Report - dhlmvp.webauthor.com/

Report Overview

Submitted URL
dhlmvp.webauthor.com/
IP
104.17.67.55
ASN
#13335 CLOUDFLARENET
Submitted
2023-06-05 23:26:44
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
78

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.googletagmanager.com	75	2011-11-11	2013-05-22	2023-06-05	429 B	81 kB	142.250.74.168
dhlmvp.webauthor.com	unknown	1995-07-30	2017-04-08	2023-05-20	47 kB	2.4 MB	104.17.67.55
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2023-06-05	2.1 kB	147 kB	216.58.207.227
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2023-06-05	433 B	14 kB	142.250.74.138
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2023-06-05	451 B	7.2 kB	142.250.74.138

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/
2023-06-05	medium	dhlmvp.webauthor.com/

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (34)

	URL	Size	First Seen	Last Seen
	dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true	505 B	2023-04-11	2023-12-29
Pretty URL dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true IP 104.17.67.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-11 07:49:50 Last Seen2023-12-29 17:03:59 Times Seen44 Hash 2d257b39ac268f2cdfd935ba8e0e98e7 a0b3056f651ec5695236e4c674d46decf3283f10 efe57e9bd1924b51d8aba3be77b27019a80c2ea1e0ffecd17b1c1a1ba5cfbd00 Loading...

	dhlmvp.webauthor.com/lib/theme/xm-3/polymer/bower_components/webcomponentsjs/webcomponents-lite.min.js	40 kB	2023-03-07	2024-04-14
Pretty URL dhlmvp.webauthor.com/lib/theme/xm-3/polymer/bower_components/webcomponentsjs/webcomponents-lite.min.js IP 104.17.67.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:39:42 Last Seen2024-04-14 19:39:56 Times Seen89 Hash 32b5a9b7ada86304bec6b43d3f2194f0 6c4edd8efa046627216a625bf8f8903d41a9fe87 abe23ee1968e6b4d601df4f547cd7ace646b15d520f171d4cd6e5d4ad895e127 Loading...

	dhlmvp.webauthor.com/lib/jquery/jquery-3.5.1.min.js	90 kB	2023-03-07	2024-04-18
Pretty URL dhlmvp.webauthor.com/lib/jquery/jquery-3.5.1.min.js IP 104.17.67.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-18 22:27:25 Times Seen138198 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true	32 B	2023-03-07	2024-04-14
Pretty URL dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true IP 104.17.67.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 16:36:39 Last Seen2024-04-14 19:39:56 Times Seen56 Hash 6c9afd7a8719181d495203edeaa370a6 67a19bbe4104f93da1a17fcdb77fe6c79da96648 608723628799068b41d3d8f59eb35aa14551e77158083a8d962ae984f5a64ec0 Loading...

	dhlmvp.webauthor.com/lib/jquery/jquery.toast.min.js	6.3 kB	2023-03-07	2024-04-14
Pretty URL dhlmvp.webauthor.com/lib/jquery/jquery.toast.min.js IP 104.17.67.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:01:55 Last Seen2024-04-14 19:39:56 Times Seen194 Hash ba3f15983585c840070ec7b3ea7c47c7 a59f46eeef6368d96865d2997393a542b421249e 8c971cf1230512f5e5ec0a8e4ca48b38ec68f47c466f278a6591c4cc15655ccb Loading...

	dhlmvp.webauthor.com/lib/com/tippy/tippy-bundle.umd.min.js	24 kB	2023-03-07	2024-04-14
Pretty URL dhlmvp.webauthor.com/lib/com/tippy/tippy-bundle.umd.min.js IP 104.17.67.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:36:39 Last Seen2024-04-14 19:39:57 Times Seen109 Hash 4134b26303b80c32a68dea0a04e67853 0b1cbeae4aee1af8bbbcc801f64999aaf18528be ff0ad3778325a082260ff1e327c66bcc613e166877c045a4474a65e587e5ca4d Loading...

	dhlmvp.webauthor.com/lib/com/jquery-ui/jquery-ui.min.js	254 kB	2023-03-07	2024-04-18
Pretty URL dhlmvp.webauthor.com/lib/com/jquery-ui/jquery-ui.min.js IP 104.17.67.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:34 Last Seen2024-04-18 16:44:09 Times Seen6507 Hash c15b1008dec3c8967ea657a7bb4baaec 78489e580adaef931e6e5b131dab556c397e4a1a 28ce75d953678c4942df47a11707a15e3c756021cf89090e3e6aa7ad6b6971c3 Loading...

	dhlmvp.webauthor.com/lib/com/auth/sign-in.js	1.4 kB	2023-03-07	2024-04-14
Pretty URL dhlmvp.webauthor.com/lib/com/auth/sign-in.js IP 104.17.67.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:36:39 Last Seen2024-04-14 19:39:56 Times Seen63 Hash a0911b1ffb97743ca9896d8b628b820d f7e68645e1b540fc68d3535018326d4a8c839edb e5eb8f8c77e9e250c9c8d33ea6ea180ac91488d90461777167f1ac2aab0fc689 Loading...

	dhlmvp.webauthor.com/lib/theme/xm-3/js/jquery.main.js?ver=20230513-A	112 kB	2023-05-20	2024-04-14
Pretty URL dhlmvp.webauthor.com/lib/theme/xm-3/js/jquery.main.js?ver=20230513-A IP 104.17.67.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-20 10:37:43 Last Seen2024-04-14 19:39:57 Times Seen41 Hash 4bb58b3344ac7629dc2d7a5c4c7ff8b8 6ed6f8f31d0fb4f7eaff3eac9b872c892d5e9331 a8a92a9317ea725c1735d76ed593f952a992fb5c16bd81a4e2f270167d51dd9d Loading...

	www.googletagmanager.com/gtag/js?id=G-L60BLEXP3N	228 kB	2023-06-06	2023-06-06
Pretty URL www.googletagmanager.com/gtag/js?id=G-L60BLEXP3N IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-06 01:26:45 Last Seen2023-06-06 01:26:45 Times Seen2 Hash eeaa140d3eae2b539c7cf54b33dcca36 ccdf18a0be6ba65a573f8608cf8fd8c0dcd268bd f691105620ea637071268aa41f7458a514f657048c0f72a6475cb7f296519724 Loading...

	dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true	252 B	2023-06-06	2024-04-14
Pretty URL dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true IP 104.17.67.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-06 01:26:45 Last Seen2024-04-14 19:39:56 Times Seen2 Hash 03a6845c8ab5375c97240271e9d92b1d c7007d35c64531bafad0bdb28ab831fe075ead88 8a238b2d41c20ba9d373aea284fd1638693ca06ee92be40ee8d88978a9b476d0 Loading...

	dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true	272 B	2023-03-07	2024-04-14
Pretty URL dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true IP 104.17.67.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 16:36:39 Last Seen2024-04-14 19:39:56 Times Seen56 Hash 4208a63cab474851f768c7d125a0b223 e4052f2ec24fbc8cb317a8f12eb76539326b5687 3fb384e464d261d00e29ef4a11341bffe02480a00ba8b211a9630707e0139452 Loading...

	dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true	1.1 kB	2023-03-07	2023-11-16
Pretty URL dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true IP 104.17.67.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 16:36:39 Last Seen2023-11-16 14:58:29 Times Seen47 Hash f0ba6fa8eb472586658efb75f2205128 21aa1403d89129785912c520e64082eaad4192c5 112f7d40c4bbb067233038f0bca88c01d9fa9183b3fe20e460f15abdf0899353 Loading...

	dhlmvp.webauthor.com/lib/com/fancybox/jquery.fancybox.min.js	68 kB	2023-03-07	2024-04-14
Pretty URL dhlmvp.webauthor.com/lib/com/fancybox/jquery.fancybox.min.js IP 104.17.67.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:22:32 Last Seen2024-04-14 19:39:56 Times Seen322 Hash 2e62b54f794ae2fae6a69feaad8f0820 b2b093d8f5ffeee250c8d0d3a2285a213318e4ea 50b476aa512ee968a0258e3142c0ec25e5bbe9ef6d104d845a39ca110fb42fc4 Loading...

	dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true	168 B	2023-03-07	2024-04-14
Pretty URL dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true IP 104.17.67.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 16:36:39 Last Seen2024-04-14 19:39:56 Times Seen58 Hash 2c9cedc947c545eb8f7a051349276172 31a2474a5d0fb22efa316e0435bce2597eeb2503 02222601e128f191d1b54eea865cb182f6cefbbdb48291f97cf8c939fc18af15 Loading...

	dhlmvp.webauthor.com/lib/bootstrap/js/bootstrapx-clickover.js?ver=20181031-a	3.6 kB	2023-03-08	2024-04-14
Pretty URL dhlmvp.webauthor.com/lib/bootstrap/js/bootstrapx-clickover.js?ver=20181031-a IP 104.17.67.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:02:55 Last Seen2024-04-14 19:39:56 Times Seen49 Hash d2d13d4873b351cba5f7e21a933e5590 273e2cba1f2848eb1bdf9786e302811d721c17f6 4141148fcd475a72a59e389f05d60c5de37f3c31d3f904ff8c5f3bbd3658e809 Loading...

	dhlmvp.webauthor.com/lib/js/store.modern.min.js	7.4 kB	2023-03-07	2024-04-14
Pretty URL dhlmvp.webauthor.com/lib/js/store.modern.min.js IP 104.17.67.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:36:39 Last Seen2024-04-14 19:39:56 Times Seen85 Hash 266e8ea73e7b20c099bbfd932ac4132a eee9aa95a6f00fb9ac269a8ad09717e8dc34e1ce 015cfdf87c8683fae85ae4fb8de502deaca474ba86b2f5138427e4536cbbfa16 Loading...

	dhlmvp.webauthor.com/lib/com/popper/popper.min.js	18 kB	2023-03-07	2024-04-14
Pretty URL dhlmvp.webauthor.com/lib/com/popper/popper.min.js IP 104.17.67.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:36:39 Last Seen2024-04-14 19:39:57 Times Seen109 Hash f702faada54ed2da6a6829fc1ab55762 23736340a0a40c8ae976e9c7335ffa4ea8c49859 754b79cd9a82e7526c5614ebb0e249fb021df7c3c48e5c3c9ea1bdbf69255a3b Loading...

	ajax.googleapis.com/ajax/libs/webfont/1/webfont.js	13 kB	2023-03-07	2024-04-18
Pretty URL ajax.googleapis.com/ajax/libs/webfont/1/webfont.js IP 142.250.74.138 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:17 Last Seen2024-04-18 22:27:25 Times Seen22267 Hash 7c96a5f11d9741541d5e3c42ff6380d7 d3fa2564c021cf730e58ffddb138cf6b57ed126e 81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee Loading...

	dhlmvp.webauthor.com/lib/com/moment/moment.js	98 kB	2023-03-08	2024-04-14
Pretty URL dhlmvp.webauthor.com/lib/com/moment/moment.js IP 104.17.67.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:27:09 Last Seen2024-04-14 19:39:57 Times Seen72 Hash 083a95ff69983aa876faa422293bd927 873e0d44097de404aad72d7984db6723e6951441 fbc46737a3e71a42a1918126030d409933330fce0a151cac4de9155c2a832600 Loading...

	dhlmvp.webauthor.com/lib/jquery/jquery.reject.js	18 kB	2023-03-07	2024-04-14
Pretty URL dhlmvp.webauthor.com/lib/jquery/jquery.reject.js IP 104.17.67.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:36:39 Last Seen2024-04-14 19:39:57 Times Seen79 Hash 1a97989179d5d40d140e9bfa3bc17ab5 4bde960bb4f832c5b4310274881e3e2eb0bb2c3d cae607e63e1e960ffda90c9c316b1402c2eda219d542844b79cded2946a80849 Loading...

	dhlmvp.webauthor.com/lib/bootstrap/js/bootstrap.xm.min.js?ver=20181031-a	25 kB	2023-03-07	2024-04-14
Pretty URL dhlmvp.webauthor.com/lib/bootstrap/js/bootstrap.xm.min.js?ver=20181031-a IP 104.17.67.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:36:39 Last Seen2024-04-14 19:39:57 Times Seen109 Hash 98c7074a68967c04075e5c1daf3c0255 746525d3c44dd9814ad0aad194e83889915f2ab7 b1017f3e200ee526d1737c6fdb32596b1647422fba1bbc244580f50581e30f50 Loading...

	dhlmvp.webauthor.com/lib/bootstrap/bootbox-3.3.0.min.js?ver=20181031-a	6.2 kB	2023-03-07	2024-04-14
Pretty URL dhlmvp.webauthor.com/lib/bootstrap/bootbox-3.3.0.min.js?ver=20181031-a IP 104.17.67.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:36:39 Last Seen2024-04-14 19:39:57 Times Seen91 Hash 35be27febfe9b7c628b92409f0eba929 3f1dcfa1d68a278c8bfe7f7f4d22846b107d7be4 a93ebcfa0e591694d901043ba8269cddfb07611df573c9bd06c2b57c58ad05f6 Loading...

	dhlmvp.webauthor.com/lib/bootstrap/js/bootstrap-3.4.1.js	51 kB	2023-03-08	2024-04-14
Pretty URL dhlmvp.webauthor.com/lib/bootstrap/js/bootstrap-3.4.1.js IP 104.17.67.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:02:55 Last Seen2024-04-14 19:39:57 Times Seen95 Hash 5b1b1ee1cc2f3b95318e0fde86b2ed5b 1aa2d56ceff2d2dc30933bf73b91518bdd893c80 c13d034eaf2fa73680d0abdbe02ac23b73e3128b5c7f0ee7018eb7b3fbe84a72 Loading...

	dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true	421 B	2023-03-07	2024-04-14
Pretty URL dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true IP 104.17.67.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 16:36:39 Last Seen2024-04-14 19:39:56 Times Seen58 Hash 209457bf40308908dcb216cdec2e3802 a9acdb5543a6ff699fff896f93739b1debf1aa5c 865ff26447449808fc81f6054a9beb6a5a460e01f6abd3f7c20caf415f51915a Loading...

	dhlmvp.webauthor.com/lib/com/web-component/module.js?ver=20230111-F	693 B	2023-03-13	2024-04-14
Pretty URL dhlmvp.webauthor.com/lib/com/web-component/module.js?ver=20230111-F IP 104.17.67.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 08:48:20 Last Seen2024-04-14 19:39:57 Times Seen38 Hash bea16504174506791cb88a0d440542c2 2539c135cf63f6a2527bc47bed38ee8d3192d360 d80b15405d67654abc28db74ea6a41049b5ea75e1c2520573a0d45a4711fb4f9 Loading...

	dhlmvp.webauthor.com/lib/js/emodal.min.js	6.1 kB	2023-03-07	2024-04-14
Pretty URL dhlmvp.webauthor.com/lib/js/emodal.min.js IP 104.17.67.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:36:39 Last Seen2024-04-14 19:39:56 Times Seen79 Hash 225328fb82581ae950dc458fe3791bd8 e7e920a1734fbd848dd82ae5f016521930177663 04f6237638a3867b6c36d7aca3395499d0a6d8a6fdf258e3c5782838087a0bba Loading...

	dhlmvp.webauthor.com/lib/theme/xm-3/js/footer.js	1.0 kB	2023-03-14	2024-04-14
Pretty URL dhlmvp.webauthor.com/lib/theme/xm-3/js/footer.js IP 104.17.67.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 13:24:36 Last Seen2024-04-14 19:39:56 Times Seen63 Hash 8e929b335597c18c0692f7c0194f1088 ef8c90c7b0550a90a4d82d67313a2228b5472fc2 c6d2cdcdc184f1507bc4b9ebb858bf0586231ecf721757f1e065d58805174c0f Loading...

	dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true	371 B	2023-03-14	2023-08-15
Pretty URL dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true IP 104.17.67.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-14 13:24:36 Last Seen2023-08-15 00:35:57 Times Seen37 Hash 480861b6283e35e2541dcef1608a4b4b bc588c44681a7a65200ba611b757cff85fe0ea7e c35bfd3fb4ce24db6818aaec8238740ccecc325fd04a20c86bd9348211d6a414 Loading...

	dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true	222 B	2023-03-07	2024-04-14
Pretty URL dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true IP 104.17.67.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 16:36:39 Last Seen2024-04-14 19:39:56 Times Seen58 Hash bb55fe205d9973470e21968c251926ed a60accb034955ecf897a73cff61d0cadab623d68 1e98a5486280477f6c00fe7928a43eeb683527a82f1ba20d5c03a594dbe008ce Loading...

	dhlmvp.webauthor.com/lib/tag/xm/inc/xm.2.0.js?ver=20230605-A	84 kB	2023-06-06	2023-06-06
Pretty URL dhlmvp.webauthor.com/lib/tag/xm/inc/xm.2.0.js?ver=20230605-A IP 104.17.67.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-06 01:26:45 Last Seen2023-06-06 01:26:45 Times Seen2 Hash 8420469aaa05df9cce10ffe3a498bae9 7573bd8f8c48b365de4fc03d30f48762980205ef 9702dfb894da86c91714a2221f04d33dd433a9c51231463bf855e3cac5778c93 Loading...

	dhlmvp.webauthor.com/lib/com/toggle/js/jquery.switcher.webauthor.js?ver=20221122-C	1.3 kB	2023-03-08	2024-03-21
Pretty URL dhlmvp.webauthor.com/lib/com/toggle/js/jquery.switcher.webauthor.js?ver=20221122-C IP 104.17.67.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:27:09 Last Seen2024-03-21 05:31:17 Times Seen42 Hash 98f66b7c35e438cf4a3bd94741af8f5c 944401c800cb662dc122104dfb396fc4fbcf064a c5364a5e18fc53df0330b820bdba05b9ed3ed5c6567ec12c16b9adb8b9e498cc Loading...

	dhlmvp.webauthor.com/lib/jquery/sticky.js	3.3 kB	2023-03-07	2024-03-01
Pretty URL dhlmvp.webauthor.com/lib/jquery/sticky.js IP 104.17.67.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:36:39 Last Seen2024-03-01 05:33:51 Times Seen36 Hash e945e4257d377caae0705d1a244f9977 b39ec42350562ed36b662859e7d7996d62c572ab 152ac3a934d8779b0ff8c18b19aac3b5b2aa568750e8401ce3f5dc33dac74269 Loading...

	dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true	1.1 kB	2023-03-07	2024-04-14
Pretty URL dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true IP 104.17.67.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 16:36:39 Last Seen2024-04-14 19:39:56 Times Seen56 Hash 18f9e303612421381bfc06fb12b82bb8 d390a2f4370ce85569de42cbc08e421ce12d0bf2 cbadefcb01f9370176c563a6e2410c7bd3d4860d43a0c1534498fbc256f55174 Loading...

HTTP Transactions (52)

URL IP Response Size

www.googletagmanager.com/gtag/js?id=G-L60BLEXP3N

142.250.74.168

200 OK

80 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-L60BLEXP3N
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint73:BF:B0:D4:62:48:8E:EF:09:5F:00:57:95:98:82:16:BB:07:35:0C
ValidityFri, 19 May 2023 12:53:06 GMT - Fri, 11 Aug 2023 12:53:05 GMT

File type
ASCII text, with very long lines (3288)
Size
80 kB (80471 bytes)
Hash
eeaa140d3eae2b539c7cf54b33dcca36
ccdf18a0be6ba65a573f8608cf8fd8c0dcd268bd
f691105620ea637071268aa41f7458a514f657048c0f72a6475cb7f296519724

HTTP Headers

GET /gtag/js?id=G-L60BLEXP3N HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 05 Jun 2023 23:26:25 GMT
expires: Mon, 05 Jun 2023 23:26:25 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 80471
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

dhlmvp.webauthor.com/dhlvault/2569/DHLLogo.png

104.17.67.55

200 OK

1.2 kB

URL GET HTTP/3
dhlmvp.webauthor.com/dhlvault/2569/DHLLogo.png
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
PNG image data, 209 x 47, 8-bit/color RGBA, non-interlaced\012- data
Size
1.2 kB (1193 bytes)
Hash
dcb51d6bd4d8e008bf8c2c7aca21e069
279baeea6979fffa076ef988351289e78374c9c7
51a0391f49a04e45c9e5abb55433906fd5702dd04ab8505e6c2b97965f83c6da

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /dhlvault/2569/DHLLogo.png HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: image/png
content-length: 1193
access-control-allow-methods: GET, POST, PUT, HEAD, ACCEPT, OPTIONS
access-control-allow-headers: Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Mon, 03 Dec 2018 15:20:22 GMT
etag: "4a9-57c1fb0039728"
access-control-allow-origin: *
cf-cache-status: MISS
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e318f3eb4f1-OSL
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/dhlvault/2569/DHL-logo-transparent.png

104.17.67.55

200 OK

5.0 kB

URL GET HTTP/3
dhlmvp.webauthor.com/dhlvault/2569/DHL-logo-transparent.png
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
PNG image data, 195 x 50, 8-bit/color RGBA, non-interlaced\012- data
Size
5.0 kB (4995 bytes)
Hash
bfcd6758f857e116d404d4e56706a209
c4f143b42df5703c57b6fc38e24417cc344b7eec
71dafed56fd4792d1c7f456ba8158e35aee287213536d4fc6e90f54eac76fd8d

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /dhlvault/2569/DHL-logo-transparent.png HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: image/png
content-length: 4995
access-control-allow-methods: GET, POST, PUT, HEAD, ACCEPT, OPTIONS
access-control-allow-headers: Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Tue, 18 Nov 2014 18:51:30 GMT
etag: "1383-5082695539f58"
access-control-allow-origin: *
cf-cache-status: MISS
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e318f3db4f1-OSL
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/theme/xm-3/css/pre-bootstrap.css?ver=20181109-a

104.17.67.55

200 OK

29 B

URL GET HTTP/3
dhlmvp.webauthor.com/lib/theme/xm-3/css/pre-bootstrap.css?ver=20181109-a
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
29 B (29 bytes)
Hash
382807ffdeccd4e4b08bcf59ab6ac21c
f1c91dbc8d21fc3a35441ec912eeb3eb849c8179
79008c8cb5b0a1eed4d9c9daeea8e8f319339092a953f5a0b048e1ca6e88eb69

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /lib/theme/xm-3/css/pre-bootstrap.css?ver=20181109-a HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: text/css
content-length: 29
access-control-allow-headers: accept, content-type, X-Requested-With
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-origin: *
cf-bgj: minify
cf-polished: origSize=33
etag: "21-5549796633bae"
last-modified: Tue, 18 Jul 2017 13:35:23 GMT
cf-cache-status: HIT
age: 0
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e312ee4b4f1-OSL
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/com/jquery-ui/jquery-ui.min.js

104.17.67.55

200 OK

75 kB

URL GET HTTP/3
dhlmvp.webauthor.com/lib/com/jquery-ui/jquery-ui.min.js
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (32074)
Size
75 kB (74720 bytes)
Hash
c15b1008dec3c8967ea657a7bb4baaec
78489e580adaef931e6e5b131dab556c397e4a1a
28ce75d953678c4942df47a11707a15e3c756021cf89090e3e6aa7ad6b6971c3

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /lib/com/jquery-ui/jquery-ui.min.js HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:26 GMT
content-type: application/javascript
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-headers: accept, content-type, X-Requested-With
last-modified: Sun, 12 Jul 2020 14:15:49 GMT
etag: W/"3dee5-5aa3f35fd2f40-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 1
expires: Tue, 04 Jun 2024 23:26:26 GMT
cache-control: public, max-age=31536000
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e3539e4b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/theme/xm-3/fonts/icomoon.ttf?9stjqj

104.17.67.55

200 OK

4.5 kB

URL GET HTTP/3
dhlmvp.webauthor.com/lib/theme/xm-3/fonts/icomoon.ttf?9stjqj
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, icomoon \012- data
Size
4.5 kB (4535 bytes)
Hash
a3785b54d1213ecae7429cc0601ad0bc
5253a130316c5651d88fb91fbdefd913ec03ea2b
109ddfc3e72208023d1fc662e7d1449da32058cd0a060dc03069134a4d0db0c5

HTTP Headers

GET /lib/theme/xm-3/fonts/icomoon.ttf?9stjqj HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/lib/theme/xm-3/css/main.css?ver=20230501-A
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:26 GMT
content-type: application/font-sfnt
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-headers: accept, content-type, X-Requested-With
last-modified: Wed, 05 Jul 2017 03:15:20 GMT
etag: W/"18e0-5538968f5262e"
access-control-allow-origin: *
cf-cache-status: MISS
expires: Tue, 04 Jun 2024 23:26:26 GMT
cache-control: public, max-age=31536000
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e361a7fb4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/vault/2569/ADMIN/images/icons/favicon-192-dhl.png

104.17.67.55

200 OK

4.4 kB

URL GET HTTP/3
dhlmvp.webauthor.com/vault/2569/ADMIN/images/icons/favicon-192-dhl.png
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
4.4 kB (4434 bytes)
Hash
1756bcbb7f4a59a80185ec3b6083f2ba
b0b23b24b9ea03fa2c789e6259adb51d2fde27fb
aed09b74e8ac65d2afc4c7bce4c778fa4b82f7cdee0ed518e3ee1f236dbec69a

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /vault/2569/ADMIN/images/icons/favicon-192-dhl.png HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=; _ga_L60BLEXP3N=GS1.1.1686007585.1.0.1686007585.0.0.0; _ga=GA1.1.478988881.1686007586
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:26 GMT
content-type: image/png
content-length: 4434
access-control-allow-methods: GET, POST, PUT, HEAD, ACCEPT, OPTIONS
access-control-allow-headers: Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Thu, 24 Oct 2019 12:15:54 GMT
etag: "1152-595a6fec0cbd8"
accept-ranges: bytes
access-control-allow-origin: *
set-cookie: AWSALBTG=sFmyt0IWAT1SBAdEWvzHyfsdL+lgIpp//IT38yn5VmD37nW5xHbbo43m/Y3BFBVY/wux3Ue87Zq0N17hVYdws264k9h66o7eli0IPVi0yWZ2s8UQ1SzO9UA0sAZmpZ+DykwqWNkNFHtJ/dVTdPeShB7WrLcpUF6HyxMuzoAcBfsiFUyZqV0=; Expires=Mon, 12 Jun 2023 23:26:26 GMT; Path=/
AWSALBTGCORS=sFmyt0IWAT1SBAdEWvzHyfsdL+lgIpp//IT38yn5VmD37nW5xHbbo43m/Y3BFBVY/wux3Ue87Zq0N17hVYdws264k9h66o7eli0IPVi0yWZ2s8UQ1SzO9UA0sAZmpZ+DykwqWNkNFHtJ/dVTdPeShB7WrLcpUF6HyxMuzoAcBfsiFUyZqV0=; Expires=Mon, 12 Jun 2023 23:26:26 GMT; Path=/; SameSite=None
AWSALB=y5GYs+GF+9Jr4d7Re3r5VBvynQ6p2uvQXjRuyIsG3TahIA/yvC4pXr4eEofNySyEmb5cxGW0DX47cZoYtc1BrJN8JAooXKspO3a0h+pESVzdMdwwPifCqtD6C8Xp; Expires=Mon, 12 Jun 2023 23:26:26 GMT; Path=/
AWSALBCORS=y5GYs+GF+9Jr4d7Re3r5VBvynQ6p2uvQXjRuyIsG3TahIA/yvC4pXr4eEofNySyEmb5cxGW0DX47cZoYtc1BrJN8JAooXKspO3a0h+pESVzdMdwwPifCqtD6C8Xp; Expires=Mon, 12 Jun 2023 23:26:26 GMT; Path=/; SameSite=None
cf-cache-status: DYNAMIC
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e37cb7eb4f1-OSL
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/nunito/v25/XRXV3I6Li01BKofINeaB.woff2

216.58.207.227

200 OK

36 kB

URL GET HTTP/2
fonts.gstatic.com/s/nunito/v25/XRXV3I6Li01BKofINeaB.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintC8:5A:9A:D9:6A:F5:00:15:5B:5D:99:FE:FE:CA:1D:7C:19:4D:F8:D5
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
Web Open Font Format (Version 2), TrueType, length 35904, version 1.0\012- data
Size
36 kB (35904 bytes)
Hash
c26b97e7f5bb7a34d190703522d75e16
69d9e5aea0544dbaf9b78c1b65139c03eceece8f
96217f1d27fb909f92b4a6b35a0d3d6775f2f0b4d136d27aee88547d3ed87357

HTTP Headers

GET /s/nunito/v25/XRXV3I6Li01BKofINeaB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dhlmvp.webauthor.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35904
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 May 2023 16:35:19 GMT
expires: Thu, 30 May 2024 16:35:19 GMT
cache-control: public, max-age=31536000
age: 456667
last-modified: Mon, 18 Jul 2022 19:34:47 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/nunito/v25/XRXV3I6Li01BKofINeaB.woff2

216.58.207.227

200 OK

36 kB

URL GET HTTP/2
fonts.gstatic.com/s/nunito/v25/XRXV3I6Li01BKofINeaB.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintC8:5A:9A:D9:6A:F5:00:15:5B:5D:99:FE:FE:CA:1D:7C:19:4D:F8:D5
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
Web Open Font Format (Version 2), TrueType, length 35904, version 1.0\012- data
Size
36 kB (35904 bytes)
Hash
c26b97e7f5bb7a34d190703522d75e16
69d9e5aea0544dbaf9b78c1b65139c03eceece8f
96217f1d27fb909f92b4a6b35a0d3d6775f2f0b4d136d27aee88547d3ed87357

HTTP Headers

GET /s/nunito/v25/XRXV3I6Li01BKofINeaB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dhlmvp.webauthor.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35904
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 May 2023 16:35:19 GMT
expires: Thu, 30 May 2024 16:35:19 GMT
cache-control: public, max-age=31536000
age: 456667
last-modified: Mon, 18 Jul 2022 19:34:47 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/nunito/v25/XRXV3I6Li01BKofINeaB.woff2

216.58.207.227

200 OK

36 kB

URL GET HTTP/2
fonts.gstatic.com/s/nunito/v25/XRXV3I6Li01BKofINeaB.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintC8:5A:9A:D9:6A:F5:00:15:5B:5D:99:FE:FE:CA:1D:7C:19:4D:F8:D5
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
Web Open Font Format (Version 2), TrueType, length 35904, version 1.0\012- data
Size
36 kB (35904 bytes)
Hash
c26b97e7f5bb7a34d190703522d75e16
69d9e5aea0544dbaf9b78c1b65139c03eceece8f
96217f1d27fb909f92b4a6b35a0d3d6775f2f0b4d136d27aee88547d3ed87357

HTTP Headers

GET /s/nunito/v25/XRXV3I6Li01BKofINeaB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dhlmvp.webauthor.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35904
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 May 2023 16:35:19 GMT
expires: Thu, 30 May 2024 16:35:19 GMT
cache-control: public, max-age=31536000
age: 456667
last-modified: Mon, 18 Jul 2022 19:34:47 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/nunito/v25/XRXV3I6Li01BKofINeaB.woff2

216.58.207.227

200 OK

36 kB

URL GET HTTP/2
fonts.gstatic.com/s/nunito/v25/XRXV3I6Li01BKofINeaB.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintC8:5A:9A:D9:6A:F5:00:15:5B:5D:99:FE:FE:CA:1D:7C:19:4D:F8:D5
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
Web Open Font Format (Version 2), TrueType, length 35904, version 1.0\012- data
Size
36 kB (35904 bytes)
Hash
c26b97e7f5bb7a34d190703522d75e16
69d9e5aea0544dbaf9b78c1b65139c03eceece8f
96217f1d27fb909f92b4a6b35a0d3d6775f2f0b4d136d27aee88547d3ed87357

HTTP Headers

GET /s/nunito/v25/XRXV3I6Li01BKofINeaB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dhlmvp.webauthor.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35904
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 May 2023 16:35:19 GMT
expires: Thu, 30 May 2024 16:35:19 GMT
cache-control: public, max-age=31536000
age: 456667
last-modified: Mon, 18 Jul 2022 19:34:47 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

dhlmvp.webauthor.com/lib/com/tippy/light.css

104.17.67.55

200 OK

331 kB

URL GET HTTP/3
dhlmvp.webauthor.com/lib/com/tippy/light.css
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (691), with no line terminators
Size
331 kB (331144 bytes)
Hash
8798d22d8ad5c94a98db60df68c8debb
107e9a9c4b5a9fd7d1e8e7d17dd82c40d33285ad
c9ef454615fbb43862cedc020f52eaea3d6dab3fd0c67d70b96c6aa938593ab8

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /lib/com/tippy/light.css HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: text/css
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-headers: accept, content-type, X-Requested-With
last-modified: Thu, 16 Feb 2023 20:03:35 GMT
etag: W/"2b3-5f4d6b119f3c0-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: MISS
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e319f4ab4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/theme/xm-3/css/login.css?ver=20200527-a

104.17.67.55

200 OK

1.0 kB

URL GET HTTP/3
dhlmvp.webauthor.com/lib/theme/xm-3/css/login.css?ver=20200527-a
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1043), with no line terminators
Size
1.0 kB (1043 bytes)
Hash
ee78cd3f7fda36017a2427b797b785a7
eaaac1bd395f65604cec6d379ef3f282b366be9e
5cac0c43ac7a2a1b1f75879171cc24709622875d25155cae3a1a1cd6195fefe6

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /lib/theme/xm-3/css/login.css?ver=20200527-a HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: text/css
access-control-allow-headers: accept, content-type, X-Requested-With
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-origin: *
cf-bgj: minify
cf-polished: origSize=1234
etag: W/"4d2-5a6a16e613c75-gzip"
last-modified: Wed, 27 May 2020 13:45:55 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 0
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e316f18b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/vault/2569/ADMIN/images/icons/favicon-16-dhl.png

104.17.67.55

200 OK

579 B

URL GET HTTP/3
dhlmvp.webauthor.com/vault/2569/ADMIN/images/icons/favicon-16-dhl.png
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Size
579 B (579 bytes)
Hash
096474208de547ebbd8f1b83a795cce9
c5dec1e3e04e63642dede19ece95ab33d0a6bc8b
02fa034929598c47635ce118c6e6912fdc70980c1f027310162236ff8dd201c1

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /vault/2569/ADMIN/images/icons/favicon-16-dhl.png HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=; _ga_L60BLEXP3N=GS1.1.1686007585.1.0.1686007585.0.0.0; _ga=GA1.1.478988881.1686007586
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:26 GMT
content-type: image/png
content-length: 579
set-cookie: AWSALBTG=ZNiO+kTvIPwRuP9yCayEPo/CwfW27Hh98EaALufX/0YPHper3BZw7myXPalU/bNuE4xE4dunWnrlW9aWr3A6x93dr66LZImM0PVZCLQjO4efceCELB1Fk2PUEx33mxVu4EBXEoRoKX9R9VVCq6QJ5FcypEETvwwLwwmg/K3uWBFK2jElqfA=; Expires=Mon, 12 Jun 2023 23:26:26 GMT; Path=/
AWSALBTGCORS=ZNiO+kTvIPwRuP9yCayEPo/CwfW27Hh98EaALufX/0YPHper3BZw7myXPalU/bNuE4xE4dunWnrlW9aWr3A6x93dr66LZImM0PVZCLQjO4efceCELB1Fk2PUEx33mxVu4EBXEoRoKX9R9VVCq6QJ5FcypEETvwwLwwmg/K3uWBFK2jElqfA=; Expires=Mon, 12 Jun 2023 23:26:26 GMT; Path=/; SameSite=None
AWSALB=qllFdhOOZRM4iu+kLVpetYIM3ZY8J6jmZPjfH18Twz/vf+GjB3HQ5h8Vw4X5ql8Mu6sCCRYn5j5albhZ2j6p0MxWfyKukd0nD4mkK2VznVnYeMPmWXeU0VR8S3vi; Expires=Mon, 12 Jun 2023 23:26:26 GMT; Path=/
AWSALBCORS=qllFdhOOZRM4iu+kLVpetYIM3ZY8J6jmZPjfH18Twz/vf+GjB3HQ5h8Vw4X5ql8Mu6sCCRYn5j5albhZ2j6p0MxWfyKukd0nD4mkK2VznVnYeMPmWXeU0VR8S3vi; Expires=Mon, 12 Jun 2023 23:26:26 GMT; Path=/; SameSite=None
access-control-allow-methods: GET, POST, PUT, HEAD, ACCEPT, OPTIONS
access-control-allow-headers: Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Thu, 24 Oct 2019 12:15:53 GMT
etag: "243-595a6feb5cf58"
accept-ranges: bytes
access-control-allow-origin: *
cf-cache-status: DYNAMIC
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e37cb80b4f1-OSL
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/com/fontawesome/6.1.2/css/v4-shims.min.css?ver=20220818-A

104.17.67.55

200 OK

27 kB

URL GET HTTP/3
dhlmvp.webauthor.com/lib/com/fontawesome/6.1.2/css/v4-shims.min.css?ver=20220818-A
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (27247)
Size
27 kB (27423 bytes)
Hash
cac33ad0f5431d6f86b27f411b87d889
67f167c47e7644220bb9a260030ff6df56de4d83
975b5b901fb009fb4181e8d20af41d9891ca7d2f3b9cb8c8e0d161b115f11a8e

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /lib/com/fontawesome/6.1.2/css/v4-shims.min.css?ver=20220818-A HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: text/css
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-headers: accept, content-type, X-Requested-With
last-modified: Mon, 25 Jul 2022 18:21:36 GMT
etag: W/"6b1f-5e4a541122c00-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 0
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e312ee3b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/jquery/jquery.reject.js

104.17.67.55

200 OK

18 kB

URL GET HTTP/3
dhlmvp.webauthor.com/lib/jquery/jquery.reject.js
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with CRLF line terminators
Size
18 kB (17932 bytes)
Hash
1a97989179d5d40d140e9bfa3bc17ab5
4bde960bb4f832c5b4310274881e3e2eb0bb2c3d
cae607e63e1e960ffda90c9c316b1402c2eda219d542844b79cded2946a80849

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /lib/jquery/jquery.reject.js HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: application/javascript
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-headers: accept, content-type, X-Requested-With
last-modified: Fri, 16 Nov 2018 19:34:33 GMT
etag: W/"460c-57acd41ba063e-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: MISS
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e318f47b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/com/web-component/module.js?ver=20230111-F

104.17.67.55

200 OK

693 B

URL GET HTTP/3
dhlmvp.webauthor.com/lib/com/web-component/module.js?ver=20230111-F
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (777), with no line terminators
Size
693 B (693 bytes)
Hash
84e418cd2d1e7525712d0934e5a04f1c
1eb4bdec27b29118501c63b224bd333d6ec67a94
a2a8f8ac9a8e5841d05b226dfc54f64dcc4aa2300e0690bf48dd19229f3d3b2b

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /lib/com/web-component/module.js?ver=20230111-F HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: application/javascript
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-headers: accept, content-type, X-Requested-With
last-modified: Wed, 11 Jan 2023 05:29:58 GMT
etag: W/"2b5-5f1f64a848180-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 0
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e318f3cb4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/jquery/jquery.reject.css

104.17.67.55

200 OK

1.9 kB

URL GET HTTP/3
dhlmvp.webauthor.com/lib/jquery/jquery.reject.css
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (2101), with no line terminators
Size
1.9 kB (1908 bytes)
Hash
5156b5664725fcfcf96fb1bbf6ce113f
8d20abe34292408ed127f8858a65d3d28766af48
70a3ecd2ab9b01e2f30e1e34c157f060c15557b2d1970cbd38cf7c4326d526d3

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /lib/jquery/jquery.reject.css HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: text/css
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-headers: accept, content-type, X-Requested-With
last-modified: Fri, 16 Nov 2018 19:34:32 GMT
etag: W/"774-57acd41b6a07f-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: MISS
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e318f43b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/jquery/jquery-ui-bootstrap/css/custom-theme/jquery-ui-1.10.0.custom.css

104.17.67.55

200 OK

60 kB

URL GET HTTP/3
dhlmvp.webauthor.com/lib/jquery/jquery-ui-bootstrap/css/custom-theme/jquery-ui-1.10.0.custom.css
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text
Size
60 kB (60454 bytes)
Hash
a2c9de1b9569d4e020aa83548a2ca90b
5274e677fb1905beac2b2973b492a92d4c3f1df5
2db566cf4729c13727505330cba93e13986c3b0b587b469d228cba59b81a80c6

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /lib/jquery/jquery-ui-bootstrap/css/custom-theme/jquery-ui-1.10.0.custom.css HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: text/css
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-headers: accept, content-type, X-Requested-With
last-modified: Mon, 17 Jul 2017 05:15:30 GMT
etag: W/"ec26-5547c7ccc6080-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 0
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e312eecb4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/bootstrap/js/bootstrapx-clickover.js?ver=20181031-a

104.17.67.55

200 OK

3.6 kB

URL GET HTTP/3
dhlmvp.webauthor.com/lib/bootstrap/js/bootstrapx-clickover.js?ver=20181031-a
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (3593), with no line terminators
Size
3.6 kB (3551 bytes)
Hash
a7e7d2b2ad3d5be5820ea281ec731ea5
a555636fc335e2c2f6888be41c27c72559851157
c15b962d541300ad1fe3dc2c9c5663c6ccac09d94732c6251aec44fe2573ee3d

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /lib/bootstrap/js/bootstrapx-clickover.js?ver=20181031-a HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: application/javascript
access-control-allow-headers: accept, content-type, X-Requested-With
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-origin: *
cf-bgj: minify
cf-polished: origSize=7511
etag: W/"1d57-4cb3eb7dd7f00-gzip"
last-modified: Thu, 04 Oct 2012 17:02:20 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 0
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e317f2eb4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/com/tippy/tippy-bundle.umd.min.js

104.17.67.55

200 OK

24 kB

URL GET HTTP/3
dhlmvp.webauthor.com/lib/com/tippy/tippy-bundle.umd.min.js
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (23467), with no line terminators
Size
24 kB (23467 bytes)
Hash
4134b26303b80c32a68dea0a04e67853
0b1cbeae4aee1af8bbbcc801f64999aaf18528be
ff0ad3778325a082260ff1e327c66bcc613e166877c045a4474a65e587e5ca4d

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /lib/com/tippy/tippy-bundle.umd.min.js HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: application/javascript
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-headers: accept, content-type, X-Requested-With
last-modified: Tue, 28 Jul 2020 17:49:23 GMT
etag: W/"5bab-5ab840f394ec0-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 0
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e317f33b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/theme/xm-3/js/footer.js

104.17.67.55

200 OK

1.0 kB

URL GET HTTP/3
dhlmvp.webauthor.com/lib/theme/xm-3/js/footer.js
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1113), with no line terminators
Size
1.0 kB (1016 bytes)
Hash
3cd06336d9c83d93b1b27419d6791b6f
4fded0feb8a7f0e141a8580d2c5cd849a4673bf5
1629653c123cdce0f46b6f64293c49ef619cd9a9fab608dc2cff1c27909c6ee0

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /lib/theme/xm-3/js/footer.js HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: application/javascript
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-headers: accept, content-type, X-Requested-With
last-modified: Sat, 25 Feb 2023 17:03:54 GMT
etag: W/"3f8-5f5893b135280-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: MISS
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e319f4eb4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ajax.googleapis.com/ajax/libs/webfont/1/webfont.js

142.250.74.138

200 OK

13 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/webfont/1/webfont.js
IP
142.250.74.138:443
ASN
#15169 GOOGLE

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint3F:94:23:08:F7:DB:8B:36:93:90:93:F4:9E:46:A6:6A:93:75:15:C0
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
ASCII text, with very long lines (2134)
Size
13 kB (13188 bytes)
Hash
7c96a5f11d9741541d5e3c42ff6380d7
d3fa2564c021cf730e58ffddb138cf6b57ed126e
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

HTTP Headers

GET /ajax/libs/webfont/1/webfont.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 5437
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 30 May 2023 16:30:37 GMT
expires: Wed, 29 May 2024 16:30:37 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 543349
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

dhlmvp.webauthor.com/lib/theme/xm-3/css/bootstrap-extended.css?ver=20181109-a

104.17.67.55

200 OK

121 kB

URL GET HTTP/3
dhlmvp.webauthor.com/lib/theme/xm-3/css/bootstrap-extended.css?ver=20181109-a
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type

Size
121 kB (120699 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /lib/theme/xm-3/css/bootstrap-extended.css?ver=20181109-a HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: text/css
access-control-allow-headers: accept, content-type, X-Requested-With
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-origin: *
cf-bgj: minify
cf-polished: origSize=150422
etag: W/"24b96-57484e7472629-gzip"
last-modified: Tue, 28 Aug 2018 20:44:08 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 0
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e312ee8b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/theme/xm-3/polymer/bower_components/webcomponentsjs/webcomponents-lite.min.js

104.17.67.55

200 OK

40 kB

URL GET HTTP/3
dhlmvp.webauthor.com/lib/theme/xm-3/polymer/bower_components/webcomponentsjs/webcomponents-lite.min.js
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type

Size
40 kB (40547 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /lib/theme/xm-3/polymer/bower_components/webcomponentsjs/webcomponents-lite.min.js HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: application/javascript
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-headers: accept, content-type, X-Requested-With
last-modified: Wed, 05 Jul 2017 03:17:49 GMT
etag: W/"9e63-5538971e41caa-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 0
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e315f09b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/com/web-component/module.js?ver=20230111-F

104.17.67.55

200 OK

693 B

URL GET HTTP/3
dhlmvp.webauthor.com/lib/com/web-component/module.js?ver=20230111-F
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (777), with no line terminators
Size
693 B (693 bytes)
Hash
84e418cd2d1e7525712d0934e5a04f1c
1eb4bdec27b29118501c63b224bd333d6ec67a94
a2a8f8ac9a8e5841d05b226dfc54f64dcc4aa2300e0690bf48dd19229f3d3b2b

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /lib/com/web-component/module.js?ver=20230111-F HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: application/javascript
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-headers: accept, content-type, X-Requested-With
last-modified: Wed, 11 Jan 2023 05:29:58 GMT
etag: W/"2b5-5f1f64a848180-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 0
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e315f14b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/com/fontawesome/6.1.2/webfonts/fa-solid-900.woff2

104.17.67.55

200 OK

331 kB

URL GET HTTP/3
dhlmvp.webauthor.com/lib/com/fontawesome/6.1.2/webfonts/fa-solid-900.woff2
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 330908, version 769.1280\012- data
Size
331 kB (330908 bytes)
Hash
42195a0dac2e817c29aaf70af8c8be00
1cefda2483c5e09657ac728f1e22c90e6623c4c7
417c616e19d66e8bccb08ec8c47415c7f815453580e13ee9c58eb56f9ff6eccf

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /lib/com/fontawesome/6.1.2/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/lib/com/fontawesome/6.1.2/css/all.min.css?ver=20220818-A
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:26 GMT
content-length: 330908
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-headers: accept, content-type, X-Requested-With
last-modified: Mon, 25 Jul 2022 18:21:37 GMT
etag: "50c9c-5e4a541216e40"
access-control-allow-origin: *
cf-cache-status: MISS
expires: Tue, 04 Jun 2024 23:26:26 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e367ab1b4f1-OSL
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/theme/xm-3/js/jquery.main.js?ver=20230513-A

104.17.67.55

200 OK

112 kB

URL GET HTTP/3
dhlmvp.webauthor.com/lib/theme/xm-3/js/jquery.main.js?ver=20230513-A
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (2777)
Size
112 kB (111562 bytes)
Hash
4bb58b3344ac7629dc2d7a5c4c7ff8b8
6ed6f8f31d0fb4f7eaff3eac9b872c892d5e9331
a8a92a9317ea725c1735d76ed593f952a992fb5c16bd81a4e2f270167d51dd9d

HTTP Headers

GET /lib/theme/xm-3/js/jquery.main.js?ver=20230513-A HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: application/javascript
access-control-allow-headers: accept, content-type, X-Requested-With
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-origin: *
cf-bgj: minify
cf-polished: origSize=140470
etag: W/"224b6-5fb9aaeb22880-gzip"
last-modified: Sat, 13 May 2023 22:24:18 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 0
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e315f0fb4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/jquery/sticky.js

104.17.67.55

200 OK

3.3 kB

URL GET HTTP/3
dhlmvp.webauthor.com/lib/jquery/sticky.js
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (3937), with no line terminators
Size
3.3 kB (3316 bytes)
Hash
3e5497230c3313df49af2129149502b6
d743e166fd2a606e769b0ed2a6c55b0e545a74f7
9e2aa9095c9be083e07da8ac9c52b0ccf457963271a9c434c4f07c98e5951fc0

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /lib/jquery/sticky.js HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: application/javascript
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-headers: accept, content-type, X-Requested-With
last-modified: Fri, 16 Nov 2018 19:35:04 GMT
etag: W/"cf4-57acd439ccaf9-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 0
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e316f1ab4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/bootstrap/bootbox-3.3.0.min.js?ver=20181031-a

104.17.67.55

200 OK

6.2 kB

URL GET HTTP/3
dhlmvp.webauthor.com/lib/bootstrap/bootbox-3.3.0.min.js?ver=20181031-a
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (6464), with no line terminators
Size
6.2 kB (6192 bytes)
Hash
a222be5c5fd1df592944ab9b38081440
ff4f8b8b4ec7f32d856ee733a5022f9064b987bf
fa2c845695570e53815fe52dcb3471881e91a2cb2176491af80a2b6882e43600

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /lib/bootstrap/bootbox-3.3.0.min.js?ver=20181031-a HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: application/javascript
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-headers: accept, content-type, X-Requested-With
last-modified: Fri, 29 Apr 2016 13:15:15 GMT
etag: W/"1830-5319f6efa1ec0-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 0
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e317f2db4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true

104.17.67.55

200 OK

27 kB

URL User Request GET HTTP/3
dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (8180), with CRLF, LF line terminators
Size
27 kB (27396 bytes)
Hash
7f41ad097ffdc4c62157f4cc181b6e3c
c39bfebda53b1356c6fecf1f5a6092544588308f
8b6f2962ca3113e705392390a96155a6e76201af542a987abbe6f6755fc4522c

HTTP Headers

GET /auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/modules/portal/default.cfm
Cookie: AWSALB=3jNc3MhlRdczdcv7EOQOS2I30JMunDLAQDVSCCmWBAR5kAK3ZE+C+syirGoEgwomTcUVN8RH0MGeT61tppGmcF+Ic5i3eXgZ0DzyLUzRudK7fNIvuZUT49Vkmgk8; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: text/html;charset=UTF-8
set-cookie: AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=; Expires=Mon, 12 Jun 2023 23:26:25 GMT; Path=/
AWSALBTGCORS=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=; Expires=Mon, 12 Jun 2023 23:26:25 GMT; Path=/; SameSite=None
AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; Expires=Mon, 12 Jun 2023 23:26:25 GMT; Path=/
AWSALBCORS=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; Expires=Mon, 12 Jun 2023 23:26:25 GMT; Path=/; SameSite=None
xmserver=LX%2D135%2D225; Path=/coldfusion; Secure; HttpOnly; SameSite=Lax;Secure;SameSite=None
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS, GET, HEAD, PUT, POST, ACCEPT, OPTIONS
access-control-allow-headers: accept, content-type, X-Requested-With, Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: *
access-control-allow-credentials: true
x-served-by: LX-135-225
content-language: en-US
link: </lib/com/fontawesome/6.1.2/css/all.min.css?ver=20220818-A>;rel="preload";as="style",</lib/com/fontawesome/6.1.2/css/v4-shims.min.css?ver=20220818-A>;rel="preload";as="style",</lib/com/fontawesome/6.1.2/css/v4-shims.min.css?ver=20220818-A>;rel="preload";as="style",</lib/theme/xm-3/css/pre-bootstrap.css?ver=20181109-a>;rel="preload";as="style",</lib/theme/xm-3/css/pre-bootstrap.css?ver=20181109-a>;rel="preload";as="style",</lib/theme/xm-3/css/bootstrap-extended.css?ver=20181109-a>;rel="preload";as="style",</lib/theme/xm-3/css/bootstrap-extended.css?ver=20181109-a>;rel="preload";as="style",</lib/jquery/jquery-ui-bootstrap/css/custom-theme/jquery-ui-1.10.0.custom.css>;rel="preload";as="style",</lib/jquery/jquery-ui-bootstrap/css/custom-theme/jquery-ui-1.10.0.custom.css>;rel="preload";as="style",</lib/theme/xm-3/css/main.css?ver=20230501-A>;rel="preload";as="style",</lib/theme/xm-3/css/main.css?ver=20230501-A>;rel="preload";as="style",</lib/theme/xm-3/css/dark-mode.css?ver=20221014-A>;rel="preload";as="style",</lib/theme/xm-3/css/dark-mode.css?ver=20221014-A>;rel="preload";as="style",</lib/theme/xm-3/polymer/bower_components/webcomponentsjs/webcomponents-lite.min.js>;rel="preload";as="script",</lib/theme/xm-3/polymer/bower_components/webcomponentsjs/webcomponents-lite.min.js>;rel="preload";as="script",</lib/jquery/jquery-3.5.1.min.js>;rel="preload";as="script",</lib/jquery/jquery-3.5.1.min.js>;rel="preload";as="script",</lib/com/jquery-ui/jquery-ui.min.js>;rel="preload";as="script",</lib/com/jquery-ui/jquery-ui.min.js>;rel="preload";as="script",</lib/com/moment/moment.js>;rel="preload";as="script",</lib/com/moment/moment.js>;rel="preload";as="script",</lib/bootstrap/js/bootstrap-3.4.1.js>;rel="preload";as="script",</lib/bootstrap/js/bootstrap-3.4.1.js>;rel="preload";as="script",</lib/theme/xm-3/js/jquery.main.js?ver=20230513-A>;rel="preload";as="script",</lib/theme/xm-3/js/jquery.main.js?ver=20230513-A>;rel="preload";as="script",</lib/tag/xm/inc/xm.2.0.js?ver=20230605-A>;rel="preload";as="script",</lib/tag/xm/inc/xm.2.0.js?ver=20230605-A>;rel="preload";as="script",</lib/com/web-component/module.js?ver=20230111-F>;rel="preload";as="script",</lib/com/web-component/module.js?ver=20230111-F>;rel="preload";as="script",</lib/com/toggle/css/switcher.css?ver=20220322-A>;rel="preload";as="style",</lib/com/toggle/js/jquery.switcher.webauthor.js?ver=20221122-C>;rel="preload";as="script",</lib/com/toggle/js/jquery.switcher.webauthor.js?ver=20221122-C>;rel="preload";as="script",</lib/theme/xm-3/css/login.css?ver=20200527-a>;rel="preload";as="style",</lib/theme/xm-3/css/login.css?ver=20200527-a>;rel="preload";as="style",</lib/jquery/sticky.css>;rel="preload";as="style",</lib/jquery/sticky.css>;rel="preload";as="style",</lib/jquery/sticky.js>;rel="preload";as="script",</lib/jquery/sticky.js>;rel="preload";as="script",</lib/jquery/jquery.toast.min.css>;rel="preload";as="style",</lib/jquery/jquery.toast.min.css>;rel="preload";as="style",</lib/jquery/jquery.toast.min.js>;rel="preload";as="script",</lib/jquery/jquery.toast.min.js>;rel="preload";as="script",</lib/bootstrap/js/bootstrap.xm.min.js?ver=20181031-a>;rel="preload";as="script",</lib/bootstrap/js/bootstrap.xm.min.js?ver=20181031-a>;rel="preload";as="script",</lib/bootstrap/bootbox-3.3.0.min.js?ver=20181031-a>;rel="preload";as="script",</lib/bootstrap/bootbox-3.3.0.min.js?ver=20181031-a>;rel="preload";as="script",</lib/bootstrap/js/bootstrapx-clickover.js?ver=20181031-a>;rel="preload";as="script",</lib/bootstrap/js/bootstrapx-clickover.js?ver=20181031-a>;rel="preload";as="script",</lib/js/store.modern.min.js>;rel="preload";as="script",</lib/js/store.modern.min.js>;rel="preload";as="script",</lib/com/popper/popper.min.js>;rel="preload";as="script",</lib/com/popper/popper.min.js>;rel="preload";as="script",</lib/com/tippy/tippy-bundle.umd.min.js>;rel="preload";as="script",</lib/com/tippy/tippy-bundle.umd.min.js>;rel="preload";as="script",</lib/js/emodal.min.js>;rel="preload";as="script",</lib/js/emodal.min.js>;rel="preload";as="script",</lib/com/fancybox/jquery.fancybox.min.css>;rel="preload";as="style",</lib/com/fancybox/jquery.fancybox.min.css>;rel="preload";as="style",</lib/com/fancybox/jquery.fancybox.min.js>;rel="preload";as="script",</lib/com/fancybox/jquery.fancybox.min.js>;rel="preload";as="script"
server-timing: request;dur=19
vary: Accept-Encoding
cf-cache-status: DYNAMIC
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e2fcdeeb4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/com/toggle/css/switcher.css?ver=20220322-A

104.17.67.55

200 OK

921 B

URL GET HTTP/3
dhlmvp.webauthor.com/lib/com/toggle/css/switcher.css?ver=20220322-A
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (922), with no line terminators
Size
921 B (921 bytes)
Hash
08bd0408be3bded4a89919b6f6c53bab
6f08804bcc5b072ed3c4ff3a51061e051d973aab
90ff62cbe398baac0f9c26905a1d8bd3721fbf8e4acbff721c5e55c15ea9985e

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /lib/com/toggle/css/switcher.css?ver=20220322-A HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: text/css
access-control-allow-headers: accept, content-type, X-Requested-With
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-origin: *
cf-bgj: minify
cf-polished: origSize=1168
etag: W/"490-5dad164759200-gzip"
last-modified: Tue, 22 Mar 2022 16:49:12 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 0
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e315f16b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/com/popper/popper.min.js

104.17.67.55

200 OK

18 kB

URL GET HTTP/3
dhlmvp.webauthor.com/lib/com/popper/popper.min.js
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (17965)
Size
18 kB (18052 bytes)
Hash
f702faada54ed2da6a6829fc1ab55762
23736340a0a40c8ae976e9c7335ffa4ea8c49859
754b79cd9a82e7526c5614ebb0e249fb021df7c3c48e5c3c9ea1bdbf69255a3b

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /lib/com/popper/popper.min.js HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: application/javascript
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-headers: accept, content-type, X-Requested-With
last-modified: Tue, 28 Jul 2020 17:48:24 GMT
etag: W/"4684-5ab840bb50a00-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 0
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e317f32b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/com/fancybox/jquery.fancybox.min.css

104.17.67.55

200 OK

14 kB

URL GET HTTP/3
dhlmvp.webauthor.com/lib/com/fancybox/jquery.fancybox.min.css
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (13841), with no line terminators
Size
14 kB (13841 bytes)
Hash
0b8a5b13275298e7568eb7f0c40865d2
2e6a66987dbc7a57bbfd2655bce166739b4ba426
e72ac4dd95f7f11db42ea03fd4cbe1dca1c9586d47245e36aad66546d1864601

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /lib/com/fancybox/jquery.fancybox.min.css HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: text/css
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-headers: accept, content-type, X-Requested-With
last-modified: Tue, 28 Jul 2020 17:43:50 GMT
etag: W/"3611-5ab83fb602180-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 0
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e317f37b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/com/moment/moment.js

104.17.67.55

200 OK

98 kB

URL GET HTTP/3
dhlmvp.webauthor.com/lib/com/moment/moment.js
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
Algol 68 source text\012- Pascal source, ASCII text, with very long lines (1694)
Size
98 kB (97603 bytes)
Hash
083a95ff69983aa876faa422293bd927
873e0d44097de404aad72d7984db6723e6951441
fbc46737a3e71a42a1918126030d409933330fce0a151cac4de9155c2a832600

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /lib/com/moment/moment.js HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: application/javascript
access-control-allow-headers: accept, content-type, X-Requested-With
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-origin: *
cf-bgj: minify
cf-polished: origSize=173824
etag: W/"2a700-5aa3f3e27a380-gzip"
last-modified: Sun, 12 Jul 2020 14:18:06 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 0
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e315f0db4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/jquery/jquery.toast.min.css

104.17.67.55

200 OK

4.5 kB

URL GET HTTP/3
dhlmvp.webauthor.com/lib/jquery/jquery.toast.min.css
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (4508), with no line terminators
Size
4.5 kB (4508 bytes)
Hash
be8a6c1b1899c2ce48fdfb2d46784d30
b969813f6c8fd9ca8d1c08250303212be28aa34d
5a896b35367d958d102f97f4fd08b5cb0dd11a70cb8a0d8754b624aec866ed8d

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /lib/jquery/jquery.toast.min.css HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: text/css
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-headers: accept, content-type, X-Requested-With
last-modified: Fri, 16 Nov 2018 19:34:42 GMT
etag: W/"119c-57acd4243b610-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 0
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e316f1db4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/jquery/jquery.toast.min.js

104.17.67.55

200 OK

6.3 kB

URL GET HTTP/3
dhlmvp.webauthor.com/lib/jquery/jquery.toast.min.js
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (6467), with no line terminators
Size
6.3 kB (6255 bytes)
Hash
e3d56b3c0a8da1912250dcf1dd43c0ec
d2aa49156f557cb5b160095f1147647dbd5034c4
79282339e6819154a474929df9e14f7de886230d647d0a9b3e1241db31f4226b

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /lib/jquery/jquery.toast.min.js HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: application/javascript
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-headers: accept, content-type, X-Requested-With
last-modified: Fri, 16 Nov 2018 19:34:42 GMT
etag: W/"186f-57acd42468ada-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 0
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e316f1fb4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/bootstrap/js/bootstrap.xm.min.js?ver=20181031-a

104.17.67.55

200 OK

25 kB

URL GET HTTP/3
dhlmvp.webauthor.com/lib/bootstrap/js/bootstrap.xm.min.js?ver=20181031-a
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (24756), with no line terminators
Size
25 kB (24756 bytes)
Hash
98c7074a68967c04075e5c1daf3c0255
746525d3c44dd9814ad0aad194e83889915f2ab7
b1017f3e200ee526d1737c6fdb32596b1647422fba1bbc244580f50581e30f50

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /lib/bootstrap/js/bootstrap.xm.min.js?ver=20181031-a HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: application/javascript
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-headers: accept, content-type, X-Requested-With
last-modified: Fri, 28 Apr 2023 19:07:58 GMT
etag: W/"60b4-5fa6a30eeff80-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 0
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e316f27b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/com/fancybox/jquery.fancybox.min.js

104.17.67.55

200 OK

68 kB

URL GET HTTP/3
dhlmvp.webauthor.com/lib/com/fancybox/jquery.fancybox.min.js
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type

Size
68 kB (67881 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /lib/com/fancybox/jquery.fancybox.min.js HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: application/javascript
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-headers: accept, content-type, X-Requested-With
last-modified: Tue, 28 Jul 2020 17:43:23 GMT
etag: W/"10929-5ab83f9c424c0-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 0
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e318f3bb4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/theme/xm-3/css/dark-mode.css?ver=20221014-A

104.17.67.55

200 OK

8.8 kB

URL GET HTTP/3
dhlmvp.webauthor.com/lib/theme/xm-3/css/dark-mode.css?ver=20221014-A
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (8845), with no line terminators
Size
8.8 kB (8845 bytes)
Hash
0763cbd5f18526dc466eac3362ff6a87
575869c5d072df8841d773c04cf3b8806f41dcc2
3709d66e7ce0776e6fa9c0dac9abcedfe06d080b6b02559ad8d1d0c37d379548

HTTP Headers

GET /lib/theme/xm-3/css/dark-mode.css?ver=20221014-A HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: text/css
access-control-allow-headers: accept, content-type, X-Requested-With
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-origin: *
cf-bgj: minify
cf-polished: origSize=11896
etag: W/"2e78-5eb0525acd1c0-gzip"
last-modified: Fri, 14 Oct 2022 21:17:03 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 0
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e315f08b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/jquery/sticky.css

104.17.67.55

200 OK

1.4 kB

URL GET HTTP/3
dhlmvp.webauthor.com/lib/jquery/sticky.css
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1372), with no line terminators
Size
1.4 kB (1369 bytes)
Hash
9b0f965c9f501e84eb964ac047d143c4
1d69772e408b957c7c4d6e147a565ba5b9f6be8b
7e4ca6fc4bafcdc2e805dfe7bbb58eb4193f1dc5e568bd6a0426256ebadd5cde

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /lib/jquery/sticky.css HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: text/css
access-control-allow-headers: accept, content-type, X-Requested-With
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-origin: *
cf-bgj: minify
cf-polished: origSize=1448
etag: W/"5a8-57acd439a7bb8-gzip"
last-modified: Fri, 16 Nov 2018 19:35:04 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 0
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e316f19b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/theme/xm-3/css/main.css?ver=20230501-A

104.17.67.55

200 OK

137 kB

URL GET HTTP/3
dhlmvp.webauthor.com/lib/theme/xm-3/css/main.css?ver=20230501-A
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type

Size
137 kB (137277 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /lib/theme/xm-3/css/main.css?ver=20230501-A HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: text/css
access-control-allow-headers: accept, content-type, X-Requested-With
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-origin: *
cf-bgj: minify
cf-polished: origSize=188619
etag: W/"2e0cb-5faa7b5f889c0-gzip"
last-modified: Mon, 01 May 2023 20:31:43 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 0
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e314f07b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/com/toggle/js/jquery.switcher.webauthor.js?ver=20221122-C

104.17.67.55

200 OK

1.3 kB

URL GET HTTP/3
dhlmvp.webauthor.com/lib/com/toggle/js/jquery.switcher.webauthor.js?ver=20221122-C
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1316), with no line terminators
Size
1.3 kB (1303 bytes)
Hash
8f9e9dcc5572342ec6cdb0ed2dafa3d3
f566165c3978ad7ed03d694381249ca4ff3d6022
da6d75e9028acb78bad5b850ab285677357f8b10fcc93b0d46fbf84871dadac5

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /lib/com/toggle/js/jquery.switcher.webauthor.js?ver=20221122-C HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: application/javascript
access-control-allow-headers: accept, content-type, X-Requested-With
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-origin: *
cf-bgj: minify
cf-polished: origSize=1587
etag: W/"633-5ee13ac9839c0-gzip"
last-modified: Tue, 22 Nov 2022 18:52:31 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 0
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e316f17b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/js/emodal.min.js

104.17.67.55

200 OK

6.1 kB

URL GET HTTP/3
dhlmvp.webauthor.com/lib/js/emodal.min.js
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (6150), with no line terminators
Size
6.1 kB (6116 bytes)
Hash
913b4e723a620f01e746aea1a3ebe525
613539b222ce1263ef3af4b44af89678e56ac985
e222eded09b409d352394d62db581df6acdcbd64a58f4cff78163dd70fe6d3cb

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /lib/js/emodal.min.js HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: application/javascript
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-headers: accept, content-type, X-Requested-With
last-modified: Mon, 31 Aug 2020 15:45:13 GMT
etag: W/"17e4-5ae2e49c61440-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 0
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e317f35b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/tag/xm/inc/xm.2.0.js?ver=20230605-A

104.17.67.55

200 OK

84 kB

URL GET HTTP/3
dhlmvp.webauthor.com/lib/tag/xm/inc/xm.2.0.js?ver=20230605-A
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (3355), with CRLF, LF line terminators
Size
84 kB (84369 bytes)
Hash
8420469aaa05df9cce10ffe3a498bae9
7573bd8f8c48b365de4fc03d30f48762980205ef
9702dfb894da86c91714a2221f04d33dd433a9c51231463bf855e3cac5778c93

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /lib/tag/xm/inc/xm.2.0.js?ver=20230605-A HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: application/javascript
access-control-allow-headers: accept, content-type, X-Requested-With
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-origin: *
cf-bgj: minify
cf-polished: origSize=103896
etag: W/"195d8-5fd63a686e040-gzip"
last-modified: Mon, 05 Jun 2023 15:35:21 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 0
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e315f12b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/js/store.modern.min.js

104.17.67.55

200 OK

7.4 kB

URL GET HTTP/3
dhlmvp.webauthor.com/lib/js/store.modern.min.js
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (7577), with no line terminators
Size
7.4 kB (7383 bytes)
Hash
91e1009bffcfa54623d032a5f5e88382
01c372c69efe0fb38e3ca77104aa1a1b97be703c
e3b001df984a7bd2777b2ea3f73eb3b6ee2159ca9129d13f8b785bf929e8cfeb

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /lib/js/store.modern.min.js HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: application/javascript
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-headers: accept, content-type, X-Requested-With
last-modified: Wed, 30 May 2018 23:28:07 GMT
etag: W/"1cd7-56d74b40b0871-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 0
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e317f2fb4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/com/auth/sign-in.js

104.17.67.55

200 OK

1.4 kB

URL GET HTTP/3
dhlmvp.webauthor.com/lib/com/auth/sign-in.js
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1547), with no line terminators
Size
1.4 kB (1375 bytes)
Hash
ed57dc94a067fb16b96cd74318e91973
740ea9480844f5c9b5a39f54345105635f8dfca5
7e82649e6cdd59a59a88ae46c58d1fb696069458f01bc907ec80bd83ddafb234

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /lib/com/auth/sign-in.js HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: application/javascript
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-headers: accept, content-type, X-Requested-With
last-modified: Tue, 07 Sep 2021 13:52:56 GMT
etag: W/"55f-5cb68152f1e00-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: MISS
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e318f41b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/com/fontawesome/6.1.2/css/all.min.css?ver=20220818-A

104.17.67.55

200 OK

500 kB

URL GET HTTP/3
dhlmvp.webauthor.com/lib/com/fontawesome/6.1.2/css/all.min.css?ver=20220818-A
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65360)
Size
500 kB (500427 bytes)
Hash
ea04e273b26464f6ba72750188d6820e
100fb48714f9d095cae542668ae1fadb723c9ef5
2933c96098c15766caede229c9b8d9c97c99e710e8a3c366a73f437aeeb2db90

HTTP Headers

GET /lib/com/fontawesome/6.1.2/css/all.min.css?ver=20220818-A HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: text/css
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-headers: accept, content-type, X-Requested-With
last-modified: Mon, 25 Jul 2022 18:21:36 GMT
etag: W/"7a2cb-5e4a541122c00-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 0
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e311edeb4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/jquery/jquery-3.5.1.min.js

104.17.67.55

200 OK

90 kB

URL GET HTTP/3
dhlmvp.webauthor.com/lib/jquery/jquery-3.5.1.min.js
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65451)
Size
90 kB (89476 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /lib/jquery/jquery-3.5.1.min.js HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:26 GMT
content-type: application/javascript
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-headers: accept, content-type, X-Requested-With
last-modified: Sun, 12 Jul 2020 15:42:40 GMT
etag: W/"15d84-5aa406c96bc00-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 1
expires: Tue, 04 Jun 2024 23:26:26 GMT
cache-control: public, max-age=31536000
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e315f0bb4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/bootstrap/js/bootstrap-3.4.1.js

104.17.67.55

200 OK

51 kB

URL GET HTTP/3
dhlmvp.webauthor.com/lib/bootstrap/js/bootstrap-3.4.1.js
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (444)
Size
51 kB (51241 bytes)
Hash
5b1b1ee1cc2f3b95318e0fde86b2ed5b
1aa2d56ceff2d2dc30933bf73b91518bdd893c80
c13d034eaf2fa73680d0abdbe02ac23b73e3128b5c7f0ee7018eb7b3fbe84a72

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /lib/bootstrap/js/bootstrap-3.4.1.js HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: application/javascript
access-control-allow-headers: accept, content-type, X-Requested-With
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-origin: *
cf-bgj: minify
cf-polished: origSize=75484
etag: W/"126dc-5aa6ba10168c0-gzip"
last-modified: Tue, 14 Jul 2020 19:15:23 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 0
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e315f0eb4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dhlmvp.webauthor.com/lib/com/tippy/material.css

104.17.67.55

200 OK

619 B

URL GET HTTP/3
dhlmvp.webauthor.com/lib/com/tippy/material.css
IP
104.17.67.55:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerCloudflare, Inc.
Subjectwebauthor.com
FingerprintA4:3E:EF:AE:E1:6B:63:60:45:7D:67:56:2D:AC:8B:2B:84:9C:96:E1
ValiditySat, 01 Apr 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with very long lines (619), with no line terminators
Size
619 B (619 bytes)
Hash
30af13e4ae4f7ad799dd94ea4ec14dea
b735e87abcbea212a215c52910483ef53b9c82c4
688a7c06aa8fffecd1299b1a9412b047c16429e6b2f079da8f42081813898a87

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /lib/com/tippy/material.css HTTP/1.1
Host: dhlmvp.webauthor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Cookie: AWSALB=+SLTFPQAZVVLYuMqJuU8k0XWT4d3bBG5eFrQhY48iBjO35Ifk1iau1POfi1BDN0SbZZVbgaM+NaJ9R2LzDXmqrS5WbO0TM1xq+PIBIQv7X/+CAbdiyIXrB5AOSNK; CFID=28549; CFTOKEN=46a773a08f183bfd-8AD4EA66-B869-2F5B-E2D356762C26636E; JSESSIONID=9A638C53526F7572D0726B714E3B5F9C.cfusion; xm_start_page=%2Fmodules%2Fportal%2Fdefault%2Ecfm; AWSALBTG=VkjBo5F6vE2PPl1EHV4voEXZkLCwerIDqhkjiPwWBr70iWWr7LiEc1ICL7x2Zg2MfzHAL3OYNYL1QWeYuScbdIpTlHua+Y7iRnupGzhreYbPCelZ+3Ozpq/PMfefkaOedWKMcQJV5dsU5XtxMDKF40cT9C4mka1ZOSVi2YZGZjOnx6HHNNw=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 05 Jun 2023 23:26:25 GMT
content-type: text/css
access-control-allow-methods: GET, HEAD, POST, ACCEPT, OPTIONS
access-control-allow-headers: accept, content-type, X-Requested-With
last-modified: Thu, 16 Feb 2023 20:04:07 GMT
etag: W/"26b-5f4d6b3023bc0-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: MISS
expires: Tue, 04 Jun 2024 23:26:25 GMT
cache-control: public, max-age=31536000
strict-transport-security: max-age=0; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7d2c2e319f4db4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css?family=Nunito:300,400,600,700

142.250.74.138

200 OK

6.6 kB

URL GET HTTP/3
fonts.googleapis.com/css?family=Nunito:300,400,600,700
IP
142.250.74.138:443
ASN
#15169 GOOGLE

Requested by
https://dhlmvp.webauthor.com/auth.cfm?fs=NLI&nli=true&path=%2Fmodules%2Fportal%2Fdefault%2Ecfm&sign_in=true
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint3F:94:23:08:F7:DB:8B:36:93:90:93:F4:9E:46:A6:6A:93:75:15:C0
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
ASCII text, with very long lines (6776), with no line terminators
Size
6.6 kB (6616 bytes)
Hash
8e69c0b1c25629847bc004049e967f28
8737565c6c7a46e12e136aad58066e87beddff92
1a92588aa3116263fd15841b9210e6befd8bba6cf234aa3f884bbf7e0dec33ef

HTTP Headers

GET /css?family=Nunito:300,400,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhlmvp.webauthor.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 05 Jun 2023 23:26:26 GMT
date: Mon, 05 Jun 2023 23:26:26 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (34)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML