Report - myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/

Report Overview

Submitted URL
myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/
IP
63.250.43.133
ASN
#22612 NAMECHEAP-NET
Submitted
2022-11-07 07:44:03
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
20

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ajax.googleapis.com	12905	2013-08-16T11:51:31Z	2023-03-10T15:05:48Z	422 B	32 kB	172.217.21.170
s3-us-west-2.amazonaws.com	unknown	2017-01-29T12:21:01Z	2023-03-10T15:56:08Z	431 B	177 kB	52.218.224.224
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-10T05:10:04Z	2.2 kB	43 kB	34.120.237.76
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-10T13:49:44Z	2.7 kB	5.4 kB	93.184.220.29
ocsp.sectigo.com	487	2019-11-29T12:50:24Z	2023-03-10T14:35:32Z	340 B	963 B	172.64.155.188
cdnjs.cloudflare.com	235	2015-04-17T22:46:33Z	2023-03-10T08:04:05Z	423 B	28 kB	104.17.25.14
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-10T05:11:10Z	686 B	1.4 kB	142.250.74.35
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-10T05:09:10Z	1.7 kB	4.4 kB	23.36.77.32
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-10T05:10:02Z	606 B	127 B	52.43.253.52
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-10T05:10:00Z	333 B	229 B	34.117.237.239
stackpath.bootstrapcdn.com	2467	2018-06-15T22:36:43Z	2023-03-10T09:31:27Z	505 B	26 kB	104.18.10.207
kit.fontawesome.com	1868	2019-12-16T20:51:31Z	2023-03-10T05:23:49Z	460 B	650 B	104.18.23.52
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-10T05:12:35Z	413 B	5.8 kB	34.160.144.191
ocsp.sca1b.amazontrust.com	1015	2017-03-03T16:20:51Z	2019-03-27T05:05:54Z	350 B	1.0 kB	54.230.245.118
myworkinsurance-bbacff.ingress-erytho.ewp.live	unknown	2022-11-06T20:25:06Z	2023-02-24T14:14:59Z	6.7 kB	105 kB	63.250.43.133
ka-f.fontawesome.com	3598	2019-12-17T07:36:13Z	2023-03-10T05:23:50Z	2.1 kB	82 kB	172.64.203.28

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-11-06	medium	myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/	DHL Airways, Inc.

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-07	medium	myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/dhl-logo.svg	Phishing
2022-11-07	medium	myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/facebook-new.svg	Phishing
2022-11-07	medium	myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/linkedIn-new.svg	Phishing
2022-11-07	medium	myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/youtube-new.svg	Phishing
2022-11-07	medium	myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/instagram-new.svg	Phishing
2022-11-07	medium	myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/03f859bf58e4d37841070de34be7d978.woff	Phishing
2022-11-07	medium	myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/jquery-3.5.1.min.js	Phishing
2022-11-07	medium	myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/	Phishing
2022-11-07	medium	myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/Java_onfunc_carding.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	kit.fontawesome.com/8cb6f1f1f2.js	11 kB	2023-03-07	2023-03-14
Pretty URL kit.fontawesome.com/8cb6f1f1f2.js IP 104.18.23.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:38:35 Last Seen2023-03-14 10:15:59 Times Seen1 Hash 5281f212cf8b500b26f782a4e3b7274b c682620c03a82e7bd1bdf4d9cc9b3df51d6170b4 2e1187c161550c813eea50a8261ed421ed1e74d0a7a837e7f240ab6158ca4a93 Loading...

	myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/jquery-3.5.1.min.js	153 kB	2023-03-07	2023-09-26
Pretty URL myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/jquery-3.5.1.min.js IP 63.250.43.133 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:38:35 Last Seen2023-09-26 03:04:14 Times Seen49 Hash ec7e63b8f7f3efda9ff91073c1506893 ccf82dd0a1ff6760fed830f7fed4565b26b3f174 df2da32e81e4bd84061f417765a752135c2f7518a7c240f303f3c83c812210b6 Loading...

	s3-us-west-2.amazonaws.com/s.cdpn.io/3/jquery.inputmask.bundle.js	176 kB	2023-03-07	2024-04-15
Pretty URL s3-us-west-2.amazonaws.com/s.cdpn.io/3/jquery.inputmask.bundle.js IP 52.218.224.224 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:11 Last Seen2024-04-15 06:23:30 Times Seen777 Hash f0b02d9f2d3c6679556e63935ac23320 384bb74cdb2840da6eaa9400242faf4a2fac3daa f708ad894d421f32ed297a914632db6bc1577841d1c210b34f1a0821ea0aaa4b Loading...

	myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/	248 B	2023-03-07	2023-03-14
Pretty URL myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/ IP 63.250.43.133 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:38:35 Last Seen2023-03-14 10:15:59 Times Seen1 Hash fade65107dc9a5b687a97613a19e4253 0ae454227d5d49f59c69b037d0210153c6d93c4e e8260ee866c7780c1a6b092d2a2bc788b233a5bf12abfd0ee0e9d7436dd1c869 Loading...

	myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/Java_onfunc_carding.js	2.5 kB	2023-03-09	2023-09-26
Pretty URL myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/Java_onfunc_carding.js IP 63.250.43.133 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:06:30 Last Seen2023-09-26 03:04:14 Times Seen43 Hash eeaf96e6ccb60720ddb670874ab3fdde 11c39ad19e8cf80c4ccee46e0826d7b7ffb2b432 d18894aaa05c45f12b12c64379c9d60e6bd213263b0be1270b1d0e2fb5e1f91e Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js	87 kB	2023-03-07	2024-04-18
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:34 Last Seen2024-04-18 15:49:27 Times Seen262853 Hash e071abda8fe61194711cfc2ab99fe104 f647a6d37dc4ca055ced3cf64bbc1f490070acba 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js	90 kB	2023-03-07	2024-04-18
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js IP 172.217.21.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-18 18:21:12 Times Seen138168 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

HTTP Transactions (45)

URL IP Response Size

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
05978511215be8462d0b69e33b3a91a3
61535ba131d547f1c5108d9e7763ee3fc8d8c824
cfdbf0f9e88e3c1ae8eb03e46c352633a75d4b2edbfbd57c1c6b52ff1623a109

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4126
Cache-Control: max-age=100557
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 07:43:52 GMT
Etag: "63678ce7-1d7"
Expires: Tue, 08 Nov 2022 11:39:49 GMT
Last-Modified: Sun, 06 Nov 2022 10:31:03 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9e164a845d32db8fa51fdb5b1aa218d9
169099b4d2f8e119ab6cf6fca279b6fb535b1759
402ffbf1404cf05c0516c5a8cd5344bd53537ac5150d387730a90c81c17dc9e4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "402FFBF1404CF05C0516C5A8CD5344BD53537AC5150D387730A90C81C17DC9E4"
Last-Modified: Sun, 06 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12418
Expires: Mon, 07 Nov 2022 11:10:50 GMT
Date: Mon, 07 Nov 2022 07:43:52 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
05978511215be8462d0b69e33b3a91a3
61535ba131d547f1c5108d9e7763ee3fc8d8c824
cfdbf0f9e88e3c1ae8eb03e46c352633a75d4b2edbfbd57c1c6b52ff1623a109

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4126
Cache-Control: max-age=100557
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 07:43:52 GMT
Etag: "63678ce7-1d7"
Expires: Tue, 08 Nov 2022 11:39:49 GMT
Last-Modified: Sun, 06 Nov 2022 10:31:03 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d8c32b2fb818533a5b3fe5c69157bde9
93594fd3fc50d9d444c28660eabba1edbe4f0588
df8b8ce7a83d11fbe075c8780103c509654f288b5d757d64b696d861a11f3c7f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF8B8CE7A83D11FBE075C8780103C509654F288B5D757D64B696D861A11F3C7F"
Last-Modified: Sun, 06 Nov 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7196
Expires: Mon, 07 Nov 2022 09:43:48 GMT
Date: Mon, 07 Nov 2022 07:43:52 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: qn308iLEXPjoPrBDypL0HLOwcPLm25navcGCsxfZADK+IJJwuRorATDN4Derx8wJisxCMFo7P9s=
x-amz-request-id: 2J7QRTB2YTYBBTAB
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 07 Nov 2022 06:47:57 GMT
age: 3355
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 07 Nov 2022 07:43:52 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
437dd13f8d4d23a3cc96729298df5e3f
9811c10578ee2209a81f40308e3182487a9e8314
0e0f9cb7cbff923f23bfb36fad8896f26f89dbb980a2a1a599172381f4acf074

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 07:43:53 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 06 Nov 2022 21:28:13 GMT
Expires: Sun, 13 Nov 2022 21:28:12 GMT
Etag: "9811c10578ee2209a81f40308e3182487a9e8314"
Cache-Control: max-age=567259,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 766470c309eab505-OSL

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
7bb75cda180838bb141d84bc6237047c
3bfc21e05d99392259a744b8b6246c4e87c121f4
97b56f9370203a7d906a51562dc75f23414138e8d82423410bce14ac5c1fcca2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2968
Cache-Control: max-age=83209
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 07:43:53 GMT
Etag: "63674daa-117"
Expires: Tue, 08 Nov 2022 06:50:42 GMT
Last-Modified: Sun, 06 Nov 2022 06:01:14 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
d862f992e9902530594e7aca425f129b
25b414fe833d30b52928535d659a1ee281b82e3a
0c6286152fe8bb5fdf1505f2001d530a65ee53aa6d9601bbb1eecb683036071d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3862
Cache-Control: max-age=95240
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 07:43:53 GMT
Etag: "6367792b-1d7"
Expires: Tue, 08 Nov 2022 10:11:13 GMT
Last-Modified: Sun, 06 Nov 2022 09:06:51 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js

104.17.25.14

200 OK

27 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (32030)
Size
27 kB (27192 bytes)
Hash
92a5ff32a622bce0ca55d5644bdd4076
ad3c2861d6216aaf07b6ba1a0eb3b1a4eaa1ae91
1811f05ec81d0f3d900617e8760efb623e1a0f5ca0e8e424124181581653dbf5

HTTP Headers

GET /ajax/libs/jquery/3.1.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://myworkinsurance-bbacff.ingress-erytho.ewp.live/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 07 Nov 2022 07:43:53 GMT
content-type: application/javascript; charset=utf-8
content-length: 27192
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-152b5"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 397068
expires: Sat, 28 Oct 2023 07:43:53 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cZHoo1VG4dfVZuIVZ%2BCjXcGo0yu8vrT4fxeTuR3ztgukHni4boc0mrToN0mJIZpp5k%2FZbWa%2FgGKxkW8pHBQHrkFfEn59wM9uVleOH3rcXBECJnhS8PJIDxrkcQDGIyLqndonNT0K"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 766470c6b9150afa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b8988c44d656e4521aa7d84091f926d3
debd55429e2a0f0bcd257201f2efe00d2e7ed35f
e04704fa687f5daa90436f47c59fabadc7779f604a68cef3baf6b97a0bc5e92b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 07:43:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

172.217.21.170

200 OK

31 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
172.217.21.170:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65451)
Size
31 kB (31021 bytes)
Hash
903bc7a7e510f87aa5d0201eb59a0832
ac9aa4dd94cde1bcba9037e94087138b127e41fc
41a7ac8150cc9f38421451d5143c1ffec7a1f1fafbf7a7fc0f51b98ad699cf8f

HTTP Headers

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://myworkinsurance-bbacff.ingress-erytho.ewp.live/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31021
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 04 Nov 2022 13:11:20 GMT
expires: Sat, 04 Nov 2023 13:11:20 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 239553
last-modified: Fri, 08 May 2020 07:05:03 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
7bb75cda180838bb141d84bc6237047c
3bfc21e05d99392259a744b8b6246c4e87c121f4
97b56f9370203a7d906a51562dc75f23414138e8d82423410bce14ac5c1fcca2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2968
Cache-Control: max-age=83209
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 07:43:53 GMT
Etag: "63674daa-117"
Expires: Tue, 08 Nov 2022 06:50:42 GMT
Last-Modified: Sun, 06 Nov 2022 06:01:14 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b8988c44d656e4521aa7d84091f926d3
debd55429e2a0f0bcd257201f2efe00d2e7ed35f
e04704fa687f5daa90436f47c59fabadc7779f604a68cef3baf6b97a0bc5e92b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 07:43:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
558af726d894ff3f29a5354d344c6e92
6ad0433d11c6571c3bca6c25fc95a7a98907931a
d451eb78c4ab4eaa0551653e919d537599561477c32c37c0c5becd2a14cefcdf

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5522
Cache-Control: max-age=114930
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 07:43:53 GMT
Etag: "6367bf99-117"
Expires: Tue, 08 Nov 2022 15:39:23 GMT
Last-Modified: Sun, 06 Nov 2022 14:07:21 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279

stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css

104.18.10.207

200 OK

25 kB

URL HTTP/2
stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
IP
104.18.10.207:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65324)
Size
25 kB (25130 bytes)
Hash
dace8d5e44eb728f0e4ceca87ae3de3c
711108ee10656dfb3814f5117abaa32e9195f4c0
eec74ec329793a95fe451b1d1c6ea6cc094d4cf7f6e31a5b87a2b80e65392494

HTTP Headers

GET /bootstrap/4.5.0/css/bootstrap.min.css HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://myworkinsurance-bbacff.ingress-erytho.ewp.live/
Origin: https://myworkinsurance-bbacff.ingress-erytho.ewp.live
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 07 Nov 2022 07:43:53 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"3afe15e976734d9daac26310110c4594"
last-modified: Mon, 25 Jan 2021 22:04:10 GMT
cdn-cachedat: 08/20/2022 02:33:27
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 865
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 11f02ca162dd960bba2e82b8418b83a5
cdn-cache: HIT
cf-cache-status: HIT
age: 44321
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 766470c6bf9efab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
558af726d894ff3f29a5354d344c6e92
6ad0433d11c6571c3bca6c25fc95a7a98907931a
d451eb78c4ab4eaa0551653e919d537599561477c32c37c0c5becd2a14cefcdf

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5522
Cache-Control: max-age=114930
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 07:43:53 GMT
Etag: "6367bf99-117"
Expires: Tue, 08 Nov 2022 15:39:23 GMT
Last-Modified: Sun, 06 Nov 2022 14:07:21 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279

push.services.mozilla.com/

52.43.253.52

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.43.253.52:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: wNx+2urJWLouf2dC91F+Yw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: nPiJqIuEWTfic6vot9zp73+FLSw=

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
558af726d894ff3f29a5354d344c6e92
6ad0433d11c6571c3bca6c25fc95a7a98907931a
d451eb78c4ab4eaa0551653e919d537599561477c32c37c0c5becd2a14cefcdf

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5522
Cache-Control: max-age=114930
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 07:43:53 GMT
Etag: "6367bf99-117"
Expires: Tue, 08 Nov 2022 15:39:23 GMT
Last-Modified: Sun, 06 Nov 2022 14:07:21 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279

ocsp.sca1b.amazontrust.com/

54.230.245.118

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.118:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
91fb9efb480fe834e10a73d729936208
c37e81b77c5676e39133cd504c00d0f360367050
40333ca533b4c37dffc7e912e0cdad274fe7f3556c02aab57d62c8ca6bce1057

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=128622
Date: Mon, 07 Nov 2022 07:43:53 GMT
Etag: "63680186-1d7"
Expires: Tue, 08 Nov 2022 19:27:35 GMT
Last-Modified: Sun, 06 Nov 2022 18:48:38 GMT
Server: ECS (bsa/EB1A)
X-Cache: Miss from cloudfront
Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: gike5UNkfWNBzyrDM5yKVp9-8sD8qwhRRbFtV8aQ-jr9bTXXxy_8iQ==
Age: 2337

myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/dhl-logo.svg

63.250.43.133

200 OK

722 B

URL HTTP/2
myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/dhl-logo.svg
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
722 B (722 bytes)
Hash
75e6a3a06ceab9d5d544db411b461773
6133136f4082d6e1286023a7a28e32fe69d0ad40
60f60db64661c2ec17815671734b616bab2fe1befacad5482953f3e7dc13961a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/dhl-logo.svg HTTP/1.1
Host: myworkinsurance-bbacff.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 07 Nov 2022 07:43:53 GMT
content-type: image/svg+xml
last-modified: Sun, 06 Nov 2022 18:02:16 GMT
vary: Accept-Encoding
etag: W/"6367f6a8-643"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
age: 0
x-cache: MISS
accept-ranges: bytes
content-length: 722
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/facebook-new.svg

63.250.43.133

200 OK

698 B

URL HTTP/2
myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/facebook-new.svg
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (963)
Size
698 B (698 bytes)
Hash
65511a53e9712caf75a543c78234fbfd
09501988af5b347f96b1793617483d9fa2b3ac61
350352f2e50e0d8a0e88979c40404f19360919f8d9b19a113172417e19e4e7fc

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/facebook-new.svg HTTP/1.1
Host: myworkinsurance-bbacff.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 07 Nov 2022 07:43:53 GMT
content-type: image/svg+xml
last-modified: Sun, 06 Nov 2022 18:02:16 GMT
vary: Accept-Encoding
etag: W/"6367f6a8-57e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
age: 0
x-cache: MISS
accept-ranges: bytes
content-length: 698
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/linkedIn-new.svg

63.250.43.133

200 OK

738 B

URL HTTP/2
myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/linkedIn-new.svg
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1204)
Size
738 B (738 bytes)
Hash
cfef11df2c8c9cbbf5da179439a168f7
688d97990f2a9975df3cb08e65a484375e036b62
9f04e6cfd182010384025989c3066664e006d775519438e14ad5a32d7e773e05

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/linkedIn-new.svg HTTP/1.1
Host: myworkinsurance-bbacff.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 07 Nov 2022 07:43:53 GMT
content-type: image/svg+xml
last-modified: Sun, 06 Nov 2022 18:02:16 GMT
vary: Accept-Encoding
etag: W/"6367f6a8-66f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
age: 0
x-cache: MISS
accept-ranges: bytes
content-length: 738
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/youtube-new.svg

63.250.43.133

200 OK

614 B

URL HTTP/2
myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/youtube-new.svg
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (971)
Size
614 B (614 bytes)
Hash
7962bda21ad2fbf49b9bf2a3b61ba684
72e83d6dbd066a4c10507558e86739fb09b57331
ab6011f45627db15cb14f9699f51a5c853047b881508643c952286218e8fb15e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/youtube-new.svg HTTP/1.1
Host: myworkinsurance-bbacff.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 07 Nov 2022 07:43:53 GMT
content-type: image/svg+xml
last-modified: Sun, 06 Nov 2022 18:02:16 GMT
vary: Accept-Encoding
etag: W/"6367f6a8-584"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
age: 0
x-cache: MISS
accept-ranges: bytes
content-length: 614
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/instagram-new.svg

63.250.43.133

200 OK

1.6 kB

URL HTTP/2
myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/instagram-new.svg
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4063)
Size
1.6 kB (1608 bytes)
Hash
35614693def25a2cee78147b50b6724c
c29ec1ccc5e1a7c6e1b34db29bb4901ec341c0a5
492672ac5552ca4885e5b15f01684c45062ac1f431570dff66a1e12f638966b9

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/instagram-new.svg HTTP/1.1
Host: myworkinsurance-bbacff.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 07 Nov 2022 07:43:53 GMT
content-type: image/svg+xml
last-modified: Sun, 06 Nov 2022 18:02:16 GMT
vary: Accept-Encoding
etag: W/"6367f6a8-119c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
age: 0
x-cache: MISS
accept-ranges: bytes
content-length: 1608
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/03f859bf58e4d37841070de34be7d978.woff

63.250.43.133

200 OK

41 kB

URL HTTP/2
myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/03f859bf58e4d37841070de34be7d978.woff
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type
Web Open Font Format, TrueType, length 41084, version 1.66\012- data
Size
41 kB (41084 bytes)
Hash
03f859bf58e4d37841070de34be7d978
3436d4fa17e7ee470c3d62b08787cfa7de408408
5af5c3746b03792640b9cafdabddfb2c5407f72988e128541a88fa439607d940

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/03f859bf58e4d37841070de34be7d978.woff HTTP/1.1
Host: myworkinsurance-bbacff.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/style_019.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 07 Nov 2022 07:43:53 GMT
content-type: font/woff
content-length: 41084
last-modified: Sun, 06 Nov 2022 18:02:16 GMT
etag: "6367f6a8-a07c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
accept-ranges: bytes
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

ka-f.fontawesome.com/releases/v5.15.4/webfonts/free-fa-solid-900.woff2

172.64.203.28

200 OK

78 kB

URL HTTP/2
ka-f.fontawesome.com/releases/v5.15.4/webfonts/free-fa-solid-900.woff2
IP
172.64.203.28:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 78168, version 331.-31196\012- data
Size
78 kB (78168 bytes)
Hash
a9fd1225fb2cd32320e2b931dca01089
44ec5c6a868b4ce62350d9f040ed8e18f7a1d128
c5dd43f53f3af822cbf17b1fb75f46192cdbd51724f277acf6cf0dacb3fd57e7

HTTP Headers

GET /releases/v5.15.4/webfonts/free-fa-solid-900.woff2 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://myworkinsurance-bbacff.ingress-erytho.ewp.live/
Origin: https://myworkinsurance-bbacff.ingress-erytho.ewp.live
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 07 Nov 2022 07:43:53 GMT
content-type: font/woff2
content-length: 78168
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:58:24 GMT
etag: "a9fd1225fb2cd32320e2b931dca01089"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
x-cache: Hit from cloudfront
via: 1.1 ed393405ff603a61a1e63909cf1c1a44.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: MOwONqwFkLRk4WUs_-Fga2MXV1h48N0EuaOjBcq2ZxXvcXZIvS6_lA==
age: 77569
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i7v%2BK8V4qHn7F9GZuAy81NNE4jlVOWauFfCbgNDddtjDKn%2BioAyrwRtZyu9JCBF0tpmbC0nnhib0%2FmDq6DnmyQ7uWuIznH%2Fagl2YEpFG%2BJhQ%2F3ND%2F6L0ePcafxDWE%2FXcXdUWfC0cvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 766470c9aadb8865-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

s3-us-west-2.amazonaws.com/s.cdpn.io/3/jquery.inputmask.bundle.js

52.218.224.224

200 OK

176 kB

URL HTTP/1.1
s3-us-west-2.amazonaws.com/s.cdpn.io/3/jquery.inputmask.bundle.js
IP
52.218.224.224:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (544)
Size
176 kB (176433 bytes)
Hash
f0b02d9f2d3c6679556e63935ac23320
384bb74cdb2840da6eaa9400242faf4a2fac3daa
f708ad894d421f32ed297a914632db6bc1577841d1c210b34f1a0821ea0aaa4b

HTTP Headers

GET /s.cdpn.io/3/jquery.inputmask.bundle.js HTTP/1.1
Host: s3-us-west-2.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://myworkinsurance-bbacff.ingress-erytho.ewp.live/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
x-amz-id-2: IFdPD5MWa99oGHniUwDuS6e5WCI+1jo15MqwBnFEF8bjys1fjgqYXOtGVsD7KX/kBJgPgJqs/Ig=
x-amz-request-id: S9HRYSFP95REP2KK
Date: Mon, 07 Nov 2022 07:43:54 GMT
Last-Modified: Wed, 30 Nov 2016 13:28:36 GMT
ETag: "f0b02d9f2d3c6679556e63935ac23320"
Cache-Control: public
Expires: Mon, 30 Nov 2026 13:28:34 GMT
x-amz-version-id: null
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Content-Length: 176433

myworkinsurance-bbacff.ingress-erytho.ewp.live/favicon.ico

63.250.43.133

204 No Content

0 B

URL HTTP/2
myworkinsurance-bbacff.ingress-erytho.ewp.live/favicon.ico
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: myworkinsurance-bbacff.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Sun, 06 Nov 2022 18:24:21 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-type: image/png
age: 47973
x-cache: HIT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2e37c89a5a7f608a21ac42b87ee0f7fc
55132fb03671e178b7e186da48ac7e02d6e96e23
6d71b8c1578f69619e174e61fbe9c92de7df4563e4a413b7b3d1be229f464df2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D71B8C1578F69619E174E61FBE9C92DE7DF4563E4A413B7B3D1BE229F464DF2"
Last-Modified: Sun, 06 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13281
Expires: Mon, 07 Nov 2022 11:25:15 GMT
Date: Mon, 07 Nov 2022 07:43:54 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2e37c89a5a7f608a21ac42b87ee0f7fc
55132fb03671e178b7e186da48ac7e02d6e96e23
6d71b8c1578f69619e174e61fbe9c92de7df4563e4a413b7b3d1be229f464df2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D71B8C1578F69619E174E61FBE9C92DE7DF4563E4A413B7B3D1BE229F464DF2"
Last-Modified: Sun, 06 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13281
Expires: Mon, 07 Nov 2022 11:25:15 GMT
Date: Mon, 07 Nov 2022 07:43:54 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2e37c89a5a7f608a21ac42b87ee0f7fc
55132fb03671e178b7e186da48ac7e02d6e96e23
6d71b8c1578f69619e174e61fbe9c92de7df4563e4a413b7b3d1be229f464df2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D71B8C1578F69619E174E61FBE9C92DE7DF4563E4A413B7B3D1BE229F464DF2"
Last-Modified: Sun, 06 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13281
Expires: Mon, 07 Nov 2022 11:25:15 GMT
Date: Mon, 07 Nov 2022 07:43:54 GMT
Connection: keep-alive

myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/jquery-3.5.1.min.js

63.250.43.133

200 OK

47 kB

URL HTTP/2
myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/jquery-3.5.1.min.js
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type
data
Size
47 kB (46997 bytes)
Hash
dfae09474f75809a48d608c45013f0b6
334dbcdfe0e0944dd5329ff2385d7381c442c63d
83dd304b9ff02c60b8fc8f8d0641cbd409ab5e7f0d8b4a7d4f8fef2afaf68324

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/jquery-3.5.1.min.js HTTP/1.1
Host: myworkinsurance-bbacff.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 07 Nov 2022 07:43:53 GMT
content-type: application/javascript
last-modified: Sun, 06 Nov 2022 18:02:16 GMT
vary: Accept-Encoding
etag: W/"6367f6a8-255e1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
age: 0
x-cache: MISS
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10462 bytes)
Hash
4e2853cc6ec6223160471401e6871f4b
f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c
bf4b9145ea043d87a30fd3aeeae21a1a0aa27004cd2467e7aa843bc894ae1f60

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10462
x-amzn-requestid: 43480a38-fd89-4c47-b8c4-e6ba90b1321c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aMF6oEz_oAMF8Hg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634e5043-6617fd2e59cab00135301cdd;Sampled=0
x-amzn-remapped-date: Tue, 18 Oct 2022 07:05:39 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: C7GYpM3mXSf0hVyGO9Zzlxa3IHXHdyPlXsvr3i0GoQnaPZF6lO-OwA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 07 Nov 2022 06:28:00 GMT
age: 4554
etag: "f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/style_019.css

63.250.43.133

200 OK

4.8 kB

URL HTTP/2
myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/style_019.css
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type
data
Size
4.8 kB (4808 bytes)
Hash
f0195c617022fb949c9e54de73123aa2
f104221b751be0c1606bf1574131c67210ff5b53
3c9adcdc91dbd63f4f465890595380066bc0db634fb0586b68723ef9943f1d9b

HTTP Headers

GET /wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/style_019.css HTTP/1.1
Host: myworkinsurance-bbacff.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 07 Nov 2022 07:43:53 GMT
content-type: text/css
last-modified: Sun, 06 Nov 2022 18:02:16 GMT
vary: Accept-Encoding
etag: W/"6367f6a8-112b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
age: 0
x-cache: MISS
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0cee920-59af-44a8-b927-8cca201ce610.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.6 kB (9612 bytes)
Hash
78d54d3bbd154ae8ac4366cb204ff7a0
f88269b0e066e777dd74b36648b6dbdcf10647b5
f1c14829ae75863531bde481455b5ae20254eb3472604d01b77a6028e4e56bf6

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0cee920-59af-44a8-b927-8cca201ce610.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9612
x-amzn-requestid: dd4e6718-3415-413b-bbac-2fdf17dca523
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: a9iOjEtoIAMF-LQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63621729-35a6494a7e699fdf52b9b68b;Sampled=0
x-amzn-remapped-date: Wed, 02 Nov 2022 07:07:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: eDEsT0S4pW3FVaI4FUHfvqZTRLWM0EwKww7Gfpr2lyk6axQG7MMmwA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 21:48:32 GMT
age: 35722
etag: "f88269b0e066e777dd74b36648b6dbdcf10647b5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbdff3860-eced-4251-b1d8-7417addfbe09.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.4 kB (5374 bytes)
Hash
2dbaafe8423c84a7ce91d3e24666d297
ea5b8e1067c47ee223c4de98b56e2c803ff5dbf7
df1db80b4d217d185e2f7e6ecf50c2547feec104411fe121c3303dd49bd26f03

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbdff3860-eced-4251-b1d8-7417addfbe09.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5374
x-amzn-requestid: f8819162-8a09-4395-95d7-076df001e087
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bKLdPF6qoAMFxrQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636725ee-4b17f70f54752c1f27b042df;Sampled=0
x-amzn-remapped-date: Sun, 06 Nov 2022 03:11:42 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: sVb-0AlbrWWTy5J-Cb90VvkdBNlKu_T-7uf3pBKQ0UGgKKTl40F9SQ==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 07 Nov 2022 03:41:21 GMT
age: 14553
etag: "ea5b8e1067c47ee223c4de98b56e2c803ff5dbf7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa958db65-71f7-4c79-9753-9af1fe88477b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (13224 bytes)
Hash
7a5e060b41bd5313b1cf828c1d5ecbcc
e63e4bee84953491236a8261ef07b5a4743fa891
e8750b0156ed980f11682d92f5c60ce2783518b37f156e74340617a74d826813

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa958db65-71f7-4c79-9753-9af1fe88477b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13224
x-amzn-requestid: d6c8a626-313d-4add-9467-eb946a38262a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: a9iPHEkgoAMF1Og=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6362172d-1be7a03a1b288dec56281915;Sampled=0
x-amzn-remapped-date: Wed, 02 Nov 2022 07:07:25 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: R2vHbrKm_n2kWK3bG4htWAIqi1YNjNjaX8LG5AWWHPlKnaWi6JAGzA==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 15:14:16 GMT
age: 59378
etag: "e63e4bee84953491236a8261ef07b5a4743fa891"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=8cb6f1f1f2

172.64.203.28

200 OK

0 B

URL HTTP/2
ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=8cb6f1f1f2
IP
172.64.203.28:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /releases/v5.15.4/css/free.min.css?token=8cb6f1f1f2 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://myworkinsurance-bbacff.ingress-erytho.ewp.live/
Origin: https://myworkinsurance-bbacff.ingress-erytho.ewp.live
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 07 Nov 2022 07:43:53 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
etag: W/"a12ec7ebe75a4d59a5dd6b79e2ba2e16"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2fafb26bfb5e0420de152a7abef27a44.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR52-C1
x-amz-cf-id: XPRHHKpwt5hzbISNnNoQkja3JxLf4SVT7j3Np2QDW7pHZh1Pq_JicQ==
age: 77573
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VUPbluj8r48JeT1M0hF8UoyKk%2Frec%2FykSpKUm%2FEST3x%2BgFMhe3EIZglwklsLPrW6cDlJtv7m8A5GhLPQiYD6QDgxJNtrq5tI8QS85FHV9Dti%2BkiVJ2tbXUld4PQZM70LxCQ3gghStQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 766470c8995b8865-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=8cb6f1f1f2

172.64.203.28

200 OK

0 B

URL HTTP/2
ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=8cb6f1f1f2
IP
172.64.203.28:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /releases/v5.15.4/css/free-v4-shims.min.css?token=8cb6f1f1f2 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://myworkinsurance-bbacff.ingress-erytho.ewp.live/
Origin: https://myworkinsurance-bbacff.ingress-erytho.ewp.live
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 07 Nov 2022 07:43:53 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
etag: W/"76f34b71fc9fb641507ff6a822cc07f5"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 76cca2ef798b9dc955bb151bf3bff218.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: b3Sw3EBTLK346kvzsB4c_AWlnvTNUV3F_ptCHP1zZiWv3fvJA9vYig==
age: 72706
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jy%2F%2FAfINoHEjE%2Bg530jxJufsmhObz0cLzs2JA36Ak6tyH6isYMgs7es0lSR9j2DUIWRAKJr%2BanlIQBi2uSmzfD191m8%2BCiNO4CnZWFf7mgF6%2BkvaJgGpDNDGq2DjAl4t9i8IBV6eqg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 766470c8a9788865-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/

63.250.43.133

200 OK

0 B

URL HTTP/2
myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.
fortinet	Phishing

HTTP Headers

GET /wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/ HTTP/1.1
Host: myworkinsurance-bbacff.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: nginx
date: Mon, 07 Nov 2022 07:43:53 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
content-encoding: gzip
age: 0
x-cache: MISS
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/style_022.css

63.250.43.133

200 OK

0 B

URL HTTP/2
myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/style_022.css
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/style_022.css HTTP/1.1
Host: myworkinsurance-bbacff.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 07 Nov 2022 07:43:53 GMT
content-type: text/css
last-modified: Sun, 06 Nov 2022 18:02:16 GMT
vary: Accept-Encoding
etag: W/"6367f6a8-646"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
age: 0
x-cache: MISS
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

kit.fontawesome.com/8cb6f1f1f2.js

104.18.23.52

200 OK

0 B

URL HTTP/2
kit.fontawesome.com/8cb6f1f1f2.js
IP
104.18.23.52:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /8cb6f1f1f2.js HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://myworkinsurance-bbacff.ingress-erytho.ewp.live/
Origin: https://myworkinsurance-bbacff.ingress-erytho.ewp.live
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 07 Nov 2022 07:43:53 GMT
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, must-revalidate
strict-transport-security: max-age=31536000; preload
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: FyUMl-VtvHOgacsGJlwB
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 766470c6ada7b4eb-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-font-face.min.css?token=8cb6f1f1f2

172.64.203.28

200 OK

0 B

URL HTTP/2
ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-font-face.min.css?token=8cb6f1f1f2
IP
172.64.203.28:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /releases/v5.15.4/css/free-v4-font-face.min.css?token=8cb6f1f1f2 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://myworkinsurance-bbacff.ingress-erytho.ewp.live/
Origin: https://myworkinsurance-bbacff.ingress-erytho.ewp.live
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 07 Nov 2022 07:43:53 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
etag: W/"f2e0b2680d9b0bcb6e0039c4424e5a59"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 b168ace465ff12c259c3868216506598.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR52-C1
x-amz-cf-id: DgXu_Rigtr3rdAo1iSN-HyHDAhsV0-U0kyH9CKfhHLiF2YLuG_AlkQ==
age: 72706
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nayu3phjJECHh%2FumIzXY8HMVcT5VrKHaxALIjZ%2BViU0wMCCfJLIFiwmlKd7KaAFpxIQJfPCir%2BJ3OR2AxWZunWwy%2F6S4uScxIz6d90ztqNv3W1R2zpA8a7IdeWhhDTxy5nGWcV3ieg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 766470c899668865-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/Java_onfunc_carding.js

63.250.43.133

200 OK

0 B

URL HTTP/2
myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/Java_onfunc_carding.js
IP
63.250.43.133:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/sourecApp/style/Java_onfunc_carding.js HTTP/1.1
Host: myworkinsurance-bbacff.ingress-erytho.ewp.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://myworkinsurance-bbacff.ingress-erytho.ewp.live/wp-admin/network/DHLs/DH2tAyUe9AsUx7b192/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 07 Nov 2022 07:43:53 GMT
content-type: application/javascript
last-modified: Sun, 06 Nov 2022 18:02:16 GMT
vary: Accept-Encoding
etag: W/"6367f6a8-9d2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
age: 0
x-cache: MISS
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (45)

URL HTTP/1.1

IP

ASN

File type

Size