120

200 OK

41352

URL HTTP/1.1

www.ndnmag.fr/en/dist/fonts/default-5a6dd86f272b304a8b83f7df61f11c2f.woff
IP

46.182.4.120:0
ASN

#204818 Hosteur SAS

Magic

Web Open Font Format, TrueType, length 41352, version 1.66\012- data

Size

41352
Hash

4e23ecf085132857bdb54b4da7373151

a50215c22a591536b21e509100d1707c6886ffd6

b033eff45e6e8ecd5c5bccd8ef9a96c4dc37325adc64c5aed8b1d909b24c4eb4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

                                        GET /en/dist/fonts/default-5a6dd86f272b304a8b83f7df61f11c2f.woff HTTP/1.1
Host: www.ndnmag.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.ndnmag.fr/en/dist/dhl.css
Cookie: route=1675956817.21.13994.750336|499c8baf302284682cd20328146f4465

                                        HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 15:34:54 GMT
Content-Type: font/woff
Content-Length: 41352
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 13:25:21 GMT
ETag: "a188-5f316906e544e"
Accept-Ranges: bytes

www.ndnmag.fr/en/dist/langpack/en.json

46.182.4.120

200 OK

514

URL HTTP/1.1

www.ndnmag.fr/en/dist/langpack/en.json
IP

46.182.4.120:0
ASN

#204818 Hosteur SAS

Magic

JSON data\012- , ASCII text

Size

514
Hash

e5111c3d242107acc93f71f9c9182079

c648da6b0a6c4f9b89dbee1027cf9a7be36217ca

86f9abd216bc64ead1404975e2b6132aebc42ebd106e5be0f660b7e5852051a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

                                        GET /en/dist/langpack/en.json HTTP/1.1
Host: www.ndnmag.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://www.ndnmag.fr/en/44ca10cec3aec8d04d47d9c3dd1af0ea/execution.html?validation=e1s1
Cookie: route=1675956817.21.13994.750336|499c8baf302284682cd20328146f4465

                                        HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 15:33:39 GMT
Content-Type: application/json
Content-Length: 514
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 13:25:21 GMT
ETag: "202-5f316906e63ee"
Accept-Ranges: bytes

cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js

151.101.193.229

301 Moved Permanently

URL HTTP/1.1

cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js
IP

151.101.193.229:0
ASN

#54113 FASTLY

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /npm/popper.js@1.16.1/dist/umd/popper.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.ndnmag.fr/

                                        HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Server: Varnish
Retry-After: 0
Location: https://cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js
Accept-Ranges: bytes
Date: Thu, 09 Feb 2023 15:34:54 GMT
X-Served-By: cache-bma1651-BMA
X-Cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js

151.101.193.229

200 OK

7503

URL HTTP/2

cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js
IP

151.101.193.229:0
ASN

#54113 FASTLY

Magic

ASCII text, with very long lines (21060)

Size

7503
Hash

1f61c1b15b25ba046056238766ff3a43

2b8db740e4e913e9dc87a6060dea2a6b17ad0ec8

fe78a2c604b4757dd5d114e0efb7e74c8f4acfe840bf6b6c01517205744a7648

HTTP Headers

                                        GET /npm/popper.js@1.16.1/dist/umd/popper.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.ndnmag.fr/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.16.1
x-jsd-version-type: version
etag: W/"52f1-MTeJyg4xtlR4TbuosPg/Nk+Gg7Q"
content-encoding: gzip
accept-ranges: bytes
date: Thu, 09 Feb 2023 15:34:54 GMT
age: 1383171
x-served-by: cache-fra-eddf8230069-FRA, cache-bma1635-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 7503
X-Firefox-Spdy: h2

ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4

104.18.21.226

200 OK

1462

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

#1 JS:Script (size: 27693)

#2 JS:Script (size: 3424)

#3 JS:Script (size: 24377)

#4 JS:Script (size: 1840)

#5 JS:Script (size: 21233)

#6 JS:Script (size: 93100)

#7 JS:Script (size: 89476)

#8 JS:Script (size: 1015)

#9 JS:Script (size: 629)

#10 JS:Script (size: 9)

#11 JS:Script (size: 1443)

#12 JS:Script (size: 5)

#13 JS:Script (size: 1532)

#14 JS:Script (size: 2403)

HTTP Transactions (42)

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

Detections

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size