Overview

URLmail.deliverylifesupport.com/public/SZMlbccMQ1FQRDcp7P6LkcdRGLhViIA3
IP 85.187.128.43 (Singapore)
ASN#55293 A2HOSTING
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Access public lock_open
Report completed2023-03-23 13:59:38 UTC
StatusLoading report..
IDS alerts3
Blocklist alert1
urlquery alerts
9
Phishing - DHL
Tags dhl logistics phishing

Domain Summary (14)

Fully Qualifying Domain Name Rank First Seen Last Seen Sent bytes Received bytes IP Comment
static.hotjar.com (1) 641 2014-11-01T06:14:27Z 2023-03-29T05:25:56Z 389 631 54.230.111.66
r3.o.lencr.org (9) 344 2020-12-02T09:52:13Z 2023-03-29T05:09:11Z 3042 7976 23.36.77.32
cdnjs.cloudflare.com (2) 235 2015-04-17T22:46:33Z 2023-03-29T05:16:53Z 958 84832 104.17.25.14
ka-f.fontawesome.com (6) 3598 2019-12-17T07:36:13Z 2023-03-29T05:34:09Z 2972 479244 172.64.169.22
kit.fontawesome.com (1) 1868 2019-12-16T20:51:31Z 2023-03-29T05:25:02Z 422 11265 104.18.23.52
mail.deliverylifesupport.com (17) 0 2023-01-23T08:03:36Z 2023-03-29T05:29:31Z 19483 148296 85.187.128.43
push.services.mozilla.com (1) 2140 2014-10-24T10:27:06Z 2023-03-29T05:09:32Z 606 127 35.160.225.179
cdn.lr-in.com (1) 13237 2021-07-19T16:36:56Z 2023-03-29T15:38:24Z 376 1028 104.21.234.144
content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03T13:26:46Z 2023-03-29T05:09:31Z 413 5882 34.160.144.191
contile.services.mozilla.com (1) 1114 2021-05-27T20:32:35Z 2023-03-29T05:09:31Z 333 391 34.117.237.239
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-22T01:36:00Z 2023-03-29T05:09:12Z 3246 51689 34.120.237.76
firefox.settings.services.mozilla.com (2) 867 2020-06-04T22:08:41Z 2023-03-29T05:09:03Z 782 2374 35.241.9.150
ws-mt1.pusher.com (1) 8253 2018-09-20T13:30:02Z 2023-03-29T14:25:48Z 543 186 34.195.157.182
files.killbot.org (1) 0 2021-08-07T16:39:30Z 2023-03-29T15:52:55Z 393 747 172.67.166.105

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2023-03-23 13:59:38 UTC low  85.187.128.43 Client IP ET INFO Killbot JS Configuration - Possible Phishing 
2023-03-23 13:59:39 UTC high  85.187.128.43 Client IP ET EXPLOIT_KIT TDS Sutra - page redirecting to a SutraTDS 
2023-03-23 13:59:39 UTC low  85.187.128.43 Client IP ET INFO Killbot JS Configuration - Possible Phishing 

Blocklists

OpenPhish
Scan Date Severity Indicator Comment
2023-03-02 medium mail.deliverylifesupport.com/public DHL Airways, Inc.

PhishTank
 No alerts detected

Fortinet's Web Filter
 No alerts detected

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected

ThreatFox
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 85.187.128.43
Date UQ / IDS / BL URL IP
2023-06-05 07:13:37 UTC 0 - 0 - 4 mail.deliverylifesupport.com/public/Q7thmkgeC (...) 85.187.128.43
2023-06-05 07:07:07 UTC 0 - 0 - 4 deliverylifesupport.com/public/UPWWTldTNAkSi0 (...) 85.187.128.43
2023-06-05 06:35:30 UTC 0 - 0 - 4 deliverylifesupport.com/public/cIkpJo72HVS9Ml (...) 85.187.128.43
2023-05-22 02:24:55 UTC 0 - 0 - 8 mail.deliverylifesupport.com/public/Q0yujYkH4 (...) 85.187.128.43
2023-05-22 02:24:41 UTC 0 - 0 - 8 mail.deliverylifesupport.com/public/pAkNMrGQ1 (...) 85.187.128.43


Last 5 reports on ASN: A2HOSTING
Date UQ / IDS / BL URL IP
2023-06-05 22:57:47 UTC 0 - 0 - 2 couponinu.net/mcafeepire/bd83294ba2c1f0fa5df6 (...) 68.66.228.99
2023-06-05 21:52:06 UTC 0 - 0 - 2 couponinu.net/mcafeepire/bd83294ba2c1f0fa5df6 (...) 68.66.228.99
2023-06-05 21:34:12 UTC 0 - 2 - 0 kodsdsda09sd.store/?dD1jJmQ9OTgwNzgmbD0yMTgwO (...) 103.72.79.252
2023-06-05 21:06:59 UTC 4 - 0 - 0 chainstrading.net/Email/Verify/sf_rand_string (...) 104.255.196.66
2023-06-05 20:36:36 UTC 0 - 0 - 1 couponinu.net/mcafeepire/bd83294ba2c1f0fa5df6 (...) 68.66.228.99


Last 5 reports on domain: deliverylifesupport.com
Date UQ / IDS / BL URL IP
2023-06-05 07:13:37 UTC 0 - 0 - 4 mail.deliverylifesupport.com/public/Q7thmkgeC (...) 85.187.128.43
2023-06-05 07:07:07 UTC 0 - 0 - 4 deliverylifesupport.com/public/UPWWTldTNAkSi0 (...) 85.187.128.43
2023-06-05 06:35:30 UTC 0 - 0 - 4 deliverylifesupport.com/public/cIkpJo72HVS9Ml (...) 85.187.128.43
2023-05-22 02:24:55 UTC 0 - 0 - 8 mail.deliverylifesupport.com/public/Q0yujYkH4 (...) 85.187.128.43
2023-05-22 02:24:41 UTC 0 - 0 - 8 mail.deliverylifesupport.com/public/pAkNMrGQ1 (...) 85.187.128.43


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2023-03-27 18:36:43 UTC 15 - 3 - 18 onlinequranteaching.com/public/3F0PAjRf997f6y (...) 167.86.83.89
2023-03-27 18:35:39 UTC 13 - 3 - 14 onlinequranteaching.com/public/kcrLLBYqMpWjgl (...) 167.86.83.89
2023-03-27 18:35:59 UTC 14 - 3 - 15 onlinequranteaching.com/public/MsFBHW0UcESkhm (...) 167.86.83.89
2023-03-27 17:59:40 UTC 15 - 3 - 17 onlinequranteaching.com/public/kCIIzrBqQbd1Jq (...) 167.86.83.89
2023-03-27 17:59:27 UTC 13 - 3 - 14 onlinequranteaching.com/public/dfYvSBFKDkjrNB (...) 167.86.83.89

JavaScript

Executed Scripts (10)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (50)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Server: nginx
Content-Length: 503
ETag: "469B97BF9F57401B3C9571039483589F2815F4794212B75C7C85CFEFE0AE71E9"
Last-Modified: Wed, 22 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6248
Expires: Thu, 23 Mar 2023 15:43:35 GMT
Date: Thu, 23 Mar 2023 13:59:27 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Server: nginx
Content-Length: 503
ETag: "D93D50C523C7F735987ABA09DB628259441EB75EFE713A2DF3C214E1FB8B5171"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5374
Expires: Thu, 23 Mar 2023 15:29:01 GMT
Date: Thu, 23 Mar 2023 13:59:27 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        
                                             35.241.9.150
HTTP/2 200 OK
content-type: application/json
                                            
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 23 Mar 2023 13:15:05 GMT
age: 2662
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    4ad6984a756720fbfff47b37a75513a2
Sha1:   355e35258114452af8b9638985ed9d8ef3bf0aca
Sha256: 43181fccb10652c68cae86e5e32b4e8f426fb5ad49d8125cb99e072cff573cf5
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Server: nginx
Content-Length: 503
ETag: "8794223D5E8D4D276C35E2FDCC24BF99694240634DD749CD9B5BF874DEC055CF"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10750
Expires: Thu, 23 Mar 2023 16:58:37 GMT
Date: Thu, 23 Mar 2023 13:59:27 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        
                                             34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                            
x-amz-id-2: AOFso67aao9Ux2Xi7No8BOKNzEUnYd2MEIxIAKMunX7e95IRxj3NXEGj664PbzeUyQefKgBDTCs=
x-amz-request-id: WCQCMBZKTYB775MB
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 23 Mar 2023 12:59:58 GMT
age: 3569
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    e7bace7c1e04d44012e37ddffe36e5d5
Sha1:   3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
Sha256: 6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        
                                             34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                            
server: nginx
date: Thu, 23 Mar 2023 13:59:27 GMT
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /public/SZMlbccMQ1FQRDcp7P6LkcdRGLhViIA3 HTTP/1.1 
Host: mail.deliverylifesupport.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        
                                             85.187.128.43
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                            
Date: Thu, 23 Mar 2023 13:59:27 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Cache-Control: no-cache, private
Set-Cookie: XSRF-TOKEN=eyJpdiI6IjRkL09kQ1JtWUJsa2xCS1BrT0lUYUE9PSIsInZhbHVlIjoiNFdtVHRNNjBEeFF5TlFndU43TTByY1BGb0hGSEEvdkZTaEJndnNQVVV0cG5OREtIdndCMDRTdDU0aEphVUlzTDh6YisrQXRIbjROamRMQ1RVbDhFOGowUGd1b2hqQnMyNUNOaUpSZGR6Z3RzTWhCTmJhRE1mYTlXNE9LdTkrRkEiLCJtYWMiOiI3NjcwNmZiOTQ3ZTU1NWNmZDcxNjc1MDExYjVmODc2YWYzMWM1ZWMyY2Q5NGZiZGQyY2Y2N2FlYWE0MzAxNjMyIiwidGFnIjoiIn0%3D; expires=Thu, 23-Mar-2023 15:59:27 GMT; Max-Age=7200; path=/; samesite=lax laravel_session=eyJpdiI6IisyTEU5SXNQY1BhRi9YVGdodEVnS2c9PSIsInZhbHVlIjoiZFo2cmo2R0pmWVJrYW1Tdmg3S0JDdFhST2srU0xHRCtWNHhDNjZQWHVRTWd1K2RLNm16bE1hMkdyME5BNFNVM3R6VE5zUDcrZFpMZHROMk9RMXVrbE1VOE81MzUwc3ROc1Z3c1dLU3gwblBFMFN2UVZjbUZFSWxqMWJIdGtYNFoiLCJtYWMiOiI1OTllOTNhZDNkZTBkMWZjMDJmZmI1NDc2Yzg2ZGVmZGQ4MThjYjc1OGE1NGFlNTQ4ZTc4YjM1M2U5MmNiOWEwIiwidGFnIjoiIn0%3D; expires=Thu, 23-Mar-2023 15:59:27 GMT; Max-Age=7200; path=/; httponly; samesite=lax
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Location: http://mail.deliverylifesupport.com/public
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 211
Keep-Alive: timeout=3, max=500
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   211
Md5:    c075025cc42a2c92932206665c92ec22
Sha1:   4873e4517f258bf005e54e98140cf61916ede301
Sha256: 9cf7367cfaeb22db1cc66463a3a3eb573e3f3efa762d41d96cffb4cd76b57ca2
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        
                                             35.241.9.150
HTTP/2 200 OK
content-type: application/json
                                            
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Last-Modified, Content-Length, Pragma, Expires, ETag, Backoff, Alert, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 23 Mar 2023 13:17:23 GMT
age: 2525
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /public HTTP/1.1 
Host: mail.deliverylifesupport.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IjRkL09kQ1JtWUJsa2xCS1BrT0lUYUE9PSIsInZhbHVlIjoiNFdtVHRNNjBEeFF5TlFndU43TTByY1BGb0hGSEEvdkZTaEJndnNQVVV0cG5OREtIdndCMDRTdDU0aEphVUlzTDh6YisrQXRIbjROamRMQ1RVbDhFOGowUGd1b2hqQnMyNUNOaUpSZGR6Z3RzTWhCTmJhRE1mYTlXNE9LdTkrRkEiLCJtYWMiOiI3NjcwNmZiOTQ3ZTU1NWNmZDcxNjc1MDExYjVmODc2YWYzMWM1ZWMyY2Q5NGZiZGQyY2Y2N2FlYWE0MzAxNjMyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IisyTEU5SXNQY1BhRi9YVGdodEVnS2c9PSIsInZhbHVlIjoiZFo2cmo2R0pmWVJrYW1Tdmg3S0JDdFhST2srU0xHRCtWNHhDNjZQWHVRTWd1K2RLNm16bE1hMkdyME5BNFNVM3R6VE5zUDcrZFpMZHROMk9RMXVrbE1VOE81MzUwc3ROc1Z3c1dLU3gwblBFMFN2UVZjbUZFSWxqMWJIdGtYNFoiLCJtYWMiOiI1OTllOTNhZDNkZTBkMWZjMDJmZmI1NDc2Yzg2ZGVmZGQ4MThjYjc1OGE1NGFlNTQ4ZTc4YjM1M2U5MmNiOWEwIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1

                                        
                                             85.187.128.43
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=iso-8859-1
                                            
Date: Thu, 23 Mar 2023 13:59:28 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Location: http://mail.deliverylifesupport.com/public/
Content-Length: 251
Keep-Alive: timeout=3, max=499
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   251
Md5:    5a6ea87449f14ff9118571e14f5cd516
Sha1:   ec819be6f18173f6ea373a175c2c6090b1433ef7
Sha256: db10a393bb06bcfe89831da0a086a064f2463bdc5331a90642ab7d594058ff60

Blocklists:
  - openphish: DHL Airways, Inc.
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Server: nginx
Content-Length: 503
ETag: "7001D3EF847C7002AC15155F0DFCC0A369F19860E85C8E90530F1E7B2DD88F09"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2472
Expires: Thu, 23 Mar 2023 14:40:40 GMT
Date: Thu, 23 Mar 2023 13:59:28 GMT
Connection: keep-alive

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: GTxiajZFyTw1xIEvzaTyfQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        
                                             35.160.225.179
HTTP/1.1 101 Switching Protocols
                                            
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: K3vtmgR8Uv0FHTeCo//UEKkL734=

                                        
                                            GET /public/ HTTP/1.1 
Host: mail.deliverylifesupport.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IjRkL09kQ1JtWUJsa2xCS1BrT0lUYUE9PSIsInZhbHVlIjoiNFdtVHRNNjBEeFF5TlFndU43TTByY1BGb0hGSEEvdkZTaEJndnNQVVV0cG5OREtIdndCMDRTdDU0aEphVUlzTDh6YisrQXRIbjROamRMQ1RVbDhFOGowUGd1b2hqQnMyNUNOaUpSZGR6Z3RzTWhCTmJhRE1mYTlXNE9LdTkrRkEiLCJtYWMiOiI3NjcwNmZiOTQ3ZTU1NWNmZDcxNjc1MDExYjVmODc2YWYzMWM1ZWMyY2Q5NGZiZGQyY2Y2N2FlYWE0MzAxNjMyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IisyTEU5SXNQY1BhRi9YVGdodEVnS2c9PSIsInZhbHVlIjoiZFo2cmo2R0pmWVJrYW1Tdmg3S0JDdFhST2srU0xHRCtWNHhDNjZQWHVRTWd1K2RLNm16bE1hMkdyME5BNFNVM3R6VE5zUDcrZFpMZHROMk9RMXVrbE1VOE81MzUwc3ROc1Z3c1dLU3gwblBFMFN2UVZjbUZFSWxqMWJIdGtYNFoiLCJtYWMiOiI1OTllOTNhZDNkZTBkMWZjMDJmZmI1NDc2Yzg2ZGVmZGQ4MThjYjc1OGE1NGFlNTQ4ZTc4YjM1M2U5MmNiOWEwIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1

                                        
                                             85.187.128.43
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                            
Date: Thu, 23 Mar 2023 13:59:28 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Cache-Control: no-cache, private
Set-Cookie: XSRF-TOKEN=eyJpdiI6IjhCalR6QnpzMS9oWFF6OTNzTWMvMFE9PSIsInZhbHVlIjoiQm8xR2dvZVNuektEcUp4VnV2eEkzNnJCTmdkNVVmSC9nOUNlWHZVQkEzQTNKVGFHM0F4RlFmMXJySDhiQTFVcW1GVGlGWE5RMVhqLzVlL3VaOXdpRkZJbzZtblpvS3lXM1pVdzJ3RnpMVnNSK2ZIcGlGKzNtSlVDYWpxRU9VWEEiLCJtYWMiOiJiYWM1Y2YxNjQ4Yjc0OGNkMmU1ODg1MTlhNzJiMDU5NDc1ZDgzNGViZjBjYmRlODc4M2FhMTcwMGMzNTZhYzgwIiwidGFnIjoiIn0%3D; expires=Thu, 23-Mar-2023 15:59:29 GMT; Max-Age=7200; path=/; samesite=lax laravel_session=eyJpdiI6InExSnhaYmRZSG1NcldyTlphZDdhU3c9PSIsInZhbHVlIjoiU0c2dTJzZDZ2dDViK0RZWmI1VWI3ZXhHRkRmamRFVXF2cXkwbXFKOGgrUXU1QWlTbWR6UWlhdkJrMzIyTHBvK0pUV0FidVFPQXdkQ2Q0Zm56RERsWndKdlJ3ODF1RzlLNllMN1lBTmhOYkFrMG84S0drUEpiOElTd0MyRDhIUHoiLCJtYWMiOiI4YmE5MDM1MGQ2YmQxODBkNTIwZGJlYTI1ZjE2MTBmNGU2NzMxNmYzMDRlNGEyMzkzYWUyYmY4MjI4YTU2ZTQxIiwidGFnIjoiIn0%3D; expires=Thu, 23-Mar-2023 15:59:29 GMT; Max-Age=7200; path=/; httponly; samesite=lax
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 348
Keep-Alive: timeout=3, max=498
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text
Size:   348
Md5:    7974d1251087c70ba39aedf51985f1a1
Sha1:   3189823f7e83564cabc76c037afbd5f5d68567ac
Sha256: f6984b631542b64bd93e420da9a843333c3e34c6c40dff7e795adf3b6f8f9c57

IDS:
  - ET INFO Killbot JS Configuration - Possible Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Server: nginx
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9414
Expires: Thu, 23 Mar 2023 16:36:23 GMT
Date: Thu, 23 Mar 2023 13:59:29 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Server: nginx
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9414
Expires: Thu, 23 Mar 2023 16:36:23 GMT
Date: Thu, 23 Mar 2023 13:59:29 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Server: nginx
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9414
Expires: Thu, 23 Mar 2023 16:36:23 GMT
Date: Thu, 23 Mar 2023 13:59:29 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Server: nginx
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9414
Expires: Thu, 23 Mar 2023 16:36:23 GMT
Date: Thu, 23 Mar 2023 13:59:29 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5be1b286-007a-44a5-a6fd-872190ecfa0b.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        
                                             34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                            
server: nginx
content-length: 6692
x-amzn-requestid: 3a0f6a8d-89b1-43f4-8a15-8749bdbc047b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM9d9FcOoAMFaFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b75f2-3540256d6be3d4f85bba65ea;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:41:06 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: PNAVsyfdAHjn5F6Rt1uz1U46QCIGvTCqZatbAurr6Ilu0quHWExuSw==
via: 1.1 e92cc925fc8895560cd0628c67f58828.cloudfront.net (CloudFront), 1.1 aabd01c4a20dae837d162bd972422efc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 21:43:34 GMT
age: 58555
etag: "156ef59e53564a4f2b27002b2695fafecd578d82"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6692
Md5:    c05bfdf1411a931d8ea9adc64b07bc74
Sha1:   156ef59e53564a4f2b27002b2695fafecd578d82
Sha256: 15d17c0df2d2b0625ecf5f576a7ff630ae8b923b28be354ad23aec6a284a801a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F261caab9-983c-4eb1-9fca-fd73dc738e9e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        
                                             34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                            
server: nginx
content-length: 10284
x-amzn-requestid: e4d2c324-d0b0-436d-9739-29269e62aed0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM6hjEqtIAMFvXA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b713c-5a5bd6b60c1f52ab580f1757;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:21:00 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: g53sZY66fiEL8H79MzI7c7rqI-c-XxMvgB3myz79aw_lE9Aqgc66LQ==
via: 1.1 ffc1e24c06bfbb135c0a4d240b382048.cloudfront.net (CloudFront), 1.1 6ca7826fb0f4c565b1af9c7737725c48.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 07:32:23 GMT
age: 23226
etag: "5035ed41f497c97faefae9cdaf42dc07ab468557"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10284
Md5:    4e89d0b1281259e7399294fb5fa19d2b
Sha1:   5035ed41f497c97faefae9cdaf42dc07ab468557
Sha256: f404d286deab5b4759be6e554e6488faab3b4f7988a86eb57520dac4e0d6a192
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ac1765-db6c-42e3-99bf-d857d27a34b9.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        
                                             34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                            
server: nginx
content-length: 5556
x-amzn-requestid: 6b050645-14aa-47f7-b4a5-2e27abbe5115
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM69eHE3IAMF0Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b71ef-6ab2948e2bf2578f29798372;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:23:59 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: CgU9j02Bnw0UdIwQ3sRCDvJoPitHIAUTRDhLH_PMXYlAPoAwSbv6Iw==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 4d8620b80ebe37d366388e117039aa8e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 06:24:31 GMT
age: 27298
etag: "0e9b952f6489f0a5f4862d3bea2fbe0ecdd379e5"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5556
Md5:    c831201ad81f55c63c1b101ce854a810
Sha1:   0e9b952f6489f0a5f4862d3bea2fbe0ecdd379e5
Sha256: c854489720d2ca4a95eef00addda0fcdaf481402d044df7725282654a97eb54a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6cff797b-5560-422b-9907-7a2fbe8dd123.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        
                                             34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                            
server: nginx
content-length: 7424
x-amzn-requestid: 4d4097db-ae95-4a34-8f92-a56c29e836e2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CENb6FKDoAMF_cg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6417f5e5-772b562b3176f7ca0740db72;Sampled=0
x-amzn-remapped-date: Mon, 20 Mar 2023 05:57:57 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: d_lhTrmtXesTfnCpReJoiiv68EudX-RCSzr3fwqOe3ouJv-M0IOLtw==
via: 1.1 ef6538ee7be7b17c84d06edb0f4c0a1a.cloudfront.net (CloudFront), 1.1 efcf7b9d0f917f9ebf314db03e52d9b6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 21:43:22 GMT
age: 58567
etag: "709b01a360624eceafb1876f56378824aa4936b3"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7424
Md5:    05c7970e81559904d05b6e8cf693f085
Sha1:   709b01a360624eceafb1876f56378824aa4936b3
Sha256: a4fd80c9bdce27961560d7c31e216706e9e32d42d1edd883e283c149505b3db0
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08561a1f-1d19-45db-be98-107d6b1ed25d.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        
                                             34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                            
server: nginx
content-length: 10480
x-amzn-requestid: 58aa8272-4b4e-4a2f-9d6e-d47f70891c49
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJptHG7JoAMFSwA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2320-2fd6502b1271d5c13b4ebbe9;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:28 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: V_1L8vYf9-uS_-cGgsCstGC__IYpLZjEa0gOlsYgYOWwNJxxXJo83g==
via: 1.1 2241406ac19fffc8f35d6ddef8e22f56.cloudfront.net (CloudFront), 1.1 b23fb37cd7fff033ab21e3284f558a28.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 22:09:40 GMT
age: 56989
etag: "5f7ea91288a2170bcabdca6be296718c4191eacd"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10480
Md5:    6f0b9e85381489dcf646c251722b21d4
Sha1:   5f7ea91288a2170bcabdca6be296718c4191eacd
Sha256: 911f803271ad9053ebac3787bdde9b75ec604acc6aa28692cc8e4c5c4fb61483
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a816157-9568-4e7f-a034-14b2f1982949.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        
                                             34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                            
server: nginx
content-length: 4912
x-amzn-requestid: d8fcf495-12af-42ae-ad69-0ea07b1a8669
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM8H3Fl1IAMFYgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b73cb-01cbd1981a57e53b3d3cde93;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:31:55 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: 4xGMCVWy2EXLLN8keteGLQvQjOp6KH97rkn_FK10eyng0-5EudcOig==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 174acb08636ac7d9e9a778bbf1bcbc52.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 21:43:33 GMT
etag: "d07fe53e4ac41048497b2732c017f6666c3eda9e"
age: 58556
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4912
Md5:    f4a771935927950222124e14b56046df
Sha1:   d07fe53e4ac41048497b2732c017f6666c3eda9e
Sha256: 4e8388626074646c2336711be0a170ceab367c343648a32d2389dd87640251d0
                                        
                                            GET /QEvS5fil6YCOP9VUj2MULFwlNS2pIx5H/ HTTP/1.1 
Host: mail.deliverylifesupport.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.deliverylifesupport.com/public/
Cookie: XSRF-TOKEN=eyJpdiI6IjhCalR6QnpzMS9oWFF6OTNzTWMvMFE9PSIsInZhbHVlIjoiQm8xR2dvZVNuektEcUp4VnV2eEkzNnJCTmdkNVVmSC9nOUNlWHZVQkEzQTNKVGFHM0F4RlFmMXJySDhiQTFVcW1GVGlGWE5RMVhqLzVlL3VaOXdpRkZJbzZtblpvS3lXM1pVdzJ3RnpMVnNSK2ZIcGlGKzNtSlVDYWpxRU9VWEEiLCJtYWMiOiJiYWM1Y2YxNjQ4Yjc0OGNkMmU1ODg1MTlhNzJiMDU5NDc1ZDgzNGViZjBjYmRlODc4M2FhMTcwMGMzNTZhYzgwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InExSnhaYmRZSG1NcldyTlphZDdhU3c9PSIsInZhbHVlIjoiU0c2dTJzZDZ2dDViK0RZWmI1VWI3ZXhHRkRmamRFVXF2cXkwbXFKOGgrUXU1QWlTbWR6UWlhdkJrMzIyTHBvK0pUV0FidVFPQXdkQ2Q0Zm56RERsWndKdlJ3ODF1RzlLNllMN1lBTmhOYkFrMG84S0drUEpiOElTd0MyRDhIUHoiLCJtYWMiOiI4YmE5MDM1MGQ2YmQxODBkNTIwZGJlYTI1ZjE2MTBmNGU2NzMxNmYzMDRlNGEyMzkzYWUyYmY4MjI4YTU2ZTQxIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1

                                        
                                             85.187.128.43
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=iso-8859-1
                                            
Date: Thu, 23 Mar 2023 13:59:29 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Location: http://mail.deliverylifesupport.com/public/QEvS5fil6YCOP9VUj2MULFwlNS2pIx5H
Content-Length: 283
Keep-Alive: timeout=3, max=497
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   283
Md5:    47623304167f085f4913b1b8b77091cf
Sha1:   58ad40bd0bb3cc873165a43b6444ebf57bd422f3
Sha256: eb0ed6e8d70d89118de2e7546764e998098db575efc896b733ecd24f05be3354
                                        
                                            GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.deliverylifesupport.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        
                                             104.17.25.14
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                            
date: Thu, 23 Mar 2023 13:59:31 GMT
content-length: 5631
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-7918"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1979649
expires: Tue, 12 Mar 2024 13:59:31 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ykhkwNJ5B20dYUl5Qf3pSuH9CpCSTYzlKKy4u9%2BWKfT%2Fhp7xlVrUx3fxsnI79O1ZvZpng%2FEdVxrYuh1NlL25yKlLsy21M6MeeBhAEHAAhLfMxlWdL4FkO0C6q0tT32ZLCrAMwndi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7ac73204b98dfab8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (30837)
Size:   5631
Md5:    109d1ed85cd01f9cdab73a4cac5bf80d
Sha1:   d6c6498ad46de2d8e2008a8ff68e364ae7f16b32
Sha256: 8b3a74fe462f5b3c0635995fd721a60eb640e237680b0b532b96711f2823e8bc
                                        
                                            GET /public/QEvS5fil6YCOP9VUj2MULFwlNS2pIx5H HTTP/1.1 
Host: mail.deliverylifesupport.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://mail.deliverylifesupport.com/public/
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IjhCalR6QnpzMS9oWFF6OTNzTWMvMFE9PSIsInZhbHVlIjoiQm8xR2dvZVNuektEcUp4VnV2eEkzNnJCTmdkNVVmSC9nOUNlWHZVQkEzQTNKVGFHM0F4RlFmMXJySDhiQTFVcW1GVGlGWE5RMVhqLzVlL3VaOXdpRkZJbzZtblpvS3lXM1pVdzJ3RnpMVnNSK2ZIcGlGKzNtSlVDYWpxRU9VWEEiLCJtYWMiOiJiYWM1Y2YxNjQ4Yjc0OGNkMmU1ODg1MTlhNzJiMDU5NDc1ZDgzNGViZjBjYmRlODc4M2FhMTcwMGMzNTZhYzgwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InExSnhaYmRZSG1NcldyTlphZDdhU3c9PSIsInZhbHVlIjoiU0c2dTJzZDZ2dDViK0RZWmI1VWI3ZXhHRkRmamRFVXF2cXkwbXFKOGgrUXU1QWlTbWR6UWlhdkJrMzIyTHBvK0pUV0FidVFPQXdkQ2Q0Zm56RERsWndKdlJ3ODF1RzlLNllMN1lBTmhOYkFrMG84S0drUEpiOElTd0MyRDhIUHoiLCJtYWMiOiI4YmE5MDM1MGQ2YmQxODBkNTIwZGJlYTI1ZjE2MTBmNGU2NzMxNmYzMDRlNGEyMzkzYWUyYmY4MjI4YTU2ZTQxIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1

                                        
                                             85.187.128.43
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                            
Date: Thu, 23 Mar 2023 13:59:30 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Cache-Control: no-cache, private
Set-Cookie: XSRF-TOKEN=eyJpdiI6IkxCTm5UK3FGVmlFTWtFSGt5SUUwR3c9PSIsInZhbHVlIjoidVRBNUw0QlBSU0FtaUF5WmhLZ2RmSHlSNnF1RHZ2WVQ3VFl3eDh5T2NqamlObWRPS1ZHejRneFFZckN4MXBWQ0VoYnVUOVFURWRZQlNubHptUlUzMnNSRlBSOHp5RDlYdk8vWE1PVWJMVFAyNkVmeE5qcDdsUkFUQWRxc3NzNXUiLCJtYWMiOiI1NTVjZTA1ODVjMmFlYjczZTk3NTE2MDhiODhjNTBlZjgwYWY3ZmRiNTZiZTI5MjM4ODczNzMxODQ3NDQ4OTM3IiwidGFnIjoiIn0%3D; expires=Thu, 23-Mar-2023 15:59:31 GMT; Max-Age=7200; path=/; samesite=lax laravel_session=eyJpdiI6Ikc2Rno1Z2NEWGEzU3ZoRlhBaDJiREE9PSIsInZhbHVlIjoibUpma3lMRTdUUE90N2Z3MTB2cjFQVFBFRjE4R0lPN2JYbnlCNktoWkNTNFFLSGZma3BEODUwU0ViZFZjSWllU3Fza2htYUkxL1V1bnBSeUVKN0JOcFVuZ1draktVb3k3R1p2RCszTzBvUVFXYWk3aGROWnRuMVVROE5SaWxIZGoiLCJtYWMiOiJmNGE1MTc4ZmE4OTE0YzdjZjI2ZTExZGY2ZDdkNjI3OTIxM2YxNTc3YWMxMGYzODkwNGY0OTgzNTU5NzcwNzEyIiwidGFnIjoiIn0%3D; expires=Thu, 23-Mar-2023 15:59:31 GMT; Max-Age=7200; path=/; httponly; samesite=lax
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 14631
Keep-Alive: timeout=3, max=496
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- assembler source text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (39884)
Size:   14631
Md5:    123b1780b181edf6e6c17e22c65417a9
Sha1:   009f7e9e446979b585eacb4c1178a5455ac2b8de
Sha256: 66bfd11c11fc689e979271a274f4bb8f808c00ec75a63eb105a33f9318ed2380

IDS:
  - ET EXPLOIT_KIT TDS Sutra - page redirecting to a SutraTDS
  - ET INFO Killbot JS Configuration - Possible Phishing
                                        
                                            GET /public/js/session-recorder.js HTTP/1.1 
Host: mail.deliverylifesupport.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.deliverylifesupport.com/public/QEvS5fil6YCOP9VUj2MULFwlNS2pIx5H
Cookie: XSRF-TOKEN=eyJpdiI6IkxCTm5UK3FGVmlFTWtFSGt5SUUwR3c9PSIsInZhbHVlIjoidVRBNUw0QlBSU0FtaUF5WmhLZ2RmSHlSNnF1RHZ2WVQ3VFl3eDh5T2NqamlObWRPS1ZHejRneFFZckN4MXBWQ0VoYnVUOVFURWRZQlNubHptUlUzMnNSRlBSOHp5RDlYdk8vWE1PVWJMVFAyNkVmeE5qcDdsUkFUQWRxc3NzNXUiLCJtYWMiOiI1NTVjZTA1ODVjMmFlYjczZTk3NTE2MDhiODhjNTBlZjgwYWY3ZmRiNTZiZTI5MjM4ODczNzMxODQ3NDQ4OTM3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ikc2Rno1Z2NEWGEzU3ZoRlhBaDJiREE9PSIsInZhbHVlIjoibUpma3lMRTdUUE90N2Z3MTB2cjFQVFBFRjE4R0lPN2JYbnlCNktoWkNTNFFLSGZma3BEODUwU0ViZFZjSWllU3Fza2htYUkxL1V1bnBSeUVKN0JOcFVuZ1draktVb3k3R1p2RCszTzBvUVFXYWk3aGROWnRuMVVROE5SaWxIZGoiLCJtYWMiOiJmNGE1MTc4ZmE4OTE0YzdjZjI2ZTExZGY2ZDdkNjI3OTIxM2YxNTc3YWMxMGYzODkwNGY0OTgzNTU5NzcwNzEyIiwidGFnIjoiIn0%3D

                                        
                                             85.187.128.43
HTTP/1.1 200 OK
Content-Type: application/javascript
                                            
Date: Thu, 23 Mar 2023 13:59:31 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Tue, 29 Mar 2022 14:35:56 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Cache-Control: max-age=604800, public
Content-Length: 11192
Keep-Alive: timeout=3, max=500
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (44992)
Size:   11192
Md5:    3cd6974400c0b1a95f8dbaf1b24acc04
Sha1:   37da008fed61725beb9d37e46c5d5cbc66c2ca5b
Sha256: 6759d7cbdaac67ab08c58d06bb88f1cbc3537d51f8a0ffe4100df5d156605a1f
                                        
                                            GET /public/css/app.css HTTP/1.1 
Host: mail.deliverylifesupport.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.deliverylifesupport.com/public/QEvS5fil6YCOP9VUj2MULFwlNS2pIx5H
Cookie: XSRF-TOKEN=eyJpdiI6IkxCTm5UK3FGVmlFTWtFSGt5SUUwR3c9PSIsInZhbHVlIjoidVRBNUw0QlBSU0FtaUF5WmhLZ2RmSHlSNnF1RHZ2WVQ3VFl3eDh5T2NqamlObWRPS1ZHejRneFFZckN4MXBWQ0VoYnVUOVFURWRZQlNubHptUlUzMnNSRlBSOHp5RDlYdk8vWE1PVWJMVFAyNkVmeE5qcDdsUkFUQWRxc3NzNXUiLCJtYWMiOiI1NTVjZTA1ODVjMmFlYjczZTk3NTE2MDhiODhjNTBlZjgwYWY3ZmRiNTZiZTI5MjM4ODczNzMxODQ3NDQ4OTM3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ikc2Rno1Z2NEWGEzU3ZoRlhBaDJiREE9PSIsInZhbHVlIjoibUpma3lMRTdUUE90N2Z3MTB2cjFQVFBFRjE4R0lPN2JYbnlCNktoWkNTNFFLSGZma3BEODUwU0ViZFZjSWllU3Fza2htYUkxL1V1bnBSeUVKN0JOcFVuZ1draktVb3k3R1p2RCszTzBvUVFXYWk3aGROWnRuMVVROE5SaWxIZGoiLCJtYWMiOiJmNGE1MTc4ZmE4OTE0YzdjZjI2ZTExZGY2ZDdkNjI3OTIxM2YxNTc3YWMxMGYzODkwNGY0OTgzNTU5NzcwNzEyIiwidGFnIjoiIn0%3D

                                        
                                             85.187.128.43
HTTP/1.1 200 OK
Content-Type: text/css
                                            
Date: Thu, 23 Mar 2023 13:59:31 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Tue, 29 Mar 2022 15:11:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Cache-Control: max-age=604800, public
Content-Length: 57392
Keep-Alive: timeout=3, max=500
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   57392
Md5:    6db72660faccc84c273f0b8734b4ce59
Sha1:   db9d9476e5dc10e76598ddc585b6d114792a5a34
Sha256: f02e0c50c3a6e72056f77d384547633090ab37b3aad95820ce1274afc934a1c4
                                        
                                            GET /ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://mail.deliverylifesupport.com
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        
                                             104.17.25.14
HTTP/2 200 OK
content-type: application/octet-stream; charset=utf-8
                                            
date: Thu, 23 Mar 2023 13:59:32 GMT
content-length: 77160
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "5eb03e5f-12d68"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 631575
expires: Tue, 12 Mar 2024 13:59:32 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=332Mox6jzyy9Q0DN5kqwvODeIAKBHM40WDW1jqozjEVgF1MCVfSFzQgjpvVXm8JUB0ejR17Dt05N7uRJxsgIabGTLxT1ezi1QSlalDBtnvkPgRp3%2BO5b3ImDxR0cyCMpQnuY9ysV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7ac7320a5a2ab50f-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Size:   77160
Md5:    af7ae505a9eed503f8b8e6982036873e
Sha1:   d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
Sha256: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
                                        
                                            GET /images/all.png HTTP/1.1 
Host: mail.deliverylifesupport.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.deliverylifesupport.com/public/QEvS5fil6YCOP9VUj2MULFwlNS2pIx5H
Cookie: XSRF-TOKEN=eyJpdiI6IkxCTm5UK3FGVmlFTWtFSGt5SUUwR3c9PSIsInZhbHVlIjoidVRBNUw0QlBSU0FtaUF5WmhLZ2RmSHlSNnF1RHZ2WVQ3VFl3eDh5T2NqamlObWRPS1ZHejRneFFZckN4MXBWQ0VoYnVUOVFURWRZQlNubHptUlUzMnNSRlBSOHp5RDlYdk8vWE1PVWJMVFAyNkVmeE5qcDdsUkFUQWRxc3NzNXUiLCJtYWMiOiI1NTVjZTA1ODVjMmFlYjczZTk3NTE2MDhiODhjNTBlZjgwYWY3ZmRiNTZiZTI5MjM4ODczNzMxODQ3NDQ4OTM3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ikc2Rno1Z2NEWGEzU3ZoRlhBaDJiREE9PSIsInZhbHVlIjoibUpma3lMRTdUUE90N2Z3MTB2cjFQVFBFRjE4R0lPN2JYbnlCNktoWkNTNFFLSGZma3BEODUwU0ViZFZjSWllU3Fza2htYUkxL1V1bnBSeUVKN0JOcFVuZ1draktVb3k3R1p2RCszTzBvUVFXYWk3aGROWnRuMVVROE5SaWxIZGoiLCJtYWMiOiJmNGE1MTc4ZmE4OTE0YzdjZjI2ZTExZGY2ZDdkNjI3OTIxM2YxNTc3YWMxMGYzODkwNGY0OTgzNTU5NzcwNzEyIiwidGFnIjoiIn0%3D

                                        
                                             85.187.128.43
HTTP/1.1 200 OK
Content-Type: image/png
                                            
Date: Thu, 23 Mar 2023 13:59:32 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Sun, 17 Apr 2022 08:24:34 GMT
Accept-Ranges: bytes
Content-Length: 12499
Cache-Control: max-age=604800, public
Keep-Alive: timeout=3, max=499
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 123 x 84, 8-bit/color RGBA, non-interlaced\012- data
Size:   12499
Md5:    2cb0b7f615faf2deb9ec6f53d3149a3b
Sha1:   694a2c881c83e2ab86365bf1d16302ac5b9d500f
Sha256: c1d5409eecb402a99f10718b06c266ba314d9e25f0b56c6fd063699334b8be6d

urlquery:
  - Phishing - DHL
                                        
                                            GET /images/logo.png HTTP/1.1 
Host: mail.deliverylifesupport.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.deliverylifesupport.com/public/QEvS5fil6YCOP9VUj2MULFwlNS2pIx5H
Cookie: XSRF-TOKEN=eyJpdiI6IkxCTm5UK3FGVmlFTWtFSGt5SUUwR3c9PSIsInZhbHVlIjoidVRBNUw0QlBSU0FtaUF5WmhLZ2RmSHlSNnF1RHZ2WVQ3VFl3eDh5T2NqamlObWRPS1ZHejRneFFZckN4MXBWQ0VoYnVUOVFURWRZQlNubHptUlUzMnNSRlBSOHp5RDlYdk8vWE1PVWJMVFAyNkVmeE5qcDdsUkFUQWRxc3NzNXUiLCJtYWMiOiI1NTVjZTA1ODVjMmFlYjczZTk3NTE2MDhiODhjNTBlZjgwYWY3ZmRiNTZiZTI5MjM4ODczNzMxODQ3NDQ4OTM3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ikc2Rno1Z2NEWGEzU3ZoRlhBaDJiREE9PSIsInZhbHVlIjoibUpma3lMRTdUUE90N2Z3MTB2cjFQVFBFRjE4R0lPN2JYbnlCNktoWkNTNFFLSGZma3BEODUwU0ViZFZjSWllU3Fza2htYUkxL1V1bnBSeUVKN0JOcFVuZ1draktVb3k3R1p2RCszTzBvUVFXYWk3aGROWnRuMVVROE5SaWxIZGoiLCJtYWMiOiJmNGE1MTc4ZmE4OTE0YzdjZjI2ZTExZGY2ZDdkNjI3OTIxM2YxNTc3YWMxMGYzODkwNGY0OTgzNTU5NzcwNzEyIiwidGFnIjoiIn0%3D

                                        
                                             85.187.128.43
HTTP/1.1 200 OK
Content-Type: image/png
                                            
Date: Thu, 23 Mar 2023 13:59:32 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Sun, 17 Apr 2022 08:24:00 GMT
Accept-Ranges: bytes
Content-Length: 1998
Cache-Control: max-age=604800, public
Keep-Alive: timeout=3, max=499
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 214 x 20, 8-bit/color RGBA, non-interlaced\012- data
Size:   1998
Md5:    5d14ab93691604e826e1319d53599eb9
Sha1:   78724360e9d25da584445b851e37bca05abe6b85
Sha256: 3f0c62b5ccdcdbf3b3ae3885f1e6959e2d937eba9b29dea9a6bdb98788041756

urlquery:
  - Phishing - DHL
                                        
                                            GET /releases/v6.3.0/css/free-v4-font-face.min.css?token=f7165dd215 HTTP/1.1 
Host: ka-f.fontawesome.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mail.deliverylifesupport.com/
Origin: http://mail.deliverylifesupport.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        
                                             172.64.169.22
HTTP/2 200 OK
content-type: text/css
                                            
date: Thu, 23 Mar 2023 13:59:31 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Tue, 31 Jan 2023 18:17:21 GMT
etag: W/"00bb3d26f3fee308e5747eb9f5760b48"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f73d71dfa047571774d2c0460e5108ec.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: G55EkwnKgNWIwvrMF5Bzx4ruJyfvx0lUFboRAnJiFaEAURiAb-86ZQ==
age: 212814
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KdepIV00xhhEyV3E44pNQLWqG36ZpoYAOpxsYUtwo7pn%2FN8KcRIpOH5W%2BMqH2jk7BpPN3mZb%2FW51fWHWnfY9HJDG5o0GSZJ6BiJANpvPVDxEThSToqj5HUgYcMqighDricU4vBJa%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ac73205cea83858-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1560)
Size:   2751
Md5:    4dd93918fec02b48110d8fd90a49ada9
Sha1:   d7d678f098653fbfe81ee35cb786befb62821513
Sha256: e43c6943852b81ff6e3f63e0286bd2ceef6d634846cae7347640a535c4a53e4b
                                        
                                            GET /releases/v6.3.0/css/free-v4-shims.min.css?token=f7165dd215 HTTP/1.1 
Host: ka-f.fontawesome.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mail.deliverylifesupport.com/
Origin: http://mail.deliverylifesupport.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        
                                             172.64.169.22
HTTP/2 200 OK
content-type: text/css
                                            
date: Thu, 23 Mar 2023 13:59:31 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Tue, 31 Jan 2023 18:17:21 GMT
etag: W/"3a57f9df341838cc106903c71730d13b"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 717666fbcd9eb8ed70d0f46dd99d0448.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: scHVr-3_yBIw6YRq2Gbpj7cFf260RFHAmDvTWhktCcNUmOBq55gXEg==
age: 212814
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vGKOeH05A91RHlVipyg7mV3VzNJdlnE%2Fo4Ec4bLMlUjtrykzGiKcMSYzqpwKq0lvSvCdo5SBHTN9laTRe8RCZCLfGew8uWtoJGzz3kxfndBSevLVr9HL9lfknrnfwloBKHxPbfZwWg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ac73205ceae3858-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (27377)
Size:   212089
Md5:    34313085d859c64186f2208d95129a0d
Sha1:   b29eea4506c0cb8bfe30089d5bc0160d58a8fabe
Sha256: 5b29e73d6bb4a24329ffbc743c577a478ba2ec14598c728749f97789bb6d35b8
                                        
                                            GET /f7165dd215.js HTTP/1.1 
Host: kit.fontawesome.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://mail.deliverylifesupport.com
Connection: keep-alive
Referer: http://mail.deliverylifesupport.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        
                                             104.18.23.52
HTTP/2 200 OK
content-type: text/javascript
                                            
date: Thu, 23 Mar 2023 13:59:31 GMT
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, must-revalidate
strict-transport-security: max-age=31536000; preload
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: F01HweaoEw6940ojTNUi
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 7ac73204bda4b509-OSL
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   10615
Md5:    56e0dcf752c334e626b7e5fa01f463dc
Sha1:   cbbb34a97c2b50d296e9bb4acc09aa36a8bb9547
Sha256: 3ace0d1f48afbbd1781a660e1857045f171ddd5132eb326e7219d6ed01f80857
                                        
                                            GET /fonts/vendor/@fontsource/roboto/files/roboto-latin-400-normal.woff2?4673b4537a84c7f7a130799aa6af329b HTTP/1.1 
Host: mail.deliverylifesupport.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://mail.deliverylifesupport.com/public/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6IkxCTm5UK3FGVmlFTWtFSGt5SUUwR3c9PSIsInZhbHVlIjoidVRBNUw0QlBSU0FtaUF5WmhLZ2RmSHlSNnF1RHZ2WVQ3VFl3eDh5T2NqamlObWRPS1ZHejRneFFZckN4MXBWQ0VoYnVUOVFURWRZQlNubHptUlUzMnNSRlBSOHp5RDlYdk8vWE1PVWJMVFAyNkVmeE5qcDdsUkFUQWRxc3NzNXUiLCJtYWMiOiI1NTVjZTA1ODVjMmFlYjczZTk3NTE2MDhiODhjNTBlZjgwYWY3ZmRiNTZiZTI5MjM4ODczNzMxODQ3NDQ4OTM3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ikc2Rno1Z2NEWGEzU3ZoRlhBaDJiREE9PSIsInZhbHVlIjoibUpma3lMRTdUUE90N2Z3MTB2cjFQVFBFRjE4R0lPN2JYbnlCNktoWkNTNFFLSGZma3BEODUwU0ViZFZjSWllU3Fza2htYUkxL1V1bnBSeUVKN0JOcFVuZ1draktVb3k3R1p2RCszTzBvUVFXYWk3aGROWnRuMVVROE5SaWxIZGoiLCJtYWMiOiJmNGE1MTc4ZmE4OTE0YzdjZjI2ZTExZGY2ZDdkNjI3OTIxM2YxNTc3YWMxMGYzODkwNGY0OTgzNTU5NzcwNzEyIiwidGFnIjoiIn0%3D

                                        
                                             85.187.128.43
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                            
Date: Thu, 23 Mar 2023 13:59:32 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Cache-Control: no-cache, private
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=3, max=500
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (5395)
Size:   6609
Md5:    307dca9c775906b8de45869cabe98fcd
Sha1:   2b80c3a2fd4a235b2cc9f89315a554d0721c0dd1
Sha256: 8437bd0ef46a19c9a7c294c53e0429b40e76ebbd5fe9fd73a9025752495ddb1c

urlquery:
  - Phishing - DHL
                                        
                                            GET /fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.woff2?1551f4f60c37af51121f106501f69b80 HTTP/1.1 
Host: mail.deliverylifesupport.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://mail.deliverylifesupport.com/public/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6IkxCTm5UK3FGVmlFTWtFSGt5SUUwR3c9PSIsInZhbHVlIjoidVRBNUw0QlBSU0FtaUF5WmhLZ2RmSHlSNnF1RHZ2WVQ3VFl3eDh5T2NqamlObWRPS1ZHejRneFFZckN4MXBWQ0VoYnVUOVFURWRZQlNubHptUlUzMnNSRlBSOHp5RDlYdk8vWE1PVWJMVFAyNkVmeE5qcDdsUkFUQWRxc3NzNXUiLCJtYWMiOiI1NTVjZTA1ODVjMmFlYjczZTk3NTE2MDhiODhjNTBlZjgwYWY3ZmRiNTZiZTI5MjM4ODczNzMxODQ3NDQ4OTM3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ikc2Rno1Z2NEWGEzU3ZoRlhBaDJiREE9PSIsInZhbHVlIjoibUpma3lMRTdUUE90N2Z3MTB2cjFQVFBFRjE4R0lPN2JYbnlCNktoWkNTNFFLSGZma3BEODUwU0ViZFZjSWllU3Fza2htYUkxL1V1bnBSeUVKN0JOcFVuZ1draktVb3k3R1p2RCszTzBvUVFXYWk3aGROWnRuMVVROE5SaWxIZGoiLCJtYWMiOiJmNGE1MTc4ZmE4OTE0YzdjZjI2ZTExZGY2ZDdkNjI3OTIxM2YxNTc3YWMxMGYzODkwNGY0OTgzNTU5NzcwNzEyIiwidGFnIjoiIn0%3D

                                        
                                             85.187.128.43
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                            
Date: Thu, 23 Mar 2023 13:59:32 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Cache-Control: no-cache, private
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=3, max=498
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (5395)
Size:   6609
Md5:    307dca9c775906b8de45869cabe98fcd
Sha1:   2b80c3a2fd4a235b2cc9f89315a554d0721c0dd1
Sha256: 8437bd0ef46a19c9a7c294c53e0429b40e76ebbd5fe9fd73a9025752495ddb1c

urlquery:
  - Phishing - DHL
                                        
                                            GET /fonts/vendor/@fortawesome/fontawesome-free/webfa-brands-400.woff?2285773e6b4b172f07d9b777c81b0775 HTTP/1.1 
Host: mail.deliverylifesupport.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://mail.deliverylifesupport.com/public/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6IkxCTm5UK3FGVmlFTWtFSGt5SUUwR3c9PSIsInZhbHVlIjoidVRBNUw0QlBSU0FtaUF5WmhLZ2RmSHlSNnF1RHZ2WVQ3VFl3eDh5T2NqamlObWRPS1ZHejRneFFZckN4MXBWQ0VoYnVUOVFURWRZQlNubHptUlUzMnNSRlBSOHp5RDlYdk8vWE1PVWJMVFAyNkVmeE5qcDdsUkFUQWRxc3NzNXUiLCJtYWMiOiI1NTVjZTA1ODVjMmFlYjczZTk3NTE2MDhiODhjNTBlZjgwYWY3ZmRiNTZiZTI5MjM4ODczNzMxODQ3NDQ4OTM3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ikc2Rno1Z2NEWGEzU3ZoRlhBaDJiREE9PSIsInZhbHVlIjoibUpma3lMRTdUUE90N2Z3MTB2cjFQVFBFRjE4R0lPN2JYbnlCNktoWkNTNFFLSGZma3BEODUwU0ViZFZjSWllU3Fza2htYUkxL1V1bnBSeUVKN0JOcFVuZ1draktVb3k3R1p2RCszTzBvUVFXYWk3aGROWnRuMVVROE5SaWxIZGoiLCJtYWMiOiJmNGE1MTc4ZmE4OTE0YzdjZjI2ZTExZGY2ZDdkNjI3OTIxM2YxNTc3YWMxMGYzODkwNGY0OTgzNTU5NzcwNzEyIiwidGFnIjoiIn0%3D

                                        
                                             85.187.128.43
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                            
Date: Thu, 23 Mar 2023 13:59:32 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Cache-Control: no-cache, private
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=3, max=499
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (5395)
Size:   6609
Md5:    307dca9c775906b8de45869cabe98fcd
Sha1:   2b80c3a2fd4a235b2cc9f89315a554d0721c0dd1
Sha256: 8437bd0ef46a19c9a7c294c53e0429b40e76ebbd5fe9fd73a9025752495ddb1c

urlquery:
  - Phishing - DHL
                                        
                                            GET /app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false HTTP/1.1 
Host: ws-mt1.pusher.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Sec-WebSocket-Version: 13
Origin: http://mail.deliverylifesupport.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 1tqOjWCGuArlp+clKLD/LA==
Connection: keep-alive, Upgrade
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        
                                             34.195.157.182
HTTP/1.1 101 Switching Protocols
                                            
Date: Thu, 23 Mar 2023 13:59:32 GMT
Connection: upgrade
Server: nginx/1.17.7
Upgrade: websocket
Sec-WebSocket-Accept: oQHYrtgiQ+3ZzaZ1nfnlNlMnBMQ=

                                        
                                            GET /fonts/vendor/@fontsource/roboto/files/roboto-all-400-normal.woff?376ea5d93f71583052f65de4e0c6a92c HTTP/1.1 
Host: mail.deliverylifesupport.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://mail.deliverylifesupport.com/public/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6IkxCTm5UK3FGVmlFTWtFSGt5SUUwR3c9PSIsInZhbHVlIjoidVRBNUw0QlBSU0FtaUF5WmhLZ2RmSHlSNnF1RHZ2WVQ3VFl3eDh5T2NqamlObWRPS1ZHejRneFFZckN4MXBWQ0VoYnVUOVFURWRZQlNubHptUlUzMnNSRlBSOHp5RDlYdk8vWE1PVWJMVFAyNkVmeE5qcDdsUkFUQWRxc3NzNXUiLCJtYWMiOiI1NTVjZTA1ODVjMmFlYjczZTk3NTE2MDhiODhjNTBlZjgwYWY3ZmRiNTZiZTI5MjM4ODczNzMxODQ3NDQ4OTM3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ikc2Rno1Z2NEWGEzU3ZoRlhBaDJiREE9PSIsInZhbHVlIjoibUpma3lMRTdUUE90N2Z3MTB2cjFQVFBFRjE4R0lPN2JYbnlCNktoWkNTNFFLSGZma3BEODUwU0ViZFZjSWllU3Fza2htYUkxL1V1bnBSeUVKN0JOcFVuZ1draktVb3k3R1p2RCszTzBvUVFXYWk3aGROWnRuMVVROE5SaWxIZGoiLCJtYWMiOiJmNGE1MTc4ZmE4OTE0YzdjZjI2ZTExZGY2ZDdkNjI3OTIxM2YxNTc3YWMxMGYzODkwNGY0OTgzNTU5NzcwNzEyIiwidGFnIjoiIn0%3D

                                        
                                             85.187.128.43
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                            
Date: Thu, 23 Mar 2023 13:59:32 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Cache-Control: no-cache, private
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=3, max=497
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (5395)
Size:   6609
Md5:    307dca9c775906b8de45869cabe98fcd
Sha1:   2b80c3a2fd4a235b2cc9f89315a554d0721c0dd1
Sha256: 8437bd0ef46a19c9a7c294c53e0429b40e76ebbd5fe9fd73a9025752495ddb1c

urlquery:
  - Phishing - DHL
                                        
                                            GET /fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.woff?eeccf4f66002c6f2ba24d3d22f2434c2 HTTP/1.1 
Host: mail.deliverylifesupport.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://mail.deliverylifesupport.com/public/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6IkxCTm5UK3FGVmlFTWtFSGt5SUUwR3c9PSIsInZhbHVlIjoidVRBNUw0QlBSU0FtaUF5WmhLZ2RmSHlSNnF1RHZ2WVQ3VFl3eDh5T2NqamlObWRPS1ZHejRneFFZckN4MXBWQ0VoYnVUOVFURWRZQlNubHptUlUzMnNSRlBSOHp5RDlYdk8vWE1PVWJMVFAyNkVmeE5qcDdsUkFUQWRxc3NzNXUiLCJtYWMiOiI1NTVjZTA1ODVjMmFlYjczZTk3NTE2MDhiODhjNTBlZjgwYWY3ZmRiNTZiZTI5MjM4ODczNzMxODQ3NDQ4OTM3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ikc2Rno1Z2NEWGEzU3ZoRlhBaDJiREE9PSIsInZhbHVlIjoibUpma3lMRTdUUE90N2Z3MTB2cjFQVFBFRjE4R0lPN2JYbnlCNktoWkNTNFFLSGZma3BEODUwU0ViZFZjSWllU3Fza2htYUkxL1V1bnBSeUVKN0JOcFVuZ1draktVb3k3R1p2RCszTzBvUVFXYWk3aGROWnRuMVVROE5SaWxIZGoiLCJtYWMiOiJmNGE1MTc4ZmE4OTE0YzdjZjI2ZTExZGY2ZDdkNjI3OTIxM2YxNTc3YWMxMGYzODkwNGY0OTgzNTU5NzcwNzEyIiwidGFnIjoiIn0%3D

                                        
                                             85.187.128.43
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                            
Date: Thu, 23 Mar 2023 13:59:32 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Cache-Control: no-cache, private
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=3, max=497
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (5395)
Size:   6609
Md5:    307dca9c775906b8de45869cabe98fcd
Sha1:   2b80c3a2fd4a235b2cc9f89315a554d0721c0dd1
Sha256: 8437bd0ef46a19c9a7c294c53e0429b40e76ebbd5fe9fd73a9025752495ddb1c

urlquery:
  - Phishing - DHL
                                        
                                            GET /fonts/vendor/@fortawesome/fontawesome-free/webfa-brands-400.ttf?527940b104eb2ea366c8630f3f038603 HTTP/1.1 
Host: mail.deliverylifesupport.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.deliverylifesupport.com/public/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6IkxCTm5UK3FGVmlFTWtFSGt5SUUwR3c9PSIsInZhbHVlIjoidVRBNUw0QlBSU0FtaUF5WmhLZ2RmSHlSNnF1RHZ2WVQ3VFl3eDh5T2NqamlObWRPS1ZHejRneFFZckN4MXBWQ0VoYnVUOVFURWRZQlNubHptUlUzMnNSRlBSOHp5RDlYdk8vWE1PVWJMVFAyNkVmeE5qcDdsUkFUQWRxc3NzNXUiLCJtYWMiOiI1NTVjZTA1ODVjMmFlYjczZTk3NTE2MDhiODhjNTBlZjgwYWY3ZmRiNTZiZTI5MjM4ODczNzMxODQ3NDQ4OTM3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ikc2Rno1Z2NEWGEzU3ZoRlhBaDJiREE9PSIsInZhbHVlIjoibUpma3lMRTdUUE90N2Z3MTB2cjFQVFBFRjE4R0lPN2JYbnlCNktoWkNTNFFLSGZma3BEODUwU0ViZFZjSWllU3Fza2htYUkxL1V1bnBSeUVKN0JOcFVuZ1draktVb3k3R1p2RCszTzBvUVFXYWk3aGROWnRuMVVROE5SaWxIZGoiLCJtYWMiOiJmNGE1MTc4ZmE4OTE0YzdjZjI2ZTExZGY2ZDdkNjI3OTIxM2YxNTc3YWMxMGYzODkwNGY0OTgzNTU5NzcwNzEyIiwidGFnIjoiIn0%3D; _lr_tabs_-mnnzup%2Fdus={%22sessionID%22:0%2C%22recordingID%22:%225-fbb44872-31ad-46ca-9353-1f4366f52e32%22%2C%22lastActivity%22:1679579980997}; _lr_hb_-mnnzup%2Fdus={%22heartbeat%22:1679579980997}; _lr_uf_-mnnzup=92910882-5ab0-439b-b7f2-a2bf961df851

                                        
                                             85.187.128.43
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                            
Date: Thu, 23 Mar 2023 13:59:33 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Cache-Control: no-cache, private
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 2123
Keep-Alive: timeout=3, max=498
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (5395)
Size:   2123
Md5:    e881f8e66a93d0960ba6fad410094769
Sha1:   7f1bd10fd60815735fad95387ecaed0cfaf3b287
Sha256: b43a9db67408b4398f147b571163d5b272af8c46eb4dca9f1bc2be44a6ded26d
                                        
                                            GET /fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.ttf?be9ee23c0c6390141475d519c2c5fb8f HTTP/1.1 
Host: mail.deliverylifesupport.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.deliverylifesupport.com/public/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6IkxCTm5UK3FGVmlFTWtFSGt5SUUwR3c9PSIsInZhbHVlIjoidVRBNUw0QlBSU0FtaUF5WmhLZ2RmSHlSNnF1RHZ2WVQ3VFl3eDh5T2NqamlObWRPS1ZHejRneFFZckN4MXBWQ0VoYnVUOVFURWRZQlNubHptUlUzMnNSRlBSOHp5RDlYdk8vWE1PVWJMVFAyNkVmeE5qcDdsUkFUQWRxc3NzNXUiLCJtYWMiOiI1NTVjZTA1ODVjMmFlYjczZTk3NTE2MDhiODhjNTBlZjgwYWY3ZmRiNTZiZTI5MjM4ODczNzMxODQ3NDQ4OTM3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ikc2Rno1Z2NEWGEzU3ZoRlhBaDJiREE9PSIsInZhbHVlIjoibUpma3lMRTdUUE90N2Z3MTB2cjFQVFBFRjE4R0lPN2JYbnlCNktoWkNTNFFLSGZma3BEODUwU0ViZFZjSWllU3Fza2htYUkxL1V1bnBSeUVKN0JOcFVuZ1draktVb3k3R1p2RCszTzBvUVFXYWk3aGROWnRuMVVROE5SaWxIZGoiLCJtYWMiOiJmNGE1MTc4ZmE4OTE0YzdjZjI2ZTExZGY2ZDdkNjI3OTIxM2YxNTc3YWMxMGYzODkwNGY0OTgzNTU5NzcwNzEyIiwidGFnIjoiIn0%3D; _lr_tabs_-mnnzup%2Fdus={%22sessionID%22:0%2C%22recordingID%22:%225-fbb44872-31ad-46ca-9353-1f4366f52e32%22%2C%22lastActivity%22:1679579980997}; _lr_hb_-mnnzup%2Fdus={%22heartbeat%22:1679579980997}; _lr_uf_-mnnzup=92910882-5ab0-439b-b7f2-a2bf961df851

                                        
                                             85.187.128.43
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                            
Date: Thu, 23 Mar 2023 13:59:33 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Cache-Control: no-cache, private
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 2123
Keep-Alive: timeout=3, max=496
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (5395)
Size:   2123
Md5:    e881f8e66a93d0960ba6fad410094769
Sha1:   7f1bd10fd60815735fad95387ecaed0cfaf3b287
Sha256: b43a9db67408b4398f147b571163d5b272af8c46eb4dca9f1bc2be44a6ded26d
                                        
                                            GET /releases/v6.3.0/webfonts/free-fa-solid-900.woff2 HTTP/1.1 
Host: ka-f.fontawesome.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://mail.deliverylifesupport.com
Connection: keep-alive
Referer: http://mail.deliverylifesupport.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        
                                             172.64.169.22
HTTP/2 200 OK
content-type: font/woff2
                                            
date: Thu, 23 Mar 2023 13:59:33 GMT
content-length: 149896
last-modified: Tue, 31 Jan 2023 18:29:16 GMT
etag: "c00cd95af40d3d74e114025555250f09"
cache-control: max-age=31556926
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-headers: fa-kit-token
access-control-max-age: 3000
x-cache: Hit from cloudfront
via: 1.1 90b0c7315c3da3c762112b5b8fdfc0aa.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: iTQGmMZOibdzIgGHVhCEQgdxgGFtOOGGTWOZkOY-7_Rsv2Nce3sGaQ==
age: 415331
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=403vb8tq1FlDZjsAqrlVNnBl3NoCKoTdStK1UlGpkZyF1O6nZEE8kwOQfPPBHZ1R5vT2mfZhdznx17x8wT4HOo%2FQs%2B%2B7FoTxVPlPlq5tU69cnx2vrdJ2Wg8FLk6hTAfBUrAs0TMdEA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ac73211aede3858-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 149896, version 771.256\012- data
Size:   149896
Md5:    c00cd95af40d3d74e114025555250f09
Sha1:   299451f824167830fec38fade1f9e69d4c0c6e9b
Sha256: a963d0d6baf5f8ad3a8d21c2bff2971d0819789204815a7082d8d4776dec4a80
                                        
                                            GET /releases/v6.3.0/webfonts/free-fa-brands-400.woff2 HTTP/1.1 
Host: ka-f.fontawesome.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://mail.deliverylifesupport.com
Connection: keep-alive
Referer: http://mail.deliverylifesupport.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        
                                             172.64.169.22
HTTP/2 200 OK
content-type: font/woff2
                                            
date: Thu, 23 Mar 2023 13:59:33 GMT
content-length: 108000
last-modified: Tue, 31 Jan 2023 18:29:16 GMT
etag: "3a97d67deb684f79e3c15c05718be7e7"
cache-control: max-age=31556926
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-headers: fa-kit-token
access-control-max-age: 3000
x-cache: Hit from cloudfront
via: 1.1 76cca2ef798b9dc955bb151bf3bff218.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: xvT9NuhyegGiDKPH9PIfpudGtcZFxQppGlqBqlw8vKdD_4OoMpwFcw==
age: 156128
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YVSEkpeuF0BhIASlB00NZukMXCj1hCPSmViKDhfSDdpDt1pWMdCfvH%2B89uhNyG8YcN11Ua4eBdA%2Fn3KcQipPavN8LE0y%2FArJSPg5QoHcyHdLvrHDo4rC4gAN8d9ykQG5OgOmGU5PKw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ac73211aed93858-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 108000, version 771.256\012- data
Size:   108000
Md5:    3a97d67deb684f79e3c15c05718be7e7
Sha1:   950e246881739ef22e747b5fa573e88114344159
Sha256: f7a5aba06e482e1506bdf5b3a730147d4a0ed7f088f6425cc9b166bf8a105fd8
                                        
                                            GET /images/favicon.gif HTTP/1.1 
Host: mail.deliverylifesupport.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.deliverylifesupport.com/public/QEvS5fil6YCOP9VUj2MULFwlNS2pIx5H
Cookie: XSRF-TOKEN=eyJpdiI6IkxCTm5UK3FGVmlFTWtFSGt5SUUwR3c9PSIsInZhbHVlIjoidVRBNUw0QlBSU0FtaUF5WmhLZ2RmSHlSNnF1RHZ2WVQ3VFl3eDh5T2NqamlObWRPS1ZHejRneFFZckN4MXBWQ0VoYnVUOVFURWRZQlNubHptUlUzMnNSRlBSOHp5RDlYdk8vWE1PVWJMVFAyNkVmeE5qcDdsUkFUQWRxc3NzNXUiLCJtYWMiOiI1NTVjZTA1ODVjMmFlYjczZTk3NTE2MDhiODhjNTBlZjgwYWY3ZmRiNTZiZTI5MjM4ODczNzMxODQ3NDQ4OTM3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ikc2Rno1Z2NEWGEzU3ZoRlhBaDJiREE9PSIsInZhbHVlIjoibUpma3lMRTdUUE90N2Z3MTB2cjFQVFBFRjE4R0lPN2JYbnlCNktoWkNTNFFLSGZma3BEODUwU0ViZFZjSWllU3Fza2htYUkxL1V1bnBSeUVKN0JOcFVuZ1draktVb3k3R1p2RCszTzBvUVFXYWk3aGROWnRuMVVROE5SaWxIZGoiLCJtYWMiOiJmNGE1MTc4ZmE4OTE0YzdjZjI2ZTExZGY2ZDdkNjI3OTIxM2YxNTc3YWMxMGYzODkwNGY0OTgzNTU5NzcwNzEyIiwidGFnIjoiIn0%3D; _lr_tabs_-mnnzup%2Fdus={%22sessionID%22:0%2C%22recordingID%22:%225-fbb44872-31ad-46ca-9353-1f4366f52e32%22%2C%22lastActivity%22:1679579980997}; _lr_hb_-mnnzup%2Fdus={%22heartbeat%22:1679579980997}; _lr_uf_-mnnzup=92910882-5ab0-439b-b7f2-a2bf961df851

                                        
                                             85.187.128.43
HTTP/1.1 200 OK
Content-Type: image/gif
                                            
Date: Thu, 23 Mar 2023 13:59:33 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Sun, 17 Apr 2022 08:25:28 GMT
Accept-Ranges: bytes
Content-Length: 2238
Cache-Control: max-age=604800, public
Keep-Alive: timeout=3, max=496
Connection: Keep-Alive


--- Additional Info ---
Magic:  MS Windows icon resource - 1 icon, 32x32, 8 bits/pixel\012- data
Size:   2238
Md5:    a6f1af8e79a11829ba9a66474b06bb97
Sha1:   d99e3ec7747c865033a8dfad43c9f49634404bc1
Sha256: b0dbd00f3650fa6b931e678a9d8f79a405d23c7adf111ab91b1a01a0e7109807

urlquery:
  - Phishing - DHL
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        
                                             23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                            
Server: nginx
Content-Length: 503
ETag: "6AF3181BF41E278BB8103A7183827E132DA7EC5FEAB75138C27E683C3D308C37"
Last-Modified: Thu, 23 Mar 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20251
Expires: Thu, 23 Mar 2023 19:37:07 GMT
Date: Thu, 23 Mar 2023 13:59:36 GMT
Connection: keep-alive

                                        
                                            GET /releases/v6.3.0/css/free.min.css?token=f7165dd215 HTTP/1.1 
Host: ka-f.fontawesome.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mail.deliverylifesupport.com/
Origin: http://mail.deliverylifesupport.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        
                                             172.64.169.22
HTTP/2 200 OK
content-type: text/css
                                            
date: Thu, 23 Mar 2023 13:59:31 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Tue, 31 Jan 2023 18:17:21 GMT
etag: W/"b7d524a460c5ceb6420db3aec0be8c92"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 cdd8daeefcf66738f6e908663e79c33e.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: 1_rHUgnBJCmh5EkZByW0h8Z5cHE1v4i2asvszr08XVOKRnOvQWq4IA==
age: 312394
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qss8pRFROOl2OlfL0HPoDvz1K%2BnGSDW0pNCA5svfqWIhz5o%2B%2BHDIB%2FAGbilS55KBaS6BIGRBQ%2Fne4%2BjEnMiJZzIZDRbQVN%2FMQrNGGA5g%2BvrU8Qotml7s67LZjESdjwif4lIHZY%2BjQA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ac73205ceac3858-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    
Sha1:   
Sha256: 
                                        
                                            GET /logger-1.min.js HTTP/1.1 
Host: cdn.lr-in.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.deliverylifesupport.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        
                                             104.21.234.144
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
                                            
date: Thu, 23 Mar 2023 13:59:31 GMT
access-control-allow-origin: *
cache-control: public, max-age=14400
cross-origin-resource-policy: cross-origin
etag: W/"4dca4d2c1f861c865ca8f8ecdda64dad8672371fda4f956169edd41918b8b690"
last-modified: Wed, 22 Mar 2023 20:48:48 GMT
strict-transport-security: max-age=31556926
x-served-by: cache-ams21065-AMS
x-cache: HIT
x-cache-hits: 1
x-timer: S1679518383.563275,VS0,VE1
vary: x-fh-requested-host, accept-encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 26
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NRH%2B2S%2BROJvOGOA0XVkgn9oet0s9Z3XQ%2F%2F7GGyvjSfHoePVjRfpzi68B4A4oN9vZ%2FHyxagwUJMnk9kb2uDWqhJd9Qt%2Fie6ovkrG3GW8pYzyHzdKaDIANAZ%2B03NCN0dhT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ac732053ebc74a9-LHR
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    
Sha1:   
Sha256: 
                                        
                                            GET /releases/v6.3.0/css/free-v5-font-face.min.css?token=f7165dd215 HTTP/1.1 
Host: ka-f.fontawesome.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mail.deliverylifesupport.com/
Origin: http://mail.deliverylifesupport.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        
                                             172.64.169.22
HTTP/2 200 OK
content-type: text/css
                                            
date: Thu, 23 Mar 2023 13:59:31 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Tue, 31 Jan 2023 18:17:21 GMT
etag: W/"fdedb74e19e1bffdcab908079cabd49a"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
x-cache: Hit from cloudfront
via: 1.1 ee8862e43d7837ef5478becfe2eb7116.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: 4IMc5Wm6PSao2hYeYTMB-RxUizsa_efFNbZ7Kg1nCbko6XUFdCLHxA==
age: 312394
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ymyvp8AjauXhERhtadxGdF%2FaErQKeHtUUCT7AIBeWKpGnpCXXEjR3e390mW5ZYTF7fs9yZzYxg4%2FiZKYcsHDEF9n9lqyvu5VgpUhmw2%2FC6uJ5mAjJNzm6S5fWDzTcXLHz3HTaBrXSw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ac73205cec93858-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    
Sha1:   
Sha256: 
                                        
                                            GET /.cdn-cgi/killbot-security.js HTTP/1.1 
Host: files.killbot.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.deliverylifesupport.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        
                                             172.67.166.105
HTTP/2 404 Not Found
content-type: text/html
                                            
date: Thu, 23 Mar 2023 13:59:29 GMT
content-security-policy: default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'
cache-control: max-age=14400
cf-cache-status: HIT
age: 84
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=72N%2BXTrPHc7NQ04rsw90FUoh%2BpxcCNN9A7VaFcL24XDqwVqimI84xWk1P7cqx5dGmk7S51gtivv%2BJpkL0RzWqFiad7Ekj%2B8qQwJlX7idtc77m5TqXTx7XcjAPqIgZuUHlf9UQw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ac731fa98f81bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    
Sha1:   
Sha256: 
                                        
                                            GET /c/hotjar-2895475.js?sv=6 HTTP/1.1 
Host: static.hotjar.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.deliverylifesupport.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        
                                             54.230.111.66
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                            
access-control-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=2592000; includeSubDomains
x-cache-hit: 1
x-content-type-options: nosniff
date: Thu, 23 Mar 2023 13:59:33 GMT
cache-control: max-age=60
etag: W/53a1dd996967aaf4328a975377020f40
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: CkVvL8tGYWd2MQGfKMr1O3fvB4E0XSXTVvmixyZ2CYd0Zrd3wgglag==
age: 5
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    
Sha1:   
Sha256: