r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12501
Expires: Tue, 06 Dec 2022 13:49:21 GMT
Date: Tue, 06 Dec 2022 10:21:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12595
Expires: Tue, 06 Dec 2022 13:50:55 GMT
Date: Tue, 06 Dec 2022 10:21:00 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ee088fab9b287e174cfd1f2c735a909f
25c3335b514a36ad1a24d00413d60c3d394f5161
494e96358ff12366213d7cc0f9197648c6c62ec14fa0d2c78732a683fa26b192
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5334
Cache-Control: max-age=92353
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 10:21:00 GMT
Etag: "638dc877-1d7"
Expires: Wed, 07 Dec 2022 12:00:13 GMT
Last-Modified: Mon, 05 Dec 2022 10:31:19 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: L1r3i+kpj5ii/lHOZu/kBhtKs3ttm6C0KEJ8jPPK8RHqNUglBk7Avz+7iyDLAU4S+Ttr9n+K4aA=
x-amz-request-id: AM6TVNZCG7765H4A
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 06 Dec 2022 09:48:53 GMT
age: 1927
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 06 Dec 2022 10:20:23 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 37
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 10:21:00 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 06 Dec 2022 10:11:20 GMT
cache-control: public,max-age=3600
age: 581
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
serves.dhlserveslivellc.com/
67.195.197.24200 OK 16 kB URL HTTP/1.1 serves.dhlserveslivellc.com/
IP 67.195.197.24:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 77a528574aee9285f031a220fdde4d96
ccdb76ca121e2edb6ba69f67a06b1d68c2de564c
89de13be738da3349478a740a5d864709b44c85f3d51c119daee8d726b542cbf
Analyzer Verdict Alert openphish DHL Airways, Inc.
fortinet Malware
GET / HTTP/1.1
Host: serves.dhlserveslivellc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 10:21:01 GMT
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Age: 0
Transfer-Encoding: chunked
Connection: keep-alive
Server: ATS
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2b9d6a686aa3c4ea24568425e43a5221
d53bb4c9579bd1db78a0520619e888aec79f750f
c38734a8dbe51217d73896c0bf7f5c38c107fd79e0dee24b717f130377e9b5f7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5323
Cache-Control: max-age=87274
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 10:21:01 GMT
Etag: "638db4ac-1d7"
Expires: Wed, 07 Dec 2022 10:35:35 GMT
Last-Modified: Mon, 05 Dec 2022 09:06:52 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
serves.dhlserveslivellc.com/css/roboto-font.css
67.195.197.24200 OK 246 B URL HTTP/1.1 serves.dhlserveslivellc.com/css/roboto-font.css
IP 67.195.197.24:0
Hash a8c54b1d907c15f1a6a9fcd2a110ac48
67eec8b437f97baab49718fdcc58fe1762dfdb60
3db88c5b3f7cca116666523f39deb3f010eb482b5f0b1355bae7e6ed87aef60c
Analyzer Verdict Alert urlquery phishing Phishing - DHL
openphish DHL Airways, Inc.
GET /css/roboto-font.css HTTP/1.1
Host: serves.dhlserveslivellc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://serves.dhlserveslivellc.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 10:21:01 GMT
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Wed, 06 May 2020 01:11:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 246
Content-Type: text/css
Age: 0
Connection: keep-alive
Server: ATS
serves.dhlserveslivellc.com/fonts/material-design-iconic-font/css/material-design-iconic-font.min.css
67.195.197.24200 OK 8.0 kB URL HTTP/1.1 serves.dhlserveslivellc.com/fonts/material-design-iconic-font/css/material-design-iconic-font.min.css
IP 67.195.197.24:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 8e52d20cf4fddc255d601b84eb80ff21
bfee70e6b9023a19bdc803e525759d1baca76e3d
64e48e86e8ca9bb84b40fe9dddaec3c3f131552445fc9d9d5593a6174f9b8269
Analyzer Verdict Alert openphish DHL Airways, Inc.
GET /fonts/material-design-iconic-font/css/material-design-iconic-font.min.css HTTP/1.1
Host: serves.dhlserveslivellc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://serves.dhlserveslivellc.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 10:21:01 GMT
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Wed, 06 May 2020 01:11:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8004
Content-Type: text/css
Age: 0
Connection: keep-alive
Server: ATS
serves.dhlserveslivellc.com/css/style.css
67.195.197.24200 OK 2.7 kB URL HTTP/1.1 serves.dhlserveslivellc.com/css/style.css
IP 67.195.197.24:0
File type ASCII text, with CRLF line terminators
Hash 503d49c7558a766a38d7a062a5ac3b89
a600eef3a704ad71f57fe5adfdac7d9dccf9b4bc
6fa1dc1b150ccd4fbd431b7a80aa510ca4bd62483447345da028765fbbf0b40b
Analyzer Verdict Alert urlquery phishing Phishing - DHL
openphish DHL Airways, Inc.
GET /css/style.css HTTP/1.1
Host: serves.dhlserveslivellc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://serves.dhlserveslivellc.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 10:21:01 GMT
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Wed, 06 May 2020 01:11:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2693
Content-Type: text/css
Age: 0
Connection: keep-alive
Server: ATS
serves.dhlserveslivellc.com/css/jquery-ui.min.css
67.195.197.24200 OK 7.6 kB URL HTTP/1.1 serves.dhlserveslivellc.com/css/jquery-ui.min.css
IP 67.195.197.24:0
File type ASCII text, with very long lines (29135)
Hash 41ae81947849b538eaf3bf88dae31a2b
e99988f01e42d488cf529939ba25a0977014745c
f11647bd717bf277cbead3c981ba2c90aa67fb9a751e03ab27c1080da800c5ac
Analyzer Verdict Alert urlquery phishing Phishing - DHL
openphish DHL Airways, Inc.
GET /css/jquery-ui.min.css HTTP/1.1
Host: serves.dhlserveslivellc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://serves.dhlserveslivellc.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 10:21:01 GMT
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Wed, 06 May 2020 01:11:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7604
Content-Type: text/css
Age: 0
Connection: keep-alive
Server: ATS
serves.dhlserveslivellc.com/js/fa.js
67.195.197.24200 OK 2.1 kB URL HTTP/1.1 serves.dhlserveslivellc.com/js/fa.js
IP 67.195.197.24:0
File type ASCII text, with very long lines (5479)
Hash 0822ea750affddf08220384a6b56ab61
b770d40cb9bb42d2d62c19c33752b9065824662b
90fb3b66cfd16764fd4a5eda42e4290bee645517e6ebd7b4dbc9dbee01514e63
Analyzer Verdict Alert urlquery phishing Phishing - DHL
openphish DHL Airways, Inc.
fortinet Malware
GET /js/fa.js HTTP/1.1
Host: serves.dhlserveslivellc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://serves.dhlserveslivellc.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 10:21:01 GMT
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Wed, 06 May 2020 01:11:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2092
Content-Type: application/javascript
Age: 0
Connection: keep-alive
Server: ATS
serves.dhlserveslivellc.com/js/jquery.steps.js
67.195.197.24200 OK 11 kB URL HTTP/1.1 serves.dhlserveslivellc.com/js/jquery.steps.js
IP 67.195.197.24:0
File type ASCII text, with CRLF line terminators
Hash a32a3953e47065f001b8b736a48bc9d2
6029e07f4d38cd9b4ac3bb8f9e815775329259a9
e342e076f3b1dc0fdaf831f84f28561215ee034a558676994618c882f3642967
Analyzer Verdict Alert urlquery phishing Phishing - DHL
openphish DHL Airways, Inc.
fortinet Malware
GET /js/jquery.steps.js HTTP/1.1
Host: serves.dhlserveslivellc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://serves.dhlserveslivellc.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 10:21:01 GMT
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Wed, 06 May 2020 01:11:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10689
Content-Type: application/javascript
Age: 0
Connection: keep-alive
Server: ATS
serves.dhlserveslivellc.com/js/jquery-3.3.1.min.js
67.195.197.24200 OK 30 kB URL HTTP/1.1 serves.dhlserveslivellc.com/js/jquery-3.3.1.min.js
IP 67.195.197.24:0
File type ASCII text, with very long lines (65450), with CRLF line terminators
Hash ce93c33b71763f3e28eb7143970bc99f
55be0c55a057d50145b5f98c1f052f037f4f8121
67de797f8fc77b76b35acde3b604f60aa8d768f1bf226eb20ed13db08cdbcb10
Analyzer Verdict Alert urlquery phishing Phishing - DHL
openphish DHL Airways, Inc.
fortinet Malware
GET /js/jquery-3.3.1.min.js HTTP/1.1
Host: serves.dhlserveslivellc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://serves.dhlserveslivellc.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 10:21:01 GMT
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Wed, 06 May 2020 01:11:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 30313
Content-Type: application/javascript
Age: 0
Connection: keep-alive
Server: ATS
serves.dhlserveslivellc.com/images/img.svg
67.195.197.24200 OK 722 B URL HTTP/1.1 serves.dhlserveslivellc.com/images/img.svg
IP 67.195.197.24:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 75e6a3a06ceab9d5d544db411b461773
6133136f4082d6e1286023a7a28e32fe69d0ad40
60f60db64661c2ec17815671734b616bab2fe1befacad5482953f3e7dc13961a
Analyzer Verdict Alert urlquery phishing Phishing - DHL
openphish DHL Airways, Inc.
fortinet Malware
GET /images/img.svg HTTP/1.1
Host: serves.dhlserveslivellc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://serves.dhlserveslivellc.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 10:21:01 GMT
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Wed, 06 May 2020 01:11:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 722
Content-Type: image/svg+xml
Age: 0
Connection: keep-alive
Server: ATS
serves.dhlserveslivellc.com/images/wizard_v3_icon_1.png
67.195.197.24200 OK 4.6 kB URL HTTP/1.1 serves.dhlserveslivellc.com/images/wizard_v3_icon_1.png
IP 67.195.197.24:0
File type PNG image data, 150 x 35, 8-bit/color RGBA, non-interlaced\012- data
Hash 9be5e19e6f7538afce632d82b855dd24
12dec760d83e8db9c2073d46512c1b76b7a4edc2
5abaa5a71c4481349f88fb44e395b25d99a953329d0d5fbb11880312f4752fec
Analyzer Verdict Alert urlquery phishing Phishing - DHL
openphish DHL Airways, Inc.
GET /images/wizard_v3_icon_1.png HTTP/1.1
Host: serves.dhlserveslivellc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://serves.dhlserveslivellc.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 10:21:01 GMT
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Wed, 06 May 2020 01:11:16 GMT
Accept-Ranges: bytes
Content-Length: 4633
Cache-Control: max-age=864000
Expires: Fri, 16 Dec 2022 10:21:01 GMT
Content-Type: image/png
Age: 0
Connection: keep-alive
Server: ATS
serves.dhlserveslivellc.com/images/wizard_v4_icon.png
67.195.197.24200 OK 1.1 kB URL HTTP/1.1 serves.dhlserveslivellc.com/images/wizard_v4_icon.png
IP 67.195.197.24:0
File type PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced\012- data
Hash d3aab532241c4ae850bf45efa0047073
cfb509e3a77c0f8ab1a8083b7cd9754ac8b1a06e
4927e407f1f4b81dbc5d6269117fafdda60011698398015591dd10f33b779ffc
Analyzer Verdict Alert urlquery phishing Phishing - DHL
openphish DHL Airways, Inc.
GET /images/wizard_v4_icon.png HTTP/1.1
Host: serves.dhlserveslivellc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://serves.dhlserveslivellc.com/css/style.css
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 10:21:01 GMT
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Wed, 06 May 2020 01:11:16 GMT
Accept-Ranges: bytes
Content-Length: 1131
Cache-Control: max-age=864000
Expires: Fri, 16 Dec 2022 10:21:01 GMT
Content-Type: image/png
Age: 0
Connection: keep-alive
Server: ATS
push.services.mozilla.com/
34.210.150.237101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.210.150.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 9Rbkj8Wf7jWojZ3qN8RSFw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: /aDsaSwcPcLixax3Iryeh5IDfJY=
serves.dhlserveslivellc.com/js/jquery-ui.min.js
67.195.197.24200 OK 68 kB URL HTTP/1.1 serves.dhlserveslivellc.com/js/jquery-ui.min.js
IP 67.195.197.24:0
File type ASCII text, with very long lines (33326)
Hash 578f4306c216f42e85edab2fd92f6055
95769c57a5dc609079289962d7a1246c0e69f159
cd059bd301db04a93223aa6acf47625a7e02857004e0b2a6b234f84429ee8c0f
Analyzer Verdict Alert urlquery phishing Phishing - DHL
openphish DHL Airways, Inc.
fortinet Malware
GET /js/jquery-ui.min.js HTTP/1.1
Host: serves.dhlserveslivellc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://serves.dhlserveslivellc.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 10:21:01 GMT
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Wed, 06 May 2020 01:11:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/javascript
Age: 0
Transfer-Encoding: chunked
Connection: keep-alive
Server: ATS
serves.dhlserveslivellc.com/fonts/material-design-iconic-font/fonts/Material-Design-Iconic-Font.woff2?v=2.2.0
67.195.197.24200 OK 38 kB URL HTTP/1.1 serves.dhlserveslivellc.com/fonts/material-design-iconic-font/fonts/Material-Design-Iconic-Font.woff2?v=2.2.0
IP 67.195.197.24:0
File type Web Open Font Format (Version 2), TrueType, length 38384, version 1.0\012- data
Hash a4d31128b633bc0b1cc1f18a34fb3851
6ee4c79372c3fd679706306ede47e4b03cf53d60
e8eea96e29a7c0a72612ab85ca3229979666467a28349642c2176e7189a1a39c
Analyzer Verdict Alert urlquery phishing Phishing - DHL
GET /fonts/material-design-iconic-font/fonts/Material-Design-Iconic-Font.woff2?v=2.2.0 HTTP/1.1
Host: serves.dhlserveslivellc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://serves.dhlserveslivellc.com/fonts/material-design-iconic-font/css/material-design-iconic-font.min.css
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 10:21:01 GMT
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Wed, 06 May 2020 01:11:16 GMT
Accept-Ranges: bytes
Content-Length: 38384
Content-Type: application/octet-stream
Age: 0
Connection: keep-alive
Server: ATS
serves.dhlserveslivellc.com/fonts/Roboto/Roboto-Bold.ttf
67.195.197.24200 OK 171 kB URL HTTP/1.1 serves.dhlserveslivellc.com/fonts/Roboto/Roboto-Bold.ttf
IP 67.195.197.24:0
File type TrueType Font data, 18 tables, 1st "GDEF", 26 names, Macintosh, Copyright 2011 Google Inc. All Rights Reserved.RobotoBoldRoboto BoldVersion 2.137; 2017Roboto-Bo\012- data
Size 171 kB (170760 bytes)
Hash ee7b96fa85d8fdb8c126409326ac2d2b
0ce37ced9c5fcac9bdc452a432c1258870ba4677
7d0b991ee3e0be7af01ad7ea8cd2beea6c00a25e679a0226b6737f079aafff86
Analyzer Verdict Alert urlquery phishing Phishing - DHL
openphish DHL Airways, Inc.
fortinet Malware
GET /fonts/Roboto/Roboto-Bold.ttf HTTP/1.1
Host: serves.dhlserveslivellc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://serves.dhlserveslivellc.com/css/roboto-font.css
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 10:21:01 GMT
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Wed, 06 May 2020 01:11:16 GMT
Accept-Ranges: bytes
Content-Length: 170760
Content-Type: application/x-font-ttf
Age: 0
Connection: keep-alive
Server: ATS
serves.dhlserveslivellc.com/fonts/Roboto/Roboto-Black.ttf
67.195.197.24200 OK 172 kB URL HTTP/1.1 serves.dhlserveslivellc.com/fonts/Roboto/Roboto-Black.ttf
IP 67.195.197.24:0
File type TrueType Font data, 18 tables, 1st "GDEF", 28 names, Macintosh, Copyright 2011 Google Inc. All Rights Reserved.Roboto BlackRegularVersion 2.137; 2017Roboto-Blac\012- data
Size 172 kB (171480 bytes)
Hash ec4c9962ba54eb91787aa93d361c10a8
c572416b9587c40d49ea60c7128f7f17b9317ad8
3872e9b39760a1b59ac1e192633dbb3b58e595b4d423930ac7ded525e9ae25e0
Analyzer Verdict Alert urlquery phishing Phishing - DHL
openphish DHL Airways, Inc.
fortinet Malware
GET /fonts/Roboto/Roboto-Black.ttf HTTP/1.1
Host: serves.dhlserveslivellc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://serves.dhlserveslivellc.com/css/roboto-font.css
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 10:21:01 GMT
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Wed, 06 May 2020 01:11:16 GMT
Accept-Ranges: bytes
Content-Length: 171480
Content-Type: application/x-font-ttf
Age: 2
Connection: keep-alive
Server: ATS
serves.dhlserveslivellc.com/images/favicon.ico
67.195.197.24200 OK 1.2 kB URL HTTP/1.1 serves.dhlserveslivellc.com/images/favicon.ico
IP 67.195.197.24:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash d8106bf3a1d00ab43b01e6e3c92500eb
202b5e8654ab1b28351378293bca3b9d844cc29b
9ada5709e264c31b04a05bd85448a9bd5e91925e8d83df5cef0762ec97cc283e
Analyzer Verdict Alert urlquery phishing Phishing - DHL
openphish DHL Airways, Inc.
GET /images/favicon.ico HTTP/1.1
Host: serves.dhlserveslivellc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://serves.dhlserveslivellc.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 10:21:02 GMT
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Wed, 06 May 2020 01:11:16 GMT
Accept-Ranges: bytes
Content-Length: 1150
Content-Type: image/x-icon
Age: 0
Connection: keep-alive
Server: ATS
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9681
Expires: Tue, 06 Dec 2022 13:02:24 GMT
Date: Tue, 06 Dec 2022 10:21:03 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9681
Expires: Tue, 06 Dec 2022 13:02:24 GMT
Date: Tue, 06 Dec 2022 10:21:03 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9681
Expires: Tue, 06 Dec 2022 13:02:24 GMT
Date: Tue, 06 Dec 2022 10:21:03 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcfc1e29-0017-4346-aacf-66d3875076ce.jpeg
34.120.237.76200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcfc1e29-0017-4346-aacf-66d3875076ce.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 18bbcbf84b00d3bc602830478ff1bd7f
1f25392db4cf3693259202b24e898f21093b8bf9
cb2b44e1f74a9bb43fab48536f6146e273c728b34e4889ff3f18a411d14d2282
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcfc1e29-0017-4346-aacf-66d3875076ce.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5790
x-amzn-requestid: 2e409a5f-ce04-4b9b-b3a2-74e5bbd256d3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSvoEoUoAMFsxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64ca-72e1bb13187b18aa26c8566f;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: WBNaNTgYQaDVlJqu2u341xYy_6zmr5LqmCD2BPjGPGgmAG20WNHyKw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:46:52 GMT
age: 45251
etag: "1f25392db4cf3693259202b24e898f21093b8bf9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb60ffdb0-9abd-43ed-ba00-442492cc7b45.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb60ffdb0-9abd-43ed-ba00-442492cc7b45.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4c0e37b32bf91d9877ad7cb9f4f875a5
cec2ccf17ae08fe009c09563d214564c3499ad4c
4cec4e669ba4b149573de59df16d8cae06a6d4393092d7e06150596f38dc6856
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb60ffdb0-9abd-43ed-ba00-442492cc7b45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8287
x-amzn-requestid: f434241a-bf89-44a4-8320-37083f11ae0c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSuYHxOIAMFYuw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64c2-1a89a8d25044d96535ad8a36;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:10 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Ut9ZM7T05yaYKdk6GVUSnG7yIQ07QmG-jOy9mgE_K1AB9qUgx6L3LQ==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:30:52 GMT
age: 42611
etag: "cec2ccf17ae08fe009c09563d214564c3499ad4c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
kit-free.fontawesome.com/releases/latest/css/free-v4-shims.min.css
172.67.168.25200 OK 16 kB URL HTTP/2 kit-free.fontawesome.com/releases/latest/css/free-v4-shims.min.css
IP 172.67.168.25:0
File type ASCII text, with very long lines (26500)
Hash 50e01aeffd65b79073143a79e381b505
c992cc201e3ac1be63c388067cff22b651ba9681
6fbc7475d616e533825acca89c869d6e40438ed4d4040751a092671fb345ec35
GET /releases/latest/css/free-v4-shims.min.css HTTP/1.1
Host: kit-free.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://serves.dhlserveslivellc.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 06 Dec 2022 10:21:01 GMT
content-type: text/css
x-amz-id-2: yBVgXOI1p1cQzefoffXhziBF5Jgpek6e7OoszIxkICR473TwIFpWfHO7oW2w1nosT1t0IulOypU=
x-amz-request-id: 1JT537VQK7AMARG6
last-modified: Wed, 04 Aug 2021 21:22:51 GMT
etag: W/"76f34b71fc9fb641507ff6a822cc07f5"
cache-control: max-age=1800
cf-cache-status: HIT
age: 1751
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HPRcto7qRd4o%2B%2FGzcvsLGpjg5j5GNoZxw1Vv14e6kc6hCkWXxXbGPmnMTvdel8x14EVHVxK9QlpQMMUo9EVXUZL1axyPey%2B8Ux7f8PUk9sflPBgiUB9%2B%2B9LWNdFYU6zlUcIyVN62eO2XAaA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77544ad63cd2fabc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ca09fa3-9c1c-4e27-b763-2de04564da9d.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ca09fa3-9c1c-4e27-b763-2de04564da9d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 73b9f329cd3a39d0756de62dd5f190b7
0f1c7567b89cc3de60196e47e37879296359bc78
e15711efe27a3d302a9869cf01d27fd65bd0beca9d03a19d93bbf11e28f3e1d8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ca09fa3-9c1c-4e27-b763-2de04564da9d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4827
x-amzn-requestid: 9091cc45-8fb1-4b07-8ef9-3f42b85fb81e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSuYH_KIAMFpMQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64c2-6bf3bf8659ef3feb27c1803f;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:10 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: fxdYE-ftBwC_0KcBJBQqvUbVXM54TmsKR8QXIfLIhdLYsqtaxdx9tg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:22:26 GMT
age: 43117
etag: "0f1c7567b89cc3de60196e47e37879296359bc78"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b15136d60fd0a5e0f657a4f5c75d540f
36082b7329d473829178f280cb71a83b1531e486
79478269b1f5dcfd1e45ccd4264fa44805b37c5c8fec820bcbd2fa1689dfbbd8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11224
x-amzn-requestid: 938de0b8-1055-4416-9ad7-162ab5f4db9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUINEwdoAMFuOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6701-38b079ef341bb17e567de773;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:45 GMT
x-amz-cf-pop: YVR50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tGtiCE9C3j0BUruNaFN2j1mKxCSouLmocmTXpmLMBJaLNyVwkXu1gQ==
via: 1.1 f0ac467993db44dbfc36b778dfcaf73c.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:23:09 GMT
age: 43074
etag: "36082b7329d473829178f280cb71a83b1531e486"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7663e5fc-37de-4be8-9be7-49805622f85d.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7663e5fc-37de-4be8-9be7-49805622f85d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 99d1ff8fa2e095dcf2bda3d1e1af1221
f914f04a0e1fb45a221d31d2105bfc73015b03e6
90325d4299a44dbd213857ada6f6880db8c33ad61685cfcb60c4a2455a84cf87
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7663e5fc-37de-4be8-9be7-49805622f85d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10183
x-amzn-requestid: 557e6b38-7be9-4953-968b-2e5bd3491ef4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUDYEQbIAMFwRg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e66e2-1fcd8fc4719bc0bc7d11abd2;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: z1_zJTJMuk724WMOmIc660b54AyZK8ffNVF5N7ehZ00W2kaL3Lcd1A==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:47:14 GMT
age: 45229
etag: "f914f04a0e1fb45a221d31d2105bfc73015b03e6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
serves.dhlserveslivellc.com/images/bg.jpg
67.195.197.24200 OK 1.1 MB URL HTTP/1.1 serves.dhlserveslivellc.com/images/bg.jpg
IP 67.195.197.24:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=9, description=Frankfurt/ Main, 31 October 2002 Deutsche Post World Net launches STAR - Group-wide value enhancement programme ## Frankfurt/, orientation=upper-left, xresolution=354, yresolution=362, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2008:06:26 16:37:43, copyright=Deutsche Post World Net], baseline, precision 8, 2880x2045, components 4\012- data
Size 1.1 MB (1052344 bytes)
Hash 5c2ac9314ae3c0259449424163081404
c879027f32270cfe72949d12f73f09de8ae87a5f
81295e3657ad03f98dafc8b01981859656dcf33a052bfe61183ad7072821acd8
Analyzer Verdict Alert urlquery phishing Phishing - DHL
openphish DHL Airways, Inc.
GET /images/bg.jpg HTTP/1.1
Host: serves.dhlserveslivellc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://serves.dhlserveslivellc.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 10:21:01 GMT
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Wed, 06 May 2020 01:11:16 GMT
Accept-Ranges: bytes
Content-Length: 1052344
Cache-Control: max-age=864000
Expires: Fri, 16 Dec 2022 10:21:01 GMT
Content-Type: image/jpeg
Age: 0
Connection: keep-alive
Server: ATS