dhl867999-clients.com/tracking.php
34.65.204.74301 Moved Permanently 162 B URL HTTP/1.1 dhl867999-clients.com/tracking.php
IP 34.65.204.74:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert fortinet Phishing
GET /tracking.php HTTP/1.1
Host: dhl867999-clients.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 30 Nov 2022 10:39:57 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://dhl867999-clients.com/tracking.php
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2d2e7649ce9e9ba6fc8b68aa89352e3c
0153d1d3d830a457043e16bb40d48a0b9ddef4b8
8eed57c91b42ef7b2d5eff1309e306e23e13c3de21219af24a693cbf3e8977fc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8EED57C91B42EF7B2D5EFF1309E306E23E13C3DE21219AF24A693CBF3E8977FC"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9169
Expires: Wed, 30 Nov 2022 13:12:47 GMT
Date: Wed, 30 Nov 2022 10:39:58 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9fce5679881bf302a8978a0b462f01a9
b699fe030ea13ac73813e655c42ed9b531925e2b
a3ec545a8f9364ac9062eddb41279e1465687a1b60f9c1dec6b3a3df8b033eb3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A3EC545A8F9364AC9062EDDB41279E1465687A1B60F9C1DEC6B3A3DF8B033EB3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7049
Expires: Wed, 30 Nov 2022 12:37:27 GMT
Date: Wed, 30 Nov 2022 10:39:58 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4ed065cb23b5fca1a179dd73b3c5b7b2
4422eb24688f5e056fc1b18b127c7f63b1dbf5e0
b723d770d0dec7441d8505dc5a4e7d34f55c9f564ec52f20d9b70c7c3a0d9d35
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2938
Cache-Control: max-age=88811
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 10:39:58 GMT
Etag: "6385df6f-1d7"
Expires: Thu, 01 Dec 2022 11:20:09 GMT
Last-Modified: Tue, 29 Nov 2022 10:31:11 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: KCP+OZXZGN1O+II33TlO7BqGP8V96a4OvDkQPT0wlBxvuaTjKriZr+epLTTbKFYLWM+aLMFcL8s=
x-amz-request-id: 9EB3NSPD7XK3F2RG
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 30 Nov 2022 09:45:49 GMT
age: 3249
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 30 Nov 2022 10:18:01 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1317
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 10:39:58 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 10ee75ba13cd7e21e2c27b1a6306ef39
23c81b25156eb4791785acb96e1fd2e3cf21fa7e
420eb5cc480f5ed3411caeab035eef6bdf87a76ab4b5e6db687bd5ab77eb25ab
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "420EB5CC480F5ED3411CAEAB035EEF6BDF87A76AB4B5E6DB687BD5AB77EB25AB"
Last-Modified: Tue, 29 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21556
Expires: Wed, 30 Nov 2022 16:39:14 GMT
Date: Wed, 30 Nov 2022 10:39:58 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 30 Nov 2022 10:11:14 GMT
cache-control: public,max-age=3600
age: 1724
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cfdd00e67ee6ca21712b867eb5288ab6
b61d5d6ec3b7ad71619e13e32c87f2d01871b88a
f740cac6dfedc1bf0f82efb10dac4f6ffb22f9bb5d4a9b68a4cd971dd2f65793
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2938
Cache-Control: max-age=170151
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 10:39:58 GMT
Etag: "63871d2b-1d7"
Expires: Fri, 02 Dec 2022 09:55:49 GMT
Last-Modified: Wed, 30 Nov 2022 09:06:51 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/css/all.min.css
104.17.25.14200 OK 19 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/css/all.min.css
IP 104.17.25.14:0
File type ASCII text, with very long lines (65317)
Hash 95d49e491b46f526854d624e40d8af76
5b145ab428cc484ecead4666e01cca7ce6b4dff4
f897fc168379623a0e92c3bb80ff02bc4742ccb555fb094e87dc9b60697a481c
GET /ajax/libs/font-awesome/6.2.0/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dhl867999-clients.com
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 10:39:58 GMT
content-type: text/css; charset=utf-8
content-length: 18688
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "630e6e62-4900"
last-modified: Tue, 30 Aug 2022 20:09:06 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1188795
expires: Mon, 20 Nov 2023 10:39:58 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bOjLu34%2FgJDikAEYmNE0N1JvQ5Kx5HS3U9cJ9JRk%2FoYP%2FFIE6SCKMe7q%2FsSE76ouqXvEMcaEIY6nyrGaEFrvwV3km5xcJBv%2FkkxleQc8gEcDt2gSQdrOYWVXm3o75S7w41%2BYE3%2Bv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7722f6597902b500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/css/bootstrap.min.css
151.101.65.229200 OK 28 kB URL HTTP/2 cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/css/bootstrap.min.css
IP 151.101.65.229:0
File type Unicode text, UTF-8 text, with very long lines (65305)
Hash 9e809125b4f45a82ba699c490010ba2f
2a6060f1c5f6874b918a7838222e6c328fd7583f
b79929834ca653c9dcf7fa61428db7d5e4a2a8e119f304c447bb2218f9087b6a
GET /npm/bootstrap@5.2.2/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dhl867999-clients.com
Connection: keep-alive
Referer: https://dhl867999-clients.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 5.2.2
x-jsd-version-type: version
etag: W/"2f955-er7QcON84GDApWFXXx1Bp/JI/HQ"
content-encoding: gzip
accept-ranges: bytes
date: Wed, 30 Nov 2022 10:39:58 GMT
age: 5021027
x-served-by: cache-fra19155-FRA, cache-bma1665-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 27506
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.20.226:0
Hash 022ebf38593183e8436f58b89dd28f5b
0823329bbbe334fdb0f1b84c314ba24c2d04349e
af2986d934a40b3a144ced31090cc222dc9b334308f8a1acbc09c859ea5b8bfc
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 10:39:59 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "D30B1014BBA8EA3B40BAC507BE2A8966C5012783"
Expires: Wed, 30 Nov 2022 22:00:00 GMT
Last-Modified: Wed, 30 Nov 2022 10:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 1723
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7722f659cb9cb50b-OSL
dhl867999-clients.com/assets/fonts/default-3e828e80f6e985c352eb.woff
34.65.204.74200 OK 44 kB URL HTTP/2 dhl867999-clients.com/assets/fonts/default-3e828e80f6e985c352eb.woff
IP 34.65.204.74:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type Web Open Font Format, TrueType, length 44260, version 1.66\012- data
Hash 4a350e02a03ac62e72e9ea575b31ce84
d47b03b96b6e7034a1473a293bb594e597a41dc2
87c40e3961e21f759770615ae67568a3de3ec6e0735f1238a6aae062f4ea15d5
Analyzer Verdict Alert fortinet Phishing
GET /assets/fonts/default-3e828e80f6e985c352eb.woff HTTP/1.1
Host: dhl867999-clients.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl867999-clients.com/tracking.php
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 10:39:59 GMT
content-type: application/font-woff
content-length: 44260
last-modified: Tue, 29 Nov 2022 03:09:44 GMT
etag: "638577f8-ace4"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
dhl867999-clients.com/assets/fonts/default-5a6dd86f272b304a8b83.woff
34.65.204.74200 OK 41 kB URL HTTP/2 dhl867999-clients.com/assets/fonts/default-5a6dd86f272b304a8b83.woff
IP 34.65.204.74:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type Web Open Font Format, TrueType, length 41352, version 1.66\012- data
Hash 4e23ecf085132857bdb54b4da7373151
a50215c22a591536b21e509100d1707c6886ffd6
b033eff45e6e8ecd5c5bccd8ef9a96c4dc37325adc64c5aed8b1d909b24c4eb4
Analyzer Verdict Alert fortinet Phishing
GET /assets/fonts/default-5a6dd86f272b304a8b83.woff HTTP/1.1
Host: dhl867999-clients.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl867999-clients.com/tracking.php
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 10:39:59 GMT
content-type: application/font-woff
content-length: 41352
last-modified: Tue, 29 Nov 2022 03:09:44 GMT
etag: "638577f8-a188"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
dhl867999-clients.com/assets/fonts/default-815fcbb4d2c579017011.woff
34.65.204.74200 OK 41 kB URL HTTP/2 dhl867999-clients.com/assets/fonts/default-815fcbb4d2c579017011.woff
IP 34.65.204.74:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type Web Open Font Format, TrueType, length 41328, version 1.66\012- data
Hash e39bd2e2657ce5dd6f9c33df18529233
6db81ebb91bfa67cef8f2f870f03046150568799
19d0bda83ecbc986620468801adf000c77c3c38398650903c63fac8dcbac4383
Analyzer Verdict Alert fortinet Phishing
GET /assets/fonts/default-815fcbb4d2c579017011.woff HTTP/1.1
Host: dhl867999-clients.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl867999-clients.com/tracking.php
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 10:39:59 GMT
content-type: application/font-woff
content-length: 41328
last-modified: Tue, 29 Nov 2022 03:09:45 GMT
etag: "638577f9-a170"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
dhl867999-clients.com/info_files/dhl-logo.svg
34.65.204.74200 OK 1.6 kB URL HTTP/2 dhl867999-clients.com/info_files/dhl-logo.svg
IP 34.65.204.74:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 3fecc9db35d5d2a9e6e71ab4b02d22e5
628ba2f505b480097445aaf08649a08242bd6847
362bcaa42090e36611031bec6bdaa0600375ef847092cca195c58d3bae9b4419
Analyzer Verdict Alert fortinet Phishing
GET /info_files/dhl-logo.svg HTTP/1.1
Host: dhl867999-clients.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl867999-clients.com/tracking.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 10:39:59 GMT
content-type: image/svg+xml
content-length: 1603
last-modified: Tue, 29 Nov 2022 03:09:58 GMT
etag: "63857806-643"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
dhl867999-clients.com/assets/img/colis.png
34.65.204.74200 OK 3.1 kB URL HTTP/2 dhl867999-clients.com/assets/img/colis.png
IP 34.65.204.74:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type PNG image data, 102 x 101, 8-bit/color RGBA, non-interlaced\012- data
Hash 8fdda0d85678421dfe58061ce3f10880
84d80a2244b270a86580fa336b84d14e9666c556
2a8ab786ed7b13aeaefd332c09836792ab6889ab9411cd3c959139f10b50b72b
GET /assets/img/colis.png HTTP/1.1
Host: dhl867999-clients.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl867999-clients.com/tracking.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 10:39:59 GMT
content-type: image/png
content-length: 3084
last-modified: Tue, 29 Nov 2022 03:09:43 GMT
etag: "638577f7-c0c"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
dhl867999-clients.com/assets/img/mes.png
34.65.204.74200 OK 30 kB URL HTTP/2 dhl867999-clients.com/assets/img/mes.png
IP 34.65.204.74:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type PNG image data, 378 x 245, 8-bit/color RGB, non-interlaced\012- data
Hash ab8faeae47e80c02f7813222b936102a
03df24cf07f21fd2a7ec53a6ac0eb56351924e70
2d041bb02b3e8ad4a50d2bc2d019ebad077396f814cf2175995cf881c328cca9
GET /assets/img/mes.png HTTP/1.1
Host: dhl867999-clients.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl867999-clients.com/tracking.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 10:39:59 GMT
content-type: image/png
content-length: 30450
last-modified: Tue, 29 Nov 2022 03:09:42 GMT
etag: "638577f6-76f2"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
dhl867999-clients.com/info_files/glo-footer-logo.svg
34.65.204.74200 OK 12 kB URL HTTP/2 dhl867999-clients.com/info_files/glo-footer-logo.svg
IP 34.65.204.74:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (656)
Hash d1b0e043744fd642282117a03d308b17
d8abe7a0887b804e516c45a344c542e291a1a84b
5162de2ee844a80d76b7d7514c02ab7d5de72a5966113323d80eb56bf6ded038
Analyzer Verdict Alert fortinet Phishing
GET /info_files/glo-footer-logo.svg HTTP/1.1
Host: dhl867999-clients.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl867999-clients.com/tracking.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 10:39:59 GMT
content-type: image/svg+xml
content-length: 11968
last-modified: Tue, 29 Nov 2022 03:09:51 GMT
etag: "638577ff-2ec0"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
dhl867999-clients.com/info_files/youtube-new.svg
34.65.204.74200 OK 1.4 kB URL HTTP/2 dhl867999-clients.com/info_files/youtube-new.svg
IP 34.65.204.74:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (971)
Hash 376247a0b06e705c758fe04978ea9df5
90d50c682c2ea23a9d26926c6eb3d849b7b94661
acd3eaf2b608fb48f9915964c36772b322ad91106508c4490e2a72122db4d347
Analyzer Verdict Alert fortinet Phishing
GET /info_files/youtube-new.svg HTTP/1.1
Host: dhl867999-clients.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl867999-clients.com/tracking.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 10:39:59 GMT
content-type: image/svg+xml
content-length: 1412
last-modified: Tue, 29 Nov 2022 03:09:57 GMT
etag: "63857805-584"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
dhl867999-clients.com/info_files/facebook-new.svg
34.65.204.74200 OK 1.4 kB URL HTTP/2 dhl867999-clients.com/info_files/facebook-new.svg
IP 34.65.204.74:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (963)
Hash 259d8928a7fd5329b3d7fd80eca2ea2f
a6337de5ff5761b39a319cd7ec3f8b10f201d066
43027752f5a04142e6518a4fd8ef54e7e73cfba7820da9c03c1ad38835f04fe2
Analyzer Verdict Alert fortinet Phishing
GET /info_files/facebook-new.svg HTTP/1.1
Host: dhl867999-clients.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl867999-clients.com/tracking.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 10:39:59 GMT
content-type: image/svg+xml
content-length: 1406
last-modified: Tue, 29 Nov 2022 03:09:57 GMT
etag: "63857805-57e"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
dhl867999-clients.com/info_files/linkedIn-new.svg
34.65.204.74200 OK 1.6 kB URL HTTP/2 dhl867999-clients.com/info_files/linkedIn-new.svg
IP 34.65.204.74:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1204)
Hash 43efff953a2a3baf6a2ef0528f55dc07
b510bc0512da7d96cdf29a0f1e343319095776de
c32f1a0f5b093b6b2c8f5df0bf93856359769ee6bbab40975043cd133711d528
Analyzer Verdict Alert fortinet Phishing
GET /info_files/linkedIn-new.svg HTTP/1.1
Host: dhl867999-clients.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl867999-clients.com/tracking.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 10:39:59 GMT
content-type: image/svg+xml
content-length: 1647
last-modified: Tue, 29 Nov 2022 03:09:51 GMT
etag: "638577ff-66f"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
dhl867999-clients.com/info_files/instagram-new.svg
34.65.204.74200 OK 4.5 kB URL HTTP/2 dhl867999-clients.com/info_files/instagram-new.svg
IP 34.65.204.74:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4063)
Hash 056511aeb5282ecaab9fbf10ed2273e5
fc29c2c37c4b4a31ad13e80356371e338aef5894
f01c2e1870fcd75ceca3b4c42c3110cb0aa4b933b562cf3d2c7ddd20ce03c7ee
Analyzer Verdict Alert fortinet Phishing
GET /info_files/instagram-new.svg HTTP/1.1
Host: dhl867999-clients.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl867999-clients.com/tracking.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 10:39:59 GMT
content-type: image/svg+xml
content-length: 4508
last-modified: Tue, 29 Nov 2022 03:09:52 GMT
etag: "63857800-119c"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.148.84.125101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.148.84.125:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: XR+eJaTEX+gOx/IE4Tp6+w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: /Y9ATs/pJM4mElTLJrdebhLzjsY=
dhl867999-clients.com/info_files/poweredBy_ot_logo.svg
34.65.204.74200 OK 3.0 kB URL HTTP/2 dhl867999-clients.com/info_files/poweredBy_ot_logo.svg
IP 34.65.204.74:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2998), with no line terminators
Hash 2e9b9ac8be368c1efcc51965c74be43b
dde87f63ecbaeb97c5708ced6ffd0e7de5a806c0
49b9b4996d1ff0a8e3de643a0c623255bf631f298f2799b949c29de93926ee7a
Analyzer Verdict Alert fortinet Phishing
GET /info_files/poweredBy_ot_logo.svg HTTP/1.1
Host: dhl867999-clients.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl867999-clients.com/tracking.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 10:39:59 GMT
content-type: image/svg+xml
content-length: 2998
last-modified: Tue, 29 Nov 2022 03:09:50 GMT
etag: "638577fe-bb6"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
dhl867999-clients.com/info_files/NX18STXEB
34.65.204.74200 OK 190 kB URL HTTP/2 dhl867999-clients.com/info_files/NX18STXEB
IP 34.65.204.74:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type ASCII text, with very long lines (65536), with no line terminators
Size 190 kB (190188 bytes)
Hash 11849a31ac0a1a5f0930f2bb2e5d1a9b
f1cb495b5d157d8b8db04756cd9f5e3724e40ed7
ad14591b0a111ed04a3ad1121c67a2be58788edbdff70bc3d129412b51a8b5f9
Analyzer Verdict Alert fortinet Phishing
GET /info_files/NX18STXEB HTTP/1.1
Host: dhl867999-clients.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl867999-clients.com/tracking.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 10:39:59 GMT
content-type: application/octet-stream
content-length: 190188
last-modified: Tue, 29 Nov 2022 03:09:55 GMT
etag: "63857803-2e6ec"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
www.dhl.com/etc/clientlibs/dhl/clientlib-all/assets/fonts/iconfont-da52a17c1b8deb953bfe.woff
96.6.17.154200 OK 35 kB URL HTTP/2 www.dhl.com/etc/clientlibs/dhl/clientlib-all/assets/fonts/iconfont-da52a17c1b8deb953bfe.woff
IP 96.6.17.154:0
File type Web Open Font Format, TrueType, length 34820, version 1.0\012- data
Hash cf794604b8ce6323c4bfd10ce945bcb7
2eb01fae4eef49893523be3f7833711b02f276c0
c2815799e9e0b8e0d894447ebcf02a8d5c274484f6fcf1a76103e06c71dbb2f5
GET /etc/clientlibs/dhl/clientlib-all/assets/fonts/iconfont-da52a17c1b8deb953bfe.woff HTTP/1.1
Host: www.dhl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dhl867999-clients.com
Connection: keep-alive
Referer: https://dhl867999-clients.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-frame-options: DENY
content-security-policy: frame-ancestors 'self' https://dhlinsights.dhlsupplychain.dhl.com; default-src 'self' data: https: blob: wss://cctr-chat.dhl.com:443 wss://cctr-xchat.dhl.com:443 wss://streaming.mypurecloud.de wss://collection.decibelinsight.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' https: blob:; style-src 'unsafe-inline' 'self' https: blob:; media-src 'unsafe-inline' 'self' https: blob:
last-modified: Wed, 16 Nov 2022 13:48:07 GMT
etag: "8804-5ed96b8fbfad4-gzip"
accept-ranges: bytes
content-encoding: gzip
content-length: 34679
content-type: application/font-woff
cache-control: public, max-age=1209600
expires: Wed, 14 Dec 2022 10:39:59 GMT
date: Wed, 30 Nov 2022 10:39:59 GMT
vary: Accept-Encoding
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
X-Firefox-Spdy: h2
s2.go-mpulse.net/boomerang/RSVGU-547KJ-ZUMZD-ZW27F-P4RHY
104.110.16.174200 OK 50 kB URL HTTP/2 s2.go-mpulse.net/boomerang/RSVGU-547KJ-ZUMZD-ZW27F-P4RHY
IP 104.110.16.174:0
File type C source, ASCII text, with very long lines (65103)
Hash 8991c3ec80ec8fbc41382a55679e3911
8cc8cee91d671038acd9e3ae611517d6801b0909
f55bacd4a20fef96f5c736a912d1947be85c268df18003395e511c1e860e8800
GET /boomerang/RSVGU-547KJ-ZUMZD-ZW27F-P4RHY HTTP/1.1
Host: s2.go-mpulse.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl867999-clients.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
cache-control: max-age=604800
content-encoding: br
last-modified: Sun, 20 Nov 2022 19:28:40 GMT
timing-allow-origin: *
vary: Accept-Encoding
content-length: 50393
date: Wed, 30 Nov 2022 10:39:59 GMT
X-Firefox-Spdy: h2
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js
23.38.200.237200 OK 1.6 kB URL HTTP/2 assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js
IP 23.38.200.237:0
File type ASCII text, with very long lines (3155)
Hash e672de61b277fc72de4299829bfbb31c
157a7409922d58a02dad3ba879d04eb2a3ef8f3d
e1a1c2a6f2ed4ffb63ebfda157eaf12c6ee3973be4da649eb63e0402c0d29215
GET /extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl867999-clients.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "2d1382c349d480b6b41574ac0c1af066:1644856531.739514"
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 1597
expires: Wed, 30 Nov 2022 11:39:59 GMT
date: Wed, 30 Nov 2022 10:39:59 GMT
cache-control: no-cache
access-control-allow-origin: https://dhl867999-clients.com
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
23.38.200.237200 OK 12 kB URL HTTP/2 assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
IP 23.38.200.237:0
File type ASCII text, with very long lines (32768)
Hash e616df092766c7ab7904619f971a35cc
a960429c42802a43e3ce728fc4d1e8bdab10e606
082ae7647bfdb639846791e5c0ca39b96544dff3aed0c365973c9589cd5b091e
GET /extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl867999-clients.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573"
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 12163
expires: Wed, 30 Nov 2022 11:39:59 GMT
date: Wed, 30 Nov 2022 10:39:59 GMT
cache-control: no-cache
access-control-allow-origin: https://dhl867999-clients.com
timing-allow-origin: *
X-Firefox-Spdy: h2
dhl867999-clients.com/assets/fonts/default-274a65bae9742377aaf0.woff
34.65.204.74404 Not Found 808 B URL HTTP/2 dhl867999-clients.com/assets/fonts/default-274a65bae9742377aaf0.woff
IP 34.65.204.74:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a943672a32297727bab01c3e76977550
3a667c4b7a457ef6c586cc581d533c128737bf53
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187
Analyzer Verdict Alert fortinet Phishing
GET /assets/fonts/default-274a65bae9742377aaf0.woff HTTP/1.1
Host: dhl867999-clients.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://dhl867999-clients.com/info_files/bundle.5a06c13ce82a72f9080b7294f2746e49.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Wed, 30 Nov 2022 10:39:59 GMT
content-type: text/html
content-length: 808
last-modified: Tue, 29 Nov 2022 03:09:29 GMT
etag: "328-5ee9350f98431"
accept-ranges: bytes
X-Firefox-Spdy: h2
dhl867999-clients.com/assets/fonts/iconfont-da52a17c1b8deb953bfe.woff
34.65.204.74200 OK 35 kB URL HTTP/2 dhl867999-clients.com/assets/fonts/iconfont-da52a17c1b8deb953bfe.woff
IP 34.65.204.74:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type Web Open Font Format, TrueType, length 34820, version 1.0\012- data
Hash 078665c330eb91354c06e1dd7e3850a5
00c84f76451fe58596a41658e08a55f81ad4ceeb
8b8888bc016e1313438b7a9a1ca18aa288f6098122265fc03e985ca40e82a27c
Analyzer Verdict Alert fortinet Phishing
GET /assets/fonts/iconfont-da52a17c1b8deb953bfe.woff HTTP/1.1
Host: dhl867999-clients.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://dhl867999-clients.com/info_files/bundle.5a06c13ce82a72f9080b7294f2746e49.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 10:39:59 GMT
content-type: application/font-woff
content-length: 34820
last-modified: Tue, 29 Nov 2022 03:09:44 GMT
etag: "638577f8-8804"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
dhl867999-clients.com/info_files/otSDKStub.js/consent/21ea6bde-3c6a-4350-a8dc-e86228114de3/21ea6bde-3c6a-4350-a8dc-e86228114de3.json
34.65.204.74404 Not Found 1.0 kB URL HTTP/2 dhl867999-clients.com/info_files/otSDKStub.js/consent/21ea6bde-3c6a-4350-a8dc-e86228114de3/21ea6bde-3c6a-4350-a8dc-e86228114de3.json
IP 34.65.204.74:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash faeabfba9a57bcc15742561500d19e54
c873ca2fe594dec0cd1ea50db197a6631478f419
2dcc63841eb2ae85c8a4c2ce8cbdbff6f013acea8578121b1d070174d303f692
Analyzer Verdict Alert fortinet Phishing
GET /info_files/otSDKStub.js/consent/21ea6bde-3c6a-4350-a8dc-e86228114de3/21ea6bde-3c6a-4350-a8dc-e86228114de3.json HTTP/1.1
Host: dhl867999-clients.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl867999-clients.com/tracking.php
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Wed, 30 Nov 2022 10:39:59 GMT
content-type: text/html
last-modified: Tue, 29 Nov 2022 03:09:29 GMT
etag: W/"328-5ee9350f98431"
content-encoding: br
X-Firefox-Spdy: h2
cdn.cookielaw.org/scripttemplates/otSDKStub.js
104.16.148.64200 OK 7.2 kB URL HTTP/2 cdn.cookielaw.org/scripttemplates/otSDKStub.js
IP 104.16.148.64:0
File type ASCII text, with very long lines (21747)
Hash 6ca9058d9138dc07d9a378e6f20a8b7b
ff5f65ad24a8e2b3042cbb0136be7edb52215c1a
1561d36bd995a09ea69c243767e196dd2e76a2753b59b78ecbf999161904f86d
GET /scripttemplates/otSDKStub.js HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl867999-clients.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 10:39:59 GMT
content-type: application/javascript
content-length: 7151
content-encoding: gzip
content-md5: bKkFjZE43AfZo3jm8gqLew==
last-modified: Tue, 29 Nov 2022 08:50:42 GMT
etag: 0x8DAD1E6CC69451D
x-ms-request-id: 45d9a4d3-101e-00ac-6050-04f971000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 31828
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7722f65d6c0ab509-OSL
X-Firefox-Spdy: h2
www.dhl.com/etc/clientlibs/dhl/clientlib-all/assets/appletouch/apple-touch-icon-180x180.png
96.6.17.154200 OK 1.2 kB URL HTTP/2 www.dhl.com/etc/clientlibs/dhl/clientlib-all/assets/appletouch/apple-touch-icon-180x180.png
IP 96.6.17.154:0
File type PNG image data, 180 x 180, 8-bit colormap, non-interlaced\012- data
Hash 6e5f4e072a2793f9d9cd2a6974d5ccc9
df0d0b28ae71a37dd321d33435c3143a446e2741
148a09a41b13df86b44d2a1f70e2482e5d31fd91ce540a0dbe016011a5fd29b9
GET /etc/clientlibs/dhl/clientlib-all/assets/appletouch/apple-touch-icon-180x180.png HTTP/1.1
Host: www.dhl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl867999-clients.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-frame-options: DENY
content-security-policy: frame-ancestors 'self' https://dhlinsights.dhlsupplychain.dhl.com; default-src 'self' data: https: blob: wss://cctr-chat.dhl.com:443 wss://cctr-xchat.dhl.com:443 wss://streaming.mypurecloud.de wss://collection.decibelinsight.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' https: blob:; style-src 'unsafe-inline' 'self' https: blob:; media-src 'unsafe-inline' 'self' https: blob:
last-modified: Wed, 16 Nov 2022 16:28:22 GMT
etag: "495-5ed98f613a6da"
accept-ranges: bytes
content-length: 1173
content-type: image/png
cache-control: public, max-age=0
expires: Wed, 30 Nov 2022 10:39:59 GMT
date: Wed, 30 Nov 2022 10:39:59 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
X-Firefox-Spdy: h2
dhl867999-clients.com/info_files/clientlib-core.min.css
34.65.204.74200 OK 1.2 kB URL HTTP/2 dhl867999-clients.com/info_files/clientlib-core.min.css
IP 34.65.204.74:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type ASCII text, with no line terminators
Hash 549b8831988bb56cc96efa40c3256902
53e9c6d05cb568cbb778f93d634d02bac2b71a12
6d91f7b2275e6b2063dcff38726663524ea73917fc09517857467ac9be334303
GET /info_files/clientlib-core.min.css HTTP/1.1
Host: dhl867999-clients.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl867999-clients.com/tracking.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 10:39:59 GMT
content-type: text/css
x-accel-version: 0.01
last-modified: Tue, 29 Nov 2022 03:09:55 GMT
etag: W/"1d-5ee93527f710f"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
c.go-mpulse.net/api/config.json?key=RSVGU-547KJ-ZUMZD-ZW27F-P4RHY&d=dhl867999-clients.com&t=5566016&v=1.720.0&sl=0&si=5d6e008b-241c-4640-8aab-de3813254461-rm5pml&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=326248
23.38.200.138200 OK 51 B URL HTTP/1.1 c.go-mpulse.net/api/config.json?key=RSVGU-547KJ-ZUMZD-ZW27F-P4RHY&d=dhl867999-clients.com&t=5566016&v=1.720.0&sl=0&si=5d6e008b-241c-4640-8aab-de3813254461-rm5pml&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=326248
IP 23.38.200.138:0
File type JSON data\012- , ASCII text
Hash fab3350f517d18b7477da4ae18a9c167
de5f852dd26c67317a93786d90be83834155ae4b
b5f00536668e50df07ecb903e83a51385cc341ba621ee6933be30794fdd92586
GET /api/config.json?key=RSVGU-547KJ-ZUMZD-ZW27F-P4RHY&d=dhl867999-clients.com&t=5566016&v=1.720.0&sl=0&si=5d6e008b-241c-4640-8aab-de3813254461-rm5pml&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=326248 HTTP/1.1
Host: c.go-mpulse.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dhl867999-clients.com
Connection: keep-alive
Referer: https://dhl867999-clients.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=120, stale-while-revalidate=60, stale-if-error=120
Timing-Allow-Origin: *
Content-Length: 51
Date: Wed, 30 Nov 2022 10:39:59 GMT
Connection: keep-alive
Content-Type: application/json
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6232
Expires: Wed, 30 Nov 2022 12:23:52 GMT
Date: Wed, 30 Nov 2022 10:40:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6232
Expires: Wed, 30 Nov 2022 12:23:52 GMT
Date: Wed, 30 Nov 2022 10:40:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6232
Expires: Wed, 30 Nov 2022 12:23:52 GMT
Date: Wed, 30 Nov 2022 10:40:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6232
Expires: Wed, 30 Nov 2022 12:23:52 GMT
Date: Wed, 30 Nov 2022 10:40:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6232
Expires: Wed, 30 Nov 2022 12:23:52 GMT
Date: Wed, 30 Nov 2022 10:40:00 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2730750-552d-4852-8ce1-503874565f75.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2730750-552d-4852-8ce1-503874565f75.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 05196ec43964cf559caa0c0279148d62
6170d6776615503e3e29f86783febc3e3e78ca66
47f3a5cde661987e3496ce110a0170b10087dd9ba8d4fd691c4830587ba3fa3f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2730750-552d-4852-8ce1-503874565f75.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9051
x-amzn-requestid: 1032dd9c-a15e-4e8a-9c81-07419e8caf67
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYhGvEMNIAMFaKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867bc4-1005c20a33320dbf6567ca31;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:38:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rtfl896JX35oFFEVmqyH9Nm62iSY6rqwzkLwZMcM45p_ySF6J2QwEQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:44:47 GMT
age: 46513
etag: "6170d6776615503e3e29f86783febc3e3e78ca66"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cc0a257323f882caff067adb86d906e4
cedf2f21be7cd366bd46055b62b5513db3011dfc
c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4803
x-amzn-requestid: 80f7f1c8-0316-4181-83ac-2787b1ae825f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iFHoIAMF2-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-2c0a081b07e0785b4350c10c;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CJiSRzIK7-rQE81gaP2We0LhgKX1YmuJKEGYEqW34Bm1KMx6NB8yhQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 23:32:45 GMT
age: 40035
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5508d05a290b663fd89ead9b58f2efd8
53650399f9a986ba54addd668b4557109d12003b
65704a961410fdd318c491fedf002c8e9b184cd34b76fe1b67026d42ce21be3f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9674
x-amzn-requestid: 7e7d0183-9667-462a-8d44-d125998c1ae3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgEoHVAoAMFvAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a1d-280ba97e3fe1bf7244cbde35;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qftF-GQkcjKTs30KMGCTDymw2SVSXeAYKGNWUnaMfvIb8HjtfHUx8A==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:44:46 GMT
etag: "53650399f9a986ba54addd668b4557109d12003b"
content-type: image/jpeg
age: 46514
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
dhl867999-clients.com/info_files/bundle-utapi.5a06c13ce82a72f9080b7294f2746e49.css
34.65.204.74200 OK 9.0 kB URL HTTP/2 dhl867999-clients.com/info_files/bundle-utapi.5a06c13ce82a72f9080b7294f2746e49.css
IP 34.65.204.74:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type ASCII text, with very long lines (38349), with no line terminators
Hash afe85b089d1145a53380d2cdfdd327ea
5c21c807ce0f4aca1e4e257acee540244a4f3ee9
a9961c6b5d38f4f9df26b8ac168f6341dcabce14bc4e685763cad1ad57060d36
GET /info_files/bundle-utapi.5a06c13ce82a72f9080b7294f2746e49.css HTTP/1.1
Host: dhl867999-clients.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl867999-clients.com/tracking.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 10:39:59 GMT
content-type: text/css
last-modified: Tue, 29 Nov 2022 03:09:49 GMT
etag: W/"638577fd-95cd"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F250668cd-c9db-4014-b576-3aaad4eb9150.jpeg
34.120.237.76200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F250668cd-c9db-4014-b576-3aaad4eb9150.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 59baec8db5ced0210ab766ea5636a5fd
f7cf3a0f89751a02fbcf8d21f505f24a74e8b30b
33ff55891f18c22970804f1b8b2ba6821ddfd7426b01486410bd43f2b4295a8d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F250668cd-c9db-4014-b576-3aaad4eb9150.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5785
x-amzn-requestid: ee77265b-8e90-4035-8ef1-92a2d26aaefa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgDaHdWoAMFqmw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a15-0d10d74030e7aee74804b654;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:01 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GydenCzPtpFdVLqN4ssiZ4dKN48WGneS3mwzEdDE81pobtLznfC4VQ==
via: 1.1 38eecd3ca21bf068d69a2f9cfe668d14.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 22:07:59 GMT
age: 45121
etag: "f7cf3a0f89751a02fbcf8d21f505f24a74e8b30b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb1888-5971-4b4a-923b-dc9d4050182b.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb1888-5971-4b4a-923b-dc9d4050182b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e00769bd1391b8f4f5b8ab128a825355
e4ddf955e8ac1986045ed55880c43c69e588a021
81ca4d20c28fed8fd3135515daadc1fdbfb4198535d7c46021b418b8b98e59a5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb1888-5971-4b4a-923b-dc9d4050182b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7298
x-amzn-requestid: 381e55bb-876b-46ad-84b6-1ddf9f876f56
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgDcE3poAMFaAA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a15-7c12394600900afc7281e858;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 7mRG070F4NZnewfowUhVhMerJaGjJd4G6O1tvTPiKyvTAzq-Y16-jw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:56:51 GMT
etag: "e4ddf955e8ac1986045ed55880c43c69e588a021"
content-type: image/jpeg
age: 45789
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
dhl867999-clients.com/info_files/bundle-utapi.5a06c13ce82a72f9080b7294f2746e49.js
34.65.204.74200 OK 0 B URL HTTP/2 dhl867999-clients.com/info_files/bundle-utapi.5a06c13ce82a72f9080b7294f2746e49.js
IP 34.65.204.74:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Analyzer Verdict Alert fortinet Phishing
GET /info_files/bundle-utapi.5a06c13ce82a72f9080b7294f2746e49.js HTTP/1.1
Host: dhl867999-clients.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl867999-clients.com/tracking.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 10:39:59 GMT
content-type: application/javascript
last-modified: Tue, 29 Nov 2022 03:09:52 GMT
etag: W/"63857800-31637"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
dhl867999-clients.com/tracking.php
34.65.204.74200 OK 0 B URL HTTP/2 dhl867999-clients.com/tracking.php
IP 34.65.204.74:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Analyzer Verdict Alert fortinet Phishing
GET /tracking.php HTTP/1.1
Host: dhl867999-clients.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 10:39:58 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.0.26, PleskLin
content-encoding: br
X-Firefox-Spdy: h2
dhl867999-clients.com/info_files/launch-ENa2e710b79eef40758cbb936003b8b231.min.js
34.65.204.74200 OK 0 B URL HTTP/2 dhl867999-clients.com/info_files/launch-ENa2e710b79eef40758cbb936003b8b231.min.js
IP 34.65.204.74:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Analyzer Verdict Alert fortinet Phishing
GET /info_files/launch-ENa2e710b79eef40758cbb936003b8b231.min.js HTTP/1.1
Host: dhl867999-clients.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl867999-clients.com/tracking.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 10:39:59 GMT
content-type: application/javascript
last-modified: Tue, 29 Nov 2022 03:09:49 GMT
etag: W/"638577fd-977f7"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
dhl867999-clients.com/info_files/AppMeasurement.min.js
34.65.204.74200 OK 0 B URL HTTP/2 dhl867999-clients.com/info_files/AppMeasurement.min.js
IP 34.65.204.74:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Analyzer Verdict Alert fortinet Phishing
GET /info_files/AppMeasurement.min.js HTTP/1.1
Host: dhl867999-clients.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl867999-clients.com/tracking.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 10:39:59 GMT
content-type: application/javascript
last-modified: Tue, 29 Nov 2022 03:09:51 GMT
etag: W/"638577ff-8315"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
dhl867999-clients.com/info_files/bundle.5a06c13ce82a72f9080b7294f2746e49.js
34.65.204.74200 OK 0 B URL HTTP/2 dhl867999-clients.com/info_files/bundle.5a06c13ce82a72f9080b7294f2746e49.js
IP 34.65.204.74:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Analyzer Verdict Alert fortinet Phishing
GET /info_files/bundle.5a06c13ce82a72f9080b7294f2746e49.js HTTP/1.1
Host: dhl867999-clients.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl867999-clients.com/tracking.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 10:39:59 GMT
content-type: application/javascript
last-modified: Tue, 29 Nov 2022 03:09:54 GMT
etag: W/"63857802-43924"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
dhl867999-clients.com/info_files/otSDKStub.js/consent/21ea6bde-3c6a-4350-a8dc-e86228114de3/21ea6bde-3c6a-4350-a8dc-e86228114de3.json
34.65.204.74404 Not Found 0 B URL HTTP/2 dhl867999-clients.com/info_files/otSDKStub.js/consent/21ea6bde-3c6a-4350-a8dc-e86228114de3/21ea6bde-3c6a-4350-a8dc-e86228114de3.json
IP 34.65.204.74:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Analyzer Verdict Alert fortinet Phishing
GET /info_files/otSDKStub.js/consent/21ea6bde-3c6a-4350-a8dc-e86228114de3/21ea6bde-3c6a-4350-a8dc-e86228114de3.json HTTP/1.1
Host: dhl867999-clients.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl867999-clients.com/tracking.php
Cookie: cookieDisclaimer=seen
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Wed, 30 Nov 2022 10:39:59 GMT
content-type: text/html
last-modified: Tue, 29 Nov 2022 03:09:29 GMT
etag: W/"328-5ee9350f98431"
content-encoding: br
X-Firefox-Spdy: h2
dhl867999-clients.com/info_files/bundle.5a06c13ce82a72f9080b7294f2746e49.css
34.65.204.74200 OK 0 B URL HTTP/2 dhl867999-clients.com/info_files/bundle.5a06c13ce82a72f9080b7294f2746e49.css
IP 34.65.204.74:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
GET /info_files/bundle.5a06c13ce82a72f9080b7294f2746e49.css HTTP/1.1
Host: dhl867999-clients.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl867999-clients.com/tracking.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 10:39:58 GMT
content-type: text/css
last-modified: Tue, 29 Nov 2022 03:09:56 GMT
etag: W/"63857804-9fd47"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
dhl867999-clients.com/info_files/otSDKStub.js
34.65.204.74200 OK 0 B URL HTTP/2 dhl867999-clients.com/info_files/otSDKStub.js
IP 34.65.204.74:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Analyzer Verdict Alert fortinet Phishing
GET /info_files/otSDKStub.js HTTP/1.1
Host: dhl867999-clients.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl867999-clients.com/tracking.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 10:39:59 GMT
content-type: application/javascript
last-modified: Tue, 29 Nov 2022 03:09:56 GMT
etag: W/"63857804-54f4"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
dhl867999-clients.com/info_files/otBannerSdk.js
34.65.204.74200 OK 0 B URL HTTP/2 dhl867999-clients.com/info_files/otBannerSdk.js
IP 34.65.204.74:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Analyzer Verdict Alert fortinet Phishing
GET /info_files/otBannerSdk.js HTTP/1.1
Host: dhl867999-clients.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl867999-clients.com/tracking.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 10:39:59 GMT
content-type: application/javascript
last-modified: Tue, 29 Nov 2022 03:09:57 GMT
etag: W/"63857805-5c44f"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
dhl867999-clients.com/info_files/sec-cpt-3-6.js
34.65.204.74200 OK 0 B URL HTTP/2 dhl867999-clients.com/info_files/sec-cpt-3-6.js
IP 34.65.204.74:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Analyzer Verdict Alert fortinet Phishing
GET /info_files/sec-cpt-3-6.js HTTP/1.1
Host: dhl867999-clients.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl867999-clients.com/tracking.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 10:39:59 GMT
content-type: application/javascript
last-modified: Tue, 29 Nov 2022 03:09:53 GMT
etag: W/"63857801-294e"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
dhl867999-clients.com/info_files/AppMeasurement_Module_ActivityMap.min.js
34.65.204.74200 OK 0 B URL HTTP/2 dhl867999-clients.com/info_files/AppMeasurement_Module_ActivityMap.min.js
IP 34.65.204.74:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Analyzer Verdict Alert fortinet Phishing
GET /info_files/AppMeasurement_Module_ActivityMap.min.js HTTP/1.1
Host: dhl867999-clients.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl867999-clients.com/tracking.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 10:39:59 GMT
content-type: application/javascript
last-modified: Tue, 29 Nov 2022 03:09:50 GMT
etag: W/"638577fe-ce5"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
dhl867999-clients.com/info_files/RSVGU-547KJ-ZUMZD-ZW27F-P4RHY
34.65.204.74200 OK 0 B URL HTTP/2 dhl867999-clients.com/info_files/RSVGU-547KJ-ZUMZD-ZW27F-P4RHY
IP 34.65.204.74:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Analyzer Verdict Alert fortinet Phishing
GET /info_files/RSVGU-547KJ-ZUMZD-ZW27F-P4RHY HTTP/1.1
Host: dhl867999-clients.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl867999-clients.com/tracking.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 10:39:59 GMT
content-type: text/plain
last-modified: Tue, 29 Nov 2022 03:09:52 GMT
etag: W/"63857800-33413"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
dhl867999-clients.com/info_files/clientlib-core.min.js
34.65.204.74200 OK 0 B URL HTTP/2 dhl867999-clients.com/info_files/clientlib-core.min.js
IP 34.65.204.74:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Analyzer Verdict Alert fortinet Phishing
GET /info_files/clientlib-core.min.js HTTP/1.1
Host: dhl867999-clients.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl867999-clients.com/tracking.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 10:39:59 GMT
content-type: application/javascript
last-modified: Tue, 29 Nov 2022 03:09:49 GMT
etag: W/"638577fd-1cf9"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
dhl867999-clients.com/info_files/RCc9f7f8cb76ec492d8b222a8d9c393cfc-source.min.js
34.65.204.74200 OK 0 B URL HTTP/2 dhl867999-clients.com/info_files/RCc9f7f8cb76ec492d8b222a8d9c393cfc-source.min.js
IP 34.65.204.74:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Analyzer Verdict Alert fortinet Phishing
GET /info_files/RCc9f7f8cb76ec492d8b222a8d9c393cfc-source.min.js HTTP/1.1
Host: dhl867999-clients.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dhl867999-clients.com/tracking.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 10:39:59 GMT
content-type: application/javascript
x-accel-version: 0.01
last-modified: Tue, 29 Nov 2022 03:09:53 GMT
etag: W/"386-5ee93526024ad"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2