Report - express-redelivery.info.gf/public/hKLxeb0Ij1SzSy3RSMVS0YIlNrgpnHE3

Report Overview

Submitted URL
express-redelivery.info.gf/public/hKLxeb0Ij1SzSy3RSMVS0YIlNrgpnHE3
IP
94.103.188.42
ASN
#200019 Alexhost Srl
Submitted
2023-03-03 03:37:39
Access
Website Title
Final URL
Tags
dhl logistics phishing
urlquery detections
Phishing - DHL

Detections

urlquery
9
Network Intrusion Detection
4
Threat Detection Systems
20

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	35.155.255.170
kit.fontawesome.com	1868	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	420 B	650 B	104.18.22.52
cdn.lr-in.com	13237	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	375 B	1.0 kB	104.21.234.145
express-redelivery.info.gf	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	18 kB	459 kB	94.103.188.42
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.9 kB	34.160.144.191
cdnjs.cloudflare.com	235	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	434 B	6.7 kB	104.17.25.14
ws-mt1.pusher.com	8253	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	628 B	186 B	52.0.113.204
static.hotjar.com	641	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	388 B	73 kB	143.204.55.37
files.killbot.org	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	392 B	752 B	104.21.11.160
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.7 kB	9.8 kB	95.101.11.115
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	60 kB	34.120.237.76
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	4.3 kB	192.229.221.95
ocsp.usertrust.com	899	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	342 B	1.0 kB	172.64.155.188
ka-f.fontawesome.com	3598	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	3.3 kB	172.64.168.22

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-03-03 03:37:26	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.info .gf Domain
2023-03-03 03:37:26	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.info .gf Domain
2023-03-03 03:37:26	medium	Client IP	94.103.188.42	ET INFO DYNAMIC_DNS HTTP Request to a *.info .gf Domain
2023-03-03 03:37:27	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.info .gf Domain

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-03-03	medium	express-redelivery.info.gf/public/hKLxeb0Ij1SzSy3RSMVS0YIlNrgpnHE3	Phishing
2023-03-03	medium	express-redelivery.info.gf/public/hKLxeb0Ij1SzSy3RSMVS0YIlNrgpnHE3	Phishing
2023-03-03	medium	express-redelivery.info.gf/public/	Phishing
2023-03-03	medium	express-redelivery.info.gf/PtrpG1AkyHMGqGx3IQy7jPI9RFbTeMZR/	Phishing
2023-03-03	medium	express-redelivery.info.gf/public/PtrpG1AkyHMGqGx3IQy7jPI9RFbTeMZR	Phishing
2023-03-03	medium	express-redelivery.info.gf/public/css/fonts/webfa-brands-400.woff2?d878b0a6a1144760244ff0665888404c	Phishing
2023-03-03	medium	express-redelivery.info.gf/fonts/vendor/@fortawesome/fontawesome-free/webfa-brands-400.woff?2285773e6b4b172f07d9b777c81b0775	Phishing
2023-03-03	medium	express-redelivery.info.gf/fonts/vendor/@fontsource/roboto/files/roboto-latin-400-normal.woff2?4673b4537a84c7f7a130799aa6af329b	Phishing
2023-03-03	medium	express-redelivery.info.gf/public/js/app.js	Phishing
2023-03-03	medium	express-redelivery.info.gf/public/js/session-recorder.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (10)

	URL	Size	First Seen	Last Seen
	express-redelivery.info.gf/public/js/session-recorder.js	45 kB	2023-03-07	2024-04-17
Pretty URL express-redelivery.info.gf/public/js/session-recorder.js IP 94.103.188.42 ASN #200019 Alexhost Srl Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:20:33 Last Seen2024-04-17 08:04:36 Times Seen21730 Hash 701984b4995f3c29820e83c999b7eb23 a3b50104a3bfa05bf59a317273816c7d8ae1f81d 67ad94e12a745b1b09c6cd616e20a2ad283ed68f8060bd1dd0d9a2b6ad9dc7ee Loading...

	express-redelivery.info.gf/public/	135 B	2023-03-14	2023-03-14
Pretty URL express-redelivery.info.gf/public/ IP 94.103.188.42 ASN #200019 Alexhost Srl Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 17:01:00 Last Seen2023-03-14 17:01:00 Times Seen1 Hash 1029777e7f504c0556590a6de98b1c57 5693b4c737f2c13a01eb9cc9c5fc189d7afdb082 7bd026130be3c1f4a408ea6f1cb4147f0a3cea917c395bc114b1e976d6d9b4b6 Loading...

	cdn.lr-in.com/logger-1.min.js	828 kB	2023-03-14	2023-03-14
Pretty URL cdn.lr-in.com/logger-1.min.js IP 104.21.234.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 16:46:50 Last Seen2023-03-14 17:01:31 Times Seen1 Hash 6c1bc78f1f0263bb3294ae8ab9ad4d2a 4261db51da5b92c0190939941f3b9ba3a39a298d ee46b8bd9266f4e39ff198ed8d97a144afde1e7ef023fdc9b194bde30c6166e9 Loading...

	express-redelivery.info.gf/public/js/app.js	1.6 MB	2023-03-07	2024-04-17
Pretty URL express-redelivery.info.gf/public/js/app.js IP 94.103.188.42 ASN #200019 Alexhost Srl Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:06:51 Last Seen2024-04-17 08:04:36 Times Seen13729 Hash fd900f643203761f2eeca2132fc15f1d 375f23ca9ad75b647373bda03b02e2d0f6e729be 399e233cea4e5468820e5c5f98ddbb156de729983710cf576a6508f076326c68 Loading...

	express-redelivery.info.gf/public/PtrpG1AkyHMGqGx3IQy7jPI9RFbTeMZR	391 B	2023-03-07	2024-04-17
Pretty URL express-redelivery.info.gf/public/PtrpG1AkyHMGqGx3IQy7jPI9RFbTeMZR IP 94.103.188.42 ASN #200019 Alexhost Srl Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:20:33 Last Seen2024-04-17 08:04:36 Times Seen7237 Hash c890bb901ff0030837b3565d30db7cc2 88b46d77f0fce8c23c77fcc2c125c210c7fce3c2 5618690ba2bc408543ac11bffc4d30f178e7c9fcd9482133469385d747981779 Loading...

	express-redelivery.info.gf/public/PtrpG1AkyHMGqGx3IQy7jPI9RFbTeMZR	499 B	2023-03-14	2023-03-14
Pretty URL express-redelivery.info.gf/public/PtrpG1AkyHMGqGx3IQy7jPI9RFbTeMZR IP 94.103.188.42 ASN #200019 Alexhost Srl Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 17:01:00 Last Seen2023-03-14 17:01:00 Times Seen1 Hash a9ba0dcea6d4ab4a44435514d78f11a5 39a136beba1b295bd3845d602bb63ecaf5e58d8f bd452ed97c9f95325655b50c2b5d9065410eab8f92561d47dd2f988f9c132f7a Loading...

	static.hotjar.com/c/hotjar-2895475.js?sv=6	8.7 kB	2023-03-14	2023-03-14
Pretty URL static.hotjar.com/c/hotjar-2895475.js?sv=6 IP 143.204.55.37 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 17:00:53 Last Seen2023-03-14 17:01:00 Times Seen1 Hash 686ab4333d3a396e6f00b0fdba2b7e0e 1ebe8184a2962e9b4d99ed850aa37bd7d18f9e87 f97342ec31162b30d2867d4b48f764ef1550d1dab9cf24ce593c0bf1e4b2cd97 Loading...

	express-redelivery.info.gf/public/	215 B	2023-03-07	2024-04-17
Pretty URL express-redelivery.info.gf/public/ IP 94.103.188.42 ASN #200019 Alexhost Srl Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:20:33 Last Seen2024-04-17 08:04:36 Times Seen9534 Hash 19d003664195690a4bac0900372478e4 dcc88af518379f0793777be014231b322df0edf3 cdbb7ab30297d50ee74d49f97fe7cf040dd013c103ef5a13c0bbc53003b64d6d Loading...

	kit.fontawesome.com/f7165dd215.js	11 kB	2023-03-13	2023-03-29
Pretty URL kit.fontawesome.com/f7165dd215.js IP 104.18.22.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:11:58 Last Seen2023-03-29 23:19:09 Times Seen1861 Hash cb2197ac7dc7216c060e76bab3ed3eb4 145cbf926ae676532e9c4c9afcea2d2c7c460ecb 3781276c947446303f95592499e641929c792c682fcfc73b390184963b4adc36 Loading...

	express-redelivery.info.gf/public/PtrpG1AkyHMGqGx3IQy7jPI9RFbTeMZR	551 B	2023-03-14	2023-03-14
Pretty URL express-redelivery.info.gf/public/PtrpG1AkyHMGqGx3IQy7jPI9RFbTeMZR IP 94.103.188.42 ASN #200019 Alexhost Srl Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 17:01:00 Last Seen2023-03-14 17:01:00 Times Seen1 Hash 8e272d217a2408b76e68524d8ae17ad9 e076729cdd619c8c69e59cc547ce5a47ba6f2dbe 2a16b621d6403d76d6098854a9f42d455eda765b72fe68a5570a231026e44501 Loading...

HTTP Transactions (54)

URL IP Response Size

express-redelivery.info.gf/public/hKLxeb0Ij1SzSy3RSMVS0YIlNrgpnHE3

94.103.188.42

301 Moved Permanently

162 B

URL HTTP/1.1
express-redelivery.info.gf/public/hKLxeb0Ij1SzSy3RSMVS0YIlNrgpnHE3
IP
94.103.188.42:0
ASN
#200019 Alexhost Srl

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.info .gf Domain

HTTP Headers

GET /public/hKLxeb0Ij1SzSy3RSMVS0YIlNrgpnHE3 HTTP/1.1
Host: express-redelivery.info.gf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 03 Mar 2023 03:37:27 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://express-redelivery.info.gf/public/hKLxeb0Ij1SzSy3RSMVS0YIlNrgpnHE3

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a39c6b0123e56e5b89743a8ad25c746e
feb61559594a73b319532dec130f10068fdf1242
d1adf9c8c7e63c33674a6af4b4111fe0ce1092d362ca4bf7c7dd00e6b6034f09

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D1ADF9C8C7E63C33674A6AF4B4111FE0CE1092D362CA4BF7C7DD00E6B6034F09"
Last-Modified: Thu, 02 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11297
Expires: Fri, 03 Mar 2023 06:45:44 GMT
Date: Fri, 03 Mar 2023 03:37:27 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
96abc4d0be3e74da1484937a66c5ff39
357520bead07e25b52d4ca0c0c69db60cfaa0d7c
32c544ef8b8a3faaf08bdb76f8a387510037dfc15a022fd59457cf45215a6ba8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "32C544EF8B8A3FAAF08BDB76F8A387510037DFC15A022FD59457CF45215A6BA8"
Last-Modified: Thu, 02 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2559
Expires: Fri, 03 Mar 2023 04:20:06 GMT
Date: Fri, 03 Mar 2023 03:37:27 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bc86ef2a0cee04915bc360f5821adc8f
3658f9028cce204d38f7f48fcfaa2a8e4f54383a
aeecd718d03811322457de4f20828bdba86b277e7e0e328cae9c0a8075638454

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Type, Retry-After, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 03 Mar 2023 03:08:14 GMT
content-type: application/json
age: 1753
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e4e8aac6a39cada76c87582702f7c378
0260b5087dc89bc06032583627bc84109646561e
de8102626e7960652e844be721ec8336927886d18957a52474e4bc31a7c1a83b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DE8102626E7960652E844BE721EC8336927886D18957A52474E4BC31A7C1A83B"
Last-Modified: Thu, 02 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14502
Expires: Fri, 03 Mar 2023 07:39:09 GMT
Date: Fri, 03 Mar 2023 03:37:27 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
b5ba6334e73496995e3e3a9ecd0eb323
ad80d3b7718c28364e8c2004fb38a13a1747e462
aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: F5UTxVCCbfKwz7AyzC+GvWD/hYQUW+NxxzeT3E0fEVHjHEiE7J/DrKHqDyDhmkeRmk69B3fyZgw=
x-amz-request-id: S3SAW3TWMJ9C1D0X
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 03 Mar 2023 03:15:40 GMT
age: 1307
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 03 Mar 2023 03:37:28 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
45df49d8e010551ad7fe94c806c3fef9
d75fc046dddf413ee3d2c16131013f68f4e8cf24
15c99f686298992972f6c6a087cbedfd58d08352f5948f0d4e41b608b1632914

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "15C99F686298992972F6C6A087CBEDFD58D08352F5948F0D4E41B608B1632914"
Last-Modified: Wed, 01 Mar 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Fri, 03 Mar 2023 09:37:28 GMT
Date: Fri, 03 Mar 2023 03:37:28 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Retry-After, Alert, Content-Length, Backoff, ETag, Content-Type, Cache-Control, Last-Modified, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 03 Mar 2023 03:03:36 GMT
age: 2032
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
51e95d61b93964116033d39ca29d8e87
f4b94d787ce49da21c28fe7853b1a85d2b9494dc
083c886afce548aad4f54caa7f7766e38d9376d55077d4072dbddbdafa086f85

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "083C886AFCE548AAD4F54CAA7F7766E38D9376D55077D4072DBDDBDAFA086F85"
Last-Modified: Thu, 02 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12607
Expires: Fri, 03 Mar 2023 07:07:35 GMT
Date: Fri, 03 Mar 2023 03:37:28 GMT
Connection: keep-alive

express-redelivery.info.gf/public/hKLxeb0Ij1SzSy3RSMVS0YIlNrgpnHE3

94.103.188.42

302 Found

737 B

URL HTTP/2
express-redelivery.info.gf/public/hKLxeb0Ij1SzSy3RSMVS0YIlNrgpnHE3
IP
94.103.188.42:0
ASN
#200019 Alexhost Srl

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
737 B (737 bytes)
Hash
eff44aa50b00482921014021140f9cec
094bc666ab3c3711c700db7df109262bc0c106f0
21af15c59956ccc224857e7384a2a68f9aac107cd76e4b6c8f4c0d3c428d560b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.info .gf Domain

HTTP Headers

GET /public/hKLxeb0Ij1SzSy3RSMVS0YIlNrgpnHE3 HTTP/1.1
Host: express-redelivery.info.gf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 302 Found
server: nginx
date: Fri, 03 Mar 2023 03:37:28 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6IlNFeXlzdTZ4YmZEdWlvTWRVOUkzNmc9PSIsInZhbHVlIjoiU3ExOXhOS3ViMkcvcGJJQllySFZiTVdlZ3hjZHdqOXFvWmkrd0pUWnJSbG5ZWk45WVRBSWZpZ21vajd1OG84NG01R3VDQ2JnSHIwL0NocTJrbFZPSTFTd2NWME5YRFBWUXh3emNjZFFZNFh5Y1VCOXRmQkVmTWxmM1p5enE5WWkiLCJtYWMiOiI4Mzc3OWVlOGRlY2MyYzUxYWIwNjQyZjQwNzQ3YTAyYzQzNTE1ZDZkZmUxYWVmZGY0NTk4NThmYjNjYjRjZDU5IiwidGFnIjoiIn0%3D; expires=Fri, 03-Mar-2023 05:37:28 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6IkFoZnlRZUhWQjBqYTg2Tk1RNk5xUXc9PSIsInZhbHVlIjoidWo5NEtLTFJ0S3RlYkxYSC9xNExGaFltakRoMDlZR3pLcElSeW9wQ0hzaWdjNDdsZDd6VTNPV2RCRzllbTJjSyttWTh6OEk2TG9qY1Bnb2pmd2ZjcDkvc0pnQ3VKL01CSlo2TlQ2cVR5RXY1ZGdVMkZjbnVuM2kvdnlONFhwT2oiLCJtYWMiOiJlZGRmNDM5OTM0NTVjM2ZiYWU5YjA1NzJlYjIwODk5Y2Y1MDIxMmY3ZTQ3OTRmMDY3Yjg2M2ZmZGIwNmZiMmU5IiwidGFnIjoiIn0%3D; expires=Fri, 03-Mar-2023 05:37:28 GMT; Max-Age=7200; path=/; httponly; samesite=lax
location: https://express-redelivery.info.gf/public
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2

push.services.mozilla.com/

35.155.255.170

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.155.255.170:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: PLCNjlHndEwiIu0o+ZGYbg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 93R6gJ59ynLfP9VfoJtnvj1tqAk=

express-redelivery.info.gf/public/

94.103.188.42

200 OK

348 B

URL HTTP/2
express-redelivery.info.gf/public/
IP
94.103.188.42:0
ASN
#200019 Alexhost Srl

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text
Size
348 B (348 bytes)
Hash
3932cf39f61a1dd16496614bc0ef8eee
996cac7e8f5956ffc794fcdaf7c8e828d4a07c04
f2163d98e6428c6377aa84db44a3e80c4a95778cd5c93afc177d576fbaf1175a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /public/ HTTP/1.1
Host: express-redelivery.info.gf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlNFeXlzdTZ4YmZEdWlvTWRVOUkzNmc9PSIsInZhbHVlIjoiU3ExOXhOS3ViMkcvcGJJQllySFZiTVdlZ3hjZHdqOXFvWmkrd0pUWnJSbG5ZWk45WVRBSWZpZ21vajd1OG84NG01R3VDQ2JnSHIwL0NocTJrbFZPSTFTd2NWME5YRFBWUXh3emNjZFFZNFh5Y1VCOXRmQkVmTWxmM1p5enE5WWkiLCJtYWMiOiI4Mzc3OWVlOGRlY2MyYzUxYWIwNjQyZjQwNzQ3YTAyYzQzNTE1ZDZkZmUxYWVmZGY0NTk4NThmYjNjYjRjZDU5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkFoZnlRZUhWQjBqYTg2Tk1RNk5xUXc9PSIsInZhbHVlIjoidWo5NEtLTFJ0S3RlYkxYSC9xNExGaFltakRoMDlZR3pLcElSeW9wQ0hzaWdjNDdsZDd6VTNPV2RCRzllbTJjSyttWTh6OEk2TG9qY1Bnb2pmd2ZjcDkvc0pnQ3VKL01CSlo2TlQ2cVR5RXY1ZGdVMkZjbnVuM2kvdnlONFhwT2oiLCJtYWMiOiJlZGRmNDM5OTM0NTVjM2ZiYWU5YjA1NzJlYjIwODk5Y2Y1MDIxMmY3ZTQ3OTRmMDY3Yjg2M2ZmZGIwNmZiMmU5IiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Mar 2023 03:37:30 GMT
content-type: text/html; charset=UTF-8
content-length: 348
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6IlVSemhvdmNXWnBTcWVMTmNGNDg2cFE9PSIsInZhbHVlIjoiWGNaaFg3ZHRMaVBvVU1HM0xveHFMdXFVZC9Eak03Um1VcUhRNnUyYXFqaldKM3hxUmpTWE9ieUJwSlY5ZFlaNk1kWHNPMGRkUEJ0K2xMdS8zUG1DMjdOREVDeHFnV0g4cG1ZYjNJSk8zN3dWcytXTE55TmRwcFZUbm1ab2hyWXAiLCJtYWMiOiJlMDY4YjMzOGMwZDUxMTlmNmI4NGFjZjU2ZTk5OWI2MWJjMmI3OTgyZGU4NTI5NDA4MDM4OWU2MjQxMWUyNGUwIiwidGFnIjoiIn0%3D; expires=Fri, 03-Mar-2023 05:37:30 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6ImUvZ2M1bUdFKzlXbXg0azhUcjV0NlE9PSIsInZhbHVlIjoiOU1tYzVkSTVwbmYvSWttSkdEcS9wWFVTWDhJcDZpRm5JTVJ6RG90Z0ErMWNpRTZVaXU2SktiamhKcDZiWHh0QVV2aVlVVzFrWFl6dW5IVkxkeWphMWZ2ZVJqREg1UktXamc2NVQzeUNHZzZrMng3WWlFWUtDNThKR28xOVZkWHYiLCJtYWMiOiI3ZjY0YzJmNmMzYjZhNGRlNmMzMmVkMTZkODYyNDRhYjMzNzM5ZDYxMmY5YTY1ZWU2ZTk5ZTFhY2M1YzY0ODgyIiwidGFnIjoiIn0%3D; expires=Fri, 03-Mar-2023 05:37:30 GMT; Max-Age=7200; path=/; httponly; samesite=lax
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
16d5f84e59c07ed63d44e8f2b7fb7cdd
13d26cbcc3521c23110ecda9c38b5330de7f82d1
91aa320b6d0d19587bc36ae8c88457428fed9ab91e18031a5d9a30c49654069e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91AA320B6D0D19587BC36AE8C88457428FED9AB91E18031A5D9A30C49654069E"
Last-Modified: Thu, 02 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7002
Expires: Fri, 03 Mar 2023 05:34:12 GMT
Date: Fri, 03 Mar 2023 03:37:30 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
16d5f84e59c07ed63d44e8f2b7fb7cdd
13d26cbcc3521c23110ecda9c38b5330de7f82d1
91aa320b6d0d19587bc36ae8c88457428fed9ab91e18031a5d9a30c49654069e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91AA320B6D0D19587BC36AE8C88457428FED9AB91E18031A5D9A30C49654069E"
Last-Modified: Thu, 02 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7002
Expires: Fri, 03 Mar 2023 05:34:12 GMT
Date: Fri, 03 Mar 2023 03:37:30 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
16d5f84e59c07ed63d44e8f2b7fb7cdd
13d26cbcc3521c23110ecda9c38b5330de7f82d1
91aa320b6d0d19587bc36ae8c88457428fed9ab91e18031a5d9a30c49654069e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91AA320B6D0D19587BC36AE8C88457428FED9AB91E18031A5D9A30C49654069E"
Last-Modified: Thu, 02 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7002
Expires: Fri, 03 Mar 2023 05:34:12 GMT
Date: Fri, 03 Mar 2023 03:37:30 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
16d5f84e59c07ed63d44e8f2b7fb7cdd
13d26cbcc3521c23110ecda9c38b5330de7f82d1
91aa320b6d0d19587bc36ae8c88457428fed9ab91e18031a5d9a30c49654069e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91AA320B6D0D19587BC36AE8C88457428FED9AB91E18031A5D9A30C49654069E"
Last-Modified: Thu, 02 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7002
Expires: Fri, 03 Mar 2023 05:34:12 GMT
Date: Fri, 03 Mar 2023 03:37:30 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cb94071-e9a3-41a5-a749-2673fe94c69d.jpeg

34.120.237.76

200 OK

9.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cb94071-e9a3-41a5-a749-2673fe94c69d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.8 kB (9807 bytes)
Hash
0434a796c70c1df5c82845eb5b19b8cb
0c84cf11487867cc6b9f955b12de4d6199804e4d
c43e2da686b91d44e8a619413c5439973246ce31722745d96c0a6a6286dad155

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cb94071-e9a3-41a5-a749-2673fe94c69d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9807
x-amzn-requestid: f855150d-9f03-40a3-a425-0704a4334db1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BLC6uFzSoAMFzWQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64011844-3db631d0459704b904a0701a;Sampled=0
x-amzn-remapped-date: Thu, 02 Mar 2023 21:42:28 GMT
x-amz-cf-pop: HIO50-C1, YVR50-C1
x-cache: Hit from cloudfront
x-amz-cf-id: dx5LohAarY33i0QOrqHSuzTOGoN5if6-pqPMn_8_FO3bMK-eCjJpDg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 9c335c5f85533b11cbfd38dc7cc60c16.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Mar 2023 22:14:40 GMT
age: 19370
etag: "0c84cf11487867cc6b9f955b12de4d6199804e4d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F57845ac1-459a-4836-9309-4bddb52714d4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10228 bytes)
Hash
9ac3b17d41f3f579f5494666b7326c4e
d9cceb1c8d1830f9630a8aaa12eb990156173612
7478afe0ecf23655253cfb105dac66c7bf1b9665ba994c4fc06d0bda5e655389

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F57845ac1-459a-4836-9309-4bddb52714d4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10228
x-amzn-requestid: dbe16993-4b2a-4cac-8c87-26d3bfbeb54a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BLCytF24oAMFpkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64011811-74326cba46f6b443699fc3dd;Sampled=0
x-amzn-remapped-date: Thu, 02 Mar 2023 21:41:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: NjGvi4CqS2LdBg_jgSF0-EZHd4vnAwUmTS7FnP9T0pQ7RLq8Zmk11w==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 58b8655e3ea662bad02cac6b9d4c88ba.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Mar 2023 21:58:13 GMT
age: 20357
etag: "d9cceb1c8d1830f9630a8aaa12eb990156173612"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
16d5f84e59c07ed63d44e8f2b7fb7cdd
13d26cbcc3521c23110ecda9c38b5330de7f82d1
91aa320b6d0d19587bc36ae8c88457428fed9ab91e18031a5d9a30c49654069e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91AA320B6D0D19587BC36AE8C88457428FED9AB91E18031A5D9A30C49654069E"
Last-Modified: Thu, 02 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7002
Expires: Fri, 03 Mar 2023 05:34:12 GMT
Date: Fri, 03 Mar 2023 03:37:30 GMT
Connection: keep-alive

34.120.237.76

200 OK

6.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F142afab8-245d-47f2-9375-00c43e953ed4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.4 kB (6352 bytes)
Hash
b8e4c501c2aa0991ee38e25b6ff31c28
4adb2fda70cc5a6a57276d48e8b7607a6f3349dc
8e1afc626b922da51adeac343e97d11c63d77f34ec07b5de4e7ab9ea9f355de9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F142afab8-245d-47f2-9375-00c43e953ed4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6352
x-amzn-requestid: ad3801fa-e1ab-4c78-b5f7-b6c2e7403fd8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: A0umvHAHIAMFoNA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f82af7-4656fe5b0d3d721c4f1e145e;Sampled=0
x-amzn-remapped-date: Fri, 24 Feb 2023 03:11:51 GMT
x-amz-cf-pop: YVR50-C1
x-cache: Hit from cloudfront
x-amz-cf-id: skP6kkFyhN_5LzOjpRMy-_Lnl-bQRmUbbD8R3MKsoRdMr2vzMShtDQ==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 f83d0d4febf7c22c3236bd42fa6dcd96.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Mar 2023 22:15:47 GMT
age: 19303
etag: "4adb2fda70cc5a6a57276d48e8b7607a6f3349dc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc81172d5-849a-4947-895d-7b645a656f98.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.0 kB (9043 bytes)
Hash
4c627140fb587a52035e07a0e4849aa4
0fda39fd9db63f210a73fe14d6cb445d877303f1
ef144a10c04afa87fe3ae0c30906495f42b87678d6a5bab9ac934e8425d8ced3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc81172d5-849a-4947-895d-7b645a656f98.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9043
x-amzn-requestid: b198e6ac-b731-4300-ba73-0dae7c426334
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BLC6CHbBIAMF59w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6401183f-4e716af671ac66683937eaca;Sampled=0
x-amzn-remapped-date: Thu, 02 Mar 2023 21:42:23 GMT
x-amz-cf-pop: HIO50-C1, YVR50-C1
x-cache: Hit from cloudfront
x-amz-cf-id: knLOY1TnJUV4G5JGbFN96KbF_HOGaLh_HbnHdh3FbIlZI-KUBitLZQ==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 7f5c6f79ed16052a7a2f78b6025bcf5e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Mar 2023 22:15:58 GMT
age: 19292
etag: "0fda39fd9db63f210a73fe14d6cb445d877303f1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc81f41a1-e06f-48d1-b68e-4bb3d4b6e3e1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.9 kB (8856 bytes)
Hash
23420af4376fc0c1e008c153be1f837e
eadec09293074d9ec43ed34f4eaeb2fc97a849a1
09c55f94f17c4ed54c46db00d5a11c1d4bc0671158590a1df23a7bae20ef98a7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc81f41a1-e06f-48d1-b68e-4bb3d4b6e3e1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8856
x-amzn-requestid: 138931ad-921b-43a0-a746-138ee9b0db11
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: A73tPFeqoAMF5Fw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63fb0654-6c0ce78f2d71ec3d3979d835;Sampled=0
x-amzn-remapped-date: Sun, 26 Feb 2023 07:12:20 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: cSeX4WngFD92UkAxPE4HYJyzbJ1aEIhxZY0T8r7XraUMcL499vs4ng==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 ae06b19943a6bad1c1b12b79f7339498.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Mar 2023 03:12:47 GMT
age: 1483
etag: "eadec09293074d9ec43ed34f4eaeb2fc97a849a1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2d266afb-8a75-4202-9be6-099d0b7c3d7b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.7 kB (9716 bytes)
Hash
c287adc5d1a8a0815f7b13ed61bb0159
53dff0f2d0e809291262e966b40d98d55dc7749e
be1b80ac8e61b83e1a13a6b3930596ce77a34dddff6ddbf1dd457454715bdb0c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2d266afb-8a75-4202-9be6-099d0b7c3d7b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9716
x-amzn-requestid: 1d7b2352-5780-483d-90a0-13bf511712fb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BLCyuHC-IAMFiHQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64011811-65e7831a6c1516231009dc51;Sampled=0
x-amzn-remapped-date: Thu, 02 Mar 2023 21:41:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: v4cjcZlw3GA9Ccm0Vo24kPJPkUrgqqUtB4YP4ytbqNSap1X0CAt9Rw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 6af3b573d8970d5db2a4d03354335b84.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Mar 2023 21:58:13 GMT
etag: "53dff0f2d0e809291262e966b40d98d55dc7749e"
content-type: image/jpeg
age: 20357
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

express-redelivery.info.gf/PtrpG1AkyHMGqGx3IQy7jPI9RFbTeMZR/

94.103.188.42

301 Moved Permanently

359 B

URL HTTP/2
express-redelivery.info.gf/PtrpG1AkyHMGqGx3IQy7jPI9RFbTeMZR/
IP
94.103.188.42:0
ASN
#200019 Alexhost Srl

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
359 B (359 bytes)
Hash
acb7cdd67668cd7d081d114810e38b26
85cfd60ea779b19f329143c9cae8406efe52fb27
d429d961810718d376a8c921e67a25b98620f0995b2d71b2af07221b4e3a0095

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /PtrpG1AkyHMGqGx3IQy7jPI9RFbTeMZR/ HTTP/1.1
Host: express-redelivery.info.gf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://express-redelivery.info.gf/public/
Cookie: XSRF-TOKEN=eyJpdiI6IlVSemhvdmNXWnBTcWVMTmNGNDg2cFE9PSIsInZhbHVlIjoiWGNaaFg3ZHRMaVBvVU1HM0xveHFMdXFVZC9Eak03Um1VcUhRNnUyYXFqaldKM3hxUmpTWE9ieUJwSlY5ZFlaNk1kWHNPMGRkUEJ0K2xMdS8zUG1DMjdOREVDeHFnV0g4cG1ZYjNJSk8zN3dWcytXTE55TmRwcFZUbm1ab2hyWXAiLCJtYWMiOiJlMDY4YjMzOGMwZDUxMTlmNmI4NGFjZjU2ZTk5OWI2MWJjMmI3OTgyZGU4NTI5NDA4MDM4OWU2MjQxMWUyNGUwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImUvZ2M1bUdFKzlXbXg0azhUcjV0NlE9PSIsInZhbHVlIjoiOU1tYzVkSTVwbmYvSWttSkdEcS9wWFVTWDhJcDZpRm5JTVJ6RG90Z0ErMWNpRTZVaXU2SktiamhKcDZiWHh0QVV2aVlVVzFrWFl6dW5IVkxkeWphMWZ2ZVJqREg1UktXamc2NVQzeUNHZzZrMng3WWlFWUtDNThKR28xOVZkWHYiLCJtYWMiOiI3ZjY0YzJmNmMzYjZhNGRlNmMzMmVkMTZkODYyNDRhYjMzNzM5ZDYxMmY5YTY1ZWU2ZTk5ZTFhY2M1YzY0ODgyIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 03 Mar 2023 03:37:30 GMT
content-type: text/html; charset=iso-8859-1
content-length: 359
location: https://express-redelivery.info.gf/public/PtrpG1AkyHMGqGx3IQy7jPI9RFbTeMZR
x-powered-by: PleskLin
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

104.17.25.14

200 OK

5.6 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (30837)
Size
5.6 kB (5631 bytes)
Hash
109d1ed85cd01f9cdab73a4cac5bf80d
d6c6498ad46de2d8e2008a8ff68e364ae7f16b32
8b3a74fe462f5b3c0635995fd721a60eb640e237680b0b532b96711f2823e8bc

HTTP Headers

GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://express-redelivery.info.gf/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 03 Mar 2023 03:37:31 GMT
content-type: text/css; charset=utf-8
content-length: 5631
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-7918"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 214329
expires: Wed, 21 Feb 2024 03:37:31 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4Wr9QGVtTOJs25lTLnph7ioZ3cLk5NDmvs0BPw3cd8lmq5%2F1IdLTSBu9x3m2luo66kydS1Yx40TiBTNgtjoLhU4A9yr8TyDuaWerXy9bgprwYV9AONnAN5vhyxePbXL7aYdGW%2Bzu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7a1ed76389e8b4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

express-redelivery.info.gf/public/PtrpG1AkyHMGqGx3IQy7jPI9RFbTeMZR

94.103.188.42

200 OK

15 kB

URL HTTP/2
express-redelivery.info.gf/public/PtrpG1AkyHMGqGx3IQy7jPI9RFbTeMZR
IP
94.103.188.42:0
ASN
#200019 Alexhost Srl

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- assembler source text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (39884)
Size
15 kB (14624 bytes)
Hash
723cdf73a2a0c3bac2fbc728e6678831
cc236e3bc90395cd8a33e081a8b88621116b9716
18febced39f924b3290f1a2c642a69e1d1f2bf84a45116764cdb30a0f7732c18

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /public/PtrpG1AkyHMGqGx3IQy7jPI9RFbTeMZR HTTP/1.1
Host: express-redelivery.info.gf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://express-redelivery.info.gf/public/
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlVSemhvdmNXWnBTcWVMTmNGNDg2cFE9PSIsInZhbHVlIjoiWGNaaFg3ZHRMaVBvVU1HM0xveHFMdXFVZC9Eak03Um1VcUhRNnUyYXFqaldKM3hxUmpTWE9ieUJwSlY5ZFlaNk1kWHNPMGRkUEJ0K2xMdS8zUG1DMjdOREVDeHFnV0g4cG1ZYjNJSk8zN3dWcytXTE55TmRwcFZUbm1ab2hyWXAiLCJtYWMiOiJlMDY4YjMzOGMwZDUxMTlmNmI4NGFjZjU2ZTk5OWI2MWJjMmI3OTgyZGU4NTI5NDA4MDM4OWU2MjQxMWUyNGUwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImUvZ2M1bUdFKzlXbXg0azhUcjV0NlE9PSIsInZhbHVlIjoiOU1tYzVkSTVwbmYvSWttSkdEcS9wWFVTWDhJcDZpRm5JTVJ6RG90Z0ErMWNpRTZVaXU2SktiamhKcDZiWHh0QVV2aVlVVzFrWFl6dW5IVkxkeWphMWZ2ZVJqREg1UktXamc2NVQzeUNHZzZrMng3WWlFWUtDNThKR28xOVZkWHYiLCJtYWMiOiI3ZjY0YzJmNmMzYjZhNGRlNmMzMmVkMTZkODYyNDRhYjMzNzM5ZDYxMmY5YTY1ZWU2ZTk5ZTFhY2M1YzY0ODgyIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Mar 2023 03:37:31 GMT
content-type: text/html; charset=UTF-8
content-length: 14624
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6InhoRGNUSk1EcWV3Q2JCbllLSVlycnc9PSIsInZhbHVlIjoicGhxcnNOazNVNnlLcGxkY1h4akVHc0JzeEVnWFFGOEF1OVduZnc2TzAzTzZKUmVUMVVMZTNITmJPWHNxamlmbHNjby8wSHhHdlFaYXNlUkxXWURjSEpLTzhLWDBDTktLWVJVMlVjWVc0dEJtd2U2ZnBiY00vOEE2ck1HUXozWHIiLCJtYWMiOiI4ZmRkM2M0YjU5YWJjN2IzY2M0MGQ2MGMzY2UxMTM4ZTM4MTA0YmUzMDg2MjIxYmZmYmI4NzU0YzNlNGZjODA2IiwidGFnIjoiIn0%3D; expires=Fri, 03-Mar-2023 05:37:31 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6IlpYU1R4ODhubHdSWVZqRFJJSjM1Tmc9PSIsInZhbHVlIjoiWkFuTDdRWFVjZmRYZmNhWlpGOFM4aGJXUkloR0Q3azhuOVh2UlNsVEoycUtuNmFWRUNLbUZrK3lBdkwvc1VWeU5OTitNVE1MRCszVVZyd1d4Uy9pYzZsakliMkdxWGdoVXUrMmFNRnZxZFNjUE1wZDMrajZ2dnMxbGMzbEh0SHQiLCJtYWMiOiI0MTA5MDBjMjlhNDc3MzhkMGFiYjMxNGNmZGRiZDY2ZGQwZTRlNjZjMmNkZmExYzY4MGFjZjNiMGI1MDg3NzA5IiwidGFnIjoiIn0%3D; expires=Fri, 03-Mar-2023 05:37:31 GMT; Max-Age=7200; path=/; httponly; samesite=lax
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2

ocsp.digicert.com/

192.229.221.95

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
192.229.221.95:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
c2ffb22b48527928fe42bdadb4701841
ce132c720988eae117c448b24a9846c9cf792b85
b936f7b76ee2d66db9aaba6342a46cf214f4415ef589d4576c8464ed2c4f1cb3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 32881
Cache-Control: max-age=156322
Content-Type: application/ocsp-response
Date: Fri, 03 Mar 2023 03:37:31 GMT
Etag: "6400aaac-117"
Expires: Sat, 04 Mar 2023 23:02:53 GMT
Last-Modified: Thu, 02 Mar 2023 13:54:52 GMT
Server: ECAcc (ska/F7A5)
X-Cache: HIT
Content-Length: 279

ocsp.digicert.com/

192.229.221.95

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
192.229.221.95:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
f9519cf463ff1b63999f3e3c7f81d429
0d10fa9aa7936f9cf396d3a9a10e9e3539135b64
5fb6840de0a6e7bbb42b48a5ddb721599d91e302253843f497fc65ea7157b91c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 48608
Cache-Control: max-age=86402
Content-Type: application/ocsp-response
Date: Fri, 03 Mar 2023 03:37:31 GMT
Etag: "63ff5c1d-118"
Expires: Sat, 04 Mar 2023 03:37:33 GMT
Last-Modified: Wed, 01 Mar 2023 14:07:25 GMT
Server: ECAcc (ska/F775)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

192.229.221.95

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
192.229.221.95:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
f9519cf463ff1b63999f3e3c7f81d429
0d10fa9aa7936f9cf396d3a9a10e9e3539135b64
5fb6840de0a6e7bbb42b48a5ddb721599d91e302253843f497fc65ea7157b91c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 119491
Cache-Control: max-age=157285
Content-Type: application/ocsp-response
Date: Fri, 03 Mar 2023 03:37:31 GMT
Etag: "63ff5c1d-118"
Expires: Sat, 04 Mar 2023 23:18:56 GMT
Last-Modified: Wed, 01 Mar 2023 14:07:25 GMT
Server: ECAcc (ska/F6D2)
X-Cache: HIT
Content-Length: 280

express-redelivery.info.gf/images/all.png

94.103.188.42

200 OK

12 kB

URL HTTP/2
express-redelivery.info.gf/images/all.png
IP
94.103.188.42:0
ASN
#200019 Alexhost Srl

File type
PNG image data, 123 x 84, 8-bit/color RGBA, non-interlaced\012- data
Size
12 kB (12499 bytes)
Hash
2cb0b7f615faf2deb9ec6f53d3149a3b
694a2c881c83e2ab86365bf1d16302ac5b9d500f
c1d5409eecb402a99f10718b06c266ba314d9e25f0b56c6fd063699334b8be6d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /images/all.png HTTP/1.1
Host: express-redelivery.info.gf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://express-redelivery.info.gf/public/PtrpG1AkyHMGqGx3IQy7jPI9RFbTeMZR
Cookie: XSRF-TOKEN=eyJpdiI6InhoRGNUSk1EcWV3Q2JCbllLSVlycnc9PSIsInZhbHVlIjoicGhxcnNOazNVNnlLcGxkY1h4akVHc0JzeEVnWFFGOEF1OVduZnc2TzAzTzZKUmVUMVVMZTNITmJPWHNxamlmbHNjby8wSHhHdlFaYXNlUkxXWURjSEpLTzhLWDBDTktLWVJVMlVjWVc0dEJtd2U2ZnBiY00vOEE2ck1HUXozWHIiLCJtYWMiOiI4ZmRkM2M0YjU5YWJjN2IzY2M0MGQ2MGMzY2UxMTM4ZTM4MTA0YmUzMDg2MjIxYmZmYmI4NzU0YzNlNGZjODA2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlpYU1R4ODhubHdSWVZqRFJJSjM1Tmc9PSIsInZhbHVlIjoiWkFuTDdRWFVjZmRYZmNhWlpGOFM4aGJXUkloR0Q3azhuOVh2UlNsVEoycUtuNmFWRUNLbUZrK3lBdkwvc1VWeU5OTitNVE1MRCszVVZyd1d4Uy9pYzZsakliMkdxWGdoVXUrMmFNRnZxZFNjUE1wZDMrajZ2dnMxbGMzbEh0SHQiLCJtYWMiOiI0MTA5MDBjMjlhNDc3MzhkMGFiYjMxNGNmZGRiZDY2ZGQwZTRlNjZjMmNkZmExYzY4MGFjZjNiMGI1MDg3NzA5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Mar 2023 03:37:31 GMT
content-type: image/png
content-length: 12499
last-modified: Sun, 17 Apr 2022 13:24:34 GMT
etag: "30d3-5dcd99081e880"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2

express-redelivery.info.gf/images/logo.png

94.103.188.42

200 OK

2.0 kB

URL HTTP/2
express-redelivery.info.gf/images/logo.png
IP
94.103.188.42:0
ASN
#200019 Alexhost Srl

File type
PNG image data, 214 x 20, 8-bit/color RGBA, non-interlaced\012- data
Size
2.0 kB (1998 bytes)
Hash
5d14ab93691604e826e1319d53599eb9
78724360e9d25da584445b851e37bca05abe6b85
3f0c62b5ccdcdbf3b3ae3885f1e6959e2d937eba9b29dea9a6bdb98788041756

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /images/logo.png HTTP/1.1
Host: express-redelivery.info.gf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://express-redelivery.info.gf/public/PtrpG1AkyHMGqGx3IQy7jPI9RFbTeMZR
Cookie: XSRF-TOKEN=eyJpdiI6InhoRGNUSk1EcWV3Q2JCbllLSVlycnc9PSIsInZhbHVlIjoicGhxcnNOazNVNnlLcGxkY1h4akVHc0JzeEVnWFFGOEF1OVduZnc2TzAzTzZKUmVUMVVMZTNITmJPWHNxamlmbHNjby8wSHhHdlFaYXNlUkxXWURjSEpLTzhLWDBDTktLWVJVMlVjWVc0dEJtd2U2ZnBiY00vOEE2ck1HUXozWHIiLCJtYWMiOiI4ZmRkM2M0YjU5YWJjN2IzY2M0MGQ2MGMzY2UxMTM4ZTM4MTA0YmUzMDg2MjIxYmZmYmI4NzU0YzNlNGZjODA2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlpYU1R4ODhubHdSWVZqRFJJSjM1Tmc9PSIsInZhbHVlIjoiWkFuTDdRWFVjZmRYZmNhWlpGOFM4aGJXUkloR0Q3azhuOVh2UlNsVEoycUtuNmFWRUNLbUZrK3lBdkwvc1VWeU5OTitNVE1MRCszVVZyd1d4Uy9pYzZsakliMkdxWGdoVXUrMmFNRnZxZFNjUE1wZDMrajZ2dnMxbGMzbEh0SHQiLCJtYWMiOiI0MTA5MDBjMjlhNDc3MzhkMGFiYjMxNGNmZGRiZDY2ZGQwZTRlNjZjMmNkZmExYzY4MGFjZjNiMGI1MDg3NzA5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Mar 2023 03:37:31 GMT
content-type: image/png
content-length: 1998
last-modified: Sun, 17 Apr 2022 13:24:00 GMT
etag: "7ce-5dcd98e7b1c00"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2

ocsp.digicert.com/

192.229.221.95

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
192.229.221.95:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
f9519cf463ff1b63999f3e3c7f81d429
0d10fa9aa7936f9cf396d3a9a10e9e3539135b64
5fb6840de0a6e7bbb42b48a5ddb721599d91e302253843f497fc65ea7157b91c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 119491
Cache-Control: max-age=157285
Content-Type: application/ocsp-response
Date: Fri, 03 Mar 2023 03:37:31 GMT
Etag: "63ff5c1d-118"
Expires: Sat, 04 Mar 2023 23:18:56 GMT
Last-Modified: Wed, 01 Mar 2023 14:07:25 GMT
Server: ECAcc (ska/F6AF)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

192.229.221.95

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
192.229.221.95:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
f9519cf463ff1b63999f3e3c7f81d429
0d10fa9aa7936f9cf396d3a9a10e9e3539135b64
5fb6840de0a6e7bbb42b48a5ddb721599d91e302253843f497fc65ea7157b91c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 48608
Cache-Control: max-age=86402
Content-Type: application/ocsp-response
Date: Fri, 03 Mar 2023 03:37:31 GMT
Etag: "63ff5c1d-118"
Expires: Sat, 04 Mar 2023 03:37:33 GMT
Last-Modified: Wed, 01 Mar 2023 14:07:25 GMT
Server: ECAcc (ska/F756)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

192.229.221.95

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
192.229.221.95:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
298a27a3e793eeac30c90afb35f1a30c
03d7229818bf2aaee1350c449a073d955a93c1ce
5f52c3a142c0ae2c9ec6b5b289861b3f6dfbc60ea7972086ba197d77101988e6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 119524
Cache-Control: max-age=156566
Content-Type: application/ocsp-response
Date: Fri, 03 Mar 2023 03:37:31 GMT
Etag: "63ff592d-116"
Expires: Sat, 04 Mar 2023 23:06:57 GMT
Last-Modified: Wed, 01 Mar 2023 13:54:53 GMT
Server: ECAcc (ska/F756)
X-Cache: HIT
Content-Length: 278

ocsp.digicert.com/

192.229.221.95

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
192.229.221.95:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
f9519cf463ff1b63999f3e3c7f81d429
0d10fa9aa7936f9cf396d3a9a10e9e3539135b64
5fb6840de0a6e7bbb42b48a5ddb721599d91e302253843f497fc65ea7157b91c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 119491
Cache-Control: max-age=157285
Content-Type: application/ocsp-response
Date: Fri, 03 Mar 2023 03:37:31 GMT
Etag: "63ff5c1d-118"
Expires: Sat, 04 Mar 2023 23:18:56 GMT
Last-Modified: Wed, 01 Mar 2023 14:07:25 GMT
Server: ECAcc (ska/F7A5)
X-Cache: HIT
Content-Length: 280

express-redelivery.info.gf/public/css/app.css

94.103.188.42

200 OK

127 kB

URL HTTP/2
express-redelivery.info.gf/public/css/app.css
IP
94.103.188.42:0
ASN
#200019 Alexhost Srl

File type
ASCII text
Size
127 kB (126906 bytes)
Hash
343fb26bdee83716e51cec481d5ba44a
a166efe2f980b901bb2e1669add30e81dd73b4bc
7979a2ea01d67303dafc6737c9714ba2f93576d413466b0392d233e62ee0c6e9

HTTP Headers

GET /public/css/app.css HTTP/1.1
Host: express-redelivery.info.gf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://express-redelivery.info.gf/public/PtrpG1AkyHMGqGx3IQy7jPI9RFbTeMZR
Cookie: XSRF-TOKEN=eyJpdiI6InhoRGNUSk1EcWV3Q2JCbllLSVlycnc9PSIsInZhbHVlIjoicGhxcnNOazNVNnlLcGxkY1h4akVHc0JzeEVnWFFGOEF1OVduZnc2TzAzTzZKUmVUMVVMZTNITmJPWHNxamlmbHNjby8wSHhHdlFaYXNlUkxXWURjSEpLTzhLWDBDTktLWVJVMlVjWVc0dEJtd2U2ZnBiY00vOEE2ck1HUXozWHIiLCJtYWMiOiI4ZmRkM2M0YjU5YWJjN2IzY2M0MGQ2MGMzY2UxMTM4ZTM4MTA0YmUzMDg2MjIxYmZmYmI4NzU0YzNlNGZjODA2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlpYU1R4ODhubHdSWVZqRFJJSjM1Tmc9PSIsInZhbHVlIjoiWkFuTDdRWFVjZmRYZmNhWlpGOFM4aGJXUkloR0Q3azhuOVh2UlNsVEoycUtuNmFWRUNLbUZrK3lBdkwvc1VWeU5OTitNVE1MRCszVVZyd1d4Uy9pYzZsakliMkdxWGdoVXUrMmFNRnZxZFNjUE1wZDMrajZ2dnMxbGMzbEh0SHQiLCJtYWMiOiI0MTA5MDBjMjlhNDc3MzhkMGFiYjMxNGNmZGRiZDY2ZGQwZTRlNjZjMmNkZmExYzY4MGFjZjNiMGI1MDg3NzA5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Mar 2023 03:37:31 GMT
content-type: text/css
last-modified: Tue, 29 Mar 2022 20:11:08 GMT
etag: W/"624367dc-6b56a"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

ocsp.usertrust.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.usertrust.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
ca2b0e31faf294adc9ccc876ce8f82b6
5231196892fa25384eb8a5e22fd72dea20d2d231
cfbb074cf84a9bd1c06b3ec07ba8fed0545622acb26d1188e11edf4abccc527d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 03:37:32 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 01 Mar 2023 02:00:07 GMT
Expires: Wed, 08 Mar 2023 02:00:06 GMT
Etag: "5231196892fa25384eb8a5e22fd72dea20d2d231"
Cache-Control: max-age=601672,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 1422
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7a1ed7687e7a1c0a-OSL

ws-mt1.pusher.com/app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false

52.0.113.204

101 Switching Protocols

0 B

URL HTTP/1.1
ws-mt1.pusher.com/app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false
IP
52.0.113.204:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false HTTP/1.1
Host: ws-mt1.pusher.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://express-redelivery.info.gf
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Bj/fFrgdtdRUikgDkPIsjg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Fri, 03 Mar 2023 03:37:32 GMT
Connection: upgrade
Server: nginx/1.17.7
Upgrade: websocket
Sec-WebSocket-Accept: jY8ndxZlD9Y/HMg0TgFGH3F2Ph4=

express-redelivery.info.gf/images/favicon.gif

94.103.188.42

200 OK

2.2 kB

URL HTTP/2
express-redelivery.info.gf/images/favicon.gif
IP
94.103.188.42:0
ASN
#200019 Alexhost Srl

File type
MS Windows icon resource - 1 icon, 32x32, 8 bits/pixel\012- data
Size
2.2 kB (2238 bytes)
Hash
a6f1af8e79a11829ba9a66474b06bb97
d99e3ec7747c865033a8dfad43c9f49634404bc1
b0dbd00f3650fa6b931e678a9d8f79a405d23c7adf111ab91b1a01a0e7109807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /images/favicon.gif HTTP/1.1
Host: express-redelivery.info.gf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://express-redelivery.info.gf/public/PtrpG1AkyHMGqGx3IQy7jPI9RFbTeMZR
Cookie: XSRF-TOKEN=eyJpdiI6InhoRGNUSk1EcWV3Q2JCbllLSVlycnc9PSIsInZhbHVlIjoicGhxcnNOazNVNnlLcGxkY1h4akVHc0JzeEVnWFFGOEF1OVduZnc2TzAzTzZKUmVUMVVMZTNITmJPWHNxamlmbHNjby8wSHhHdlFaYXNlUkxXWURjSEpLTzhLWDBDTktLWVJVMlVjWVc0dEJtd2U2ZnBiY00vOEE2ck1HUXozWHIiLCJtYWMiOiI4ZmRkM2M0YjU5YWJjN2IzY2M0MGQ2MGMzY2UxMTM4ZTM4MTA0YmUzMDg2MjIxYmZmYmI4NzU0YzNlNGZjODA2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlpYU1R4ODhubHdSWVZqRFJJSjM1Tmc9PSIsInZhbHVlIjoiWkFuTDdRWFVjZmRYZmNhWlpGOFM4aGJXUkloR0Q3azhuOVh2UlNsVEoycUtuNmFWRUNLbUZrK3lBdkwvc1VWeU5OTitNVE1MRCszVVZyd1d4Uy9pYzZsakliMkdxWGdoVXUrMmFNRnZxZFNjUE1wZDMrajZ2dnMxbGMzbEh0SHQiLCJtYWMiOiI0MTA5MDBjMjlhNDc3MzhkMGFiYjMxNGNmZGRiZDY2ZGQwZTRlNjZjMmNkZmExYzY4MGFjZjNiMGI1MDg3NzA5IiwidGFnIjoiIn0%3D; _lr_tabs_-mnnzup%2Fdus={%22sessionID%22:0%2C%22recordingID%22:%225-44d7ccdb-ae94-4d7f-8712-d9d8e12fe305%22%2C%22lastActivity%22:1677814651176}; _lr_hb_-mnnzup%2Fdus={%22heartbeat%22:1677814651177}; _lr_uf_-mnnzup=d2c11da0-312b-40c3-b0d7-76f3c87ac834
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Mar 2023 03:37:32 GMT
content-type: image/gif
content-length: 2238
last-modified: Sun, 17 Apr 2022 13:25:28 GMT
etag: "8be-5dcd993b9e200"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2

static.hotjar.com/c/hotjar-2895475.js?sv=6

143.204.55.37

200 OK

72 kB

URL HTTP/2
static.hotjar.com/c/hotjar-2895475.js?sv=6
IP
143.204.55.37:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (7699)
Size
72 kB (72217 bytes)
Hash
4fd481d24e83b9e26a1d9b7b44448a68
d7ef294e14e722492554cd025e46c1e8ff7f3c2e
fd425486a4c162623e93b38268c9da2b72539ab3af4e8bf932ccacb196c9f508

HTTP Headers

GET /c/hotjar-2895475.js?sv=6 HTTP/1.1
Host: static.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://express-redelivery.info.gf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=2592000; includeSubDomains
x-cache-hit: 1
x-content-type-options: nosniff
date: Fri, 03 Mar 2023 03:37:09 GMT
cache-control: max-age=60
etag: W/686ab4333d3a396e6f00b0fdba2b7e0e
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: PvKqGLcqAb243bfpuIMJjd1EiMekikU_dl1x6IV6-R6CqUmCM5OnZQ==
age: 23
X-Firefox-Spdy: h2

express-redelivery.info.gf/public/css/fonts/webfa-brands-400.woff2?d878b0a6a1144760244ff0665888404c

94.103.188.42

404 Not Found

163 kB

URL HTTP/2
express-redelivery.info.gf/public/css/fonts/webfa-brands-400.woff2?d878b0a6a1144760244ff0665888404c
IP
94.103.188.42:0
ASN
#200019 Alexhost Srl

File type
data
Size
163 kB (163114 bytes)
Hash
f9534d881b87a0ede045dc958c172555
9ad4e418e9d96c42e0c58b5acbcc3c30fce4ad91
b5c83e3fa948a5c0e43c423e519545bbf711a6dc3fdc8150379417a8fd9a0f0d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /public/css/fonts/webfa-brands-400.woff2?d878b0a6a1144760244ff0665888404c HTTP/1.1
Host: express-redelivery.info.gf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://express-redelivery.info.gf/public/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6InhoRGNUSk1EcWV3Q2JCbllLSVlycnc9PSIsInZhbHVlIjoicGhxcnNOazNVNnlLcGxkY1h4akVHc0JzeEVnWFFGOEF1OVduZnc2TzAzTzZKUmVUMVVMZTNITmJPWHNxamlmbHNjby8wSHhHdlFaYXNlUkxXWURjSEpLTzhLWDBDTktLWVJVMlVjWVc0dEJtd2U2ZnBiY00vOEE2ck1HUXozWHIiLCJtYWMiOiI4ZmRkM2M0YjU5YWJjN2IzY2M0MGQ2MGMzY2UxMTM4ZTM4MTA0YmUzMDg2MjIxYmZmYmI4NzU0YzNlNGZjODA2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlpYU1R4ODhubHdSWVZqRFJJSjM1Tmc9PSIsInZhbHVlIjoiWkFuTDdRWFVjZmRYZmNhWlpGOFM4aGJXUkloR0Q3azhuOVh2UlNsVEoycUtuNmFWRUNLbUZrK3lBdkwvc1VWeU5OTitNVE1MRCszVVZyd1d4Uy9pYzZsakliMkdxWGdoVXUrMmFNRnZxZFNjUE1wZDMrajZ2dnMxbGMzbEh0SHQiLCJtYWMiOiI0MTA5MDBjMjlhNDc3MzhkMGFiYjMxNGNmZGRiZDY2ZGQwZTRlNjZjMmNkZmExYzY4MGFjZjNiMGI1MDg3NzA5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Fri, 03 Mar 2023 03:37:33 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.33
cache-control: no-cache, private
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
05f74bf403dbe16f48d86469e7b19b5d
b2d3e40a840d5d9644edfbfbc6e14cf21be76778
365ff492a72cc87c521612612d7156a1367d3b051b067002d822dc75fd8ab4a9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "365FF492A72CC87C521612612D7156A1367D3B051B067002D822DC75FD8AB4A9"
Last-Modified: Thu, 02 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14320
Expires: Fri, 03 Mar 2023 07:36:15 GMT
Date: Fri, 03 Mar 2023 03:37:35 GMT
Connection: keep-alive

express-redelivery.info.gf/fonts/vendor/@fortawesome/fontawesome-free/webfa-brands-400.woff?2285773e6b4b172f07d9b777c81b0775

94.103.188.42

404 Not Found

115 kB

URL HTTP/2
express-redelivery.info.gf/fonts/vendor/@fortawesome/fontawesome-free/webfa-brands-400.woff?2285773e6b4b172f07d9b777c81b0775
IP
94.103.188.42:0
ASN
#200019 Alexhost Srl

File type
data
Size
115 kB (114609 bytes)
Hash
3eff71b8401d241bd69b37668823955e
f23aa1bab036eae936e968ba62332486a5f8f732
02fd7ca5a88ef87f86ca5242b5de2b49fa51fca1cb0116a89c3832d4906822ed

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /fonts/vendor/@fortawesome/fontawesome-free/webfa-brands-400.woff?2285773e6b4b172f07d9b777c81b0775 HTTP/1.1
Host: express-redelivery.info.gf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://express-redelivery.info.gf/public/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6InhoRGNUSk1EcWV3Q2JCbllLSVlycnc9PSIsInZhbHVlIjoicGhxcnNOazNVNnlLcGxkY1h4akVHc0JzeEVnWFFGOEF1OVduZnc2TzAzTzZKUmVUMVVMZTNITmJPWHNxamlmbHNjby8wSHhHdlFaYXNlUkxXWURjSEpLTzhLWDBDTktLWVJVMlVjWVc0dEJtd2U2ZnBiY00vOEE2ck1HUXozWHIiLCJtYWMiOiI4ZmRkM2M0YjU5YWJjN2IzY2M0MGQ2MGMzY2UxMTM4ZTM4MTA0YmUzMDg2MjIxYmZmYmI4NzU0YzNlNGZjODA2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlpYU1R4ODhubHdSWVZqRFJJSjM1Tmc9PSIsInZhbHVlIjoiWkFuTDdRWFVjZmRYZmNhWlpGOFM4aGJXUkloR0Q3azhuOVh2UlNsVEoycUtuNmFWRUNLbUZrK3lBdkwvc1VWeU5OTitNVE1MRCszVVZyd1d4Uy9pYzZsakliMkdxWGdoVXUrMmFNRnZxZFNjUE1wZDMrajZ2dnMxbGMzbEh0SHQiLCJtYWMiOiI0MTA5MDBjMjlhNDc3MzhkMGFiYjMxNGNmZGRiZDY2ZGQwZTRlNjZjMmNkZmExYzY4MGFjZjNiMGI1MDg3NzA5IiwidGFnIjoiIn0%3D; _lr_tabs_-mnnzup%2Fdus={%22sessionID%22:0%2C%22recordingID%22:%225-44d7ccdb-ae94-4d7f-8712-d9d8e12fe305%22%2C%22lastActivity%22:1677814651176}; _lr_hb_-mnnzup%2Fdus={%22heartbeat%22:1677814651177}; _lr_uf_-mnnzup=d2c11da0-312b-40c3-b0d7-76f3c87ac834; _hjSessionUser_2895475=eyJpZCI6IjVlZDQzNjJmLWEzNTAtNTYwYS1hODQyLTRlYTdmMjhhY2NkOSIsImNyZWF0ZWQiOjE2Nzc4MTQ2NTIxMjMsImV4aXN0aW5nIjpmYWxzZX0=; _hjFirstSeen=1; _hjIncludedInSessionSample_2895475=1; _hjSession_2895475=eyJpZCI6IjRkN2I4NzEzLTc0MmYtNDVjZi1hNjA3LWEyYWRmNDMwNjA4NCIsImNyZWF0ZWQiOjE2Nzc4MTQ2NTIxMjgsImluU2FtcGxlIjp0cnVlfQ==; _hjAbsoluteSessionInProgress=0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Fri, 03 Mar 2023 03:37:34 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.33
cache-control: no-cache, private
X-Firefox-Spdy: h2

express-redelivery.info.gf/fonts/vendor/@fontsource/roboto/files/roboto-latin-400-normal.woff2?4673b4537a84c7f7a130799aa6af329b

94.103.188.42

404 Not Found

15 kB

URL HTTP/2
express-redelivery.info.gf/fonts/vendor/@fontsource/roboto/files/roboto-latin-400-normal.woff2?4673b4537a84c7f7a130799aa6af329b
IP
94.103.188.42:0
ASN
#200019 Alexhost Srl

File type
data
Size
15 kB (15195 bytes)
Hash
ab0971cc8f749d3c48ab5565601ace3d
6cd572177a962fa739246b88249cf364cb60356b
b0e48a2fd6c1fbda094e15dec350d5c7833a8dddfb725d1aa2593c2bdc611e8f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /fonts/vendor/@fontsource/roboto/files/roboto-latin-400-normal.woff2?4673b4537a84c7f7a130799aa6af329b HTTP/1.1
Host: express-redelivery.info.gf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://express-redelivery.info.gf/public/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6InhoRGNUSk1EcWV3Q2JCbllLSVlycnc9PSIsInZhbHVlIjoicGhxcnNOazNVNnlLcGxkY1h4akVHc0JzeEVnWFFGOEF1OVduZnc2TzAzTzZKUmVUMVVMZTNITmJPWHNxamlmbHNjby8wSHhHdlFaYXNlUkxXWURjSEpLTzhLWDBDTktLWVJVMlVjWVc0dEJtd2U2ZnBiY00vOEE2ck1HUXozWHIiLCJtYWMiOiI4ZmRkM2M0YjU5YWJjN2IzY2M0MGQ2MGMzY2UxMTM4ZTM4MTA0YmUzMDg2MjIxYmZmYmI4NzU0YzNlNGZjODA2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlpYU1R4ODhubHdSWVZqRFJJSjM1Tmc9PSIsInZhbHVlIjoiWkFuTDdRWFVjZmRYZmNhWlpGOFM4aGJXUkloR0Q3azhuOVh2UlNsVEoycUtuNmFWRUNLbUZrK3lBdkwvc1VWeU5OTitNVE1MRCszVVZyd1d4Uy9pYzZsakliMkdxWGdoVXUrMmFNRnZxZFNjUE1wZDMrajZ2dnMxbGMzbEh0SHQiLCJtYWMiOiI0MTA5MDBjMjlhNDc3MzhkMGFiYjMxNGNmZGRiZDY2ZGQwZTRlNjZjMmNkZmExYzY4MGFjZjNiMGI1MDg3NzA5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Fri, 03 Mar 2023 03:37:32 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.33
cache-control: no-cache, private
X-Firefox-Spdy: h2

express-redelivery.info.gf/images/foo.png

94.103.188.42

404 Not Found

0 B

URL HTTP/2
express-redelivery.info.gf/images/foo.png
IP
94.103.188.42:0
ASN
#200019 Alexhost Srl

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /images/foo.png HTTP/1.1
Host: express-redelivery.info.gf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://express-redelivery.info.gf/public/PtrpG1AkyHMGqGx3IQy7jPI9RFbTeMZR
Cookie: XSRF-TOKEN=eyJpdiI6InhoRGNUSk1EcWV3Q2JCbllLSVlycnc9PSIsInZhbHVlIjoicGhxcnNOazNVNnlLcGxkY1h4akVHc0JzeEVnWFFGOEF1OVduZnc2TzAzTzZKUmVUMVVMZTNITmJPWHNxamlmbHNjby8wSHhHdlFaYXNlUkxXWURjSEpLTzhLWDBDTktLWVJVMlVjWVc0dEJtd2U2ZnBiY00vOEE2ck1HUXozWHIiLCJtYWMiOiI4ZmRkM2M0YjU5YWJjN2IzY2M0MGQ2MGMzY2UxMTM4ZTM4MTA0YmUzMDg2MjIxYmZmYmI4NzU0YzNlNGZjODA2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlpYU1R4ODhubHdSWVZqRFJJSjM1Tmc9PSIsInZhbHVlIjoiWkFuTDdRWFVjZmRYZmNhWlpGOFM4aGJXUkloR0Q3azhuOVh2UlNsVEoycUtuNmFWRUNLbUZrK3lBdkwvc1VWeU5OTitNVE1MRCszVVZyd1d4Uy9pYzZsakliMkdxWGdoVXUrMmFNRnZxZFNjUE1wZDMrajZ2dnMxbGMzbEh0SHQiLCJtYWMiOiI0MTA5MDBjMjlhNDc3MzhkMGFiYjMxNGNmZGRiZDY2ZGQwZTRlNjZjMmNkZmExYzY4MGFjZjNiMGI1MDg3NzA5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Fri, 03 Mar 2023 03:37:32 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.33
cache-control: no-cache, private
content-encoding: br
X-Firefox-Spdy: h2

files.killbot.org/.cdn-cgi/killbot-security.js

104.21.11.160

404 Not Found

0 B

URL HTTP/2
files.killbot.org/.cdn-cgi/killbot-security.js
IP
104.21.11.160:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /.cdn-cgi/killbot-security.js HTTP/1.1
Host: files.killbot.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://express-redelivery.info.gf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 404 Not Found
date: Fri, 03 Mar 2023 03:37:30 GMT
content-type: text/html
content-security-policy: default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'
cache-control: max-age=14400
cf-cache-status: HIT
age: 147
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q0ath6O1O%2BMoa14CbpzlOZXOGKoHvvQM7kJ6hKyXd%2B7%2BIXELwDLq7fiQH3leYFYQHBZpAQQ1VMQGAibLxnFYvt4%2Bk09JRfcZzs42oP2iIvnLDINf%2BEkE332Qv47thmf4A%2FQsNA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a1ed75b7c89b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

kit.fontawesome.com/f7165dd215.js

104.18.22.52

200 OK

0 B

URL HTTP/2
kit.fontawesome.com/f7165dd215.js
IP
104.18.22.52:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /f7165dd215.js HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://express-redelivery.info.gf
Connection: keep-alive
Referer: https://express-redelivery.info.gf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 03 Mar 2023 03:37:31 GMT
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, must-revalidate
strict-transport-security: max-age=31536000; preload
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: F0bepz-18lWyeBEOZB6C
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 7a1ed7638827b500-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

cdn.lr-in.com/logger-1.min.js

104.21.234.145

200 OK

0 B

URL HTTP/2
cdn.lr-in.com/logger-1.min.js
IP
104.21.234.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /logger-1.min.js HTTP/1.1
Host: cdn.lr-in.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://express-redelivery.info.gf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 03 Mar 2023 03:37:31 GMT
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400
cross-origin-resource-policy: cross-origin
etag: W/"676c86e1f9ed4a2c83563a20d066e06ddd8ded615bfa75d736dfa88908ec6f4b"
last-modified: Thu, 02 Mar 2023 21:04:25 GMT
strict-transport-security: max-age=31556926
x-served-by: cache-fra-eddf8230079-FRA
x-cache: HIT
x-cache-hits: 1
x-timer: S1677791296.539257,VS0,VE1
vary: x-fh-requested-host, accept-encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 92
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZeEPTi2XX2busxYi%2FuVbqn8CotP71yBGupq2HDWuvVXLdnN0g%2FvoVBxceZsP9BvNCCsE%2FMmV4KBYF75gb2sFLTScw6NVBZYntDR3zdb66FzpMbun0JHpVTgjZLl7Wl9f"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a1ed7641bc775b9-LHR
content-encoding: br
X-Firefox-Spdy: h2

express-redelivery.info.gf/public/js/app.js

94.103.188.42

200 OK

0 B

URL HTTP/2
express-redelivery.info.gf/public/js/app.js
IP
94.103.188.42:0
ASN
#200019 Alexhost Srl

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /public/js/app.js HTTP/1.1
Host: express-redelivery.info.gf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://express-redelivery.info.gf/public/PtrpG1AkyHMGqGx3IQy7jPI9RFbTeMZR
Cookie: XSRF-TOKEN=eyJpdiI6InhoRGNUSk1EcWV3Q2JCbllLSVlycnc9PSIsInZhbHVlIjoicGhxcnNOazNVNnlLcGxkY1h4akVHc0JzeEVnWFFGOEF1OVduZnc2TzAzTzZKUmVUMVVMZTNITmJPWHNxamlmbHNjby8wSHhHdlFaYXNlUkxXWURjSEpLTzhLWDBDTktLWVJVMlVjWVc0dEJtd2U2ZnBiY00vOEE2ck1HUXozWHIiLCJtYWMiOiI4ZmRkM2M0YjU5YWJjN2IzY2M0MGQ2MGMzY2UxMTM4ZTM4MTA0YmUzMDg2MjIxYmZmYmI4NzU0YzNlNGZjODA2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlpYU1R4ODhubHdSWVZqRFJJSjM1Tmc9PSIsInZhbHVlIjoiWkFuTDdRWFVjZmRYZmNhWlpGOFM4aGJXUkloR0Q3azhuOVh2UlNsVEoycUtuNmFWRUNLbUZrK3lBdkwvc1VWeU5OTitNVE1MRCszVVZyd1d4Uy9pYzZsakliMkdxWGdoVXUrMmFNRnZxZFNjUE1wZDMrajZ2dnMxbGMzbEh0SHQiLCJtYWMiOiI0MTA5MDBjMjlhNDc3MzhkMGFiYjMxNGNmZGRiZDY2ZGQwZTRlNjZjMmNkZmExYzY4MGFjZjNiMGI1MDg3NzA5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Mar 2023 03:37:31 GMT
content-type: application/javascript
last-modified: Tue, 29 Mar 2022 19:35:56 GMT
etag: W/"62435f9c-189fee"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

ka-f.fontawesome.com/releases/v6.3.0/css/free-v4-font-face.min.css?token=f7165dd215

172.64.168.22

200 OK

0 B

URL HTTP/2
ka-f.fontawesome.com/releases/v6.3.0/css/free-v4-font-face.min.css?token=f7165dd215
IP
172.64.168.22:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /releases/v6.3.0/css/free-v4-font-face.min.css?token=f7165dd215 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://express-redelivery.info.gf/
Origin: https://express-redelivery.info.gf
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 03 Mar 2023 03:37:31 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Tue, 31 Jan 2023 18:17:21 GMT
etag: W/"00bb3d26f3fee308e5747eb9f5760b48"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 5be6fa1c94cc85be06674c97f5d719d8.cloudfront.net (CloudFront)
x-amz-cf-pop: ATH50-C1
x-amz-cf-id: Xjeqr-6XJlIav3yuZndxSeHcZHX6Pr7GmbWhi_bq2p692g6Th1T__Q==
age: 50619
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KpvKM%2F7OcxtthLoJhmHUaCA0jLQ1pU5zxqCNtunLcHUVLsPgXBQypkMNabb1Uva9p8i%2FAKib7YCSG3bxSK3cY9YbRDQFziLHXuaNwKTN%2Fzmc9B8J9AQ5%2BlJ4jHJxCkVPdzT3PBfegQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a1ed764bbe40635-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ka-f.fontawesome.com/releases/v6.3.0/css/free-v5-font-face.min.css?token=f7165dd215

172.64.168.22

200 OK

0 B

URL HTTP/2
ka-f.fontawesome.com/releases/v6.3.0/css/free-v5-font-face.min.css?token=f7165dd215
IP
172.64.168.22:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /releases/v6.3.0/css/free-v5-font-face.min.css?token=f7165dd215 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://express-redelivery.info.gf/
Origin: https://express-redelivery.info.gf
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 03 Mar 2023 03:37:31 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Tue, 31 Jan 2023 18:17:21 GMT
etag: W/"fdedb74e19e1bffdcab908079cabd49a"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
x-cache: Hit from cloudfront
via: 1.1 94c165dd7b9a9d68d15ef70552eaba76.cloudfront.net (CloudFront)
x-amz-cf-pop: ATH50-C1
x-amz-cf-id: 2s2wZ2N5lgTUow9bPvEckJ4bYuWj-EkQYYo3xwjnASFkW9hu_gB9vQ==
age: 50619
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hW0DVhV1fVjqVWfqTx6ObyjrQ95hMb8y9a1f0%2BmgyLeq%2BPWm9%2FBUpWvx3lNmLVFeevZrGgRRupyYfdw28KsIWfUjkpxQz05ac33GQ2WPYGtWXS0Yvmzy4mpHNrXlq7HduImgihT7mg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a1ed7648bd80635-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ka-f.fontawesome.com/releases/v6.3.0/css/free-v4-shims.min.css?token=f7165dd215

172.64.168.22

200 OK

0 B

URL HTTP/2
ka-f.fontawesome.com/releases/v6.3.0/css/free-v4-shims.min.css?token=f7165dd215
IP
172.64.168.22:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /releases/v6.3.0/css/free-v4-shims.min.css?token=f7165dd215 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://express-redelivery.info.gf/
Origin: https://express-redelivery.info.gf
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 03 Mar 2023 03:37:31 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Tue, 31 Jan 2023 18:17:21 GMT
etag: W/"3a57f9df341838cc106903c71730d13b"
x-amz-server-side-encryption: AES256
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 681f9d1841b09d340072c749d4b22f0e.cloudfront.net (CloudFront)
x-amz-cf-pop: ATH50-C1
x-amz-cf-id: dzST7gjnCDh6pIBSg2khoar9be2Im5K3LT18V30Jt8tOvkbgxXl3Xw==
age: 50619
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=APFfEDVenJaVaqwGzKudm8DFeJVmBoUqjCK0BdrytNUF%2FGeFvtnnjzzL3arJo453L4NQpBTPRgO0JpralI6QZL4I1pjRrG91kTsThPE7Ua3hFfAhd2cZcYenO7vOEERAKdVBYJYhVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a1ed764bbe20635-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

express-redelivery.info.gf/public/js/session-recorder.js

94.103.188.42

200 OK

0 B

URL HTTP/2
express-redelivery.info.gf/public/js/session-recorder.js
IP
94.103.188.42:0
ASN
#200019 Alexhost Srl

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /public/js/session-recorder.js HTTP/1.1
Host: express-redelivery.info.gf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://express-redelivery.info.gf/public/PtrpG1AkyHMGqGx3IQy7jPI9RFbTeMZR
Cookie: XSRF-TOKEN=eyJpdiI6InhoRGNUSk1EcWV3Q2JCbllLSVlycnc9PSIsInZhbHVlIjoicGhxcnNOazNVNnlLcGxkY1h4akVHc0JzeEVnWFFGOEF1OVduZnc2TzAzTzZKUmVUMVVMZTNITmJPWHNxamlmbHNjby8wSHhHdlFaYXNlUkxXWURjSEpLTzhLWDBDTktLWVJVMlVjWVc0dEJtd2U2ZnBiY00vOEE2ck1HUXozWHIiLCJtYWMiOiI4ZmRkM2M0YjU5YWJjN2IzY2M0MGQ2MGMzY2UxMTM4ZTM4MTA0YmUzMDg2MjIxYmZmYmI4NzU0YzNlNGZjODA2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlpYU1R4ODhubHdSWVZqRFJJSjM1Tmc9PSIsInZhbHVlIjoiWkFuTDdRWFVjZmRYZmNhWlpGOFM4aGJXUkloR0Q3azhuOVh2UlNsVEoycUtuNmFWRUNLbUZrK3lBdkwvc1VWeU5OTitNVE1MRCszVVZyd1d4Uy9pYzZsakliMkdxWGdoVXUrMmFNRnZxZFNjUE1wZDMrajZ2dnMxbGMzbEh0SHQiLCJtYWMiOiI0MTA5MDBjMjlhNDc3MzhkMGFiYjMxNGNmZGRiZDY2ZGQwZTRlNjZjMmNkZmExYzY4MGFjZjNiMGI1MDg3NzA5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Mar 2023 03:37:31 GMT
content-type: application/javascript
last-modified: Tue, 29 Mar 2022 19:35:56 GMT
etag: W/"62435f9c-b00a"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (10)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML