Report - track.bloggersideas.com/api/v1/track/campaign/click/bb18l8In2twqGmAUeALAKC/sQn0qopUesxHYU80lgSGsa

Report Overview

Submitted URL
track.bloggersideas.com/api/v1/track/campaign/click/bb18l8In2twqGmAUeALAKC/sQn0qopUesxHYU80lgSGsa
IP
54.174.100.105
ASN
#14618 AMAZON-AES
Submitted
2022-09-06 21:14:39
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
42

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
track.bloggersideas.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	416 B	429 B	52.23.146.176
app.sendx.io	417183	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	405 B	594 B	52.23.146.176
dh234l.weebly.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.7 kB	185 kB	199.34.228.53
ajax.googleapis.com	12905	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	381 B	35 kB	142.250.74.74
www.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	447 B	159 kB	142.250.74.163
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.110
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	658 B	1.5 kB	93.184.220.29
cdn2.editmysite.com	11564	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.0 kB	268 kB	151.101.85.46
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.36.76.226
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	479 B	32 kB	142.250.74.163
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	372 B	1.2 kB	142.250.74.164
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	676 B	1.9 kB	54.230.245.118
ssl.google-analytics.com	275	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	355 B	18 kB	142.250.74.72
ec.editmysite.com	12806	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	987 B	741 B	35.82.13.103
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.36
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	34.214.17.205
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.3 kB	7.0 kB	142.250.74.3
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.6 kB	45 kB	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-09-06	medium	track.bloggersideas.com/api/v1/track/campaign/click/bb18l8In2twqGmAUeALAKC/sQn0qopUesxHYU80lgSGsa	DHL Airways, Inc.
2022-09-06	medium	dh234l.weebly.com/	DHL Airways, Inc.
2022-09-06	medium	dh234l.weebly.com/	DHL Airways, Inc.
2022-09-06	medium	dh234l.weebly.com/	DHL Airways, Inc.
2022-09-06	medium	dh234l.weebly.com/	DHL Airways, Inc.
2022-09-06	medium	dh234l.weebly.com/	DHL Airways, Inc.
2022-09-06	medium	dh234l.weebly.com/	DHL Airways, Inc.
2022-09-06	medium	dh234l.weebly.com/	DHL Airways, Inc.
2022-09-06	medium	dh234l.weebly.com/	DHL Airways, Inc.
2022-09-06	medium	dh234l.weebly.com/	DHL Airways, Inc.
2022-09-06	medium	dh234l.weebly.com/	DHL Airways, Inc.

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-06	medium	track.bloggersideas.com/api/v1/track/campaign/click/bb18l8In2twqGmAUeALAKC/sQn0qopUesxHYU80lgSGsa	Phishing
2022-09-06	medium	dh234l.weebly.com/	Phishing
2022-09-06	medium	dh234l.weebly.com/	Phishing
2022-09-06	medium	cdn2.editmysite.com/js/site/main-customer-accounts-site.js?buildTime=1659658527	Malware
2022-09-06	medium	dh234l.weebly.com/files/theme/plugins.js?1565969634	Phishing
2022-09-06	medium	dh234l.weebly.com/files/theme/custom.js?1565969634	Phishing
2022-09-06	medium	dh234l.weebly.com/uploads/1/4/2/7/142706760/published/dhl-header-on-demand.jpg?1659700733	Phishing
2022-09-06	medium	dh234l.weebly.com/files/theme/fonts/2cd55546-ec00-4af9-aeca-4a3cd186da53.woff2?1659700782	Phishing
2022-09-06	medium	dh234l.weebly.com/ajax/api/JsonRPC/CustomerAccounts/?CustomerAccounts[CustomerAccounts::getAccountDetails]	Phishing
2022-09-06	medium	dh234l.weebly.com/files/theme/fonts/46cf1067-688d-4aab-b0f7-bd942af6efd8.ttf?1659700782	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (24)

	URL	Size	First Seen	Last Seen
	cdn2.editmysite.com/js/site/main.js?buildTime=1659658527	477 kB	2023-03-07	2023-11-21
Pretty URL cdn2.editmysite.com/js/site/main.js?buildTime=1659658527 IP 151.101.85.46 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:53 Last Seen2023-11-21 08:41:00 Times Seen899 Hash f88ad9fb085a6c0dc219e8aa282ce47b 28d40d567859f99251bdc3337bafa088224da780 ba97504b136b447bea2ecc59111ba5a63200d2662f92936d0f7c206492b989d8 Loading...

	dh234l.weebly.com/	22 B	2023-03-07	2024-04-26
Pretty URL dh234l.weebly.com/ IP 199.34.228.53 ASN #27647 WEEBLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:45 Last Seen2024-04-26 08:17:53 Times Seen2287 Hash 9a33cbad7c996ea8903a3eb3332a125c 8efed109b301f8aa0f3768dcd824d669d0129741 5d3b8f4578ca89904a46d014a8433346ca2773e8691f6cc9d09b2b30f0802dbc Loading...

	dh234l.weebly.com/	1.2 kB	2023-03-07	2024-04-26
Pretty URL dh234l.weebly.com/ IP 199.34.228.53 ASN #27647 WEEBLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:44 Last Seen2024-04-26 08:17:53 Times Seen2918 Hash 24449345e209b8641a813eaef44a5244 21617897e4d35717e2e41b766501fbd883a8f16d 3e72636c6cf854c8657ccbf9e03f7af05bd4836066c329417a4f8251bb5d18c1 Loading...

	ssl.google-analytics.com/ga.js	46 kB	2023-03-07	2024-04-16
Pretty URL ssl.google-analytics.com/ga.js IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:00 Last Seen2024-04-16 23:24:27 Times Seen3495 Hash e9372f0ebbcf71f851e3d321ef2a8e5a 2c7d19d1af7d97085c977d1b69dcb8b84483d87c 1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f Loading...

	www.google.com/recaptcha/api.js?_=1662498864701	850 B	2023-03-07	2023-03-17
Pretty URL www.google.com/recaptcha/api.js?_=1662498864701 IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:20:45 Last Seen2023-03-17 11:39:51 Times Seen1 Hash bfb9b2c928e811bf310d2b20b20a6159 270a0193cc0e9baa06e2b91fbb328ef6600eed89 80eb30ba06e2b70a0f19511af3629fd97fca51890266914fb7d3a7f743249eda Loading...

	www.gstatic.com/recaptcha/releases/duyHVVR9Brf6N2GewjkPRfsA/recaptcha__en.js	398 kB	2023-03-07	2023-03-17
Pretty URL www.gstatic.com/recaptcha/releases/duyHVVR9Brf6N2GewjkPRfsA/recaptcha__en.js IP 142.250.74.163 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:20:45 Last Seen2023-03-17 11:40:02 Times Seen1 Hash 4ba43a63c7e907af7ec62d08348f3b9b 5cf61ea391f9788c24e9e6eb8b715bcea22ecdf6 51d9c9160f4c0e20b5a69fa1b09a8947bf74235330d522fae8217ad19c17b93b Loading...

	ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js	94 kB	2023-03-07	2024-04-26
Pretty URL ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js IP 142.250.74.74 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:53 Last Seen2024-04-26 08:23:53 Times Seen16314 Hash 3576a6e73c9dccdbbc4a2cf8ff544ad7 06e872300088b9ba8a08427d28ed0efcdf9c6ff5 61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf Loading...

	dh234l.weebly.com/	117 B	2023-03-07	2024-04-26
Pretty URL dh234l.weebly.com/ IP 199.34.228.53 ASN #27647 WEEBLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:44 Last Seen2024-04-26 08:17:53 Times Seen2943 Hash ef142665f07ac27f698aa34d471c4439 b9e0d81f97054a9a0a68f57096d992ba58f33184 fbfd3b11452dce82b76e405100aece37dcfe12df4c71fb8f2bc2fe2166e9f07f Loading...

	dh234l.weebly.com/	1.8 kB	2023-03-07	2024-04-26
Pretty URL dh234l.weebly.com/ IP 199.34.228.53 ASN #27647 WEEBLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:44 Last Seen2024-04-26 08:17:53 Times Seen2940 Hash 563cec0ace2baea4e867b491f66cd6b0 fc4451f8fa76c5d1e3714e9008510633cffaa4f7 e4538493fc4f43f93806d0239acac9b38b0453c8440dc5ba4fcb47eae6ab2556 Loading...

	dh234l.weebly.com/	35 B	2023-03-07	2024-04-26
Pretty URL dh234l.weebly.com/ IP 199.34.228.53 ASN #27647 WEEBLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:45 Last Seen2024-04-26 08:17:53 Times Seen2957 Hash 13385ea3f3e6184de3bfa80f08fe938b 6f859a2fd4b7e15ed74990516d97a52e7b4eeb20 5e87d85ec57af5d97b6c0d4c6e766afd2b53d077102827d19625a37d8cd11c2d Loading...

	dh234l.weebly.com/files/theme/plugins.js?1565969634	68 kB	2023-03-07	2024-04-26
Pretty URL dh234l.weebly.com/files/theme/plugins.js?1565969634 IP 199.34.228.53 ASN #27647 WEEBLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:30 Last Seen2024-04-26 07:29:21 Times Seen2663 Hash 2b8d85f1ea01d2c3e8b962eac8d76a5c 936987a7e08daa4a916c77d86937edee42d657da b6353ca52760aba4e7547ae9861db68158dc2af0f4febece55e5c775ee4449f5 Loading...

	dh234l.weebly.com/	62 B	2023-03-07	2024-04-26
Pretty URL dh234l.weebly.com/ IP 199.34.228.53 ASN #27647 WEEBLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:44 Last Seen2024-04-26 08:17:53 Times Seen2716 Hash 1afa8234115c6f382672d91917a6fb26 e96957cb655865327588927ebc34d1ae376e9e64 45988af53e17c3bc8103bbe22bd47dd6d2d03d4a90c4116dc0621ab24ff87258 Loading...

	unknown	0 B	2023-03-07	2024-04-26
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-26 10:14:12 Times Seen37089423 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	dh234l.weebly.com/	32 B	2023-03-07	2024-04-26
Pretty URL dh234l.weebly.com/ IP 199.34.228.53 ASN #27647 WEEBLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:45 Last Seen2024-04-26 08:17:53 Times Seen2966 Hash 1bca01edca83d94091a2bb38d7ef8183 d05117e4ab3b3461be3855e95813a5c607e3ca95 fcf1cbf5cfad6d605868f42d38a0a937f5e6eaa91b05dcfbbbc95e4c3e23e528 Loading...

	dh234l.weebly.com/	263 B	2023-03-07	2023-03-07
Pretty URL dh234l.weebly.com/ IP 199.34.228.53 ASN #27647 WEEBLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:13:03 Last Seen2023-03-07 13:15:27 Times Seen1 Hash c16fe41fee626ad0b909711d6be979fb 7bd74b76d475895c1d2da08701e318207a1a89bb 6fbc997f19f4bf1cf1e7c52bbca2a1643a04d1ffa142b52b59c4769522a9e019 Loading...

	dh234l.weebly.com/files/theme/custom.js?1565969634	6.5 kB	2023-03-07	2024-04-25
Pretty URL dh234l.weebly.com/files/theme/custom.js?1565969634 IP 199.34.228.53 ASN #27647 WEEBLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:30 Last Seen2024-04-25 20:02:10 Times Seen474 Hash 48e887857aec23f184b0aa49c18d2445 9480776eb1666cd553a80f38316c6305943e5891 0567021bc3973d113c6b0b6e68d0e9a8b53f38a7f60716c83214a133cc00139a Loading...

	dh234l.weebly.com/	664 B	2023-03-07	2024-04-26
Pretty URL dh234l.weebly.com/ IP 199.34.228.53 ASN #27647 WEEBLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:44 Last Seen2024-04-26 08:17:53 Times Seen2912 Hash fdd0b895b9cf69a9a4f4817533aa51f5 afc67ab62c3c91df626260407845fc41bf5d895e a50f8a487c23d76460681440220a85a28cdb09912ef451d59aa2b4f47c32aea0 Loading...

	dh234l.weebly.com/	2.3 kB	2023-03-07	2023-07-05
Pretty URL dh234l.weebly.com/ IP 199.34.228.53 ASN #27647 WEEBLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:55:29 Last Seen2023-07-05 13:30:45 Times Seen2 Hash f30dd63d9aeb0dfe2f11e969fcf06a38 b734b23a254a639d35aceba011fe687079e78d56 7fbb79d25ea2f57f84dc58e53eac979f611dce907d4ee96b2c9e5b12ae4a91fb Loading...

	dh234l.weebly.com/	53 B	2023-03-07	2023-07-05
Pretty URL dh234l.weebly.com/ IP 199.34.228.53 ASN #27647 WEEBLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:55:29 Last Seen2023-07-05 13:30:45 Times Seen2 Hash a5a435866c8292ff95ce1e4b7f564f90 94b079df302976caf443f07a4926ef2fbfb4f3e1 c3928937ccc1a2fc1a787ab4049b6b5a3caf660c43d68db157f162967be23f6e Loading...

	dh234l.weebly.com/	266 B	2023-03-07	2023-03-10
Pretty URL dh234l.weebly.com/ IP 199.34.228.53 ASN #27647 WEEBLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:55:29 Last Seen2023-03-10 14:33:19 Times Seen1 Hash 33e043c1f58338d71bae997930a8f9f0 f32862be90a7c09cf886e11537aa9e48aa8f6937 b15582905ba729d949e42de2a1c6286cd9928ec8615dc21a196f0d0a859e133a Loading...

	cdn2.editmysite.com/js/lang/en/stl.js?buildTime=1659658527&	181 kB	2023-03-07	2023-03-17
Pretty URL cdn2.editmysite.com/js/lang/en/stl.js?buildTime=1659658527& IP 151.101.85.46 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:45 Last Seen2023-03-17 12:46:21 Times Seen1 Hash 6d0e19ea5a149c71990a9f7e6ef153dc 0479103bf6dddcec668738f203d69441345e0c3d 9bfb6266418837cf775c1d459a95843d075262619e2c5b2654caaa7773ad3bdc Loading...

	dh234l.weebly.com/	62 B	2023-03-07	2024-04-26
Pretty URL dh234l.weebly.com/ IP 199.34.228.53 ASN #27647 WEEBLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:44 Last Seen2024-04-26 08:17:53 Times Seen2952 Hash 461bd236ddeca3b8b6e3cca8599ccb43 73c74d3281452e483c11f944d798738afc7f5b89 aebd4ac1ead5b4987d8b975cafa889ca1a6831175bc206ca9552863e390bc0f1 Loading...

	cdn2.editmysite.com/js/site/footerSignup.js?buildTime=1662479164	3.6 kB	2023-03-07	2024-04-26
Pretty URL cdn2.editmysite.com/js/site/footerSignup.js?buildTime=1662479164 IP 151.101.85.46 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:45 Last Seen2024-04-26 08:17:53 Times Seen4370 Hash 40b81b2d52ba9d2e2c64c31ff6a24cd7 6b5689250661646ecbb841f2475f1556a113373c e06baca13f25df9c7d684fc1b1fdfbbbb95070a1d5a9cd648632da7bccc90b96 Loading...

	dh234l.weebly.com/	123 B	2023-03-07	2024-01-13
Pretty URL dh234l.weebly.com/ IP 199.34.228.53 ASN #27647 WEEBLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:55:29 Last Seen2024-01-13 15:38:08 Times Seen10 Hash 6d67de07c2ea0df6784bfba479231705 55762e2dd158103251773aa07f089cb935a1df4f 0733e07bc73686ddc32ff4c2c1877840913749c3133bb697b4b7aad59831ec68 Loading...

HTTP Transactions (60)

URL IP Response Size

track.bloggersideas.com/api/v1/track/campaign/click/bb18l8In2twqGmAUeALAKC/sQn0qopUesxHYU80lgSGsa

52.23.146.176

301 Moved Permanently

166 B

URL HTTP/1.1
track.bloggersideas.com/api/v1/track/campaign/click/bb18l8In2twqGmAUeALAKC/sQn0qopUesxHYU80lgSGsa
IP
52.23.146.176:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
166 B (166 bytes)
Hash
3ea1c8d079b38532a6e01a96216ba5e2
598d3ff91d3e252f1e13df8cf0348b270ff2da3f
87a9323ac85ce28867d5d7ce590c8f29b8d1a999961fca71bb33adef48683691

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.
fortinet	Phishing

HTTP Headers

GET /api/v1/track/campaign/click/bb18l8In2twqGmAUeALAKC/sQn0qopUesxHYU80lgSGsa HTTP/1.1
Host: track.bloggersideas.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Content-Type: text/html
Date: Tue, 06 Sep 2022 21:14:28 GMT
Location: http://app.sendx.io/api/v1/track/campaign/click/bb18l8In2twqGmAUeALAKC/sQn0qopUesxHYU80lgSGsa
Server: openresty
Content-Length: 166
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b9adda4796e3cda8d92753c46964621c
5f1eba1f6085b23dea088a91fe6f8947172f9f62
a0577a8fcfa81b3f86d99566eb4429655b93a238ffd1a3752bc9aae3d969deea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A0577A8FCFA81B3F86D99566EB4429655B93A238FFD1A3752BC9AAE3D969DEEA"
Last-Modified: Tue, 06 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2909
Expires: Tue, 06 Sep 2022 22:02:57 GMT
Date: Tue, 06 Sep 2022 21:14:28 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

143.204.55.36

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 06 Sep 2022 21:04:27 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 2c75IFEPJu0lJ92WRjBoLPsoQFV3z_r3Z2eUipfVTu9Mi-SkBYM3KA==
Age: 601

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.110

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.110:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 06 Sep 2022 01:15:18 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 8EnX3cj7TlJswghCwEHu3jUJxx8hyRnQfLjgp_0FqZ8psxazoDcy6A==
age: 71951
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 06 Sep 2022 21:14:28 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

app.sendx.io/api/v1/track/campaign/click/bb18l8In2twqGmAUeALAKC/sQn0qopUesxHYU80lgSGsa

52.23.146.176

302 Found

36 B

URL HTTP/1.1
app.sendx.io/api/v1/track/campaign/click/bb18l8In2twqGmAUeALAKC/sQn0qopUesxHYU80lgSGsa
IP
52.23.146.176:0
ASN
#14618 AMAZON-AES

File type
JSON data\012- , ASCII text
Size
36 B (36 bytes)
Hash
813daee905e07cd625b120d7408238a0
e59571954d984c7f28e6956b07abbe5d14018d58
ab9450fa44d4de079aecc1982f11676daadf6c9f4909e61f58ecafc78f2c298b

HTTP Headers

GET /api/v1/track/campaign/click/bb18l8In2twqGmAUeALAKC/sQn0qopUesxHYU80lgSGsa HTTP/1.1
Host: app.sendx.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin,Authorization,Access-Control-Allow-Origin
Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,Access-Control-Allow-Origin
Content-Type: text/plain; charset=utf-8
Date: Tue, 06 Sep 2022 21:14:28 GMT
Location: http://dh234l.weebly.com
Server: openresty
Set-Cookie: sendx_sess=562e67a31e89b5941caa61f909f22934; Path=/; HttpOnly
Content-Length: 36
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.36

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Tue, 06 Sep 2022 20:38:18 GMT
Expires: Tue, 06 Sep 2022 20:44:12 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: jbuZK2d_cUQBiuR76esXw5x7a9nwTmm7VxlZiJfbVWSU92lrYvr--A==
Age: 2170

dh234l.weebly.com/

199.34.228.53

301 Moved Permanently

350 B

URL HTTP/1.1
dh234l.weebly.com/
IP
199.34.228.53:0
ASN
#27647 WEEBLY

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
350 B (350 bytes)
Hash
b6ab076363d797c6015e91eb415a4fb9
8e5540fa5b07f27598903f6d4c634b7fa7a129d9
3c5b4ad95b84ba8e10665bea99e1119933115c1ce60f27a95eec77d7ff183fe8

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: dh234l.weebly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Tue, 06 Sep 2022 21:14:28 GMT
Server: Apache
Set-Cookie: is_mobile=0; path=/; domain=dh234l.weebly.com
Vary: X-W-SSL,User-Agent
Location: https://dh234l.weebly.com/
X-Host: blu122.sf2p.intern.weebly.net
X-UA-Compatible: IE=edge,chrome=1
Content-Length: 350
Keep-Alive: timeout=10, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e8952752ad4a452a575522a7eb737217
c5554fa2af05d7a7117032b0f99352de08988346
8c182bed7bbd843774a2136823b30a4cb707e2a5386f71d01640aa3558888bf7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5796
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 21:14:29 GMT
Last-Modified: Tue, 06 Sep 2022 19:37:53 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
465454a39c614912b78bf08db653279d
38124f3c288071a842aa38615526a9b556a24db9
0942fdad3fb6e3882eb3c7c8a519473e064758eedb0a497316a70b01b48bb3a3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2379
Cache-Control: max-age=141982
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 21:14:29 GMT
Etag: "63173688-1d7"
Expires: Thu, 08 Sep 2022 12:40:51 GMT
Last-Modified: Tue, 06 Sep 2022 12:01:12 GMT
Server: ECS (amb/6BAE)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

34.214.17.205

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.214.17.205:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: mhWOniBy86Zl14hwf9sj+w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: uJ2c1xsLSkP12ggnI6uA+rTKogM=

dh234l.weebly.com/

199.34.228.53

200 OK

5.7 kB

URL HTTP/1.1
dh234l.weebly.com/
IP
199.34.228.53:0
ASN
#27647 WEEBLY

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (861), with CRLF, LF line terminators
Size
5.7 kB (5669 bytes)
Hash
71cb3ebfafc8552675493208f919cf13
0d75261f96f285e7215fada13104d26ec6042c8a
d7d7721d79772d57eec30ba3b7b560bf45272ec846df4191a4dd31caf0a2fd07

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: dh234l.weebly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 21:14:29 GMT
Server: Apache
Vary: X-W-SSL,Accept-Encoding,User-Agent
Set-Cookie: is_mobile=0; path=/; domain=dh234l.weebly.com
language=en; expires=Tue, 20-Sep-2022 21:14:29 GMT; Max-Age=1209600; path=/
Cache-Control: private
ETag: W/"0a8851ad52ca424d197547d2caa6c442-gzip"
Content-Encoding: gzip
X-Host: grn28.sf2p.intern.weebly.net
X-UA-Compatible: IE=edge,chrome=1
Content-Length: 5669
Keep-Alive: timeout=10, max=75
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

cdn2.editmysite.com/css/old/fancybox.css?1659658527

151.101.85.46

200 OK

1.2 kB

URL HTTP/2
cdn2.editmysite.com/css/old/fancybox.css?1659658527
IP
151.101.85.46:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (3910)
Size
1.2 kB (1218 bytes)
Hash
b644e92258f4c7c0b4270047652d1e60
93734d52ee9e86a768159e514076051813c39cd9
29199496fb817668f887938571046abcdfb49063d0207d571b361f221f467907

HTTP Headers

GET /css/old/fancybox.css?1659658527 HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dh234l.weebly.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-type: text/css
last-modified: Tue, 23 Aug 2022 17:52:20 GMT
etag: "630513d4-f47"
expires: Wed, 07 Sep 2022 12:54:06 GMT
cache-control: max-age=1209600
x-host: grn135.sf2p.intern.weebly.net
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 06 Sep 2022 21:14:29 GMT
age: 1153223
x-served-by: cache-sjc10072-SJC, cache-bma1677-BMA
x-cache: HIT, HIT
x-cache-hits: 1, 1
x-timer: S1662498870.868764,VS0,VE1
vary: Accept-Encoding
access-control-allow-origin: *
content-length: 1218
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c0498832f97967e1fbaa64eba7c65094
2dcaaa99759c7b3279d75f4f934bf05a1c4ca8e7
63621ee746f1a80c3c6167ca190e5008e3e79db0bc8f0e5cb0e5dccc11ceb822

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 21:14:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdn2.editmysite.com/css/social-icons.css?buildtime=1659658527

151.101.85.46

200 OK

1.6 kB

URL HTTP/2
cdn2.editmysite.com/css/social-icons.css?buildtime=1659658527
IP
151.101.85.46:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (13080)
Size
1.6 kB (1639 bytes)
Hash
d2282b2f3831e78357aa72f78c7bc8f8
3a23aab2bd18853d7ddc58e0474c8620dd64b272
6ed933a9e7d222ab80c3b632da200143920012a59bd0fdc8ea6a8ebdc0008797

HTTP Headers

GET /css/social-icons.css?buildtime=1659658527 HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dh234l.weebly.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-type: text/css
last-modified: Fri, 02 Sep 2022 18:13:15 GMT
etag: W/"631247bb-3319"
expires: Tue, 20 Sep 2022 10:30:58 GMT
cache-control: max-age=1209600
x-host: grn94.sf2p.intern.weebly.net
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 06 Sep 2022 21:14:29 GMT
age: 38611
x-served-by: cache-sjc10061-SJC, cache-bma1677-BMA
x-cache: HIT, HIT
x-cache-hits: 3, 1
x-timer: S1662498870.870768,VS0,VE1
vary: Accept-Encoding
access-control-allow-origin: *
content-length: 1639
X-Firefox-Spdy: h2

cdn2.editmysite.com/images/site/footer/footer-toast-published-image-1.png

151.101.85.46

200 OK

9.7 kB

URL HTTP/2
cdn2.editmysite.com/images/site/footer/footer-toast-published-image-1.png
IP
151.101.85.46:0
ASN
#54113 FASTLY

File type
PNG image data, 199 x 97, 8-bit colormap, non-interlaced\012- data
Size
9.7 kB (9677 bytes)
Hash
6e0f7ad31bf187e0d88fc5787573ba71
14e8b85cc32a01c8901e4ac0160582d29a45e9e6
580ef6409e067a4ec4a427400c7d6216184869e2da53343df20753cc1f8a46cd

HTTP Headers

GET /images/site/footer/footer-toast-published-image-1.png HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dh234l.weebly.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-guploader-uploadid: ADPycdtBep7ROccdUt9-QNl5VbmRIpCUwFb5y0r5I6-vVE2nBsM9PCbzHI6xHxQIvmEjxA2YbetFcXQVHBR8TKD8jioOTQFmXNb8
x-goog-generation: 1549995548326466
x-goog-metageneration: 3
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 9677
x-goog-hash: crc32c=QhrKCw==, md5=bg960xvxh+DYj8V4dXO6cQ==
x-goog-storage-class: STANDARD
server: UploadServer
expires: Sun, 17 Apr 2022 00:19:21 GMT
cache-control: public, max-age=86400, s-maxage=259200
last-modified: Tue, 12 Feb 2019 18:19:08 GMT
etag: "6e0f7ad31bf187e0d88fc5787573ba71"
content-type: image/png
accept-ranges: bytes
date: Tue, 06 Sep 2022 21:14:29 GMT
via: 1.1 varnish
age: 160850
x-served-by: cache-bma1677-BMA
x-cache: HIT
x-cache-hits: 895
x-timer: S1662498870.870538,VS0,VE0
access-control-allow-origin: *
content-length: 9677
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
521428b0e694b41561bc2ed785219929
45bf3b914325f9d646879bd16bb01feb8f29f2d4
9e2c58593cb9b9baae14e338253ca44b199d965e106ddc70c700f66f0203465a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 21:14:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdn2.editmysite.com/js/site/footerSignup.js?buildTime=1662479164

151.101.85.46

200 OK

1.4 kB

URL HTTP/2
cdn2.editmysite.com/js/site/footerSignup.js?buildTime=1662479164
IP
151.101.85.46:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (3600), with no line terminators
Size
1.4 kB (1372 bytes)
Hash
121a5b9688d8e70ee7bb06cc79491f76
3a28220baa7d8879270c8311bed7dddefa7e43e9
181716c84474c9eb6685a809d69dda5d49ce44dfbf64c5dee89a3091e23def40

HTTP Headers

GET /js/site/footerSignup.js?buildTime=1662479164 HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dh234l.weebly.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-type: application/javascript
last-modified: Tue, 06 Sep 2022 15:26:51 GMT
etag: "631766bb-e10"
expires: Tue, 20 Sep 2022 15:50:21 GMT
cache-control: max-age=1209600
x-host: grn62.sf2p.intern.weebly.net
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 06 Sep 2022 21:14:29 GMT
age: 19449
x-served-by: cache-sjc10053-SJC, cache-bma1677-BMA
x-cache: HIT, HIT
x-cache-hits: 1, 94
x-timer: S1662498870.881497,VS0,VE0
vary: Accept-Encoding
access-control-allow-origin: *
content-length: 1372
X-Firefox-Spdy: h2

cdn2.editmysite.com/js/site/main-customer-accounts-site.js?buildTime=1659658527

151.101.85.46

200 OK

159 kB

URL HTTP/2
cdn2.editmysite.com/js/site/main-customer-accounts-site.js?buildTime=1659658527
IP
151.101.85.46:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (32007)
Size
159 kB (158975 bytes)
Hash
c29a5e4fd4ee0d3b7cd0597f2b9b602b
bb134ed641467954f4a724167dc7ea56a03e7fa8
bf9850a7e6dd269898b78ecf07a34438bc300cad0bbb2d280e10ccadf81646b2

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/site/main-customer-accounts-site.js?buildTime=1659658527 HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dh234l.weebly.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/javascript
last-modified: Mon, 29 Aug 2022 23:14:16 GMT
etag: "630d4848-8250f"
expires: Tue, 13 Sep 2022 07:41:00 GMT
cache-control: max-age=1209600
x-host: grn132.sf2p.intern.weebly.net
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 06 Sep 2022 21:14:29 GMT
age: 653609
x-served-by: cache-sjc10043-SJC, cache-bma1677-BMA
x-cache: HIT, HIT
x-cache-hits: 1, 1
x-timer: S1662498870.869050,VS0,VE1
vary: Accept-Encoding
access-control-allow-origin: *
content-length: 158975
X-Firefox-Spdy: h2

cdn2.editmysite.com/css/sites.css?buildTime=1659658527

151.101.85.46

200 OK

30 kB

URL HTTP/2
cdn2.editmysite.com/css/sites.css?buildTime=1659658527
IP
151.101.85.46:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (65536), with no line terminators
Size
30 kB (29746 bytes)
Hash
d10158b22b553f723d99dc78eaee6390
80f2d6670cfb0d01cd20c471cf8e3e6465ddd3f6
939c7a8e1ad74a44e0c847e38533e69e36454b6805d25acf3fb0cb5c472d245e

HTTP Headers

GET /css/sites.css?buildTime=1659658527 HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dh234l.weebly.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-type: text/css
last-modified: Fri, 26 Aug 2022 23:31:40 GMT
etag: W/"630957dc-347ac"
expires: Mon, 12 Sep 2022 11:32:05 GMT
cache-control: max-age=1209600
x-host: blu87.sf2p.intern.weebly.net
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 06 Sep 2022 21:14:29 GMT
age: 726144
x-served-by: cache-sjc10037-SJC, cache-bma1677-BMA
x-cache: HIT, HIT
x-cache-hits: 2, 1
x-timer: S1662498870.871615,VS0,VE1
vary: Accept-Encoding
access-control-allow-origin: *
content-length: 29746
X-Firefox-Spdy: h2

cdn2.editmysite.com/js/lang/en/stl.js?buildTime=1659658527&

151.101.85.46

200 OK

33 kB

URL HTTP/2
cdn2.editmysite.com/js/lang/en/stl.js?buildTime=1659658527&
IP
151.101.85.46:0
ASN
#54113 FASTLY

File type
HTML document, Unicode text, UTF-8 text, with very long lines (64997)
Size
33 kB (32802 bytes)
Hash
40ee71f2f2de93b9561845efa9a0cbbc
13451e3fb165d1ad524d9863d8344eab4a2fe353
41a33daf28fc89ce06f3c6a6029d078c20a0f42f07d6ec3dc7127d206dcec5fe

HTTP Headers

GET /js/lang/en/stl.js?buildTime=1659658527& HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dh234l.weebly.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-type: application/javascript
last-modified: Fri, 02 Sep 2022 18:12:14 GMT
etag: "6312477e-2c44e"
expires: Tue, 20 Sep 2022 07:38:24 GMT
cache-control: max-age=1209600
x-host: grn137.sf2p.intern.weebly.net
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 06 Sep 2022 21:14:29 GMT
age: 48965
x-served-by: cache-sjc10044-SJC, cache-bma1677-BMA
x-cache: HIT, HIT
x-cache-hits: 3, 1
x-timer: S1662498870.871497,VS0,VE1
vary: Accept-Encoding
access-control-allow-origin: *
content-length: 32802
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js

142.250.74.74

200 OK

34 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js
IP
142.250.74.74:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65483)
Size
34 kB (33593 bytes)
Hash
a54a444f20643b131117dc2112cca05f
074964746b12ff1d30f7656310d6154ae1cc98b5
aa3ca8485dd777d4d880b38c1cf3bc2fc290d28a79ba3e3e43cba1f653132830

HTTP Headers

GET /ajax/libs/jquery/1.8.3/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dh234l.weebly.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33593
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 03 Sep 2022 09:37:50 GMT
expires: Sun, 03 Sep 2023 09:37:50 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 300999
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
521428b0e694b41561bc2ed785219929
45bf3b914325f9d646879bd16bb01feb8f29f2d4
9e2c58593cb9b9baae14e338253ca44b199d965e106ddc70c700f66f0203465a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 21:14:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c0498832f97967e1fbaa64eba7c65094
2dcaaa99759c7b3279d75f4f934bf05a1c4ca8e7
63621ee746f1a80c3c6167ca190e5008e3e79db0bc8f0e5cb0e5dccc11ceb822

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 21:14:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

dh234l.weebly.com/files/theme/plugins.js?1565969634

199.34.228.53

200 OK

16 kB

URL HTTP/1.1
dh234l.weebly.com/files/theme/plugins.js?1565969634
IP
199.34.228.53:0
ASN
#27647 WEEBLY

File type
ASCII text
Size
16 kB (15721 bytes)
Hash
43e6b0bb6eb6524188831a282f7656d7
44e73fe367fc1fb8efee7eefac557b7d76ef0f44
9001fcfe93ceab40de4bb3535fc61335318c56d4440b53070cac27a26fef42bb

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.
fortinet	Phishing

HTTP Headers

GET /files/theme/plugins.js?1565969634 HTTP/1.1
Host: dh234l.weebly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dh234l.weebly.com/
Cookie: is_mobile=0; language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 21:14:30 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Sun, 24 Apr 2022 01:56:38 GMT
x-rgw-object-type: Normal
ETag: W/"2b8d85f1ea01d2c3e8b962eac8d76a5c"
x-amz-request-id: tx000000000000001ae94c4-006284793b-b9fbc20-sfo1
X-Storage-Bucket: zb635
X-Storage-Object: b6353ca52760aba4e7547ae9861db68158dc2af0f4febece55e5c775ee4449f5
X-Host: grn139.sf2p.intern.weebly.net
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
eb53024bbd41c1d8f88fa7b9becb704a
c87f5ac53cff6e3436c15551f8092f1e0215cb79
f2f589c71f9426ead1c60e4707982aa501b785a6040c95214db905a5cff8a777

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 21:14:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

142.250.74.163

200 OK

31 kB

URL HTTP/2
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Size
31 kB (30928 bytes)
Hash
ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780

HTTP Headers

GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dh234l.weebly.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Sep 2022 16:40:18 GMT
expires: Fri, 01 Sep 2023 16:40:18 GMT
cache-control: public, max-age=31536000
age: 448452
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
eb53024bbd41c1d8f88fa7b9becb704a
c87f5ac53cff6e3436c15551f8092f1e0215cb79
f2f589c71f9426ead1c60e4707982aa501b785a6040c95214db905a5cff8a777

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 21:14:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

dh234l.weebly.com/files/theme/custom.js?1565969634

199.34.228.53

200 OK

1.8 kB

URL HTTP/1.1
dh234l.weebly.com/files/theme/custom.js?1565969634
IP
199.34.228.53:0
ASN
#27647 WEEBLY

File type
ASCII text
Size
1.8 kB (1816 bytes)
Hash
1f7d51d1b0acc9268e8aa57af11ee258
df55901d31c5b1de0181820e1bf123d61b5ec6c6
44ecca81c81024cd199ad979fd0ca46a379978a73a1c9ce09b6dfc9393cceff0

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.
fortinet	Phishing

HTTP Headers

GET /files/theme/custom.js?1565969634 HTTP/1.1
Host: dh234l.weebly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dh234l.weebly.com/
Cookie: is_mobile=0; language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 21:14:30 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 19 Apr 2022 15:56:37 GMT
x-rgw-object-type: Normal
ETag: W/"48e887857aec23f184b0aa49c18d2445"
x-amz-request-id: tx000000000000001cb5662-00628495cd-b9fbc20-sfo1
X-Storage-Bucket: z0567
X-Storage-Object: 0567021bc3973d113c6b0b6e68d0e9a8b53f38a7f60716c83214a133cc00139a
X-Host: blu134.sf2p.intern.weebly.net
Content-Encoding: gzip

dh234l.weebly.com/uploads/1/4/2/7/142706760/published/dhl-header-on-demand.jpg?1659700733

199.34.228.53

200 OK

3.5 kB

URL HTTP/1.1
dh234l.weebly.com/uploads/1/4/2/7/142706760/published/dhl-header-on-demand.jpg?1659700733
IP
199.34.228.53:0
ASN
#27647 WEEBLY

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 389x74, components 3\012- data
Size
3.5 kB (3486 bytes)
Hash
afbc7933babe123e1b61807af24c5310
dd02b495a61a49dea03b4adce9070fa7526d6aaf
d43053ef788bdcca072aac633e8b16a16f1ddf5b1f8eed45fb238f1a4e4b427c

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.
fortinet	Phishing

HTTP Headers

GET /uploads/1/4/2/7/142706760/published/dhl-header-on-demand.jpg?1659700733 HTTP/1.1
Host: dh234l.weebly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dh234l.weebly.com/
Cookie: is_mobile=0; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 21:14:30 GMT
Content-Type: image/jpeg
Content-Length: 3486
Connection: keep-alive
Last-Modified: Fri, 05 Aug 2022 11:58:53 GMT
x-rgw-object-type: Normal
ETag: "afbc7933babe123e1b61807af24c5310"
x-amz-request-id: tx00000000000003641e5d4-006315c817-c0351b0-sfo1
X-Storage-Bucket: zd430
X-Storage-Object: d43053ef788bdcca072aac633e8b16a16f1ddf5b1f8eed45fb238f1a4e4b427c
X-Host: grn29.sf2p.intern.weebly.net
Accept-Ranges: bytes

cdn2.editmysite.com/js/wsnbn/snowday262.js

151.101.85.46

200 OK

26 kB

URL HTTP/2
cdn2.editmysite.com/js/wsnbn/snowday262.js
IP
151.101.85.46:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (2512)
Size
26 kB (25752 bytes)
Hash
234327230add9a5a5d61a48829ea4565
7966cc0e4bd76f88ff193c8a99a067de804b7129
bb696c58d9ae5fa635b3ff22efdf60de9ac2f8ef9df5e2f2d58dd5f8dc99df75

HTTP Headers

GET /js/wsnbn/snowday262.js HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dh234l.weebly.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/javascript
last-modified: Tue, 30 Aug 2022 19:50:08 GMT
etag: "630e69f0-124fe"
expires: Thu, 15 Sep 2022 08:38:41 GMT
cache-control: max-age=1209600
x-host: grn123.sf2p.intern.weebly.net
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 06 Sep 2022 21:14:30 GMT
age: 477349
x-served-by: cache-sjc10034-SJC, cache-bma1677-BMA
x-cache: HIT, HIT
x-cache-hits: 1, 5256
x-timer: S1662498871.584060,VS0,VE0
vary: Accept-Encoding
access-control-allow-origin: *
content-length: 25752
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4192
Expires: Tue, 06 Sep 2022 22:24:22 GMT
Date: Tue, 06 Sep 2022 21:14:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4192
Expires: Tue, 06 Sep 2022 22:24:22 GMT
Date: Tue, 06 Sep 2022 21:14:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4192
Expires: Tue, 06 Sep 2022 22:24:22 GMT
Date: Tue, 06 Sep 2022 21:14:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4192
Expires: Tue, 06 Sep 2022 22:24:22 GMT
Date: Tue, 06 Sep 2022 21:14:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4192
Expires: Tue, 06 Sep 2022 22:24:22 GMT
Date: Tue, 06 Sep 2022 21:14:30 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe1756524-f0d1-4149-aa44-603b827f87d4.jpeg

34.120.237.76

200 OK

6.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe1756524-f0d1-4149-aa44-603b827f87d4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.7 kB (6656 bytes)
Hash
983e705542fa78b4d5c876e0c1eada7e
5fc951e5236edd282d4975853ca35dab2e55fb17
fa6e478fc213f6cb6c9f33c96c51105262c857bfe313b3d310755be30b1feeb3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe1756524-f0d1-4149-aa44-603b827f87d4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6656
x-amzn-requestid: 2703eaf4-1a5a-41a6-859b-47255865efb0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YAX-3F2ZIAMFpLg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63166d2b-6df026de5a9230ed429d08c1;Sampled=0
x-amzn-remapped-date: Mon, 05 Sep 2022 21:42:03 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: FIIvB2jeQ_PBDzi8XRN0jnNxze3OwDbz8TBaIcadRvmQd2EFhCwX7Q==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 21:44:33 GMT
age: 84597
etag: "5fc951e5236edd282d4975853ca35dab2e55fb17"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F803e9506-f3ea-4e09-a966-608b8dabf3b0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.1 kB (8134 bytes)
Hash
5540d72831e7e7b9fc287f92c48d9f5e
ec19429fa76d9ad47a0578734b011b530b79ebbf
bc27a44853fd17cf51d6bba0db58a755c75a309d9b0cbcd454dfc9d62785f72f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F803e9506-f3ea-4e09-a966-608b8dabf3b0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8134
x-amzn-requestid: 1b2ece5c-784c-4c14-a760-c43d697b1abf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X7FSEE2CIAMFvgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63144f40-2243fc211a76c7e404710c7c;Sampled=0
x-amzn-remapped-date: Sun, 04 Sep 2022 07:09:52 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: f2bMA3sdC6qxijseKXb53WMncdjInfvh-lVvr0W69sgaHEHKCNvLMQ==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 07:25:52 GMT
age: 49718
etag: "ec19429fa76d9ad47a0578734b011b530b79ebbf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ad09c5e-a115-4ff7-9742-809e93046365.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.4 kB (4426 bytes)
Hash
c81f3df885bdee8cac46ea9495e6b63b
fc766bca874a352a4acb569577d4cf6527f4f074
e21473f88c613ca33ba6bbe1e0cab338274a06744cdcb088f14873c972445b36

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ad09c5e-a115-4ff7-9742-809e93046365.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4426
x-amzn-requestid: b5b68557-e46d-41cd-9b11-d996aabc0de7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzfYTHHFIAMFjFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631145ce-1d3504367cf6ef724a345564;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 23:52:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: GSRJIWisH465dPqbKyPj1iZk1jAu3RGrgwj1CX3X8A397zv9Nt0cHA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 08:35:06 GMT
age: 45564
etag: "fc766bca874a352a4acb569577d4cf6527f4f074"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc4b02d0f-9da0-42dc-a234-02e974e7d286.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.9 kB (7855 bytes)
Hash
8c23179b2131543088771e3fa84ff231
ae50ae4aecd962b698c19f2863857b51cea7fcec
660900ca69b1787a734c1dbe3d6b9b19656912b4bc4715964c4325edff57f008

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc4b02d0f-9da0-42dc-a234-02e974e7d286.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7855
x-amzn-requestid: d7c8054c-d7d3-4b76-815d-36c3a2e1f6a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YAYn6FwzoAMF40g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63166e32-3ededbf27f83503978e0d775;Sampled=0
x-amzn-remapped-date: Mon, 05 Sep 2022 21:46:26 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: QFEoJOq9eyhQH3KTlAB_ctOvGWRfAkPMHiZUa34wae07KaezXFodBg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 21:57:14 GMT
age: 83836
etag: "ae50ae4aecd962b698c19f2863857b51cea7fcec"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106059e1-95ed-4ffb-b6d2-7b4f160333ed.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (12683 bytes)
Hash
ec466c0d472e43c11d36bf6fce068205
720d3624a76d060b8e2699e9aa7a320e3efd4878
5553fc24713aae808f5ab81671551b0ae719435f3ced9f25df97d8edf6bfe86f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106059e1-95ed-4ffb-b6d2-7b4f160333ed.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12683
x-amzn-requestid: 6127e5b6-72f6-40df-b400-41a1f147f6da
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xz8XmEe0IAMFQDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63117430-2b27a2683d2d320172cef32e;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 03:10:40 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Mj_IT5g7hGu2AunKK7mvierv5BQ8cAxhnbGaUNsL6hRNu6MRAzIBDw==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 04:31:02 GMT
age: 60208
etag: "720d3624a76d060b8e2699e9aa7a320e3efd4878"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

cdn2.editmysite.com/css/free-footer-v3.css?buildtime=1662479164

151.101.85.46

200 OK

886 B

URL HTTP/2
cdn2.editmysite.com/css/free-footer-v3.css?buildtime=1662479164
IP
151.101.85.46:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (2632)
Size
886 B (886 bytes)
Hash
5c465ace654da8d0e367f91e7751ae62
f218f483eccbba5be90abf97eff819569329f8b7
0c91c8e311bc809644913a2ff023585ba587ecfc834ba3cd152544e75d422bd9

HTTP Headers

GET /css/free-footer-v3.css?buildtime=1662479164 HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dh234l.weebly.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: text/css
last-modified: Tue, 06 Sep 2022 15:26:22 GMT
etag: "6317669e-a49"
expires: Tue, 20 Sep 2022 15:50:21 GMT
cache-control: max-age=1209600
x-host: grn28.sf2p.intern.weebly.net
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 06 Sep 2022 21:14:30 GMT
age: 19448
x-served-by: cache-sjc10077-SJC, cache-bma1677-BMA
x-cache: HIT, HIT
x-cache-hits: 1, 82
x-timer: S1662498871.630409,VS0,VE0
vary: Accept-Encoding
access-control-allow-origin: *
content-length: 886
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
21d1b5be072df45253749eeb3290be82
4ac9978797c085289b9fcc2fe9a57b619e1c78c9
9ea779e1ad86a4a7c403b574908e2dc60d079b366ab1cf439b34c73c9a9c64c9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 21:14:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/recaptcha/api.js?_=1662498864701

142.250.74.164

200 OK

553 B

URL HTTP/2
www.google.com/recaptcha/api.js?_=1662498864701
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (850), with no line terminators
Size
553 B (553 bytes)
Hash
528455474b03fa8ad71a558347e43fe1
597b34487415fa60028f80afd7ab2cf27383ace5
af9ee6f9ce7bd44e5dbbfcab2a528e062f9dec4640a98a396170d46c494dafb5

HTTP Headers

GET /recaptcha/api.js?_=1662498864701 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dh234l.weebly.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
expires: Tue, 06 Sep 2022 21:14:30 GMT
date: Tue, 06 Sep 2022 21:14:30 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 553
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8fc7316fab55e89a81536e926eab6f83
7fcab743b176312e76999b39a1b2a3b97dbeb10f
8178b9805611209f5c47dce32da555117870a90648e026d08cc691a4103169a7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 21:14:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

dh234l.weebly.com/uploads/1/4/2/7/142706760/background-images/371655141.jpg

199.34.228.53

200 OK

72 kB

URL HTTP/1.1
dh234l.weebly.com/uploads/1/4/2/7/142706760/background-images/371655141.jpg
IP
199.34.228.53:0
ASN
#27647 WEEBLY

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1680x1050, components 3\012- data
Size
72 kB (71988 bytes)
Hash
afe2b660c17024021625f57243199d3f
66ae368e89b6d2b4753a0cc6ce1563e24aa47f33
adaecd0b53e9b0706b68f852edede5ca5b2ee6511f0567019a0920a35b3dcd67

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /uploads/1/4/2/7/142706760/background-images/371655141.jpg HTTP/1.1
Host: dh234l.weebly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dh234l.weebly.com/
Cookie: is_mobile=0; language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 21:14:30 GMT
Content-Type: image/jpeg
Content-Length: 71988
Connection: keep-alive
Last-Modified: Sun, 03 Oct 2021 22:33:13 GMT
x-rgw-object-type: Normal
ETag: "afe2b660c17024021625f57243199d3f"
x-amz-request-id: tx000000000000035dce4b3-006315c913-bfe27ea-sfo1
X-Storage-Bucket: zadae
X-Storage-Object: adaecd0b53e9b0706b68f852edede5ca5b2ee6511f0567019a0920a35b3dcd67
X-Host: grn139.sf2p.intern.weebly.net
Accept-Ranges: bytes

dh234l.weebly.com/files/theme/fonts/2cd55546-ec00-4af9-aeca-4a3cd186da53.woff2?1659700782

199.34.228.53

200 OK

17 kB

URL HTTP/1.1
dh234l.weebly.com/files/theme/fonts/2cd55546-ec00-4af9-aeca-4a3cd186da53.woff2?1659700782
IP
199.34.228.53:0
ASN
#27647 WEEBLY

File type
Web Open Font Format (Version 2), TrueType, length 16560, version 2.6553\012- data
Size
17 kB (16561 bytes)
Hash
27958408325380d903e67d87768563b8
d728e699c79072f1c7b9602c771e241b8c04c8a4
83f8b8932766826c1dd3a228b48f4072586ca09f781d64e2950d9f0e235c00a0

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.
fortinet	Phishing

HTTP Headers

GET /files/theme/fonts/2cd55546-ec00-4af9-aeca-4a3cd186da53.woff2?1659700782 HTTP/1.1
Host: dh234l.weebly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://dh234l.weebly.com/files/main_style.css?1659700782
Cookie: is_mobile=0; language=en
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 21:14:30 GMT
Content-Type: font/woff2
Content-Length: 16561
Connection: keep-alive
Last-Modified: Fri, 30 Aug 2019 08:25:03 GMT
ETag: "27958408325380d903e67d87768563b8"
x-amz-request-id: tx000000000000009274c06-005eaa58ef-10e2649-las
X-Storage-Bucket: z83f8
X-Storage-Object: 83f8b8932766826c1dd3a228b48f4072586ca09f781d64e2950d9f0e235c00a0
X-Host: blu24.sf2p.intern.weebly.net
Accept-Ranges: bytes

ocsp.sca1b.amazontrust.com/

54.230.245.118

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.118:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
33359e458125876015b1cdc7e05d761a
0eead0a74285cfbdc94bc5df42f5aa45aad31add
2d56257f17728a0d56457c6c0768f1d45f5f7b739df283b82ca43808aa01e7aa

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 06 Sep 2022 21:14:31 GMT
Last-Modified: Tue, 06 Sep 2022 20:38:23 GMT
Server: ECS (nyb/1D1C)
X-Cache: Miss from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: nLma3qZq5-rGGB5G-CS46zcfXDT-AAMveJ7WArLEwSwPmFOu1iGdNA==
Age: 2168

ocsp.sca1b.amazontrust.com/

54.230.245.118

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.118:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
33359e458125876015b1cdc7e05d761a
0eead0a74285cfbdc94bc5df42f5aa45aad31add
2d56257f17728a0d56457c6c0768f1d45f5f7b739df283b82ca43808aa01e7aa

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 06 Sep 2022 21:14:31 GMT
Last-Modified: Tue, 06 Sep 2022 20:57:18 GMT
Server: ECS (nyb/1D0F)
X-Cache: Miss from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 1mnw4LfV0mu8t7LPNj_RXQEWPD1krQnDfXh9jkXJOC-1RFJ9GJ9FgA==
Age: 1033

www.gstatic.com/recaptcha/releases/duyHVVR9Brf6N2GewjkPRfsA/recaptcha__en.js

142.250.74.163

200 OK

158 kB

URL HTTP/2
www.gstatic.com/recaptcha/releases/duyHVVR9Brf6N2GewjkPRfsA/recaptcha__en.js
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
HTML document, ASCII text, with very long lines (579)
Size
158 kB (158056 bytes)
Hash
d63a69f898e1d00cfc7c871744ded8c4
e166540eccb571c95c8c1135c2168cf5df306991
ed7892ca1498d6dfc0ff8b354ab8c409eed81b1fa77b427467815d0c7f45021c

HTTP Headers

GET /recaptcha/releases/duyHVVR9Brf6N2GewjkPRfsA/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dh234l.weebly.com
Connection: keep-alive
Referer: https://dh234l.weebly.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 158056
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 02 Sep 2022 21:31:14 GMT
expires: Sat, 02 Sep 2023 21:31:14 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 02 Sep 2022 18:40:58 GMT
content-type: text/javascript
age: 344597
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
62c739a1335c5cf0fd4e783db6cdf14b
4f4a2acf32a7b7d8d86f7d0b037cdd16d59704ff
de1d42a2f47b8a7f1fed1880f1b485f63a5e07ede87fee3194cabeab056cf6f9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 21:14:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ssl.google-analytics.com/ga.js

142.250.74.72

200 OK

17 kB

URL HTTP/2
ssl.google-analytics.com/ga.js
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1305)
Size
17 kB (17168 bytes)
Hash
01d5892e6e243b52998310c2925b9f3a
58180151b6a6ee4af73583a214b68efb9e8844d4
7e90efb4620a78e8869796d256bcddbde90b853c8c15c5cc116cb11d3d17bc4d

HTTP Headers

GET /ga.js HTTP/1.1
Host: ssl.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dh234l.weebly.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 17168
date: Tue, 06 Sep 2022 20:29:20 GMT
expires: Tue, 06 Sep 2022 22:29:20 GMT
cache-control: public, max-age=7200
age: 2711
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
62c739a1335c5cf0fd4e783db6cdf14b
4f4a2acf32a7b7d8d86f7d0b037cdd16d59704ff
de1d42a2f47b8a7f1fed1880f1b485f63a5e07ede87fee3194cabeab056cf6f9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 21:14:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

dh234l.weebly.com/files/theme/fonts/1e9892c0-6927-4412-9874-1b82801ba47a.woff?1659700782

199.34.228.53

200 OK

21 kB

URL HTTP/1.1
dh234l.weebly.com/files/theme/fonts/1e9892c0-6927-4412-9874-1b82801ba47a.woff?1659700782
IP
199.34.228.53:0
ASN
#27647 WEEBLY

File type
Web Open Font Format, TrueType, length 20709, version 1.0\012- data
Size
21 kB (20710 bytes)
Hash
9df5efadcd24b83511f3c339178210d8
74f67081083ebd94979f50e681df20bfbdc4cd8d
0d887fc553f2b9a6488c8bbdeb38d0e70e2da58d5bb34161d32f683af096fdb8

HTTP Headers

GET /files/theme/fonts/1e9892c0-6927-4412-9874-1b82801ba47a.woff?1659700782 HTTP/1.1
Host: dh234l.weebly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://dh234l.weebly.com/files/main_style.css?1659700782
Cookie: is_mobile=0; language=en; _snow_ses.cb39=*; _snow_id.cb39=0bd25274-1899-4550-8926-a8afe3fa34cb.1662498865.1.1662498865.1662498865.c3887014-50e3-4f4d-bbcf-03206390cca1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 21:14:31 GMT
Content-Type: font/woff
Content-Length: 20710
Connection: keep-alive
Last-Modified: Wed, 11 Dec 2019 02:22:43 GMT
ETag: "9df5efadcd24b83511f3c339178210d8"
x-amz-request-id: tx000000000000000002cdc-005ea35a1a-10e20e2-las
X-Storage-Bucket: z0d88
X-Storage-Object: 0d887fc553f2b9a6488c8bbdeb38d0e70e2da58d5bb34161d32f683af096fdb8
X-Host: grn29.sf2p.intern.weebly.net
Accept-Ranges: bytes

dh234l.weebly.com/favicon.ico

199.34.228.53

200 OK

4.3 kB

URL HTTP/1.1
dh234l.weebly.com/favicon.ico
IP
199.34.228.53:0
ASN
#27647 WEEBLY

File type
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel\012- data
Size
4.3 kB (4286 bytes)
Hash
4d27526198ac873ccec96935198e0fb9
b98d8b73ad6a0f7477c3397561b4aab37bf262aa
40a2146151863bcf46c786d596e81a308d1b0d26d74635be441e92656f29b1b4

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: dh234l.weebly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dh234l.weebly.com/
Cookie: is_mobile=0; language=en; _snow_ses.cb39=*; _snow_id.cb39=0bd25274-1899-4550-8926-a8afe3fa34cb.1662498865.1.1662498865.1662498865.c3887014-50e3-4f4d-bbcf-03206390cca1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 21:14:31 GMT
Content-Type: image/x-icon
Content-Length: 4286
Connection: keep-alive
Last-Modified: Fri, 24 Sep 2021 21:48:12 GMT
x-rgw-object-type: Normal
ETag: "4d27526198ac873ccec96935198e0fb9"
x-amz-request-id: tx000000000000001b2998c-006284778e-b9fbc63-sfo1
X-Storage-Bucket: z40a2
X-Storage-Object: 40a2146151863bcf46c786d596e81a308d1b0d26d74635be441e92656f29b1b4
X-Host: blu13.sf2p.intern.weebly.net
Accept-Ranges: bytes

dh234l.weebly.com/ajax/api/JsonRPC/CustomerAccounts/?CustomerAccounts[CustomerAccounts::getAccountDetails]

199.34.228.53

200 OK

348 B

URL HTTP/1.1
dh234l.weebly.com/ajax/api/JsonRPC/CustomerAccounts/?CustomerAccounts[CustomerAccounts::getAccountDetails]
IP
199.34.228.53:0
ASN
#27647 WEEBLY

File type
JSON data\012- , ASCII text, with very long lines (348), with no line terminators
Size
348 B (348 bytes)
Hash
a944dd688c99d2901d6719be713271c0
4f5454d5d434829baf46671638610791758725d9
adb97e1bc686c58b4286f1208d2bd969687c6cf3e2fc468697dfd956d260de49

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.
fortinet	Phishing

HTTP Headers

POST /ajax/api/JsonRPC/CustomerAccounts/?CustomerAccounts[CustomerAccounts::getAccountDetails] HTTP/1.1
Host: dh234l.weebly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 83
Origin: https://dh234l.weebly.com
Connection: keep-alive
Referer: https://dh234l.weebly.com/
Cookie: is_mobile=0; language=en; _snow_ses.cb39=*; _snow_id.cb39=0bd25274-1899-4550-8926-a8afe3fa34cb.1662498865.1.1662498865.1662498865.c3887014-50e3-4f4d-bbcf-03206390cca1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 21:14:31 GMT
Server: Apache
Vary: X-W-SSL,User-Agent
X-Host: blu101.sf2p.intern.weebly.net
X-UA-Compatible: IE=edge,chrome=1
Content-Length: 348
Keep-Alive: timeout=10, max=72
Connection: Keep-Alive
Content-Type: application/json

ec.editmysite.com/com.snowplowanalytics.snowplow/tp2

35.82.13.103

200 OK

0 B

URL HTTP/2
ec.editmysite.com/com.snowplowanalytics.snowplow/tp2
IP
35.82.13.103:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /com.snowplowanalytics.snowplow/tp2 HTTP/1.1
Host: ec.editmysite.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://dh234l.weebly.com/
Origin: https://dh234l.weebly.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 06 Sep 2022 21:14:31 GMT
content-length: 0
server: nginx
access-control-allow-origin: https://dh234l.weebly.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, SP-Anonymous
access-control-max-age: 5
X-Firefox-Spdy: h2

ec.editmysite.com/com.snowplowanalytics.snowplow/tp2

35.82.13.103

200 OK

2 B

URL HTTP/2
ec.editmysite.com/com.snowplowanalytics.snowplow/tp2
IP
35.82.13.103:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

HTTP Headers

POST /com.snowplowanalytics.snowplow/tp2 HTTP/1.1
Host: ec.editmysite.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 1788
Origin: https://dh234l.weebly.com
Connection: keep-alive
Referer: https://dh234l.weebly.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Sep 2022 21:14:31 GMT
content-type: text/plain; charset=UTF-8
content-length: 2
server: nginx
set-cookie: sp=d6f5aece-713f-4acb-ae19-b559e1ad3fd3; Expires=Wed, 06 Sep 2023 21:14:31 GMT; Domain=; Path=/; Secure; SameSite=None
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
access-control-allow-origin: https://dh234l.weebly.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2

dh234l.weebly.com/files/theme/fonts/46cf1067-688d-4aab-b0f7-bd942af6efd8.ttf?1659700782

199.34.228.53

200 OK

39 kB

URL HTTP/1.1
dh234l.weebly.com/files/theme/fonts/46cf1067-688d-4aab-b0f7-bd942af6efd8.ttf?1659700782
IP
199.34.228.53:0
ASN
#27647 WEEBLY

File type
TrueType Font data, 16 tables, 1st "GPOS", 26 names, Macintosh, Copyright \251 2004 - 2007 Linotype GmbH, www.linotype.com. All rights reserved. This font softw\012- data
Size
39 kB (39185 bytes)
Hash
98f6dacde86ebbaac7cc62b34a6e54cf
d232a9249b6f39e7d35ce6a555e070987357acc9
65032d5699bf3d4deb4313aa4d1bb8375053ac7e93dfb4bf631ce9261da20c2b

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.
fortinet	Phishing

HTTP Headers

GET /files/theme/fonts/46cf1067-688d-4aab-b0f7-bd942af6efd8.ttf?1659700782 HTTP/1.1
Host: dh234l.weebly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dh234l.weebly.com/files/main_style.css?1659700782
Cookie: is_mobile=0; language=en; _snow_ses.cb39=*; _snow_id.cb39=0bd25274-1899-4550-8926-a8afe3fa34cb.1662498865.1.1662498865.1662498865.c3887014-50e3-4f4d-bbcf-03206390cca1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 21:14:31 GMT
Content-Type: font/ttf
Content-Length: 39185
Connection: keep-alive
Last-Modified: Wed, 11 Dec 2019 02:22:44 GMT
ETag: "98f6dacde86ebbaac7cc62b34a6e54cf"
x-amz-request-id: tx00000000000000923ac6d-005eaa5768-10e2649-las
X-Storage-Bucket: z6503
X-Storage-Object: 65032d5699bf3d4deb4313aa4d1bb8375053ac7e93dfb4bf631ce9261da20c2b
X-Host: grn46.sf2p.intern.weebly.net
Accept-Ranges: bytes

cdn2.editmysite.com/js/site/main.js?buildTime=1659658527

151.101.85.46

200 OK

0 B

URL HTTP/2
cdn2.editmysite.com/js/site/main.js?buildTime=1659658527
IP
151.101.85.46:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/site/main.js?buildTime=1659658527 HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dh234l.weebly.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-type: application/javascript
last-modified: Tue, 30 Aug 2022 19:50:41 GMT
etag: "630e6a11-74804"
expires: Wed, 14 Sep 2022 10:26:22 GMT
cache-control: max-age=1209600
x-host: grn81.sf2p.intern.weebly.net
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 06 Sep 2022 21:14:29 GMT
age: 557288
x-served-by: cache-sjc10074-SJC, cache-bma1677-BMA
x-cache: HIT, HIT
x-cache-hits: 1, 1
x-timer: S1662498870.874164,VS0,VE1
vary: Accept-Encoding
access-control-allow-origin: *
content-length: 146400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (24)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations