Overview

URLcmxmarketing.in/configKGQ/login-dhl/
IP 68.178.145.219 (United States)
ASN#26496 AS-26496-GO-DADDY-COM-LLC
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-12-06 02:00:58 UTC
StatusLoading report..
IDS alerts0
Blocklist alert4
urlquery alerts
17
Phishing - DHL
Tags None

Domain Summary (8)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
cmxmarketing.in (11) 0 2022-12-06 01:17:43 UTC 2022-12-06 01:17:43 UTC 68.178.145.219 Unknown ranking
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
r3.o.lencr.org (6) 344 No data No data 23.33.119.27
ocsp.digicert.com (2) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-12-05 04:09:09 UTC 34.102.187.140
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-12-05 04:09:48 UTC 34.117.237.239
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 34.208.31.97

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-12-06 2 cmxmarketing.in/configKGQ/login-dhl/ Phishing
2022-12-06 2 cmxmarketing.in/configKGQ/login-dhl/F004f19441/layout/js/style.js Phishing
2022-12-06 2 cmxmarketing.in/configKGQ/login-dhl/F004f19441/layout/img/lg.svg Phishing
2022-12-06 2 cmxmarketing.in/configKGQ/login-dhl/F004f19441/layout/img/ta3.svg Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 4 reports on IP: 68.178.145.219
Date UQ / IDS / BL URL IP
2022-12-06 05:25:29 +0000 0 - 0 - 1 cmxmarketing.in/ 68.178.145.219
2022-12-06 02:00:58 +0000 17 - 0 - 4 cmxmarketing.in/configKGQ/login-dhl/ 68.178.145.219
2022-12-05 22:45:36 +0000 0 - 0 - 3 desiluck.co/ 68.178.145.219
2022-09-14 09:36:16 +0000 0 - 0 - 2 shakyafarm.com/ 68.178.145.219


Last 5 reports on ASN: AS-26496-GO-DADDY-COM-LLC
Date UQ / IDS / BL URL IP
2023-02-08 09:38:07 +0000 0 - 0 - 2 happyk.com.au/TTAE.php?e=charts.zip 148.66.138.169
2023-02-08 09:00:16 +0000 0 - 0 - 11 jmj.pcs999.com/erp/document/img/homepage/port (...) 148.66.136.6
2023-02-08 08:38:39 +0000 14 - 0 - 3 gyangangachhindwara.com/wlqyv/fedex/step1.php (...) 68.178.226.55
2023-02-08 08:27:19 +0000 0 - 0 - 2 alheracollegeofedu.in/ezeh/microele.zip 148.72.212.143
2023-02-08 08:24:53 +0000 0 - 0 - 4 ecitocc.com/dnhe/reb/login.php 166.62.28.80


Last 2 reports on domain: cmxmarketing.in
Date UQ / IDS / BL URL IP
2022-12-06 05:25:29 +0000 0 - 0 - 1 cmxmarketing.in/ 68.178.145.219
2022-12-06 02:00:58 +0000 17 - 0 - 4 cmxmarketing.in/configKGQ/login-dhl/ 68.178.145.219


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2023-01-29 03:29:17 +0000 11 - 0 - 11 csabecas.do/dhlen/a1b2c3/d331bd998b8311851e49 (...) 209.133.218.203
2023-01-18 15:35:40 +0000 16 - 0 - 13 www.huntourage.com/1len/a1b2c3/0b9e3f8afa7c7b (...) 212.7.211.143
2023-01-18 12:55:18 +0000 16 - 0 - 13 huntourage.com/1len/a1b2c3/eddb542f99bf4d5888 (...) 212.7.211.143
2023-01-18 12:55:17 +0000 16 - 0 - 13 huntourage.com/1len/a1b2c3/0b9e3f8afa7c7bf454 (...) 212.7.211.143
2023-01-18 11:45:33 +0000 15 - 0 - 12 huntourage.com/1len/a1b2c3/eddb542f99bf4d5888 (...) 212.7.211.143

JavaScript

Executed Scripts (1)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (30)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9883
Expires: Tue, 06 Dec 2022 04:45:30 GMT
Date: Tue, 06 Dec 2022 02:00:47 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1726
Cache-Control: max-age=118758
Date: Tue, 06 Dec 2022 02:00:47 GMT
Etag: "638dc877-1d7"
Expires: Wed, 07 Dec 2022 11:00:05 GMT
Last-Modified: Mon, 05 Dec 2022 10:31:19 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3701
Expires: Tue, 06 Dec 2022 03:02:28 GMT
Date: Tue, 06 Dec 2022 02:00:47 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 06 Dec 2022 01:20:20 GMT
cache-control: public,max-age=3600
age: 2427
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    14cd9a0afb6ba9a763651d5112760d1e
Sha1:   75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
Sha256: 4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: sPT9HDa1ZBoUCBR6he3jtvRfa+hXA7jykq9jvPWyWR5CiAro9FivKTkPHRH2GkJ1usM/BC0mE/s=
x-amz-request-id: KS84VF9ZAJYWMBGA
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 06 Dec 2022 01:48:44 GMT
age: 723
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    53341dea33f4f3d9b4966f80589f429a
Sha1:   20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
Sha256: 651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Tue, 06 Dec 2022 02:00:47 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 06 Dec 2022 01:08:58 GMT
cache-control: public,max-age=3600
age: 3109
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1704
Cache-Control: 'max-age=158059'
Date: Tue, 06 Dec 2022 02:00:47 GMT
Last-Modified: Tue, 06 Dec 2022 01:32:23 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: HPaZq8Yn6ts38t3UDQ7ZDg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         34.208.31.97
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: UcPUTPCajO9MPdRe5uTwtYiMH/A=

                                        
                                            GET /configKGQ/login-dhl/ HTTP/1.1 
Host: cmxmarketing.in
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         68.178.145.219
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset-UTF-8;charset=UTF-8
                                        
Date: Tue, 06 Dec 2022 02:00:47 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=52b900e216da0d969de13601f86bc6f8; path=/
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Location: ./F004f19441/index.php?valid=true&id=44460233
Vary: Accept-Encoding
Content-Encoding: gzip
X-UA-Compatible: IE=edge
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
Content-Length: 168
Keep-Alive: timeout=5


--- Additional Info ---
Magic:  ASCII text, with CRLF, LF line terminators
Size:   168
Md5:    2e231b6bc8abf4d8a45d580d85b809a4
Sha1:   f036eb48077b97c744970fe7484ff09d826459d7
Sha256: da614e80a5c6fea95b158096b4583cd3ab4dee9a93d0e395ce861c73bbf209a3

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /configKGQ/login-dhl/F004f19441/index.php?valid=true&id=44460233 HTTP/1.1 
Host: cmxmarketing.in
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: PHPSESSID=52b900e216da0d969de13601f86bc6f8
Upgrade-Insecure-Requests: 1

search
                                         68.178.145.219
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset-UTF-8;charset=UTF-8
                                        
Date: Tue, 06 Dec 2022 02:00:48 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: ./00951124a.php?web=succes&local=_&id=23450639
Vary: Accept-Encoding
Content-Encoding: gzip
X-UA-Compatible: IE=edge
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
Content-Length: 311
Keep-Alive: timeout=5
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size:   311
Md5:    fc5ab0eeeaca75ce05f7417cd03db19d
Sha1:   415fbd71a4103915f909e01563f7d7d682f640b4
Sha256: 7c5b5c5ac96d9d4c1fe6e8ed4114a9648df1e3b6e826d6be9749ecf052618b7e

Alerts:
  urlquery:
    - Phishing - DHL
    - Phishing - DHL
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7908
Expires: Tue, 06 Dec 2022 04:12:37 GMT
Date: Tue, 06 Dec 2022 02:00:49 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7908
Expires: Tue, 06 Dec 2022 04:12:37 GMT
Date: Tue, 06 Dec 2022 02:00:49 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7908
Expires: Tue, 06 Dec 2022 04:12:37 GMT
Date: Tue, 06 Dec 2022 02:00:49 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7908
Expires: Tue, 06 Dec 2022 04:12:37 GMT
Date: Tue, 06 Dec 2022 02:00:49 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F01b6b798-4c76-47d4-ae22-c8967b0f2c5c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8997
x-amzn-requestid: 54d7ed8c-119c-4583-929c-fd053524814c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csT_8F78IAMFY6Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e66cc-3d9816725e7e0b1b3404bc4a;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:46:52 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 6nXJg548cHz0REe43NepPeMmnFBAiWO_Fwy2PCKbco4XhNZnBs0Jhw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:46:52 GMT
etag: "5c54b4ca3db1c975b3ad7f780f0ebdc867fc2ef4"
age: 15237
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8997
Md5:    9fda84db003d0cfc70d73dcb6a3763dd
Sha1:   5c54b4ca3db1c975b3ad7f780f0ebdc867fc2ef4
Sha256: f00aa6b88dd85164d8f6ee685937a3ca8039b98b442a2e6aede1c4c421b4fc4c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc696fe00-4af0-41c0-a10e-ba5dcc55c22b.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6920
x-amzn-requestid: 05ec2698-a5ee-4046-be77-0036755f2946
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSwaEd-IAMF_-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64cf-783b236b79b1e9ba22098cb2;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:23 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GgMHlvU3WIDYMF9fmZAajw_Y3zmPm2zojn7FTqgqtBj7e4qeu8Uokg==
via: 1.1 d0387b833e3ca8cb748a1296b4b4bf2a.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:05:53 GMT
age: 14096
etag: "b76ea6ae9df756f131ec16b01cdc7ab19b2d01be"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6920
Md5:    f4193f05dfd1de8bf795f433d4387243
Sha1:   b76ea6ae9df756f131ec16b01cdc7ab19b2d01be
Sha256: b56231f3c788519751528b849a442d5c7ed828ea4ce3321fd629ca27440ea6e3
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa99f7bcf-386e-4655-b6f0-99abdf67f097.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8469
x-amzn-requestid: c17eff92-da62-4f0f-9e75-2741012ec43a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_sqFSjoAMFQ6w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d131d-61d61d2f0bb01ecb21b809ea;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:33 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: i6QasBBRK9APW19sH0DdOipvUJA3gWj0CAMTzt7ejRCOk_V2psz-Xw==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:45:47 GMT
age: 15302
etag: "ff254a1df087d2c157d88a6ef04e395dc49efe5e"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8469
Md5:    2f60a6490f38a772dcd50a1132e98e1b
Sha1:   ff254a1df087d2c157d88a6ef04e395dc49efe5e
Sha256: 653e40becd103cd76cc2f194a87e933e8c548d346f87520fefca3b16430fc4ab
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F42536ef2-6e40-4541-ac60-0ff74058daa7.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 15732
x-amzn-requestid: 7467ddb0-b9f9-47e9-ac31-c7599fe45698
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csVIIESBIAMFU6w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e689a-79e3f8b66e1cf72f3283ac5b;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:54:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3seQ7H4qrlKKpuIWUobiey92ZMkB4jWqd5v6T6379g0V0y6XdVFvWQ==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:22:21 GMT
age: 13108
etag: "67a09d8cd23ed444667b225f7fbf4bb17b9f42dd"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   15732
Md5:    b5e953213b7b13b8ee202406147fac52
Sha1:   67a09d8cd23ed444667b225f7fbf4bb17b9f42dd
Sha256: cf6b2502f0a992148f9401c16a329cae5a6c21fb81f03131f3e69c58bc608110
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F273773ed-3135-47d7-b4ff-5e390a90fecf.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5273
x-amzn-requestid: 5ab71aaf-6757-46dc-86fc-0a866958d22f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSz2EqfIAMFqng=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64e5-15ae9d330e005f547161b4df;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xcEI729NEfORs3fT_fHi-BkyqA1sHl0dA6fAGd9hYkJNePUlM4vKQg==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:05:52 GMT
age: 14097
etag: "bde85bd98858e4b13484a9cc3263b4db7fb5d348"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5273
Md5:    49c08cd33e41826af9dd4a8a912e0ddf
Sha1:   bde85bd98858e4b13484a9cc3263b4db7fb5d348
Sha256: 43471e7b4da8e4e58b842d05cb073ef150ff119eaa6890c86162f03a140459cf
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d735c66-8946-4145-a67f-e17dd48087bc.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11175
x-amzn-requestid: 9c93ddca-1247-44af-a364-e617f69ace26
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSzYEnEoAMFa2A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64e2-7d38ea383725901524bc2ca0;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: jqWuNfsDgPOsqxlX2HGJdhXm9GnGC-TBafSbSCrztICFgEwcyqc_iA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:22:22 GMT
age: 13107
etag: "0234fe32c84c4711f0619714f3ac6d3db1b717d3"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11175
Md5:    38b97436af942d5eb1111ca7043259a0
Sha1:   0234fe32c84c4711f0619714f3ac6d3db1b717d3
Sha256: a76a7721355abbaecd5c8cb5218e7e4626dc345eb26e7541c71bf4ceaa7ae5d8
                                        
                                            GET /configKGQ/login-dhl/F004f19441/00951124a.php?web=succes&local=_&id=23450639 HTTP/1.1 
Host: cmxmarketing.in
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: PHPSESSID=52b900e216da0d969de13601f86bc6f8
Upgrade-Insecure-Requests: 1

search
                                         68.178.145.219
HTTP/1.1 200 OK
Content-Type: text/html; charset-UTF-8;charset=UTF-8
                                        
Date: Tue, 06 Dec 2022 02:00:49 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip
X-UA-Compatible: IE=edge
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
Content-Length: 1231
Keep-Alive: timeout=5
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   1231
Md5:    9f71215c7e61a82e16595856e5d3de82
Sha1:   22401ebc626ee578b3f3c30602548cfaeac7a4ad
Sha256: 70104f5fcbfb77b807cd614ac47ad12e9a8e483e45425ed0e72f67a0ba970fd0
                                        
                                            GET /configKGQ/login-dhl/F004f19441/layout/js/style.js HTTP/1.1 
Host: cmxmarketing.in
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cmxmarketing.in/configKGQ/login-dhl/F004f19441/00951124a.php?web=succes&local=_&id=23450639
Cookie: PHPSESSID=52b900e216da0d969de13601f86bc6f8

search
                                         68.178.145.219
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Date: Tue, 06 Dec 2022 02:00:49 GMT
Server: Apache
Last-Modified: Mon, 12 Nov 2018 07:23:56 GMT
Accept-Ranges: bytes
Cache-Control: max-age=31536000, public
Expires: Wed, 06 Dec 2023 02:00:49 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
Content-Length: 34470
Keep-Alive: timeout=5
Connection: Keep-Alive


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (32033), with CRLF line terminators
Size:   34470
Md5:    8995f21d027fa848138b247cf8630710
Sha1:   83626a7aac97cacf16fb87ef5a1e69aa34109cd2
Sha256: 587e3972a76e297b8f8cdfe4e0f120dd76840ff3cdcd9ae79a2ad28ba9281588

Alerts:
  urlquery:
    - Phishing - DHL
    - Phishing - DHL
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /configKGQ/login-dhl/F004f19441/layout/css/style.css HTTP/1.1 
Host: cmxmarketing.in
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cmxmarketing.in/configKGQ/login-dhl/F004f19441/00951124a.php?web=succes&local=_&id=23450639
Cookie: PHPSESSID=52b900e216da0d969de13601f86bc6f8

search
                                         68.178.145.219
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
                                        
Date: Tue, 06 Dec 2022 02:00:49 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Wed, 01 Jan 2020 00:06:24 GMT
Accept-Ranges: bytes
Cache-Control: max-age=31536000, public
Expires: Wed, 06 Dec 2023 02:00:49 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
Keep-Alive: timeout=5
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  ASCII text, with very long lines (59853), with CRLF line terminators
Size:   73483
Md5:    b42f4ee4769c7d77ee00e4fb22279298
Sha1:   b8f7b6d4f1b1a0f4de9bcbc8af9da95f77356ab6
Sha256: 376b4a52cbe84d4ee673a425d4c19fb6ebedaab0bd93d71247b07025ed0c6394

Alerts:
  urlquery:
    - Phishing - DHL
    - Phishing - DHL
                                        
                                            GET /configKGQ/login-dhl/F004f19441/layout/img/lg.svg HTTP/1.1 
Host: cmxmarketing.in
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cmxmarketing.in/configKGQ/login-dhl/F004f19441/00951124a.php?web=succes&local=_&id=23450639
Cookie: PHPSESSID=52b900e216da0d969de13601f86bc6f8

search
                                         68.178.145.219
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Tue, 06 Dec 2022 02:00:50 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 15 Aug 2019 13:02:54 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000, public
Expires: Thu, 05 Jan 2023 02:00:50 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
Content-Length: 729
Keep-Alive: timeout=5


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document, ASCII text, with very long lines (2040), with no line terminators
Size:   729
Md5:    9cccd6be17d0f07106cb82bbf2f4e5d5
Sha1:   36edea421a0998700cb5e477c9d799db82f4b58c
Sha256: 47e4312df8c95c39415069608eea358cfcb6037c1ca20621b86fb39b5a906b76

Alerts:
  urlquery:
    - Phishing - DHL
    - Phishing - DHL
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /configKGQ/login-dhl/F004f19441/layout/img/pubr.gif HTTP/1.1 
Host: cmxmarketing.in
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cmxmarketing.in/configKGQ/login-dhl/F004f19441/00951124a.php?web=succes&local=_&id=23450639
Cookie: PHPSESSID=52b900e216da0d969de13601f86bc6f8

search
                                         68.178.145.219
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Tue, 06 Dec 2022 02:00:50 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 15 Aug 2019 17:49:30 GMT
Accept-Ranges: bytes
Content-Length: 8344
Cache-Control: max-age=2592000, public
Expires: Thu, 05 Jan 2023 02:00:50 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
Keep-Alive: timeout=5


--- Additional Info ---
Magic:  GIF image data, version 89a, 468 x 60\012- data
Size:   8344
Md5:    8f1cbb67f49a41df278431ef173c6269
Sha1:   d7147e8695b1c4abc80f08fefe36326b2de0cc15
Sha256: 38d38e7a9e31f364cf1238ed6efcad478b3d71b56a8070c7aeda136e7a09dfa6

Alerts:
  urlquery:
    - Phishing - DHL
    - Phishing - DHL
                                        
                                            GET /configKGQ/login-dhl/F004f19441/layout/img/pak.png HTTP/1.1 
Host: cmxmarketing.in
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cmxmarketing.in/configKGQ/login-dhl/F004f19441/00951124a.php?web=succes&local=_&id=23450639
Cookie: PHPSESSID=52b900e216da0d969de13601f86bc6f8

search
                                         68.178.145.219
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Tue, 06 Dec 2022 02:00:50 GMT
Server: Apache
Last-Modified: Thu, 15 Aug 2019 14:02:58 GMT
Accept-Ranges: bytes
Content-Length: 878
Cache-Control: max-age=2592000, public
Expires: Thu, 05 Jan 2023 02:00:50 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
Keep-Alive: timeout=5
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 57 x 58, 8-bit/color RGB, non-interlaced\012- data
Size:   878
Md5:    997a3db672059033a232bcc726aed047
Sha1:   8f67ab4067299aa29920295baa38417160a6d524
Sha256: 4057023fcfa4360934b1a1409a74a40ffbc2bb7dacd2bcc6f69d66a9673f09e8

Alerts:
  urlquery:
    - Phishing - DHL
    - Phishing - DHL
                                        
                                            GET /configKGQ/login-dhl/F004f19441/layout/img/ta3.svg HTTP/1.1 
Host: cmxmarketing.in
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cmxmarketing.in/configKGQ/login-dhl/F004f19441/00951124a.php?web=succes&local=_&id=23450639
Cookie: PHPSESSID=52b900e216da0d969de13601f86bc6f8

search
                                         68.178.145.219
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Tue, 06 Dec 2022 02:00:50 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 16 Aug 2019 10:27:30 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000, public
Expires: Thu, 05 Jan 2023 02:00:50 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
Content-Length: 1048
Keep-Alive: timeout=5


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1665)
Size:   1048
Md5:    1b7469dae7854cf013b22f128bae7a5b
Sha1:   3fbf298228c6d74ece72f3209f12b3c956c16b83
Sha256: 70ecb621992bb7019e4ba68aa43209144ae5fd5cec961c982bac5934ad147d4a

Alerts:
  urlquery:
    - Phishing - DHL
    - Phishing - DHL
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /configKGQ/login-dhl/F004f19441/layout/img/favicon.png HTTP/1.1 
Host: cmxmarketing.in
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cmxmarketing.in/configKGQ/login-dhl/F004f19441/00951124a.php?web=succes&local=_&id=23450639
Cookie: PHPSESSID=52b900e216da0d969de13601f86bc6f8

search
                                         68.178.145.219
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Tue, 06 Dec 2022 02:00:51 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1352
Keep-Alive: timeout=5
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (10820), with no line terminators
Size:   1352
Md5:    25516556a830b2c105f9c4a4767da2da
Sha1:   20047e936ce6f94db345fcf5d14d3de836be7421
Sha256: 218df96b982ec7562f0a234e12fbab699b6acf51fb4259db9f8b861f1c06f452
                                        
                                            GET /configKGQ/login-dhl/F004f19441/layout/img/pub.jpg HTTP/1.1 
Host: cmxmarketing.in
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cmxmarketing.in/configKGQ/login-dhl/F004f19441/00951124a.php?web=succes&local=_&id=23450639
Cookie: PHPSESSID=52b900e216da0d969de13601f86bc6f8

search
                                         68.178.145.219
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Tue, 06 Dec 2022 02:00:50 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 15 Aug 2019 13:59:14 GMT
Accept-Ranges: bytes
Content-Length: 82133
Cache-Control: max-age=2592000, public
Expires: Thu, 05 Jan 2023 02:00:50 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
Keep-Alive: timeout=5


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1024x150, components 3\012- data
Size:   82133
Md5:    5000355f5ce08e172610325f3f5ac5bc
Sha1:   381442803d0a67fa45def5d89d3ff49000e4a28d
Sha256: fd6d79b881550d2aced201e506cbd7dfacafc19c16db81a655ad06f2835819c5

Alerts:
  urlquery:
    - Phishing - DHL
    - Phishing - DHL