r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3366
Expires: Fri, 02 Dec 2022 05:04:11 GMT
Date: Fri, 02 Dec 2022 04:08:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13424
Expires: Fri, 02 Dec 2022 07:51:50 GMT
Date: Fri, 02 Dec 2022 04:08:06 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0c748388899e8a8d3680355da2ea5020
903c620cd137613daafb0da0508c37b2f4a67212
39eab80e022a9a1732872d9926b0ace80f818ec5c535e36a18b539ea63786fb2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 371
Cache-Control: max-age=109757
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 04:08:06 GMT
Etag: "63888270-1d7"
Expires: Sat, 03 Dec 2022 10:37:23 GMT
Last-Modified: Thu, 01 Dec 2022 10:31:12 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: grQo7pelQbUr/a6vMChgzENdYmks+sKW8rsTlrxfxrsxWHfS2Ri0MTIpytHh1xXhC76BLc2N5hc=
x-amz-request-id: 3Z3ZR0SACY57YW9Q
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 02 Dec 2022 03:46:33 GMT
age: 1293
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 02 Dec 2022 03:18:10 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2996
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 435e53c5672f93c05b8de3cde8c4d208
928040d0dff4ffdbca673cb10a9b5010872dc55f
67feb2bc785bc68fbb74c73c916fc76be4309e3a4a0bc2d1e5ec2bb508c14144
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "67FEB2BC785BC68FBB74C73C916FC76BE4309E3A4A0BC2D1E5EC2BB508C14144"
Last-Modified: Thu, 01 Dec 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21510
Expires: Fri, 02 Dec 2022 10:06:36 GMT
Date: Fri, 02 Dec 2022 04:08:06 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1f88399f3fdd89dbb9ca1229cb67143a
325c9dbfd932cf9a6fb9fab2dd8e27083f55a9a3
831ecd45dcd2d5ae2ae86cd63ea5e94ecd85281b7e51054af5df9a6386fb8d79
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 361
Cache-Control: max-age=104684
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 04:08:06 GMT
Etag: "63886ea9-1d7"
Expires: Sat, 03 Dec 2022 09:12:50 GMT
Last-Modified: Thu, 01 Dec 2022 09:06:49 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 02 Dec 2022 03:11:15 GMT
cache-control: public,max-age=3600
age: 3411
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.89.255.30101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.89.255.30:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: qitLPHsyuNo2EPsNJndsgQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: mTzamDdeuQBwWEZ2yWO+wd2WyDE=
kdmh.live/web/index_files/selector.js
192.151.157.182200 OK 1.5 kB URL HTTP/2 kdmh.live/web/index_files/selector.js
IP 192.151.157.182:0
Hash 24c4e9bd124c426ef648f8fc393b80aa
b913be987fa7b163cc2641b25b5ed961f0edbc45
1e624982f16024ae524c1b6cb6ce33049b65cc2c41d34ae11ba0e374c5a8e292
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/selector.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/lib/js/dob.js
192.151.157.182200 OK 843 B URL HTTP/2 kdmh.live/web/lib/js/dob.js
IP 192.151.157.182:0
Hash 0eefd8c8f87b373824526fdc46a5eb6a
2a4d0b7d7e4a1a8b03d37636613bc77a2bb30fe5
bb16689eb02242d6d95492122fe505fa3e1b1d9a0e9db9e0d5c6dce8d68f5a4e
Analyzer Verdict Alert fortinet Phishing
GET /web/lib/js/dob.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sun, 14 Feb 2021 02:45:12 GMT
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/img/VISA.png
192.151.157.182200 OK 2.6 kB URL HTTP/2 kdmh.live/web/img/VISA.png
IP 192.151.157.182:0
File type PNG image data, 76 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 725caa991a29101f5da78da2fc1e1e63
cf4f10dfd71289c43273496120b79ef01a437d19
ef844111dee838dc5c8d388a96108379b2c97ced776fc95b2fa32b28f7ef6bde
GET /web/img/VISA.png HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: image/png
content-length: 2600
last-modified: Sat, 10 Apr 2021 04:41:34 GMT
expires: Tue, 31 Jan 2023 04:08:06 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
accept-ranges: bytes
X-Firefox-Spdy: h2
kdmh.live/web/img/MasterCard.png
192.151.157.182200 OK 2.1 kB URL HTTP/2 kdmh.live/web/img/MasterCard.png
IP 192.151.157.182:0
File type PNG image data, 76 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash b2702b4b6944f05e00e7a9065c9d071b
a40d684e4e7e4cb085c37bd942874a3d60f719b5
8c4f22dc313ee84b9c84d4295b3593584159ab23c8a1f095b366aff8ca05f196
GET /web/img/MasterCard.png HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: image/png
content-length: 2077
last-modified: Sat, 10 Apr 2021 04:41:40 GMT
expires: Tue, 31 Jan 2023 04:08:06 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
accept-ranges: bytes
X-Firefox-Spdy: h2
kdmh.live/web/img/AmEx.png
192.151.157.182200 OK 1.3 kB URL HTTP/2 kdmh.live/web/img/AmEx.png
IP 192.151.157.182:0
File type PNG image data, 76 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 801b445314b9ff68a391c117d99619ed
7fa0bdd998a1edae990a6797cc023a304f05088d
be9293395bb536020f4052e431a51639c3c9256ddb3e16f2820f0ad90d43fb9e
GET /web/img/AmEx.png HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: image/png
content-length: 1261
last-modified: Sat, 10 Apr 2021 04:41:46 GMT
expires: Tue, 31 Jan 2023 04:08:06 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
accept-ranges: bytes
X-Firefox-Spdy: h2
kdmh.live/web/img/CVV_icon.png
192.151.157.182200 OK 4.6 kB URL HTTP/2 kdmh.live/web/img/CVV_icon.png
IP 192.151.157.182:0
File type PNG image data, 125 x 90, 8-bit/color RGBA, non-interlaced\012- data
Hash 6c1a7798f28815cbb8c4c8918e36080a
c475698985de9dbd65b56f389dce8eac58b4b000
107c0d3bba74e80c13517241c8c0dc093459f0c56a7f998eb53feaa0aa811200
GET /web/img/CVV_icon.png HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: image/png
content-length: 4637
last-modified: Sat, 10 Apr 2021 04:49:54 GMT
expires: Tue, 31 Jan 2023 04:08:06 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
accept-ranges: bytes
X-Firefox-Spdy: h2
kdmh.live/web/index_files/remove_screen_capture.png
192.151.157.182200 OK 857 B URL HTTP/2 kdmh.live/web/index_files/remove_screen_capture.png
IP 192.151.157.182:0
File type PNG image data, 128 x 128, 8-bit gray+alpha, non-interlaced\012- data
Hash e4387ea5cc65d51d08a60765f46cbbcb
f8314def36b28e99c28cda0f4369e4786bf18ca4
37f7e4cae3c3a409193078169c5731a142552e04ca3bbb19c85e87432ce58afb
GET /web/index_files/remove_screen_capture.png HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: image/png
content-length: 857
last-modified: Thu, 08 Apr 2021 04:06:16 GMT
expires: Tue, 31 Jan 2023 04:08:06 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
accept-ranges: bytes
X-Firefox-Spdy: h2
kdmh.live/web/index_files/building_preview.gif
192.151.157.182200 OK 12 kB URL HTTP/2 kdmh.live/web/index_files/building_preview.gif
IP 192.151.157.182:0
File type GIF image data, version 89a, 113 x 108\012- data
Hash 3c3ba37130de5fe15faf97c18908283e
c15b49cb09745a9939315132e18f2e40fa2ccf22
9096646da2177d5db92f79352509450582a376913bb5387557c1efd28d0c377b
GET /web/index_files/building_preview.gif HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: image/gif
content-length: 12336
last-modified: Thu, 08 Apr 2021 04:06:16 GMT
expires: Tue, 31 Jan 2023 04:08:06 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
accept-ranges: bytes
X-Firefox-Spdy: h2
kdmh.live/web/index_files/css
192.151.157.182200 OK 24 kB URL HTTP/2 kdmh.live/web/index_files/css
IP 192.151.157.182:0
Hash 71ab2d5dc2029112dffc9834eafcc599
5d3dc067095459a2ace31b10cc6cb343aca44577
7742176d36a9ea889f4db0a843e62f522ba690a8d514e91dd5aa09eccf7340ce
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-length: 24218
last-modified: Thu, 08 Apr 2021 04:06:10 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: EXPIRED
x-server-powered-by: Engintron
accept-ranges: bytes
X-Firefox-Spdy: h2
kdmh.live/web/lib/js/Acc_Carding.js
192.151.157.182200 OK 1.5 kB URL HTTP/2 kdmh.live/web/lib/js/Acc_Carding.js
IP 192.151.157.182:0
Hash f95133ba994fa2714c9066d66c74769d
eaf5b139848ad1c4af60f07feebb0664effd2c89
ea5af95d5d64c5ba4b891b4d43e437cc1a96de346144d1b2d8ded9c34de6a9d2
Analyzer Verdict Alert fortinet Phishing
GET /web/lib/js/Acc_Carding.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sat, 10 Apr 2021 12:20:26 GMT
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/lib/js/jquery.mask.min.js
192.151.157.182200 OK 29 kB URL HTTP/2 kdmh.live/web/lib/js/jquery.mask.min.js
IP 192.151.157.182:0
Hash 65056f4521102fed23e6b34d69f4814d
3371e57aea1e91f58d0735721dbbd5ccedb8c669
ef10d1ff5de6f1834f69291c900d3f0511a410cc10510c486875c45b2b64ac37
Analyzer Verdict Alert fortinet Phishing
GET /web/lib/js/jquery.mask.min.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 23 May 2018 23:53:56 GMT
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10301
Expires: Fri, 02 Dec 2022 06:59:49 GMT
Date: Fri, 02 Dec 2022 04:08:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10301
Expires: Fri, 02 Dec 2022 06:59:49 GMT
Date: Fri, 02 Dec 2022 04:08:08 GMT
Connection: keep-alive
kdmh.live/web/index_files/extendstyles.css
192.151.157.182200 OK 19 kB URL HTTP/2 kdmh.live/web/index_files/extendstyles.css
IP 192.151.157.182:0
Hash 9789ebdcffdbb4a45434bd885df2d384
53c8bae039f2c433d7023968bcf06429f604c10c
fd3f24f502bdc8f34b4bf33186801a2e2ffaa290bc130dc3fb81be82534242b0
GET /web/index_files/extendstyles.css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Apr 2021 04:06:10 GMT
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/RCf1b64ddc47d04c2ba552708d0de25b3b-source.min.js
192.151.157.182200 OK 1.6 kB URL HTTP/2 kdmh.live/web/index_files/RCf1b64ddc47d04c2ba552708d0de25b3b-source.min.js
IP 192.151.157.182:0
Hash 9e7c470ae79205b19e5357379efe7d32
efbdaaeeb7b53ac392136e80adc5dc4acbcffb53
61ac93a21ce7f0973b9f2c379369207201dc849d48f6f9288b5941ed44b2d8bd
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/RCf1b64ddc47d04c2ba552708d0de25b3b-source.min.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/tony.css
192.151.157.182200 OK 7.6 kB URL HTTP/2 kdmh.live/web/index_files/tony.css
IP 192.151.157.182:0
Hash c80d53d04c5d8b8f29845da88fc327fd
bbc4a0c6e3fca68e268dff7f2aaf4d42d106ebce
664453c0bd4f040014e4b9ec9d99125f15a139a0d47e5af962252dcfd1245b58
GET /web/index_files/tony.css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Apr 2021 04:06:10 GMT
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F356e23df-cb76-452a-b299-da5410086837.png
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F356e23df-cb76-452a-b299-da5410086837.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 82ea44d6cb116fb1f5752ce9bb87e345
f799dfd89a4f5a452dc837b8616549f578fb4184
e9087e7fce332289d67d4d5646d0233c2f2d871cc88dc1c51d5ea1e9f2fb5abd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F356e23df-cb76-452a-b299-da5410086837.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15495
x-amzn-requestid: 977cdbce-3a9c-4006-a5a1-5c4c82bd4a94
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfHDIFxzIAMFzEw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891ee0-4b2cb3a16ca745537a8caf8c;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:38:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KnOx0PJ8BR9OoAzXfuWk_Je_yawqzY4isC0hYTZRvJ74YiVs8jqyIQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 22:25:42 GMT
age: 20546
etag: "f799dfd89a4f5a452dc837b8616549f578fb4184"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b986f9fcbeca91ed5c8d58fbfaf47d19
6e6c8bd2bce144cc4da1cd7be375b046b60dca79
07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 07:20:09 GMT
age: 74879
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
kdmh.live/web/index_files/jquery-ui.min.css
192.151.157.182200 OK 12 kB URL HTTP/2 kdmh.live/web/index_files/jquery-ui.min.css
IP 192.151.157.182:0
Hash 937e21208c75ea417af4ab76db603f5c
6b8f7e63de1a17a82c15a364102592053fe61034
750b7f3a800fd8fa5d4c91cd5b010200b1f22871f1b26fff7a84ccfc0387e234
GET /web/index_files/jquery-ui.min.css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Apr 2021 04:06:10 GMT
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa07af64d-c287-4b0a-9677-9a1000422afc.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa07af64d-c287-4b0a-9677-9a1000422afc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 498ab4412ed5cf977bc23e4e870894b0
23753fe8af09ec8ffa10eed4d201a71833885c99
036042656f15e42b4d1537c45f5b8e7190c70305fa9a69c1287c6739ad0b7122
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa07af64d-c287-4b0a-9677-9a1000422afc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7334
x-amzn-requestid: a6b8b420-8394-496b-8be8-26dee52e3887
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoHJOoAMF75g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-0b38d07f518c8b3134457df2;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: tuKmV_nb4HVbqkhtCnZY3b33VB-bB6UxaBl6HsY_JgWesbUB8SPt-g==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 22:09:38 GMT
age: 21510
etag: "23753fe8af09ec8ffa10eed4d201a71833885c99"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcca8556b-b044-489f-bc74-086aad62b062.webp
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcca8556b-b044-489f-bc74-086aad62b062.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d147ccb10bda82b153a596c3c967cd6a
ffd0763f997e71a8c1458523fc17cafe8849dfdf
1cfeb90a4ba027195f903d938d4a0aac418a1c2f0b52215ec023263f15905971
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcca8556b-b044-489f-bc74-086aad62b062.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7591
x-amzn-requestid: e179862e-f840-4e50-a9dc-09f325479b9a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGgMFRZIAMFl7g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e01-676a1571459f2d83488f2765;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: oB5K_ZCWWwCltMx8FQSjDdXRMzSTSyRLSYSLAooQXuCrUxadLUiWkA==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:48:51 GMT
age: 22757
etag: "ffd0763f997e71a8c1458523fc17cafe8849dfdf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
34.120.237.76200 OK 2.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b47431190f34eccf0a6efb98e2a32b7d
9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704
08d3b6be354cafb70c20e6865788cb375adbf88d47711651fe1a3b855094daf2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2942
x-amzn-requestid: ed26679f-cd56-477f-9914-f9afbcaaeea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoGFYoAMFWgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-4ec6bebe21656d5026456994;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Fw6nrporwF27NW0-vXpaolW79nDXLF2RyS-lqhhp1osHt7q98VpI3g==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:49:56 GMT
age: 22692
etag: "9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
kdmh.live/web/index_files/js
192.151.157.182200 OK 33 kB URL HTTP/2 kdmh.live/web/index_files/js
IP 192.151.157.182:0
Hash e0d2f4fbd6ee0a0ccb0a9be49be8bd15
e9e4e388e30bb8ee28bae629c60009deb6ca1a23
b93897bc6135d7238e31805130e9da82f9a7a37c2e518ebd5536eccae755f300
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-length: 90278
last-modified: Thu, 08 Apr 2021 04:06:06 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: EXPIRED
x-server-powered-by: Engintron
accept-ranges: bytes
X-Firefox-Spdy: h2
kdmh.live/web/index_files/EX69ea3e2d8d9a41d99a46ba219e259885-libraryCode_source.min.js
192.151.157.182200 OK 1.5 kB URL HTTP/2 kdmh.live/web/index_files/EX69ea3e2d8d9a41d99a46ba219e259885-libraryCode_source.min.js
IP 192.151.157.182:0
Hash 3dfe45978cc377f922cb71a8bd09ca5b
e0b961a9ff787756441a1c7ec1e29248272f55b4
53159eb4914fb8489ca78cb6734d4f468cc1f653cd736053aedabb4c65c3a46a
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/EX69ea3e2d8d9a41d99a46ba219e259885-libraryCode_source.min.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/14.8f875927fce05bedfe11.chunk.js
192.151.157.182200 OK 17 kB URL HTTP/2 kdmh.live/web/index_files/14.8f875927fce05bedfe11.chunk.js
IP 192.151.157.182:0
Hash e1b1b7c53be7ffafcdc5450597a7db08
fc11eec10e6bcf737ce7b685e3d0aabb9efc39ff
ac3b66ff8cb05e47e124d85b7971e5e32570d860e389ee7f1ae6e51925091771
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/14.8f875927fce05bedfe11.chunk.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Hash b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://kdmh.live
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:34:15 GMT
expires: Thu, 30 Nov 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 117235
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 980f31229421fd11df958496bea34502
648e03f048e6741beb1d4e10099b1429b79e4f00
887d1a1020b73fa3221c168713525f99474ac02fa10e251b5b23f6c0c519afce
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 04:08:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://kdmh.live
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:34:15 GMT
expires: Thu, 30 Nov 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 117235
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.canadapost.ca/cpc/assets/cpc/img/icons/global-alert/alert.svg
23.61.214.200301 Moved Permanently 0 B URL HTTP/1.1 www.canadapost.ca/cpc/assets/cpc/img/icons/global-alert/alert.svg
IP 23.61.214.200:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cpc/assets/cpc/img/icons/global-alert/alert.svg HTTP/1.1
Host: www.canadapost.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: AkamaiGHost
Content-Length: 0
Location: https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/global-alert/alert.svg
Date: Fri, 02 Dec 2022 04:08:10 GMT
Connection: keep-alive
strict-transport-security: max-age=31536000; includeSubdomains; preload
www.canadapost.ca/cpc/assets/cpc/img/icons/global-alert/cancel.svg
23.61.214.200301 Moved Permanently 0 B URL HTTP/1.1 www.canadapost.ca/cpc/assets/cpc/img/icons/global-alert/cancel.svg
IP 23.61.214.200:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cpc/assets/cpc/img/icons/global-alert/cancel.svg HTTP/1.1
Host: www.canadapost.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: AkamaiGHost
Content-Length: 0
Location: https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/global-alert/cancel.svg
Date: Fri, 02 Dec 2022 04:08:10 GMT
Connection: keep-alive
strict-transport-security: max-age=31536000; includeSubdomains; preload
www.canadapost.ca/cpc/assets/cpc/img/icons/icon-lock.svg
23.61.214.200301 Moved Permanently 0 B URL HTTP/1.1 www.canadapost.ca/cpc/assets/cpc/img/icons/icon-lock.svg
IP 23.61.214.200:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cpc/assets/cpc/img/icons/icon-lock.svg HTTP/1.1
Host: www.canadapost.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: AkamaiGHost
Content-Length: 0
Location: https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/icon-lock.svg
Date: Fri, 02 Dec 2022 04:08:10 GMT
Connection: keep-alive
strict-transport-security: max-age=31536000; includeSubdomains; preload
kdmh.live/web/index_files/14.8f875927fce05bedfe11.chunk.js
192.151.157.182200 OK 1.1 kB URL HTTP/2 kdmh.live/web/index_files/14.8f875927fce05bedfe11.chunk.js
IP 192.151.157.182:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/14.8f875927fce05bedfe11.chunk.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:09 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:09 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: HIT
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/cpo.js
192.151.157.182200 OK 2.1 kB URL HTTP/2 kdmh.live/web/index_files/cpo.js
IP 192.151.157.182:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash d0faac849d57db890237803d4f248a94
80895d54635566eac88bb8bdf736ed3ca92fe301
58a8a67cd019274e90f15a264359cb5c8de2c5e692826de962b5a40ab01448c1
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/cpo.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:09 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:09 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: HIT
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
www.canadapost.ca/cpc/assets/cpc/img/icons/toolbar-cg/feedback.svg
23.61.214.200301 Moved Permanently 0 B URL HTTP/1.1 www.canadapost.ca/cpc/assets/cpc/img/icons/toolbar-cg/feedback.svg
IP 23.61.214.200:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cpc/assets/cpc/img/icons/toolbar-cg/feedback.svg HTTP/1.1
Host: www.canadapost.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: AkamaiGHost
Content-Length: 0
Location: https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/toolbar-cg/feedback.svg
Date: Fri, 02 Dec 2022 04:08:10 GMT
Connection: keep-alive
strict-transport-security: max-age=31536000; includeSubdomains; preload
www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/search.svg
23.61.214.200200 OK 218 B URL HTTP/1.1 www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/search.svg
IP 23.61.214.200:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (320), with no line terminators
Hash d3a621feba2c9afadc8e74c4f71021e1
5364a043f80e5dcbc81b81e86d406eedfc1b69a4
9616a4bbe31bf59f3ec6fd4a9f237bfb89d3424a45238b625b7f1620377d5401
GET /cpc/assets/cpc/img/icons/search.svg HTTP/1.1
Host: www.canadapost-postescanada.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://kdmh.live/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: image/svg+xml
ETag: "5a78a621-140"
Last-Modified: Mon, 05 Feb 2018 18:44:49 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
content-security-policy-report-only: object-src 'none'; connect-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.cpggpc.ca https://www.google-analytics.com https://siteintercept.qualtrics.com https://www.facebook.com https://sslstats.canadapost.ca https://*.wistia.com https://dpm.demdex.net https://csi.gstatic.com https://adservice.google.com https://*.googlesyndication.com https://*.g.doubleclick.net https://maps.googleapis.com https://vmss.boldchat.com https://www.linkedin.com https://canadapost.tt.omtrdc.net https://services.postcodeanywhere.co.uk https://embedwistia-a.akamaihd.net https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://fonts.gstatic.com https://*.arcgis.com; form-action 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca https://*.epost.ca https://www.facebook.com https://google.com; frame-ancestors 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.cpggpc.ca https://www.adobetag.com https://assets.adobedtm.com https://siteintercept.qualtrics.com https://zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com https://connect.facebook.net https://snap.licdn.com https://z.moatads.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.google.com https://www.googletagservices.com https://*.google-analytics.com https://*.googleadservices.com https://www.gstatic.com https://*.googlesyndication.com https://adservice.google.com https://adservice.google.ca https://maps.googleapis.com https://cdn.ampproject.org https://*.doubleclick.net https://*.twitter.com https://cdn.syndication.twimg.com https://dpm.demdex.net https://*.wistia.com https://*.frontlinesvc.com https://*.arcgis.com https://www.linkedin.com https://vmss.boldchat.com https://sb.scorecardresearch.com https://www.rnengage.com https://sjs.bizographics.com https://www.instagram.com https://secure.adnxs.com https://app.five9.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://*.frontlinesvc.com https://fonts.googleapis.com https://translate.googleapis.com https://*.twitter.com https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.arcgis.com https://*.arcgisonline.com https://app.five9.com; report-uri https://www.canadapost-postescanada.ca/cwc/components/rs/csp-reports;
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
Cache-Control: max-age=86400, private
Expires: Thu, 15 Sep 2022 16:23:11 GMT
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
Content-Security-Policy: frame-ancestors 'self'
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubdomains; preload
Content-Encoding: gzip
Content-Length: 218
Date: Fri, 02 Dec 2022 04:08:10 GMT
Connection: keep-alive
Vary: Accept-Encoding
www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/global-alert/alert.svg
23.61.214.200200 OK 455 B URL HTTP/1.1 www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/global-alert/alert.svg
IP 23.61.214.200:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text
Hash ff8ab0bd64b81f01e5245fdcc5f86256
cb16cfd030e7f5758ff0320d3c467cc53b858d50
f36fd8c683ecf6ae26d06c171f584b955e5603ac12435b1fe0560a6e0a90d6dd
GET /cpc/assets/cpc/img/icons/global-alert/alert.svg HTTP/1.1
Host: www.canadapost-postescanada.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://kdmh.live/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: image/svg+xml
ETag: "5a6b5666-3ef"
Last-Modified: Fri, 26 Jan 2018 16:25:10 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
content-security-policy-report-only: object-src 'none'; connect-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.cpggpc.ca https://www.google-analytics.com https://siteintercept.qualtrics.com https://www.facebook.com https://sslstats.canadapost.ca https://*.wistia.com https://dpm.demdex.net https://csi.gstatic.com https://adservice.google.com https://*.googlesyndication.com https://*.g.doubleclick.net https://maps.googleapis.com https://vmss.boldchat.com https://www.linkedin.com https://canadapost.tt.omtrdc.net https://services.postcodeanywhere.co.uk https://embedwistia-a.akamaihd.net https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://fonts.gstatic.com https://*.arcgis.com; form-action 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca https://*.epost.ca https://www.facebook.com https://google.com; frame-ancestors 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.cpggpc.ca https://www.adobetag.com https://assets.adobedtm.com https://siteintercept.qualtrics.com https://zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com https://connect.facebook.net https://snap.licdn.com https://z.moatads.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.google.com https://www.googletagservices.com https://*.google-analytics.com https://*.googleadservices.com https://www.gstatic.com https://*.googlesyndication.com https://adservice.google.com https://adservice.google.ca https://maps.googleapis.com https://cdn.ampproject.org https://*.doubleclick.net https://*.twitter.com https://cdn.syndication.twimg.com https://dpm.demdex.net https://*.wistia.com https://*.frontlinesvc.com https://*.arcgis.com https://www.linkedin.com https://vmss.boldchat.com https://sb.scorecardresearch.com https://www.rnengage.com https://sjs.bizographics.com https://www.instagram.com https://secure.adnxs.com https://app.five9.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://*.frontlinesvc.com https://fonts.googleapis.com https://translate.googleapis.com https://*.twitter.com https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.arcgis.com https://*.arcgisonline.com https://app.five9.com; report-uri https://www.canadapost-postescanada.ca/cwc/components/rs/csp-reports;
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
Cache-Control: max-age=86400, private
Expires: Sun, 14 Aug 2022 17:54:20 GMT
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
Content-Security-Policy: frame-ancestors 'self'
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubdomains; preload
Content-Encoding: gzip
Content-Length: 455
Date: Fri, 02 Dec 2022 04:08:10 GMT
Connection: keep-alive
Vary: Accept-Encoding
www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/global-alert/cancel.svg
23.61.214.200200 OK 377 B URL HTTP/1.1 www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/global-alert/cancel.svg
IP 23.61.214.200:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text
Hash 3e69d3df64d1d2900137d925afc81ef4
27113030bc0a70e40c1ec28523c53118feb97454
2aaceded66a94f94d5bb275b056d4310327b9eb50004d6e985417cf7d792d251
GET /cpc/assets/cpc/img/icons/global-alert/cancel.svg HTTP/1.1
Host: www.canadapost-postescanada.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://kdmh.live/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: image/svg+xml
ETag: "5a6b5666-331"
Last-Modified: Fri, 26 Jan 2018 16:25:10 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
content-security-policy-report-only: object-src 'none'; connect-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.cpggpc.ca https://www.google-analytics.com https://siteintercept.qualtrics.com https://www.facebook.com https://sslstats.canadapost.ca https://*.wistia.com https://dpm.demdex.net https://csi.gstatic.com https://adservice.google.com https://*.googlesyndication.com https://*.g.doubleclick.net https://maps.googleapis.com https://vmss.boldchat.com https://www.linkedin.com https://canadapost.tt.omtrdc.net https://services.postcodeanywhere.co.uk https://embedwistia-a.akamaihd.net https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://fonts.gstatic.com https://*.arcgis.com; form-action 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca https://*.epost.ca https://www.facebook.com https://google.com; frame-ancestors 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.cpggpc.ca https://www.adobetag.com https://assets.adobedtm.com https://siteintercept.qualtrics.com https://zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com https://connect.facebook.net https://snap.licdn.com https://z.moatads.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.google.com https://www.googletagservices.com https://*.google-analytics.com https://*.googleadservices.com https://www.gstatic.com https://*.googlesyndication.com https://adservice.google.com https://adservice.google.ca https://maps.googleapis.com https://cdn.ampproject.org https://*.doubleclick.net https://*.twitter.com https://cdn.syndication.twimg.com https://dpm.demdex.net https://*.wistia.com https://*.frontlinesvc.com https://*.arcgis.com https://www.linkedin.com https://vmss.boldchat.com https://sb.scorecardresearch.com https://www.rnengage.com https://sjs.bizographics.com https://www.instagram.com https://secure.adnxs.com https://app.five9.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://*.frontlinesvc.com https://fonts.googleapis.com https://translate.googleapis.com https://*.twitter.com https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.arcgis.com https://*.arcgisonline.com https://app.five9.com; report-uri https://www.canadapost-postescanada.ca/cwc/components/rs/csp-reports;
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
Cache-Control: max-age=86400, private
Expires: Mon, 25 Jul 2022 13:51:51 GMT
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
Content-Security-Policy: frame-ancestors 'self'
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubdomains; preload
Content-Encoding: gzip
Content-Length: 377
Date: Fri, 02 Dec 2022 04:08:10 GMT
Connection: keep-alive
Vary: Accept-Encoding
www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/arrow-down.svg
23.61.214.200200 OK 167 B URL HTTP/1.1 www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/arrow-down.svg
IP 23.61.214.200:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Hash 4ed5c36b7d9f92ed672bb1d5114b1b72
82b2a08c925663c452eb17d71d1c81dced90d334
2f598f2c792e57f0ad56a71362d58aef0b155d8eeaa139d3fd3e7c6cfdfb845e
GET /cpc/assets/cpc/img/icons/arrow-down.svg HTTP/1.1
Host: www.canadapost-postescanada.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://kdmh.live/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: image/svg+xml
ETag: "5a78a622-b9"
Last-Modified: Mon, 05 Feb 2018 18:44:50 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
content-security-policy-report-only: object-src 'none'; connect-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.cpggpc.ca https://www.google-analytics.com https://siteintercept.qualtrics.com https://www.facebook.com https://sslstats.canadapost.ca https://*.wistia.com https://dpm.demdex.net https://csi.gstatic.com https://adservice.google.com https://*.googlesyndication.com https://*.g.doubleclick.net https://maps.googleapis.com https://vmss.boldchat.com https://www.linkedin.com https://canadapost.tt.omtrdc.net https://services.postcodeanywhere.co.uk https://embedwistia-a.akamaihd.net https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://fonts.gstatic.com https://*.arcgis.com; form-action 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca https://*.epost.ca https://www.facebook.com https://google.com; frame-ancestors 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.cpggpc.ca https://www.adobetag.com https://assets.adobedtm.com https://siteintercept.qualtrics.com https://zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com https://connect.facebook.net https://snap.licdn.com https://z.moatads.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.google.com https://www.googletagservices.com https://*.google-analytics.com https://*.googleadservices.com https://www.gstatic.com https://*.googlesyndication.com https://adservice.google.com https://adservice.google.ca https://maps.googleapis.com https://cdn.ampproject.org https://*.doubleclick.net https://*.twitter.com https://cdn.syndication.twimg.com https://dpm.demdex.net https://*.wistia.com https://*.frontlinesvc.com https://*.arcgis.com https://www.linkedin.com https://vmss.boldchat.com https://sb.scorecardresearch.com https://www.rnengage.com https://sjs.bizographics.com https://www.instagram.com https://secure.adnxs.com https://app.five9.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://*.frontlinesvc.com https://fonts.googleapis.com https://translate.googleapis.com https://*.twitter.com https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.arcgis.com https://*.arcgisonline.com https://app.five9.com; report-uri https://www.canadapost-postescanada.ca/cwc/components/rs/csp-reports;
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
Cache-Control: max-age=86400, private
Expires: Mon, 25 Jul 2022 13:51:51 GMT
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
Content-Security-Policy: frame-ancestors 'self'
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubdomains; preload
Content-Encoding: gzip
Content-Length: 167
Date: Fri, 02 Dec 2022 04:08:10 GMT
Connection: keep-alive
Vary: Accept-Encoding
kdmh.live/web/index_files/saved_resource
192.151.157.182200 OK 62 kB URL HTTP/2 kdmh.live/web/index_files/saved_resource
IP 192.151.157.182:0
File type ASCII text, with very long lines (61038)
Hash c113dd0d5e80ed67d5a62a54b7cf86dd
064306dcf59a114df2265e2caf298a113ffc86db
03fc69968cf2c297f3006f23bd13c7c3344af5a73a64ea16b37a21512b962a6b
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/saved_resource HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:10 GMT
content-length: 61477
last-modified: Thu, 08 Apr 2021 04:06:14 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: EXPIRED
x-server-powered-by: Engintron
accept-ranges: bytes
X-Firefox-Spdy: h2
www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/icon-lock.svg
23.61.214.200200 OK 432 B URL HTTP/1.1 www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/icon-lock.svg
IP 23.61.214.200:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (907), with no line terminators
Hash 2ad110b6a820845cf1b4b1d8e0585d48
6871d97125e77d9e676518742276710ec39279d9
e170143cc77d854d7bd7110f42251e13ae38c16b6f99a101b546c56d0b0ca23e
GET /cpc/assets/cpc/img/icons/icon-lock.svg HTTP/1.1
Host: www.canadapost-postescanada.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://kdmh.live/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: image/svg+xml
ETag: "5a78a622-38b"
Last-Modified: Mon, 05 Feb 2018 18:44:50 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
content-security-policy-report-only: object-src 'none'; connect-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.cpggpc.ca https://www.google-analytics.com https://siteintercept.qualtrics.com https://www.facebook.com https://sslstats.canadapost.ca https://*.wistia.com https://dpm.demdex.net https://csi.gstatic.com https://adservice.google.com https://*.googlesyndication.com https://*.g.doubleclick.net https://maps.googleapis.com https://vmss.boldchat.com https://www.linkedin.com https://canadapost.tt.omtrdc.net https://services.postcodeanywhere.co.uk https://embedwistia-a.akamaihd.net https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://fonts.gstatic.com https://*.arcgis.com; form-action 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca https://*.epost.ca https://www.facebook.com https://google.com; frame-ancestors 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.cpggpc.ca https://www.adobetag.com https://assets.adobedtm.com https://siteintercept.qualtrics.com https://zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com https://connect.facebook.net https://snap.licdn.com https://z.moatads.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.google.com https://www.googletagservices.com https://*.google-analytics.com https://*.googleadservices.com https://www.gstatic.com https://*.googlesyndication.com https://adservice.google.com https://adservice.google.ca https://maps.googleapis.com https://cdn.ampproject.org https://*.doubleclick.net https://*.twitter.com https://cdn.syndication.twimg.com https://dpm.demdex.net https://*.wistia.com https://*.frontlinesvc.com https://*.arcgis.com https://www.linkedin.com https://vmss.boldchat.com https://sb.scorecardresearch.com https://www.rnengage.com https://sjs.bizographics.com https://www.instagram.com https://secure.adnxs.com https://app.five9.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://*.frontlinesvc.com https://fonts.googleapis.com https://translate.googleapis.com https://*.twitter.com https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.arcgis.com https://*.arcgisonline.com https://app.five9.com; report-uri https://www.canadapost-postescanada.ca/cwc/components/rs/csp-reports;
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
Cache-Control: max-age=86400, private
Expires: Tue, 27 Sep 2022 21:14:30 GMT
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
Content-Security-Policy: frame-ancestors 'self'
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubdomains; preload
Content-Encoding: gzip
Content-Length: 432
Date: Fri, 02 Dec 2022 04:08:10 GMT
Connection: keep-alive
Vary: Accept-Encoding
www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/toolbar-cg/feedback.svg
23.61.214.200200 OK 382 B URL HTTP/1.1 www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/toolbar-cg/feedback.svg
IP 23.61.214.200:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (724), with no line terminators
Hash b86b3f712d7d1224f22ce80ab788d8bc
1015427d965943c5acfda2a2b96174c96a30e715
827930f77d0aee840f92563e8da302b30e9f0b196f923edd0f6305faf4ae7df0
GET /cpc/assets/cpc/img/icons/toolbar-cg/feedback.svg HTTP/1.1
Host: www.canadapost-postescanada.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://kdmh.live/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: image/svg+xml
ETag: "5a78a638-2d4"
Last-Modified: Mon, 05 Feb 2018 18:45:12 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
content-security-policy-report-only: object-src 'none'; connect-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.cpggpc.ca https://www.google-analytics.com https://siteintercept.qualtrics.com https://www.facebook.com https://sslstats.canadapost.ca https://*.wistia.com https://dpm.demdex.net https://csi.gstatic.com https://adservice.google.com https://*.googlesyndication.com https://*.g.doubleclick.net https://maps.googleapis.com https://vmss.boldchat.com https://www.linkedin.com https://canadapost.tt.omtrdc.net https://services.postcodeanywhere.co.uk https://embedwistia-a.akamaihd.net https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://fonts.gstatic.com https://*.arcgis.com; form-action 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca https://*.epost.ca https://www.facebook.com https://google.com; frame-ancestors 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.cpggpc.ca https://www.adobetag.com https://assets.adobedtm.com https://siteintercept.qualtrics.com https://zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com https://connect.facebook.net https://snap.licdn.com https://z.moatads.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.google.com https://www.googletagservices.com https://*.google-analytics.com https://*.googleadservices.com https://www.gstatic.com https://*.googlesyndication.com https://adservice.google.com https://adservice.google.ca https://maps.googleapis.com https://cdn.ampproject.org https://*.doubleclick.net https://*.twitter.com https://cdn.syndication.twimg.com https://dpm.demdex.net https://*.wistia.com https://*.frontlinesvc.com https://*.arcgis.com https://www.linkedin.com https://vmss.boldchat.com https://sb.scorecardresearch.com https://www.rnengage.com https://sjs.bizographics.com https://www.instagram.com https://secure.adnxs.com https://app.five9.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://*.frontlinesvc.com https://fonts.googleapis.com https://translate.googleapis.com https://*.twitter.com https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.arcgis.com https://*.arcgisonline.com https://app.five9.com; report-uri https://www.canadapost-postescanada.ca/cwc/components/rs/csp-reports;
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
Cache-Control: max-age=86400, private
Expires: Mon, 03 Oct 2022 07:02:38 GMT
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
Content-Security-Policy: frame-ancestors 'self'
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubdomains; preload
Content-Encoding: gzip
Content-Length: 382
Date: Fri, 02 Dec 2022 04:08:10 GMT
Connection: keep-alive
Vary: Accept-Encoding
kdmh.live/web/index_files/db.21026c4133e1c59eaf45.js.download
192.151.157.182200 OK 3.6 kB URL HTTP/2 kdmh.live/web/index_files/db.21026c4133e1c59eaf45.js.download
IP 192.151.157.182:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3943), with CRLF, LF line terminators
Hash b831c9daf5905a070267050f102c56a8
84fb96492f436ecb4248b25e3f344dd29428b93e
d3dc663ce9e55e2e6226408ba7e1139997c19a5b8ce16309cb6a7b1f91548701
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/db.21026c4133e1c59eaf45.js.download HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/index_files/SV_71iOFlig0vNugpn.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:10 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Apr 2021 04:06:16 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: EXPIRED
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
static.ads-twitter.com/uwt.js
151.101.244.157200 OK 15 kB URL HTTP/2 static.ads-twitter.com/uwt.js
IP 151.101.244.157:0
File type ASCII text, with very long lines (57596), with no line terminators
Hash 573e6a7f86f6f3063763360ef0672c01
b12eab3b4ac8872d49ac6e15f9cd17741765c0cf
02445eb022a04139531f0ce8d8980c31083a1c670936f1477f5cfc4d252133f7
GET /uwt.js HTTP/1.1
Host: static.ads-twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Thu, 27 Oct 2022 18:55:37 GMT
cache-control: no-cache
content-type: application/javascript; charset=utf-8
content-encoding: gzip
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
accept-ranges: bytes
date: Fri, 02 Dec 2022 04:08:11 GMT
x-served-by: cache-iad-kjyo7100147-IAD, cache-hel1410029-HEL
x-cache: HIT, HIT
vary: Accept-Encoding,Host
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
content-length: 15375
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a11a991958dbd78dfb3392214590ef38
c5fb54ce1ad1c51598623b66827af482c565e0d5
01d67dc39941deea93712fa87453fd27679357916ab856358e0bda7a63b2624d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5945
Cache-Control: max-age=162848
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 04:08:11 GMT
Etag: "63893c12-1d7"
Expires: Sun, 04 Dec 2022 01:22:19 GMT
Last-Modified: Thu, 01 Dec 2022 23:43:14 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
kdmh.live/web/index_files/foundation.equalizer.js
192.151.157.182200 OK 80 kB URL HTTP/2 kdmh.live/web/index_files/foundation.equalizer.js
IP 192.151.157.182:0
Hash c3795feb3a7967f6af94873148e1d079
f1017485ef0139793e611e094a1767410b390d7f
0522c5f85db59f84c3a34c9ec2b13d030302f2889ea3eb866b1913151fedafde
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/foundation.equalizer.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:10 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:10 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: HIT
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a11a991958dbd78dfb3392214590ef38
c5fb54ce1ad1c51598623b66827af482c565e0d5
01d67dc39941deea93712fa87453fd27679357916ab856358e0bda7a63b2624d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5945
Cache-Control: max-age=162848
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 04:08:11 GMT
Etag: "63893c12-1d7"
Expires: Sun, 04 Dec 2022 01:22:19 GMT
Last-Modified: Thu, 01 Dec 2022 23:43:14 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash fe00a8d45f578269a68305d6cba6c515
fb532e5a130b9070b30ad314e1f02595a50c4591
b6e850b4ae47b9c742230f745a34bff04872735638807aa29e873aa1db7b7943
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6432
Cache-Control: max-age=120820
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 04:08:11 GMT
Etag: "638895ff-139"
Expires: Sat, 03 Dec 2022 13:41:51 GMT
Last-Modified: Thu, 01 Dec 2022 11:54:39 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 313
kdmh.live/web/index_files/prototype.213678de24c47bc84650.js.download
192.151.157.182200 OK 29 kB URL HTTP/2 kdmh.live/web/index_files/prototype.213678de24c47bc84650.js.download
IP 192.151.157.182:0
Hash 042934832ffc07960ac6a36f2f87cc92
a63ca3b8edda2ecd9be545530abafc8f1e4f6703
a793602992fc442b37daeb770a77afa30ce67b70b8d62269fcc09a80d1bd6b39
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/prototype.213678de24c47bc84650.js.download HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/index_files/SV_71iOFlig0vNugpn.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:10 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Apr 2021 04:06:16 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: EXPIRED
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/stylesheet.css
192.151.157.182200 OK 27 kB URL HTTP/2 kdmh.live/web/index_files/stylesheet.css
IP 192.151.157.182:0
Hash a8b5b0be21fc694e943479af4433c982
1cbf83f3a30e07531bdc7f4420f9c4a5308ba672
c8c6393af6184db996256eaf8843d9088d7517d54f6a1ed50f2bb17e91c0e9c8
GET /web/index_files/stylesheet.css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/index_files/SV_71iOFlig0vNugpn.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:10 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Apr 2021 04:06:16 GMT
expires: Sun, 01 Jan 2023 04:08:10 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash b107b05d618b22da172fe6404e9b166a
dacbaaae26c8227a9e6f284caa6753e01acdf4d1
ef6a76d9c730d4450182d3e13294f58e4dcb882b073d15decf9f07132d9de01b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6440
Cache-Control: max-age=161866
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 04:08:11 GMT
Etag: "6389364d-139"
Expires: Sun, 04 Dec 2022 01:05:57 GMT
Last-Modified: Thu, 01 Dec 2022 23:18:37 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 313
www.canadapost-postescanada.ca/store-boutique/en
23.61.214.200307 Temporary Redirect 136 B URL HTTP/1.1 www.canadapost-postescanada.ca/store-boutique/en
IP 23.61.214.200:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash ed10607782c0c178ac891c97e9aa1470
5ce456cdbdcbdaab83e380dd5dc4d7a4033eaa90
8fc58eab6a6eb86985c8b65a22e5816abedaf9e82470bc3ff93bffd2dd7e8a41
GET /store-boutique/en HTTP/1.1
Host: www.canadapost-postescanada.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Content-Length: 136
Content-Type: text/html
Location: https://store.canadapost-postescanada.ca/store-boutique/en
p3p: CP="NON CUR OTPi OUR NOR UNI"
content-security-policy-report-only: object-src 'none'; connect-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.cpggpc.ca https://www.google-analytics.com https://siteintercept.qualtrics.com https://www.facebook.com https://sslstats.canadapost.ca https://*.wistia.com https://dpm.demdex.net https://csi.gstatic.com https://adservice.google.com https://*.googlesyndication.com https://*.g.doubleclick.net https://maps.googleapis.com https://vmss.boldchat.com https://www.linkedin.com https://canadapost.tt.omtrdc.net https://services.postcodeanywhere.co.uk https://embedwistia-a.akamaihd.net https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://fonts.gstatic.com https://*.arcgis.com; form-action 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca https://*.epost.ca https://www.facebook.com https://google.com; frame-ancestors 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.cpggpc.ca https://www.adobetag.com https://assets.adobedtm.com https://siteintercept.qualtrics.com https://zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com https://connect.facebook.net https://snap.licdn.com https://z.moatads.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.google.com https://www.googletagservices.com https://*.google-analytics.com https://*.googleadservices.com https://www.gstatic.com https://*.googlesyndication.com https://adservice.google.com https://adservice.google.ca https://maps.googleapis.com https://cdn.ampproject.org https://*.doubleclick.net https://*.twitter.com https://cdn.syndication.twimg.com https://dpm.demdex.net https://*.wistia.com https://*.frontlinesvc.com https://*.arcgis.com https://www.linkedin.com https://vmss.boldchat.com https://sb.scorecardresearch.com https://www.rnengage.com https://sjs.bizographics.com https://www.instagram.com https://secure.adnxs.com https://app.five9.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://*.frontlinesvc.com https://fonts.googleapis.com https://translate.googleapis.com https://*.twitter.com https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.arcgis.com https://*.arcgisonline.com https://app.five9.com; report-uri https://www.canadapost-postescanada.ca/cwc/components/rs/csp-reports;
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
Content-Security-Policy: frame-ancestors 'self'
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubdomains; preload
Date: Fri, 02 Dec 2022 04:08:11 GMT
Connection: keep-alive
analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=b319c760-cba6-40a6-8122-556a799bc1f4&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=6cfa24db-105c-49fb-a258-6ded6a2705a0&tw_document_href=https%3A%2F%2Fkdmh.live%2Fweb%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=ny0qm&type=javascript&version=2.3.29
104.244.42.67200 OK 43 B URL HTTP/2 analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=b319c760-cba6-40a6-8122-556a799bc1f4&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=6cfa24db-105c-49fb-a258-6ded6a2705a0&tw_document_href=https%3A%2F%2Fkdmh.live%2Fweb%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=ny0qm&type=javascript&version=2.3.29
IP 104.244.42.67:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 377d257f2d2e294916143c069141c1c5
b7cae69682cf31dd670b65088db8395acda6ed3e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
GET /i/adsct?bci=3&eci=2&event_id=b319c760-cba6-40a6-8122-556a799bc1f4&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=6cfa24db-105c-49fb-a258-6ded6a2705a0&tw_document_href=https%3A%2F%2Fkdmh.live%2Fweb%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=ny0qm&type=javascript&version=2.3.29 HTTP/1.1
Host: analytics.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 04:08:10 GMT
perf: 7626143928
server: tsa_o
set-cookie: personalization_id="v1_5AlpPInJVdSTLbrvmfJ6hw=="; Max-Age=63072000; Expires=Sun, 01 Dec 2024 04:08:11 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=None
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
content-length: 43
x-transaction-id: 684d949af3da8250
strict-transport-security: max-age=631138519
x-response-time: 105
x-connection-hash: ed4ad59f54233318dcf541aaced0b39c0e097fa556856807b2ffcf45829408cc
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=614267586032718&ev=PageView&dl=https%3A%2F%2Fkdmh.live%2Fweb%2F&rl=&if=false&ts=1669954089855&sw=1280&sh=1024&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1669954089854.1669698095&it=1669954089598&coo=false&exp=b3&rqm=GET&cd[rex]=%7B%22uid%22%3A%22bcf3133s4-be5f-4bd9-b1c8-6e4623145df3%22%2C%22retry%22%3A0%7D
157.240.240.35200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=614267586032718&ev=PageView&dl=https%3A%2F%2Fkdmh.live%2Fweb%2F&rl=&if=false&ts=1669954089855&sw=1280&sh=1024&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1669954089854.1669698095&it=1669954089598&coo=false&exp=b3&rqm=GET&cd[rex]=%7B%22uid%22%3A%22bcf3133s4-be5f-4bd9-b1c8-6e4623145df3%22%2C%22retry%22%3A0%7D
IP 157.240.240.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=614267586032718&ev=PageView&dl=https%3A%2F%2Fkdmh.live%2Fweb%2F&rl=&if=false&ts=1669954089855&sw=1280&sh=1024&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1669954089854.1669698095&it=1669954089598&coo=false&exp=b3&rqm=GET&cd[rex]=%7B%22uid%22%3A%22bcf3133s4-be5f-4bd9-b1c8-6e4623145df3%22%2C%22retry%22%3A0%7D HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kdmh.live
Connection: keep-alive
Referer: https://kdmh.live/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin: https://kdmh.live
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Fri, 02 Dec 2022 04:08:11 GMT
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 18a15baf92c1dcb77474e72406f1def0
cd5073341c43b1e03897874d05bbdf227a8ad6a7
695865b217fe9f81c97da1fee341aa0666a526db6523a7b63fc891c12d328484
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5910
Cache-Control: max-age=118893
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 04:08:11 GMT
Etag: "63889082-1d7"
Expires: Sat, 03 Dec 2022 13:09:44 GMT
Last-Modified: Thu, 01 Dec 2022 11:31:14 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
kdmh.live/web/index_files/satelliteLib-f2fc6f00da802a0747b6ffed3c12e3931bfca496.js
192.151.157.182200 OK 1.5 kB URL HTTP/2 kdmh.live/web/index_files/satelliteLib-f2fc6f00da802a0747b6ffed3c12e3931bfca496.js
IP 192.151.157.182:0
Hash 04a26faa994b7fe219e9b41a8df3c919
40bd3f0a962fb7b8151e8c5958c6cba948fc6bdf
81eedf52e096c892cf5ff68574b5951b6c8e6ca36913a03f4929af5dc24ee974
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/satelliteLib-f2fc6f00da802a0747b6ffed3c12e3931bfca496.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
store.canadapost-postescanada.ca/store-boutique/en
23.36.79.8301 Moved Permanently 0 B URL HTTP/2 store.canadapost-postescanada.ca/store-boutique/en
IP 23.36.79.8:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /store-boutique/en HTTP/1.1
Host: store.canadapost-postescanada.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
content-length: 0
location: /home
access-control-allow-origin: https://store.canadapost-postescanada.ca
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-vol-canonical-url: /home
x-vol-correlation: 1d48728792b344cc80cb7ef251726690
expires: Fri, 02 Dec 2022 04:08:12 GMT
cache-control: max-age=0, no-cache
pragma: no-cache
date: Fri, 02 Dec 2022 04:08:12 GMT
set-cookie: sb-sf-at-prod-s=at=cOajiVdsjhQOjIRynGc7A2pljTp6QxKoKsFruhcIJKH1W7nMOpDUW2R9JV0RYhgY4anrMGpZ66pmo5gJn%2FwCq2IiLCC0yhnxb1Sen%2Fw5c1BmO0HtkLm%2Ff9MnLxtmACma%2FcvQ9EjDn3jvE%2BD6aYsu%2BpCbE8WQbMPhM%2BteJupQu8vFY9ehL7gGtatPrE1QAhOWbLQT70%2FGqyPAuJCbwsRxYtJpq%2BNdBpp1Z%2F%2B7PzhJewPJzGyBteYRy2b%2BwWZFoEOLmC7UJ5FkW1f5bA8Tm4air7PwGpPzQgtHIPh8oP%2FTpwszCaOgJIgDhi83hUsN04csJOVx34HtzfT0SOqxyfAOvw%3D%3D&dt=2022-12-02T04%3A08%3A11.9430596Z; path=/; httponly
sb-sf-at-prod=at=cOajiVdsjhQOjIRynGc7A2pljTp6QxKoKsFruhcIJKH1W7nMOpDUW2R9JV0RYhgY4anrMGpZ66pmo5gJn%2FwCq2IiLCC0yhnxb1Sen%2Fw5c1BmO0HtkLm%2Ff9MnLxtmACma%2FcvQ9EjDn3jvE%2BD6aYsu%2BpCbE8WQbMPhM%2BteJupQu8vFY9ehL7gGtatPrE1QAhOWbLQT70%2FGqyPAuJCbwsRxYtJpq%2BNdBpp1Z%2F%2B7PzhJewPJzGyBteYRy2b%2BwWZFoEOLmC7UJ5FkW1f5bA8Tm4air7PwGpPzQgtHIPh8oP%2FTpwszCaOgJIgDhi83hUsN04csJOVx34HtzfT0SOqxyfAOvw%3D%3D; expires=Tue, 02 Dec 2042 04:08:11 GMT; path=/; httponly
_mzvr=zbpWaOXTzkuJFJ_i_w4TPg; expires=Sat, 02 Dec 2023 04:08:12 GMT; path=/; httponly
_mzvs=nn; path=/; httponly
_mzvt=iu9nFnZHCEaYB0VPhF6fBQ; expires=Fri, 02 Dec 2022 04:38:12 GMT; path=/; httponly
_mzPc=eyJjb3JyZWxhdGlvbklkIjoiMWQ0ODcyODc5MmIzNDRjYzgwY2I3ZWYyNTE3MjY2OTAiLCJpcEFkZHJlc3MiOiI5MS45MC40Mi4xNTQiLCJpc0RlYnVnTW9kZSI6ZmFsc2UsImlzQ3Jhd2xlciI6ZmFsc2UsImlzTW9iaWxlIjpmYWxzZSwiaXNUYWJsZXQiOmZhbHNlLCJpc0Rlc2t0b3AiOnRydWUsInZpc2l0Ijp7InZpc2l0SWQiOiJpdTluRm5aSENFYVlCMFZQaEY2ZkJRIiwidmlzaXRvcklkIjoiemJwV2FPWFR6a3VKRkpfaV93NFRQZyIsImlzVHJhY2tlZCI6ZmFsc2UsImlzVXNlclRyYWNrZWQiOmZhbHNlfSwidXNlciI6eyJpc0F1dGhlbnRpY2F0ZWQiOmZhbHNlLCJ1c2VySWQiOiI5MGRmOTUzMTdhY2I0OWI4OTNiYWFkNzZmNDE0Mjk1MiIsImZpcnN0TmFtZSI6IiIsImxhc3ROYW1lIjoiIiwiZW1haWwiOiIiLCJpc0Fub255bW91cyI6dHJ1ZSwiYmVoYXZpb3JzIjpbMTAxNCwyMjJdLCJpc1NhbGVzUmVwIjpmYWxzZX0sInVzZXJQcm9maWxlIjp7InVzZXJJZCI6IjkwZGY5NTMxN2FjYjQ5Yjg5M2JhYWQ3NmY0MTQyOTUyIiwiZmlyc3ROYW1lIjoiIiwibGFzdE5hbWUiOiIiLCJlbWFpbEFkZHJlc3MiOiIiLCJ1c2VyTmFtZSI6IiJ9LCJpc0VkaXRNb2RlIjpmYWxzZSwiaXNBZG1pbk1vZGUiOmZhbHNlLCJub3ciOiIyMDIyLTEyLTAyVDA0OjA4OjEyLjAwODQxMTlaIiwiY3Jhd2xlckluZm8iOnsiaXNDcmF3bGVyIjpmYWxzZX0sImN1cnJlbmN5UmF0ZUluZm8iOnt9fQ%3D%3D; path=/
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
X-Firefox-Spdy: h2
zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_0xleIR6sWSZaNY9&Q_LOC=https%3A%2F%2Fkdmh.live%2Fweb%2F&t=1669954089936
104.17.209.240200 OK 18 kB URL HTTP/2 zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_0xleIR6sWSZaNY9&Q_LOC=https%3A%2F%2Fkdmh.live%2Fweb%2F&t=1669954089936
IP 104.17.209.240:0
File type ASCII text, with very long lines (6801)
Hash 704914d317e1ea00386def56790b6c10
b4284e819c814a9c77ab4007b135dd629e0c4f93
a5103cd81e451a3b1d0940f34a17e1f99bfe265bfb477b17223c74a7920357f1
GET /WRSiteInterceptEngine/?Q_ZID=ZN_0xleIR6sWSZaNY9&Q_LOC=https%3A%2F%2Fkdmh.live%2Fweb%2F&t=1669954089936 HTTP/1.1
Host: zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 04:08:11 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 77313330e9ff1c16-OSL
access-control-allow-origin: *
age: 601456
cache-control: public, max-age=3600, s-maxage=604800
etag: W/"2127-yCXSqeWNF3QQ5gWuVWm89QaDdXQ"
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=8487
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
kdmh.live/web/index_files/f(2).txt
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/f(2).txt
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/f(2).txt HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/plain
vary: Accept-Encoding
last-modified: Thu, 08 Apr 2021 04:06:12 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: EXPIRED
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/selector.js
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/selector.js
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/selector.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:07 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:07 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: HIT
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
siteintercept.qualtrics.com/dxjsmodule/1.8ce69394dfc154e65174.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=kdmh.live
104.17.209.240200 OK 0 B URL HTTP/2 siteintercept.qualtrics.com/dxjsmodule/1.8ce69394dfc154e65174.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=kdmh.live
IP 104.17.209.240:0
GET /dxjsmodule/1.8ce69394dfc154e65174.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=kdmh.live HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 04:08:11 GMT
content-type: application/javascript
cf-ray: 773133325a681c16-OSL
access-control-allow-origin: *
age: 267692
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"7380-1845383cf10"
last-modified: Mon, 07 Nov 2022 19:14:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=29568
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
kdmh.live/web/index_files/gpt.js
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/gpt.js
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/gpt.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/insight.min.js
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/insight.min.js
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/insight.min.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/f(1).txt
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/f(1).txt
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/f(1).txt HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/plain
vary: Accept-Encoding
last-modified: Thu, 08 Apr 2021 04:06:12 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: EXPIRED
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/jCarousel.min.js
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/jCarousel.min.js
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/jCarousel.min.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=kdmh.live
104.17.209.240200 OK 0 B URL HTTP/2 siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=kdmh.live
IP 104.17.209.240:0
GET /dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=kdmh.live HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 04:08:11 GMT
content-type: application/javascript
cf-ray: 77313331fa501c16-OSL
access-control-allow-origin: *
age: 267692
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"19b73-1845383cf10"
last-modified: Mon, 07 Nov 2022 19:14:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=105331
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
kdmh.live/web/lib/js/txt-crypt.js
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/lib/js/txt-crypt.js
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/lib/js/txt-crypt.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/function.js
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/function.js
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/function.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/ScreenCaptureModule.js
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/ScreenCaptureModule.js
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/ScreenCaptureModule.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/cpc-main-logo.svg
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/cpc-main-logo.svg
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/cpc-main-logo.svg HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Thu, 08 Apr 2021 04:06:14 GMT
expires: Tue, 31 Jan 2023 04:08:06 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/saved_resource
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/saved_resource
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/saved_resource HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-length: 61477
last-modified: Thu, 08 Apr 2021 04:06:14 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: EXPIRED
x-server-powered-by: Engintron
accept-ranges: bytes
X-Firefox-Spdy: h2
kdmh.live/web/index_files/mp.68f8d86dd01e19ae1c35.js.download
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/mp.68f8d86dd01e19ae1c35.js.download
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/mp.68f8d86dd01e19ae1c35.js.download HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/index_files/SV_71iOFlig0vNugpn.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:10 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Apr 2021 04:06:16 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: EXPIRED
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/f.txt
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/f.txt
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/f.txt HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/plain
vary: Accept-Encoding
last-modified: Thu, 08 Apr 2021 04:06:06 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: EXPIRED
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/js(1)
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/js(1)
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/js(1) HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-length: 90248
last-modified: Thu, 08 Apr 2021 04:06:08 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: EXPIRED
x-server-powered-by: Engintron
accept-ranges: bytes
X-Firefox-Spdy: h2
kdmh.live/web/index_files/vpo.css
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/vpo.css
IP 192.151.157.182:0
GET /web/index_files/vpo.css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Apr 2021 04:06:10 GMT
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/jquery.smartbanner.js
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/jquery.smartbanner.js
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/jquery.smartbanner.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/foundation.min.js
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/foundation.min.js
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/foundation.min.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/fbevents.js
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/fbevents.js
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/fbevents.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/shop/mc/assets/images/app/ecomm/structure/chevron-right.svg
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/shop/mc/assets/images/app/ecomm/structure/chevron-right.svg
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /shop/mc/assets/images/app/ecomm/structure/chevron-right.svg HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/index_files/2012_eCommerce.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:10 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Tue, 31 Jan 2023 04:08:10 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/jquery.autocomplete.css
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/jquery.autocomplete.css
IP 192.151.157.182:0
GET /web/index_files/jquery.autocomplete.css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Apr 2021 04:06:10 GMT
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/jquery.js
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/jquery.js
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/jquery.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/pixel.html
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/pixel.html
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/pixel.html HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:10 GMT
content-type: text/html
vary: Accept-Encoding
last-modified: Thu, 08 Apr 2021 04:06:18 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: EXPIRED
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_0xleIR6sWSZaNY9&Q_LOC=https%3A%2F%2Fkdmh.live%2Fweb%2F&t=1669954089935
104.17.209.240200 OK 0 B URL HTTP/2 zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_0xleIR6sWSZaNY9&Q_LOC=https%3A%2F%2Fkdmh.live%2Fweb%2F&t=1669954089935
IP 104.17.209.240:0
GET /WRSiteInterceptEngine/?Q_ZID=ZN_0xleIR6sWSZaNY9&Q_LOC=https%3A%2F%2Fkdmh.live%2Fweb%2F&t=1669954089935 HTTP/1.1
Host: zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 04:08:11 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 77313330d9fe1c16-OSL
access-control-allow-origin: *
age: 601456
cache-control: public, max-age=3600, s-maxage=604800
etag: W/"2127-yCXSqeWNF3QQ5gWuVWm89QaDdXQ"
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=8487
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
kdmh.live/web/index_files/jquery.js
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/jquery.js
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/jquery.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:07 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:07 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: HIT
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/kirk.css
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/kirk.css
IP 192.151.157.182:0
GET /web/index_files/kirk.css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Apr 2021 04:06:10 GMT
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/app.js
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/app.js
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/app.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/pubads_impl_2021040101.js
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/pubads_impl_2021040101.js
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/pubads_impl_2021040101.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/cwc.js
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/cwc.js
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/cwc.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/google-dfp.js
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/google-dfp.js
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/google-dfp.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/RightNow.Client.js
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/RightNow.Client.js
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/RightNow.Client.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:10 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:10 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: HIT
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/saved_resource(1)
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/saved_resource(1)
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/saved_resource(1) HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-length: 61477
last-modified: Thu, 08 Apr 2021 04:06:14 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: EXPIRED
x-server-powered-by: Engintron
accept-ranges: bytes
X-Firefox-Spdy: h2
kdmh.live/web/index_files/jquery-cookie.js
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/jquery-cookie.js
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/jquery-cookie.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/search_autocomplete.js
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/search_autocomplete.js
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/search_autocomplete.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/chat-common.js
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/chat-common.js
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/chat-common.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/UserDefinedHTMLModule.js
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/UserDefinedHTMLModule.js
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/UserDefinedHTMLModule.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/lib/js/phone.js
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/lib/js/phone.js
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/lib/js/phone.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sat, 10 Apr 2021 12:20:04 GMT
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/michael.css
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/michael.css
IP 192.151.157.182:0
GET /web/index_files/michael.css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Apr 2021 04:06:10 GMT
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/cpo.js
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/cpo.js
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/cpo.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/gov-canada-logo.svg
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/gov-canada-logo.svg
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/gov-canada-logo.svg HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Thu, 08 Apr 2021 04:06:14 GMT
expires: Tue, 31 Jan 2023 04:08:06 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/jfe.c5d51c1772674a71d60c.js.download
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/jfe.c5d51c1772674a71d60c.js.download
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/jfe.c5d51c1772674a71d60c.js.download HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/index_files/SV_71iOFlig0vNugpn.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:10 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Apr 2021 04:06:16 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: EXPIRED
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_0xleIR6sWSZaNY9&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web
104.17.209.240200 OK 0 B URL HTTP/2 siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_0xleIR6sWSZaNY9&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web
IP 104.17.209.240:0
POST /WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_0xleIR6sWSZaNY9&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 77
Origin: https://kdmh.live
Connection: keep-alive
Referer: https://kdmh.live/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 04:08:11 GMT
content-type: application/json
cf-ray: 773133317a231c16-OSL
access-control-allow-origin: https://kdmh.live
cache-control: no-store, no-cache, must-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
trace-id: d66b68b86bd1e9a2
x-content-type-options: nosniff
vary: Accept-Encoding
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
kdmh.live/web/
192.151.157.182200 OK 0 B IP 192.151.157.182:0
Analyzer Verdict Alert openphish Canada Post
fortinet Phishing
GET /web/ HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: EXPIRED
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/beacon.js
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/beacon.js
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/beacon.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/RightNow.Client.js
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/RightNow.Client.js
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/RightNow.Client.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/meta.ff17afb25384dfc7e22f.js.download
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/meta.ff17afb25384dfc7e22f.js.download
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/meta.ff17afb25384dfc7e22f.js.download HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/index_files/SV_71iOFlig0vNugpn.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:10 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Apr 2021 04:06:16 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: EXPIRED
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/uwt.js
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/uwt.js
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/uwt.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/jquery-ui.min.js
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/jquery-ui.min.js
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/jquery-ui.min.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/1.5159a7a0ba1fcaed8917.chunk.js
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/1.5159a7a0ba1fcaed8917.chunk.js
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/1.5159a7a0ba1fcaed8917.chunk.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/search.svg
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/search.svg
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/search.svg HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Thu, 08 Apr 2021 04:06:14 GMT
expires: Tue, 31 Jan 2023 04:08:06 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/foundation.equalizer.js
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/foundation.equalizer.js
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/foundation.equalizer.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/CoreModule.js
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/CoreModule.js
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/CoreModule.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/lib/js/jquery-latest.min.js
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/lib/js/jquery-latest.min.js
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/lib/js/jquery-latest.min.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 23 May 2018 23:53:20 GMT
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/cwc.css
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/cwc.css
IP 192.151.157.182:0
GET /web/index_files/cwc.css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Apr 2021 04:06:10 GMT
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/slick_slider.css
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/slick_slider.css
IP 192.151.157.182:0
GET /web/index_files/slick_slider.css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Apr 2021 04:06:10 GMT
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/normalize.css
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/normalize.css
IP 192.151.157.182:0
GET /web/index_files/normalize.css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Apr 2021 04:06:08 GMT
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/storeEcommerce.css
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/storeEcommerce.css
IP 192.151.157.182:0
GET /web/index_files/storeEcommerce.css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Apr 2021 04:06:10 GMT
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/cpotools/mc/assets/images/structure/blue_question_icon.gif
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/cpotools/mc/assets/images/structure/blue_question_icon.gif
IP 192.151.157.182:0
GET /cpotools/mc/assets/images/structure/blue_question_icon.gif HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/index_files/extendstyles.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:10 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Tue, 31 Jan 2023 04:08:10 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/responsive.css
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/responsive.css
IP 192.151.157.182:0
GET /web/index_files/responsive.css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Apr 2021 04:06:10 GMT
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/donald.css
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/donald.css
IP 192.151.157.182:0
GET /web/index_files/donald.css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Apr 2021 04:06:10 GMT
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/2012_eCommerce.css
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/2012_eCommerce.css
IP 192.151.157.182:0
GET /web/index_files/2012_eCommerce.css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Apr 2021 04:06:10 GMT
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/modernizr.js
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/modernizr.js
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/modernizr.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/mc.3b7764525d9f2c925e16.js.download
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/mc.3b7764525d9f2c925e16.js.download
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/mc.3b7764525d9f2c925e16.js.download HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/index_files/SV_71iOFlig0vNugpn.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:10 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Apr 2021 04:06:16 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: EXPIRED
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/foundation.min.css
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/foundation.min.css
IP 192.151.157.182:0
GET /web/index_files/foundation.min.css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Apr 2021 04:06:08 GMT
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/cpc-logo.svg
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/cpc-logo.svg
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/cpc-logo.svg HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Thu, 08 Apr 2021 04:06:14 GMT
expires: Tue, 31 Jan 2023 04:08:06 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/jquery.smartbanner.css
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/jquery.smartbanner.css
IP 192.151.157.182:0
GET /web/index_files/jquery.smartbanner.css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Apr 2021 04:06:12 GMT
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/index_files/jsf.js
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/index_files/jsf.js
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/index_files/jsf.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
kdmh.live/web/lib/js/zip.js
192.151.157.182200 OK 0 B URL HTTP/2 kdmh.live/web/lib/js/zip.js
IP 192.151.157.182:0
Analyzer Verdict Alert fortinet Phishing
GET /web/lib/js/zip.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kdmh.live/web/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 04:08:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 01 Jan 2023 04:08:06 GMT
cache-control: max-age=2592000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: STALE
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2