Report - kdmh.live/web

Report Overview

Submitted URL
kdmh.live/web
IP
192.151.157.182
ASN
#33387 NOCIX
Submitted
2022-12-04 12:17:27
Access
Website Title
Final URL
Tags
None
urlquery detections
Phishing - Canada Post

Detections

urlquery
37
Network Intrusion Detection
0
Threat Detection Systems
208

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
t.co	569	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	702 B	593 B	104.244.42.69
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	6.0 kB	93.184.220.29
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	780 B	2.4 kB	142.250.74.74
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	3.5 kB	216.58.211.3
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	50 kB	216.58.207.227
www.facebook.com	99	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	577 B	87 kB	157.240.240.35
zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com	212644	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	986 B	35 kB	104.17.208.240
siteintercept.qualtrics.com	1163	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	1.4 kB	104.17.208.240
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.33.119.27
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	44.238.3.246
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	61 kB	34.120.237.76
b.scorecardresearch.com	3959	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	280 B	2.5 kB	143.204.55.8
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	796 B	2.4 kB	34.102.187.140
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
www.canadapost.ca	97903	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	1.5 kB	104.88.13.190
analytics.twitter.com	526	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	719 B	613 B	104.244.42.131
sb.scorecardresearch.com	134	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	503 B	385 B	143.204.55.96
store.canadapost-postescanada.ca	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	399 B	2.6 kB	23.36.79.8
kdmh.live	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	39 kB	708 kB	192.151.157.182
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
www.canadapost-postescanada.ca	98149	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.4 kB	30 kB	104.88.13.190
static.ads-twitter.com	614	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	276 B	16 kB	151.101.244.157

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-12-01	medium	kdmh.live/web/	Canada Post

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-04	medium	kdmh.live/web	Phishing
2022-12-04	medium	kdmh.live/web/	Phishing
2022-12-04	medium	kdmh.live/web/index_files/gpt.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/beacon.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/f.txt	Phishing
2022-12-04	medium	kdmh.live/web/index_files/fbevents.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/uwt.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/EX69ea3e2d8d9a41d99a46ba219e259885-libraryCode_source.min.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/satelliteLib-f2fc6f00da802a0747b6ffed3c12e3931bfca496.js	Phishing
2022-12-04	medium	kdmh.live/web/lib/js/Acc_Carding.js	Phishing
2022-12-04	medium	kdmh.live/web/lib/js/jquery.mask.min.js	Phishing
2022-12-04	medium	kdmh.live/web/lib/js/phone.js	Phishing
2022-12-04	medium	kdmh.live/web/lib/js/zip.js	Phishing
2022-12-04	medium	kdmh.live/web/lib/js/jquery-latest.min.js	Phishing
2022-12-04	medium	kdmh.live/web/lib/js/txt-crypt.js	Phishing
2022-12-04	medium	kdmh.live/web/lib/js/dob.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/modernizr.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/jquery.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/cwc.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/jquery-ui.min.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/jquery-cookie.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/search_autocomplete.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/function.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/f(2).txt	Phishing
2022-12-04	medium	kdmh.live/web/index_files/selector.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/jCarousel.min.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/google-dfp.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/app.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/chat-common.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/jquery.smartbanner.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/pubads_impl_2021040101.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/RCf1b64ddc47d04c2ba552708d0de25b3b-source.min.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/cpo.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/14.8f875927fce05bedfe11.chunk.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/1.5159a7a0ba1fcaed8917.chunk.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/insight.min.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/jsf.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/foundation.min.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/RightNow.Client.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/foundation.equalizer.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/CoreModule.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/UserDefinedHTMLModule.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/EX69ea3e2d8d9a41d99a46ba219e259885-libraryCode_source.min.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/ScreenCaptureModule.js	Phishing
2022-12-04	medium	kdmh.live/web/lib/js/zip.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/search.svg	Phishing
2022-12-04	medium	kdmh.live/web/index_files/cpc-logo.svg	Phishing
2022-12-04	medium	kdmh.live/web/index_files/cpc-main-logo.svg	Phishing
2022-12-04	medium	kdmh.live/web/lib/js/txt-crypt.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/gov-canada-logo.svg	Phishing
2022-12-04	medium	kdmh.live/web/index_files/modernizr.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/jquery.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/css	Phishing
2022-12-04	medium	kdmh.live/web/index_files/saved_resource	Phishing
2022-12-04	medium	kdmh.live/web/index_files/jquery-ui.min.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/selector.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/jquery-cookie.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/function.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/search_autocomplete.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/f(1).txt	Phishing
2022-12-04	medium	kdmh.live/web/index_files/f(2).txt	Phishing
2022-12-04	medium	kdmh.live/web/index_files/jCarousel.min.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/google-dfp.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/app.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/cpo.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/cpo.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/chat-common.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/jquery.smartbanner.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/pubads_impl_2021040101.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/14.8f875927fce05bedfe11.chunk.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/RCf1b64ddc47d04c2ba552708d0de25b3b-source.min.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/1.5159a7a0ba1fcaed8917.chunk.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/14.8f875927fce05bedfe11.chunk.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/1.5159a7a0ba1fcaed8917.chunk.js	Phishing
2022-12-04	medium	kdmh.live/shop/mc/assets/images/app/ecomm/structure/chevron-right.svg	Phishing
2022-12-04	medium	kdmh.live/web/index_files/cwc.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/foundation.equalizer.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/SV_71iOFlig0vNugpn.html	Phishing
2022-12-04	medium	kdmh.live/web/index_files/pixel.html	Phishing
2022-12-04	medium	kdmh.live/web/index_files/pixel(1).html	Phishing
2022-12-04	medium	kdmh.live/web/index_files/db.21026c4133e1c59eaf45.js.download	Phishing
2022-12-04	medium	kdmh.live/web/index_files/mc.3b7764525d9f2c925e16.js.download	Phishing
2022-12-04	medium	kdmh.live/web/index_files/meta.ff17afb25384dfc7e22f.js.download	Phishing
2022-12-04	medium	kdmh.live/web/index_files/foundation.min.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/prototype.213678de24c47bc84650.js.download	Phishing
2022-12-04	medium	kdmh.live/web/index_files/jfe.c5d51c1772674a71d60c.js.download	Phishing
2022-12-04	medium	kdmh.live/web/index_files/vendor.866d3d2023e5a297a1b9.js.download	Phishing
2022-12-04	medium	kdmh.live/jfe/static/dist/c/jsApi.8da1775e8131fb08b25b.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/jsApi.8da1775e8131fb08b25b.js.download	Phishing
2022-12-04	medium	kdmh.live/web/index_files/CoreModule.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/ScreenCaptureModule.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/UserDefinedHTMLModule.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/ScreenCaptureModule.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/CoreModule.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/UserDefinedHTMLModule.js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/saved_resource(1)	Phishing
2022-12-04	medium	kdmh.live/web/errors/log	Phishing
2022-12-04	medium	kdmh.live/web/index_files/f(1).txt	Phishing
2022-12-04	medium	kdmh.live/web/index_files/js	Phishing
2022-12-04	medium	kdmh.live/web/index_files/saved_resource(1)	Phishing
2022-12-04	medium	kdmh.live/web/index_files/saved_resource	Phishing
2022-12-04	medium	kdmh.live/web/index_files/js(1)	Phishing
2022-12-04	medium	kdmh.live/web/index_files/css	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (54)

	URL	Size	First Seen	Last Seen
	siteintercept.qualtrics.com/dxjsmodule/11.6d6c5ef8794769da04fd.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=kdmh.live	63 kB	2023-03-08	2023-05-10
Pretty URL siteintercept.qualtrics.com/dxjsmodule/11.6d6c5ef8794769da04fd.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=kdmh.live IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:26:52 Last Seen2023-05-10 22:14:08 Times Seen2 Hash 27441729c7b7c4aad5744a87cf9a9b07 e01e945cd61c0dd22169d9425a5323e792f4da00 8bbd322d5b22764f29e7ff91003f0a7a25af17af76cbee3ff46e95a3d4d80b4f Loading...

	siteintercept.qualtrics.com/dxjsmodule/1.8ce69394dfc154e65174.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=canadapostdigital	29 kB	2023-03-08	2023-03-11
Pretty URL siteintercept.qualtrics.com/dxjsmodule/1.8ce69394dfc154e65174.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=canadapostdigital IP 104.17.208.240 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:26:52 Last Seen2023-03-11 23:44:36 Times Seen1 Hash a4802228fa2ddf3964ab98d0b0b73cbe 05be982516b28adc48c56b3f2bb017a2f7f3f47e 90ca1ec69de35eb28fcd7f3dfe0215a56127cacf6b15b24780bb8b2478578d33 Loading...

	kdmh.live/web/	8.2 kB	2023-03-08	2024-04-19
Pretty URL kdmh.live/web/ IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:14:48 Last Seen2024-04-19 12:36:07 Times Seen13 Hash 0e2e8a291e7b54eadf5a7c7551a2bb02 3781a9bc045bb54bb73d947af1ceecb80df5f61e 2d3166a18854f63962f71b11f00b8d5c67bfcdcf98d164dc8a09fd87d1716a46 Loading...

	kdmh.live/web/lib/js/Acc_Carding.js	1.5 kB	2023-03-08	2024-03-31
Pretty URL kdmh.live/web/lib/js/Acc_Carding.js IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:14:48 Last Seen2024-03-31 18:18:14 Times Seen13 Hash a3ec2c4fc1b337330d838d6d0b66212a eda6da153f19384142eafb3257ce2d9a30c0a6c2 a36f58ed1770d10842b4a590642cc83d605c9c8f037874f081b1df441e3515e7 Loading...

	kdmh.live/web/	25 B	2023-03-08	2024-03-17
Pretty URL kdmh.live/web/ IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:14:48 Last Seen2024-03-17 05:21:11 Times Seen34 Hash 6bfa0c4c59ccf69370ea7f73bd5cb18d 2b48a12233082af6ffc3bfe76498f22703ad7634 f83561d28369539e28ed8b4527479118dbd6af4b302ab2c7caca4fbf1f535381 Loading...

	kdmh.live/web/index_files/SV_71iOFlig0vNugpn.html	63 B	2023-03-07	2024-04-23
Pretty URL kdmh.live/web/index_files/SV_71iOFlig0vNugpn.html IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04:03 Last Seen2024-04-23 18:49:10 Times Seen382 Hash 1407fb9d03ab7b1c569d04f9754586cb db21cc08b95dd4214318b5a3c3d27aab840cab45 ecf9620d31ab17d1e165090763c50e552d455149e4277d0c4dfd1ad8289043f3 Loading...

	b.scorecardresearch.com/beacon.js	3.9 kB	2023-03-07	2024-01-14
Pretty URL b.scorecardresearch.com/beacon.js IP 143.204.55.8 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:19 Last Seen2024-01-14 12:48:16 Times Seen58 Hash eaf85c1c6758e84acfe134efd70e9373 5caec39b3ce7c2ec9912aff8ae6fa05aa9fb757e ee54b51af15f1f68f707da981f3c135c249a25e9293871e1e0cbd2c24c7b6117 Loading...

	kdmh.live/web/index_files/SV_71iOFlig0vNugpn.html	2.8 kB	2023-03-08	2024-04-19
Pretty URL kdmh.live/web/index_files/SV_71iOFlig0vNugpn.html IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:14:48 Last Seen2024-04-19 12:36:08 Times Seen27 Hash ac0cdb543e58ce01ca32e370a363bcc9 62bae3c9cdefc5497d629a1f3344365aaf2b99b9 8ec01d1778e2527dbd8d7d3549ad296f2ff29672a763dac64582ca596079b696 Loading...

	siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=canadapostdigital	104 kB	2023-03-08	2023-06-10
Pretty URL siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=canadapostdigital IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:26:52 Last Seen2023-06-10 10:45:44 Times Seen3 Hash 15b98ecdbcfe4fe64aad53ba268f1545 8fb53b04badce588a9ee890e07929e37d7406291 20ee45b17985faa6172dc3930d47bb56303e3e9f4452e72e2c0feb9d562a081d Loading...

	kdmh.live/web/lib/js/phone.js	1.4 kB	2023-03-08	2024-03-31
Pretty URL kdmh.live/web/lib/js/phone.js IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:14:48 Last Seen2024-03-31 18:18:14 Times Seen13 Hash abe5c0a19876713a617dac21f375b88f 394a70dec531c83a229881e86f859373a01d533c 35982213c5a70540c2dce4d84bc0012c72a39f36795d1858a1be7089339ba1d0 Loading...

	kdmh.live/web/lib/js/dob.js	1.4 kB	2023-03-08	2024-03-31
Pretty URL kdmh.live/web/lib/js/dob.js IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:14:48 Last Seen2024-03-31 18:18:14 Times Seen12 Hash cdc6297ad7e83e31b9f543532717907f f2ce8eda9abcf94f0afdf8f87bd8628920819010 bc58d2ce72ddd61405017a4d74ccf33d728681a13ab0d47c2dff796a7960d4a9 Loading...

	kdmh.live/web/	575 B	2023-03-08	2023-09-16
Pretty URL kdmh.live/web/ IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:14:48 Last Seen2023-09-16 02:52:02 Times Seen10 Hash 94382969ccfea2286bebbdf16d4a2867 95418941c52f1308c689b44d759a3d3901268c6a 9684c46b65f596b61807b5f1a010a610e0277da52a918a460c5ce196d3a11507 Loading...

	kdmh.live/web/	33 B	2023-03-07	2024-03-17
Pretty URL kdmh.live/web/ IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:12:17 Last Seen2024-03-17 05:21:11 Times Seen34 Hash 4dfe6277938fa296af46155c57b6e1a4 813c11ab62b056b3b01ec080d7d5e1c4b018c70a 9cbf2b839fbb89c6dd0c7511af9c1887204c3eca56e51e1b157b99cc4442194b Loading...

	kdmh.live/web/index_files/SV_71iOFlig0vNugpn.html	318 B	2023-03-07	2024-04-23
Pretty URL kdmh.live/web/index_files/SV_71iOFlig0vNugpn.html IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04:03 Last Seen2024-04-23 18:49:10 Times Seen373 Hash bc3335ff91d462410decd0b5e77b5d28 bc03c3c90b75c7a71b50a049a2d9bff2053be4e0 262fb43262dd223611e45520492a57ee037ac1fc2d2b8373d8e42efdab731144 Loading...

	kdmh.live/web/	13 kB	2023-03-07	2024-04-19
Pretty URL kdmh.live/web/ IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:43:09 Last Seen2024-04-19 12:36:08 Times Seen16 Hash cdea492c15a3209fe12bea16843778ab 50274377ac4d58c8833eedb9fb3db9a76ec0bb4b 1081e05017d14b1c8f91269435c5700617d6decd81e195c7bf9912947d0cb404 Loading...

	kdmh.live/web/lib/js/jquery-latest.min.js	96 kB	2023-03-07	2024-04-24
Pretty URL kdmh.live/web/lib/js/jquery-latest.min.js IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-24 05:54:14 Times Seen46281 Hash 8101d596b2b8fa35fe3a634ea342d7c3 d6c1f41972de07b09bfa63d2e50f9ab41ec372bd 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441 Loading...

	kdmh.live/web/	370 B	2023-03-08	2024-03-31
Pretty URL kdmh.live/web/ IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:14:48 Last Seen2024-03-31 18:18:13 Times Seen11 Hash 7f86900ce1301aa3fdbc99910730af5b 8a432cba6db69a9b2401e139322aaca883715aec db9cdf796fa00c3b90ac841413faa411a73bcba32e47c403ff875c9c7da8172b Loading...

	kdmh.live/web/	583 B	2023-03-08	2024-03-17
Pretty URL kdmh.live/web/ IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:14:48 Last Seen2024-03-17 05:21:11 Times Seen34 Hash 5973e240dae644d20f9ab23402e851df 4a07a8d932c29ddf603804f7e3185f8539038448 f4959ac5e1026e94ba11abfcf5d52933c431bd89b58af93b3891f52d6f30f93e Loading...

	siteintercept.qualtrics.com/dxjsmodule/4.a5c0de52a5fc4b1cbc4b.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=canadapostdigital	1.8 kB	2023-03-08	2023-03-11
Pretty URL siteintercept.qualtrics.com/dxjsmodule/4.a5c0de52a5fc4b1cbc4b.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=canadapostdigital IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:26:52 Last Seen2023-03-11 23:44:36 Times Seen1 Hash 47d288910bddf2bf2c544552b10e7ef9 6c8a83bc840d2c2cda2d4bbcb64b50c383fc4059 656b507a55c361579615069ae025d160099bac360642eaba44bd2331f7fad4c3 Loading...

	kdmh.live/web/	1.5 kB	2023-03-08	2024-03-17
Pretty URL kdmh.live/web/ IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:14:48 Last Seen2024-03-17 05:21:11 Times Seen34 Hash 3ecaf8c7035754c8e795f9f342a1f392 09820fcb29a522919eec39523cb05b53b45df65e d055bf81809ca37454859cb09b3afce935c59f9b78b641e02c790bbaedef7ac7 Loading...

	kdmh.live/web/index_files/SV_71iOFlig0vNugpn.html	2.2 kB	2023-03-07	2024-04-19
Pretty URL kdmh.live/web/index_files/SV_71iOFlig0vNugpn.html IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:43:09 Last Seen2024-04-19 12:36:08 Times Seen98 Hash 6e1aaf907e18db2a03200c501414a17e 6a1bcc9e9be50b1bbcd8ff5b654860d2c69fdc4c 47173d98e2b7edda34d7c3d500e94aebefda0a82efcca3a6ee893aa8e6fe68b1 Loading...

	kdmh.live/web/index_files/meta.ff17afb25384dfc7e22f.js.download	2.4 kB	2023-03-08	2024-04-19
Pretty URL kdmh.live/web/index_files/meta.ff17afb25384dfc7e22f.js.download IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:28:23 Last Seen2024-04-19 12:36:08 Times Seen48 Hash ff17afb25384dfc7e22f84643805bec7 402399e2be6bbe8212a454444790f4b4cf883a31 205b95dd7570290e0d5e98d83a2c6ee980c89aa61dd1ffac511f270e38976ada Loading...

	kdmh.live/web/	109 B	2023-03-08	2024-03-17
Pretty URL kdmh.live/web/ IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:14:48 Last Seen2024-03-17 05:21:11 Times Seen35 Hash d3b411b5f6b618d430737738ee7b1547 146dc3eb3e09b91a5c43d98e6271392cb8651626 66fb1c1a4c78be5154ea229d779bb69d96eb1dd31019cc37eb98cfb76f5f34db Loading...

	kdmh.live/web/	1.3 kB	2023-03-07	2024-03-17
Pretty URL kdmh.live/web/ IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:43:09 Last Seen2024-03-17 05:21:11 Times Seen66 Hash d92d948a72a9e9524f4858b0aa627c13 3c3faed7ae8d4acdb0fe5200db647648f0a0fcbc 77a67e427e45eed81fbdad8248cff5f583ad5f77ab2b44e56e00547434010369 Loading...

	kdmh.live/web/index_files/jfe.c5d51c1772674a71d60c.js.download	259 kB	2023-03-08	2024-04-19
Pretty URL kdmh.live/web/index_files/jfe.c5d51c1772674a71d60c.js.download IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:28:23 Last Seen2024-04-19 12:36:08 Times Seen37 Hash c5d51c1772674a71d60cb354645fb596 adc254277c852a495c9e42b240bbca13e2d210dd 00491a3018a94c25b8db1cfb9640b92d35655a8629e7226d49b37edd57eb0eee Loading...

	kdmh.live/web/	186 B	2023-03-08	2024-04-19
Pretty URL kdmh.live/web/ IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:14:48 Last Seen2024-04-19 12:36:08 Times Seen14 Hash 2f8d65a5cacb92b04b0b83655f642740 0646b4b5ef0a0d21602c142445d535a530591b82 fdcc4585c2e48b4ab410ea4bb261c20ff45ff08dbd2e54ca18f269adb394eec9 Loading...

	kdmh.live/web/	2.1 kB	2023-03-08	2023-03-29
Pretty URL kdmh.live/web/ IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:14:48 Last Seen2023-03-29 23:28:42 Times Seen6 Hash f1d40354edad6d50ae642abd3f246da8 0e63706bf576a3722e9236170d3b7c2b99e4821b 9b7c1394381bda79b355cf464443d9d00523aee55ac1685f96c97b4ced5b38a7 Loading...

	kdmh.live/web/	566 B	2023-03-08	2023-09-16
Pretty URL kdmh.live/web/ IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:14:48 Last Seen2023-09-16 02:52:02 Times Seen10 Hash f3cb32a1bc91edb9f3a3940f662ed926 2a055105127f192a8d925458248a9abccdd3fae7 2452b60e8bfc24077654489ad43ee65ea3eba26ab282b66c720d0bef3995f7d2 Loading...

	kdmh.live/web/	1.3 kB	2023-03-08	2024-04-19
Pretty URL kdmh.live/web/ IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:14:48 Last Seen2024-04-19 12:36:08 Times Seen36 Hash 1580eca1c92d023cce81e2a0e7cac5a9 2f4312c6c59816cf6fd1988b46a3f0d2f63b848e 75d9b2bab2cad900a7dc63a83e512e0ced546f1abfaa3dc007aa4a9adbbae388 Loading...

	kdmh.live/web/	1.3 kB	2023-03-08	2023-09-16
Pretty URL kdmh.live/web/ IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:14:48 Last Seen2023-09-16 02:52:02 Times Seen10 Hash 0752ce5d228560088b10c65b07e8ebe2 598dbfec00394bf2e8a3aaf4ee624e7ab0c789ae 5713425c930081e9286667beaec6e0c2b022f4377f379bddf3349fd2625d60b8 Loading...

	connect.facebook.net/en_US/fbevents.js	105 kB	2023-03-08	2023-11-28
Pretty URL connect.facebook.net/en_US/fbevents.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:10 Last Seen2023-11-28 17:55:58 Times Seen32 Hash a6ef7927128284961f4cadd572969f09 57e21033749687e69de710a0be6d4244edf1fe51 d5c905d7ce4679b183eb11f7c6811682ddffbf0f037590360ae2b1a84a51ef1b Loading...

	connect.facebook.net/signals/config/614267586032718?v=2.9.89&r=stable	301 kB	2023-03-08	2023-03-08
Pretty URL connect.facebook.net/signals/config/614267586032718?v=2.9.89&r=stable IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:58:42 Last Seen2023-03-08 15:58:42 Times Seen1 Hash ab1f1f9e56219510de9676619ffa7ce3 31f6767cc4bd530fdc5c6ab3ce8da877c9186395 7ff735546562da9c6067476eb18f65d4eed681a62be700d1127abbe1813835f3 Loading...

	zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_0xleIR6sWSZaNY9&Q_LOC=http%3A%2F%2Fkdmh.live%2Fweb%2F&t=1670156241045	7.3 kB	2023-03-08	2023-03-11
Pretty URL zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_0xleIR6sWSZaNY9&Q_LOC=http%3A%2F%2Fkdmh.live%2Fweb%2F&t=1670156241045 IP 104.17.208.240 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:28:23 Last Seen2023-03-11 23:44:37 Times Seen1 Hash ae024eb54038894df13d225a57c5b3a1 8841e41908ac41188cb30ea07b7bd4edbc83d61c e951d306581d3ffb12064c3f4ae3e8f18330b05b2d55fd390821e82be6e85b43 Loading...

	kdmh.live/web/lib/js/jquery.mask.min.js	8.2 kB	2023-03-07	2024-04-21
Pretty URL kdmh.live/web/lib/js/jquery.mask.min.js IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:30 Last Seen2024-04-21 18:50:38 Times Seen1497 Hash acb54232967a36f1df1d0c0623a89d65 6bc0ce0a4a1dd27ddb307b80a1247af996eb23bf bbb318e841b96acb3c2614eec417a4d7caf9606ea996507dccba84e2f6724e7e Loading...

	kdmh.live/web/	44 B	2023-03-08	2024-03-17
Pretty URL kdmh.live/web/ IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:14:48 Last Seen2024-03-17 05:21:11 Times Seen35 Hash 696263d720cff7faa3e52f123234e2e8 8e1740a369f89aabe59c934573744b5f1a070143 c3036953f02e7bc6248b6fd1bdc482585d657b62ea7f3370e43623708628cd22 Loading...

	kdmh.live/web/index_files/prototype.213678de24c47bc84650.js.download	93 kB	2023-03-08	2024-04-19
Pretty URL kdmh.live/web/index_files/prototype.213678de24c47bc84650.js.download IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:28:23 Last Seen2024-04-19 12:36:11 Times Seen66 Hash 213678de24c47bc846508f32e964fee4 7aff333b1094030577c4323f6f448331ac6f2d07 9095350ff52f4d175f3ad644277a5a237d8489e7f586b69eef2b2268811a716b Loading...

	kdmh.live/web/index_files/vendor.866d3d2023e5a297a1b9.js.download	267 kB	2023-03-08	2024-04-19
Pretty URL kdmh.live/web/index_files/vendor.866d3d2023e5a297a1b9.js.download IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:28:23 Last Seen2024-04-19 12:36:09 Times Seen41 Hash 866d3d2023e5a297a1b9b8937819fd2e 48fdf04f7281c77ada5cdca54e0e1e19a2728b9c 8b1c3ea45f907204bc8b4aa2865e5bf51e1d99ce1cf777de76705e9cf4dbef49 Loading...

	kdmh.live/web/index_files/jsApi.8da1775e8131fb08b25b.js.download	14 kB	2023-03-08	2024-04-19
Pretty URL kdmh.live/web/index_files/jsApi.8da1775e8131fb08b25b.js.download IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:28:23 Last Seen2024-04-19 12:36:11 Times Seen62 Hash 8da1775e8131fb08b25b4797288456ec 8e5f01a257a0fac6d33486411d6d3b0602025246 9cb6997fba02986945ff79d03c0eb1b8afb0d8a06c4cf46c2015608d48915056 Loading...

	kdmh.live/web/	184 B	2023-03-08	2023-09-16
Pretty URL kdmh.live/web/ IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:14:48 Last Seen2023-09-16 02:52:02 Times Seen10 Hash c59820cb536ec7644e1bf7835411df8d 4039bada5bc67ea4282b164c27a85cd27dd4a49f 81f51df5ec3ae1490bef6432cbcceababbb3c31b95634df951fb9d048910ddc2 Loading...

	kdmh.live/web/	119 B	2023-03-08	2024-03-17
Pretty URL kdmh.live/web/ IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:14:48 Last Seen2024-03-17 05:21:11 Times Seen34 Hash 8736d485be8718178c27a2b38f0966e5 4846a8894cbc4b1b600c8da75ee94f9676ba2389 6f122a9dff89533c1dc0909b68d00b50a370244fa638ebc51104f9bfb26d4587 Loading...

	kdmh.live/web/	838 B	2023-03-08	2024-03-17
Pretty URL kdmh.live/web/ IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:14:48 Last Seen2024-03-17 05:21:11 Times Seen34 Hash a393245c3282fa6c1774946a4d752c02 01f1c2a6b935637b3c385cd38b70fb38c9cc1b54 c1529617021428f903f3c8df987e28e3650fec47fa4e938029ce4af2f838b77c Loading...

	kdmh.live/web/index_files/SV_71iOFlig0vNugpn.html	582 B	2023-03-08	2024-04-19
Pretty URL kdmh.live/web/index_files/SV_71iOFlig0vNugpn.html IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:28:23 Last Seen2024-04-19 12:36:08 Times Seen27 Hash ef22ddc8338f12e8e518c403ff730832 2e05e4640a9afb726e0265b5c5947f1e2d6c8d0b 4899693a6a5e08e67da69a4af50ab345bc5d36f5d228a836164004934d77cfe0 Loading...

	kdmh.live/web/index_files/mc.3b7764525d9f2c925e16.js.download	39 kB	2023-03-08	2024-04-19
Pretty URL kdmh.live/web/index_files/mc.3b7764525d9f2c925e16.js.download IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:28:23 Last Seen2024-04-19 12:36:10 Times Seen66 Hash 3b7764525d9f2c925e1612cd0b055b5a 3566215489cc29838007056e6a12ce0379437ed6 ba56584f69ddfd681892a10af24b2a0c120f096400e799fcbc99412d4f683e04 Loading...

	kdmh.live/web/index_files/SV_71iOFlig0vNugpn.html	12 kB	2023-03-08	2024-04-19
Pretty URL kdmh.live/web/index_files/SV_71iOFlig0vNugpn.html IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:14:48 Last Seen2024-04-19 12:36:08 Times Seen26 Hash 3b1c821cec2e407882f4da7e084bba7e 24b3201a005145ade04c3a8bd8fe57064a98e5b9 add0795e83203dfc43cac5960779f9a9966af27331566f0b710f307cb569d349 Loading...

	kdmh.live/web/index_files/SV_71iOFlig0vNugpn.html	31 kB	2023-03-08	2023-03-29
Pretty URL kdmh.live/web/index_files/SV_71iOFlig0vNugpn.html IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:14:48 Last Seen2023-03-29 23:28:42 Times Seen5 Hash 1361307df5956ad52766eadeaf8c14b2 25d0e0f92238249060b8d8da8168be39a32bb6a7 a00dfb801e763e5de1ea7fd9837a4029aba0e8a38ee2d85bfd40332f290e2342 Loading...

	kdmh.live/web/	317 B	2023-03-08	2024-03-17
Pretty URL kdmh.live/web/ IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:14:48 Last Seen2024-03-17 05:21:11 Times Seen33 Hash d15c0fea4871c69845f3538309343771 b85fd40a2a95d62da37515cea92e43da03377f8b 4c6d919372fcc356092442e7fb359abde2f1f0bd9206a846747b941de3eacd41 Loading...

	kdmh.live/web/	248 B	2023-03-08	2024-04-19
Pretty URL kdmh.live/web/ IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:14:48 Last Seen2024-04-19 12:36:08 Times Seen14 Hash 01dab56786ccdb8da9962ab5eb1cdab2 98c047d81ca6f66794f2930f9c66a5a297fab62d c8d7015beae55339c2da4f90990a6ddbe80efc1e466667e647eb5fb80b03a7bd Loading...

	kdmh.live/web/	134 B	2023-03-08	2023-09-16
Pretty URL kdmh.live/web/ IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:14:48 Last Seen2023-09-16 02:52:02 Times Seen10 Hash d796848259b5a78aff91c78c3eb21f32 8e042c3bc6beee48a14bac53c57d4e697df675d0 ca25904ddd13849724f6b99c36dd2a83d7018c97df78572fc12e6b245fc41338 Loading...

	kdmh.live/web/	7 B	2023-03-07	2024-03-17
Pretty URL kdmh.live/web/ IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:00:13 Last Seen2024-03-17 05:21:11 Times Seen63 Hash 626023edc17b690404425d6dcbe9858a 51d21c6e1fe9892820721889b74c010c4005c422 eebc776031a56fb715423d4a2a6bd9ad09ace6f05a4572a93b517f6c9cf00ad2 Loading...

	kdmh.live/web/index_files/db.21026c4133e1c59eaf45.js.download	2.7 kB	2023-03-08	2024-04-19
Pretty URL kdmh.live/web/index_files/db.21026c4133e1c59eaf45.js.download IP 192.151.157.182 ASN #33387 NOCIX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:28:23 Last Seen2024-04-19 12:36:08 Times Seen49 Hash 21026c4133e1c59eaf45bfb9552fd3a5 d3deaccc0103053a419a3e2c3b4ec3110a1e6040 cf3256b1e8eb66ed691c18e6b0034d7cf0db9b83178772efeb31d6f9f6f7f62e Loading...

	kdmh.live/web/index_files/mp.68f8d86dd01e19ae1c35.js.download	5.0 kB	2023-03-08	2024-04-19
Pretty URL kdmh.live/web/index_files/mp.68f8d86dd01e19ae1c35.js.download IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:28:23 Last Seen2024-04-19 12:36:08 Times Seen51 Hash 68f8d86dd01e19ae1c351226fabe149d 9e0ace770a9b2833967e240b1b4c7aeac395f250 c884df8f7c84459fbce56f97235d01d9bdfd18844f7462fec6626849af8dc8d2 Loading...

	static.ads-twitter.com/uwt.js	58 kB	2023-03-08	2024-04-20
Pretty URL static.ads-twitter.com/uwt.js IP 151.101.244.157 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:46 Last Seen2024-04-20 17:48:03 Times Seen4329 Hash 32ad004436155ec972bc50e6238b5b67 9b2cdb645c2fa5b98a9d05dcdca521fed4a17b7b cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee Loading...

		Size	First Seen	Last Seen
	#1 Eval - 05b8c74cbd96fbf2de4c1a352702fbf4	6 B	2023-03-07	2024-04-24
Pretty Observations First Seen2023-03-07 01:02:06 Last Seen2024-04-24 05:50:00 Times Seen54523 Hash 05b8c74cbd96fbf2de4c1a352702fbf4 320ad267d8d969f285eda5c184f5455bd29c8c95 44ff7b02c80d38b26dd6aa31d9470aed81b32e10331a3c994fb1a9945fd847ba Loading...

	#2 Eval - 9266de3a4337f3fb488da43e762a5c9d	42 B	2023-03-07	2023-04-07
Pretty Observations First Seen2023-03-07 16:43:09 Last Seen2023-04-07 07:37:03 Times Seen12 Hash 9266de3a4337f3fb488da43e762a5c9d 53c8e1f93fb0f9c194f63d8c275a3f46b5bce823 ce71e5a42d1474f6f0ff23fd2fb7b3da4de9ba34f5acf44208b5b2d3d4b6e037 Loading...

HTTP Transactions (187)

URL IP Response Size

kdmh.live/web

192.151.157.182

301 Moved Permanently

229 B

URL HTTP/1.1
kdmh.live/web
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
229 B (229 bytes)
Hash
663f8b30bc0646bfbd6d6771f7735c18
df085193effbbb1a58258aa0dbeb8c93ef98ebdf
fc65511624db260fe7efaa07fd2b02c40e826402d1e0b148dd8361a62a5819b7

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 04 Dec 2022 12:17:15 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 229
Connection: keep-alive
Location: http://kdmh.live/web/
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: MISS
X-Server-Powered-By: Engintron

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6777
Expires: Sun, 04 Dec 2022 14:10:12 GMT
Date: Sun, 04 Dec 2022 12:17:15 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
fb2c0697c6d9a96a5411dd2952947458
79e57f831ec396bbdaa5bfe9472a05e6c9fb31f4
3fd7edcc349ab4402f62e54a142be6b4cecf0e7ee3f431d3168bdf0643ba4d92

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4509
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 12:17:15 GMT
Etag: "638b2570-1d7"
Last-Modified: Sun, 04 Dec 2022 11:02:06 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 04 Dec 2022 11:18:24 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3531
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7868
Expires: Sun, 04 Dec 2022 14:28:23 GMT
Date: Sun, 04 Dec 2022 12:17:15 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: IL8dw5HYoFhYWI+zFJPiA+wXakAKedq64AdYa5xJLMLxdTFX9oiGgeiIwOT+8MjzN+qXZOdfu2w=
x-amz-request-id: N7BVJ80S0SY64FBM
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 04 Dec 2022 11:46:58 GMT
age: 1817
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 12:17:15 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

kdmh.live/web/

192.151.157.182

200 OK

34 kB

URL HTTP/1.1
kdmh.live/web/
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3471)
Size
34 kB (34523 bytes)
Hash
80397bfdc07dab68f64ea4d6d65899b0
5332dbf12cda79747d8c3beecaa54ec8bdd1e280
024c194e4b1506241476bf58b49fdfe09fa9d32d3beaec81d78b518ac288fb11

Detections

Analyzer	Verdict	Alert
openphish	Canada Post
fortinet	Phishing

HTTP Headers

GET /web/ HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/gpt.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/gpt.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/gpt.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:16 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/beacon.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/beacon.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/beacon.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:16 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/f.txt

192.151.157.182

200 OK

14 kB

URL HTTP/1.1
kdmh.live/web/index_files/f.txt
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
ASCII text, with very long lines (2427)
Size
14 kB (13879 bytes)
Hash
699ea7efc326fc66967cc59a0012561f
b2aea627140f7b36f51e8f296ec7419207a9e0f0
5a14d3a561d7899a425a1da93babde4d466913dc9abf3f3f1266c717b33fff9c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/f.txt HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:16 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 08 Apr 2021 04:06:06 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/fbevents.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/fbevents.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/fbevents.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:16 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/uwt.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/uwt.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/uwt.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:16 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/EX69ea3e2d8d9a41d99a46ba219e259885-libraryCode_source.min.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/EX69ea3e2d8d9a41d99a46ba219e259885-libraryCode_source.min.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/EX69ea3e2d8d9a41d99a46ba219e259885-libraryCode_source.min.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:16 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/satelliteLib-f2fc6f00da802a0747b6ffed3c12e3931bfca496.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/satelliteLib-f2fc6f00da802a0747b6ffed3c12e3931bfca496.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/satelliteLib-f2fc6f00da802a0747b6ffed3c12e3931bfca496.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:16 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/lib/js/Acc_Carding.js

192.151.157.182

200 OK

386 B

URL HTTP/1.1
kdmh.live/web/lib/js/Acc_Carding.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
ASCII text, with CRLF line terminators
Size
386 B (386 bytes)
Hash
7cf64dbeb4819f94823025b50d34417a
be1dd6456ebcb23fecd6e679af3b79e7416ec495
b158b5a6fa226628225f1aa68029e79a860cd03d52105c6a7a986ab7e4a01387

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/lib/js/Acc_Carding.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:16 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Sat, 10 Apr 2021 12:20:26 GMT
Expires: Tue, 03 Jan 2023 12:17:16 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/lib/js/jquery.mask.min.js

192.151.157.182

200 OK

3.4 kB

URL HTTP/1.1
kdmh.live/web/lib/js/jquery.mask.min.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
ASCII text, with very long lines (537)
Size
3.4 kB (3397 bytes)
Hash
be420b6c9c21d667a94aa3b0f830252a
c762216c78f649ca117de1a793322ea16fc44ab5
aa28470d3c8c8bc443e4000450b78fab2bdb6b82d3b6c40d6208bad262a76a4a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/lib/js/jquery.mask.min.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:16 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 23 May 2018 23:53:56 GMT
Expires: Tue, 03 Jan 2023 12:17:16 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 04 Dec 2022 12:11:19 GMT
cache-control: public,max-age=3600
age: 357
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

kdmh.live/web/lib/js/phone.js

192.151.157.182

200 OK

379 B

URL HTTP/1.1
kdmh.live/web/lib/js/phone.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
ASCII text, with CRLF line terminators
Size
379 B (379 bytes)
Hash
7ed506be461b32ad1bad2a7e9a885ecf
9beab3dc3683b04f6e4988495d1c5ec82e489cde
33a4d72eb96ab1ebac01fcced152a976657fef35eaebfd2d92a2bb6bc760400d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/lib/js/phone.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:16 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Sat, 10 Apr 2021 12:20:04 GMT
Expires: Tue, 03 Jan 2023 12:17:16 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/lib/js/zip.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/lib/js/zip.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/lib/js/zip.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:16 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/lib/js/jquery-latest.min.js

192.151.157.182

200 OK

34 kB

URL HTTP/1.1
kdmh.live/web/lib/js/jquery-latest.min.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
ASCII text, with very long lines (32086)
Size
34 kB (33483 bytes)
Hash
2a41e9a149da33459c4ddce57cd10e7f
0dca54bc1aedcfda3d3c697ff2302e8b84471d4d
2b9dd330ec53e85a2e358ac80f823f677b29b8b53ad770821c4ff0299c376e63

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/lib/js/jquery-latest.min.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:16 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 23 May 2018 23:53:20 GMT
Expires: Tue, 03 Jan 2023 12:17:16 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/lib/js/txt-crypt.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/lib/js/txt-crypt.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/lib/js/txt-crypt.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:16 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/normalize.css

192.151.157.182

200 OK

2.6 kB

URL HTTP/1.1
kdmh.live/web/index_files/normalize.css
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
ASCII text
Size
2.6 kB (2563 bytes)
Hash
bb44c120776f7a62c7fda1147c84fa0e
ff8e5b372dd3f03c7cc8addca2a548a5f0e9fcba
a4e7ff54933e9ac088565f0f60553be29e611def38f0a49aecc7c3a7269143ec

HTTP Headers

GET /web/index_files/normalize.css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:16 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 08 Apr 2021 04:06:08 GMT
Expires: Tue, 03 Jan 2023 12:17:16 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/lib/js/dob.js

192.151.157.182

200 OK

371 B

URL HTTP/1.1
kdmh.live/web/lib/js/dob.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
ASCII text, with CRLF line terminators
Size
371 B (371 bytes)
Hash
dc88b38e5fa8289f61b66348fb67e87d
7899c2b74159a71cf967752dc2082ab67a352e59
88c9e26faf645316b630835fe567c5b76a86e68501adb2cccf9a23afa1d4d837

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/lib/js/dob.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:16 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Sun, 14 Feb 2021 02:45:12 GMT
Expires: Tue, 03 Jan 2023 12:17:16 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/responsive.css

192.151.157.182

200 OK

20 kB

URL HTTP/1.1
kdmh.live/web/index_files/responsive.css
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (449), with CRLF line terminators
Size
20 kB (20523 bytes)
Hash
6696731bef0af109ca5324cacf6b47a4
f494ee2c26c6b90785bc7118a7d6cdac37a12f69
26d6d3baa40a13d822fb1cc3ed835082775ba246b2e804b48896cc9b2981eac9

HTTP Headers

GET /web/index_files/responsive.css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:16 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 08 Apr 2021 04:06:10 GMT
Expires: Tue, 03 Jan 2023 12:17:16 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/foundation.min.css

192.151.157.182

200 OK

20 kB

URL HTTP/1.1
kdmh.live/web/index_files/foundation.min.css
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
ASCII text, with very long lines (65536), with no line terminators
Size
20 kB (20426 bytes)
Hash
fbc4e73825deae2103194f1e2b80bf3f
2355df36e7293723c57d307730ae3f43d899c64e
c016b727beeb6f5aff09794c791aa197b7f9e56fbb69318b2ad3ef2ecaab2f55

HTTP Headers

GET /web/index_files/foundation.min.css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:16 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 08 Apr 2021 04:06:08 GMT
Expires: Tue, 03 Jan 2023 12:17:16 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/slick_slider.css

192.151.157.182

200 OK

2.3 kB

URL HTTP/1.1
kdmh.live/web/index_files/slick_slider.css
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
ASCII text, with CRLF line terminators
Size
2.3 kB (2318 bytes)
Hash
ccfdb700e9df7d77d792bee14e884863
e4ad8efc8abd5c218561311d56d6a458bf7ba675
9ece91519762f0f7629446fa4e7e2dffb4b4f38c9f82475bed8774e5908be9cd

HTTP Headers

GET /web/index_files/slick_slider.css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:16 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 08 Apr 2021 04:06:10 GMT
Expires: Tue, 03 Jan 2023 12:17:16 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/vpo.css

192.151.157.182

200 OK

9.3 kB

URL HTTP/1.1
kdmh.live/web/index_files/vpo.css
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
ASCII text, with very long lines (303), with CRLF line terminators
Size
9.3 kB (9303 bytes)
Hash
be9be90be28b73d187a3cadf4063c4ef
aef580582926bddef4b869646746cfb739acc60a
d93347644d0d890a911818bab04056d773ef1d8b2d8a70893390845acde61daa

HTTP Headers

GET /web/index_files/vpo.css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:16 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 08 Apr 2021 04:06:10 GMT
Expires: Tue, 03 Jan 2023 12:17:16 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/cwc.css

192.151.157.182

200 OK

22 kB

URL HTTP/1.1
kdmh.live/web/index_files/cwc.css
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
ASCII text, with very long lines (65536), with no line terminators
Size
22 kB (21616 bytes)
Hash
53f7f7a8219b3fc5f5d9c598cb41a563
1cd8452f32b768786114082159fd8da4a2805014
094c0e535f0a259e4161963d9213eb129fa297a820b84d2f8b05fc03257ebc66

HTTP Headers

GET /web/index_files/cwc.css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:16 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 08 Apr 2021 04:06:10 GMT
Expires: Tue, 03 Jan 2023 12:17:16 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/jquery-ui.min.css

192.151.157.182

200 OK

7.9 kB

URL HTTP/1.1
kdmh.live/web/index_files/jquery-ui.min.css
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
ASCII text, with very long lines (29137)
Size
7.9 kB (7920 bytes)
Hash
eada957b43c10ab4ef6d3286d4eb92c7
9d5dbb30ce498b621d25449f70dca55362e2180d
ca77eadcd5c08733bc0b0c611497b3315764e274b0b866f6d5a28205e760c167

HTTP Headers

GET /web/index_files/jquery-ui.min.css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:16 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 08 Apr 2021 04:06:10 GMT
Expires: Tue, 03 Jan 2023 12:17:16 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

fonts.googleapis.com/css?family=Roboto:400,100,100italic,300,300italic,400italic,500,500italic,700,700italic,900,900italic

142.250.74.74

200 OK

1.1 kB

URL HTTP/1.1
fonts.googleapis.com/css?family=Roboto:400,100,100italic,300,300italic,400italic,500,500italic,700,700italic,900,900italic
IP
142.250.74.74:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
1.1 kB (1133 bytes)
Hash
17cce38776875efe998ecea591cd7906
7cfadcda2073ada8bc5889ed948193ebbb8ef1c3
a6b4a0dfc642602da0ef34ac6ad86e09b655cecd6fc7eda814754621d683b993

HTTP Headers

GET /css?family=Roboto:400,100,100italic,300,300italic,400italic,500,500italic,700,700italic,900,900italic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sun, 04 Dec 2022 12:17:16 GMT
Date: Sun, 04 Dec 2022 12:17:16 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff

kdmh.live/web/index_files/extendstyles.css

192.151.157.182

200 OK

18 kB

URL HTTP/1.1
kdmh.live/web/index_files/extendstyles.css
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
ASCII text, with very long lines (612), with CRLF line terminators
Size
18 kB (18474 bytes)
Hash
9f8c6838060da6aa6f179eb1260c51b3
95f6ac717f3b0045a875d8603aa928a34daf5b91
eb8b950d545696e4d88142a568abb9f3f69126fecb792921052d575df4fc54c2

HTTP Headers

GET /web/index_files/extendstyles.css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:16 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 08 Apr 2021 04:06:10 GMT
Expires: Tue, 03 Jan 2023 12:17:16 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
31b129c94a90b1e695b21395cb54e378
a3cae46b48d469cc61ab0581303bcd5f5b654db9
fac3f681be358a20f78958dff10c89b7a91365c5114c81246c1bc34c1362ba1e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4504
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 12:17:16 GMT
Last-Modified: Sun, 04 Dec 2022 11:02:12 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

kdmh.live/web/index_files/aaron.css

192.151.157.182

200 OK

7.8 kB

URL HTTP/1.1
kdmh.live/web/index_files/aaron.css
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
ASCII text, with very long lines (561), with CRLF line terminators
Size
7.8 kB (7765 bytes)
Hash
fa7ae4dd9f98c3a5aea4b2d88232c2b9
3d0b5cdfca1c4829b6f37aa6767858e805ce69db
09a8c5f1e207b65ff7b6b3cd3c382524db4741d817cbed71001bdd432d6e9f6c

HTTP Headers

GET /web/index_files/aaron.css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:16 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 08 Apr 2021 04:06:10 GMT
Expires: Tue, 03 Jan 2023 12:17:16 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/donald.css

192.151.157.182

200 OK

784 B

URL HTTP/1.1
kdmh.live/web/index_files/donald.css
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
ASCII text, with CRLF line terminators
Size
784 B (784 bytes)
Hash
fd8d9487fb63a4939deef8000243e17b
300d85acbf22b0e4d521f35e7b639799347400fe
fff41c307aeca5ced2f743dbdd9cc04b48d10ef2245da6c9007aa172d5474374

HTTP Headers

GET /web/index_files/donald.css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:16 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 08 Apr 2021 04:06:10 GMT
Expires: Tue, 03 Jan 2023 12:17:16 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/kirk.css

192.151.157.182

200 OK

2.8 kB

URL HTTP/1.1
kdmh.live/web/index_files/kirk.css
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
ASCII text, with CRLF line terminators
Size
2.8 kB (2799 bytes)
Hash
20cb9643a73e02691aa733336ea08b6d
e7b7c6dc26b42b7eb937e25a57194114108cb9d4
fe6daaf68f28f5fb4f35dac29a3809fb89e767046c36ee23bab7ea3ced67412c

HTTP Headers

GET /web/index_files/kirk.css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:16 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 08 Apr 2021 04:06:10 GMT
Expires: Tue, 03 Jan 2023 12:17:16 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/tony.css

192.151.157.182

200 OK

7.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/tony.css
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
ASCII text, with very long lines (546), with CRLF line terminators
Size
7.1 kB (7092 bytes)
Hash
9b2357d716616d3ce321baa4fbba1c83
eb59f90448a50c95dbb3d9f8af6a547149fefd32
2d5ba3a27dee9cb99c9ce20038a3c4f0a73b121c7871bf30e9c208c12828921f

HTTP Headers

GET /web/index_files/tony.css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:16 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 08 Apr 2021 04:06:10 GMT
Expires: Tue, 03 Jan 2023 12:17:16 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
122124f83967c12700f5a6f5546b0f1f
d7acd2db61ad811c388a44b7bd407fa5f4aea8ee
b6b9e0b6c241b4eeb5161b1c297dec2aa6188032017074ee7f8e5533fab87a4d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 12:17:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

kdmh.live/web/index_files/michael.css

192.151.157.182

200 OK

7.5 kB

URL HTTP/1.1
kdmh.live/web/index_files/michael.css
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
ASCII text, with very long lines (404), with CRLF line terminators
Size
7.5 kB (7537 bytes)
Hash
fc192979d076dcaefc63d021a2b90a34
127ef258db1871f8e246905477ccc5c7566cabf3
79189d58782972dc929a15e9cf05b0dece4df94d44bfe74975133c2d02cca39f

HTTP Headers

GET /web/index_files/michael.css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:16 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 08 Apr 2021 04:06:10 GMT
Expires: Tue, 03 Jan 2023 12:17:16 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
122124f83967c12700f5a6f5546b0f1f
d7acd2db61ad811c388a44b7bd407fa5f4aea8ee
b6b9e0b6c241b4eeb5161b1c297dec2aa6188032017074ee7f8e5533fab87a4d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 12:17:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

kdmh.live/web/index_files/jquery.autocomplete.css

192.151.157.182

200 OK

442 B

URL HTTP/1.1
kdmh.live/web/index_files/jquery.autocomplete.css
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
ASCII text, with CRLF line terminators
Size
442 B (442 bytes)
Hash
ccc7b222999c58c4de3613b659ce35e2
2f0b468deb584675b529dd610ab0981d8679da18
6b7aaa230eae81697aff34caa6f8930473f7a0f5d7773670d738ed7a9f5329f8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Canada Post
urlquery	phishing	Phishing - Canada Post

HTTP Headers

GET /web/index_files/jquery.autocomplete.css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:16 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 08 Apr 2021 04:06:10 GMT
Expires: Tue, 03 Jan 2023 12:17:16 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/storeEcommerce.css

192.151.157.182

200 OK

2.2 kB

URL HTTP/1.1
kdmh.live/web/index_files/storeEcommerce.css
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
ASCII text, with CRLF line terminators
Size
2.2 kB (2221 bytes)
Hash
d348bf7cbaea241e048a984ce6616c41
c7b5869534bc70aa8518aa20637f0cf8444c080a
7b134a682cc4b3a913225feeffc9e966aedbdf778a2825b19610271c906dfe72

HTTP Headers

GET /web/index_files/storeEcommerce.css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:16 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 08 Apr 2021 04:06:10 GMT
Expires: Tue, 03 Jan 2023 12:17:16 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/2012_eCommerce.css

192.151.157.182

200 OK

9.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/2012_eCommerce.css
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
ASCII text, with CRLF line terminators
Size
9.1 kB (9096 bytes)
Hash
35f3f2b658168436c7e4124957338830
16d0a07dc8f5668577f36463f95e7a658e3e37c6
d5197162c9bb72a94fab3afb565e93445b720230129722645e8201d59934c615

HTTP Headers

GET /web/index_files/2012_eCommerce.css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:16 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 08 Apr 2021 04:06:10 GMT
Expires: Tue, 03 Jan 2023 12:17:16 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/modernizr.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/modernizr.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/modernizr.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:16 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/jquery.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/jquery.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/jquery.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:16 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

push.services.mozilla.com/

44.238.3.246

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
44.238.3.246:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: B68XYMhKnYgJICyA8MDg9g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 0zHtx1NgN4RCpVXimsju4a7hAm0=

kdmh.live/web/index_files/cwc.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/cwc.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/cwc.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:17 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/jquery-ui.min.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/jquery-ui.min.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/jquery-ui.min.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:17 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/jquery-cookie.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/jquery-cookie.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/jquery-cookie.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:17 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/search_autocomplete.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/search_autocomplete.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/search_autocomplete.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:17 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/function.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/function.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/function.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:17 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/f(2).txt

192.151.157.182

200 OK

1.2 kB

URL HTTP/1.1
kdmh.live/web/index_files/f(2).txt
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
ASCII text, with very long lines (2858), with no line terminators
Size
1.2 kB (1161 bytes)
Hash
99ebd46f8aa935b50e7dc76a7abaa186
23085b76709963128c9b639d5fbba391c25535b6
ed4b4bc7ea8892971451c45e42be3978369b5ace11fd7d8ab594dc3dd42f2ad4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Canada Post
urlquery	phishing	Phishing - Canada Post
fortinet	Phishing

HTTP Headers

GET /web/index_files/f(2).txt HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 08 Apr 2021 04:06:12 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/selector.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/selector.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/selector.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:17 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/jCarousel.min.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/jCarousel.min.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/jCarousel.min.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:17 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/google-dfp.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/google-dfp.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/google-dfp.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:17 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/app.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/app.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/app.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:17 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/chat-common.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/chat-common.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/chat-common.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:17 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/jquery.smartbanner.css

192.151.157.182

200 OK

1.5 kB

URL HTTP/1.1
kdmh.live/web/index_files/jquery.smartbanner.css
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
ASCII text, with very long lines (496)
Size
1.5 kB (1492 bytes)
Hash
87121b8d224a734d98514f90fdc13538
8e5e5f8ab7b4c5074decaf9bd90bcb58286e84c8
cd525ee3fb6e379fc376a10253d04e34ed5ab065100aa5e691441f0593e81e07

HTTP Headers

GET /web/index_files/jquery.smartbanner.css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 08 Apr 2021 04:06:12 GMT
Expires: Tue, 03 Jan 2023 12:17:17 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/jquery.smartbanner.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/jquery.smartbanner.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/jquery.smartbanner.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:17 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/pubads_impl_2021040101.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/pubads_impl_2021040101.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/pubads_impl_2021040101.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:17 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/RCf1b64ddc47d04c2ba552708d0de25b3b-source.min.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/RCf1b64ddc47d04c2ba552708d0de25b3b-source.min.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/RCf1b64ddc47d04c2ba552708d0de25b3b-source.min.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:17 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/cpo.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/cpo.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/cpo.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:17 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/14.8f875927fce05bedfe11.chunk.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/14.8f875927fce05bedfe11.chunk.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/14.8f875927fce05bedfe11.chunk.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:17 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/1.5159a7a0ba1fcaed8917.chunk.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/1.5159a7a0ba1fcaed8917.chunk.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/1.5159a7a0ba1fcaed8917.chunk.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:17 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/insight.min.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/insight.min.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/insight.min.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:17 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/jsf.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/jsf.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/jsf.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:17 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/foundation.min.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/foundation.min.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/foundation.min.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:17 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/RightNow.Client.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/RightNow.Client.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/RightNow.Client.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:17 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/foundation.equalizer.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/foundation.equalizer.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/foundation.equalizer.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:17 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/CoreModule.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/CoreModule.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/CoreModule.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:17 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/UserDefinedHTMLModule.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/UserDefinedHTMLModule.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/UserDefinedHTMLModule.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:17 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/EX69ea3e2d8d9a41d99a46ba219e259885-libraryCode_source.min.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/EX69ea3e2d8d9a41d99a46ba219e259885-libraryCode_source.min.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/EX69ea3e2d8d9a41d99a46ba219e259885-libraryCode_source.min.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:17 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/ScreenCaptureModule.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/ScreenCaptureModule.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/ScreenCaptureModule.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:17 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/lib/js/zip.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/lib/js/zip.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/lib/js/zip.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:17 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/search.svg

192.151.157.182

200 OK

218 B

URL HTTP/1.1
kdmh.live/web/index_files/search.svg
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (320), with no line terminators
Size
218 B (218 bytes)
Hash
fb6dd2c30b85c7fc024bee4011a1eb5a
1bab1d1ccbaa99a29a105a4f6c182e73f88822b6
9529f8d89767d01d28a89249859cfa96063ec2048a2410a64009379a7dbee4ce

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Canada Post
urlquery	phishing	Phishing - Canada Post
fortinet	Phishing

HTTP Headers

GET /web/index_files/search.svg HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 08 Apr 2021 04:06:14 GMT
Expires: Thu, 02 Feb 2023 12:17:17 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/cpc-logo.svg

192.151.157.182

200 OK

598 B

URL HTTP/1.1
kdmh.live/web/index_files/cpc-logo.svg
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
598 B (598 bytes)
Hash
57b16e2e1cac8e487cb924f2f61d4b7b
08c3547f5480c8e0e8c0f3492184d258f7ba7fd3
c43b1b2baa163df01dbabaabedc843a7fde676b1f74eedacb10caa30053b1e19

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Canada Post
urlquery	phishing	Phishing - Canada Post
fortinet	Phishing

HTTP Headers

GET /web/index_files/cpc-logo.svg HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 08 Apr 2021 04:06:14 GMT
Expires: Thu, 02 Feb 2023 12:17:17 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/cpc-main-logo.svg

192.151.157.182

200 OK

4.0 kB

URL HTTP/1.1
kdmh.live/web/index_files/cpc-main-logo.svg
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (730)
Size
4.0 kB (3976 bytes)
Hash
b0c4d26b838add68cd2eb856446dc241
8029c5ec43100bc67b086d0dd3ee470a8b027482
17e48609b70a51e7919b9e58d59512b3e77011417e6c3f70783d280c8ab53542

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/cpc-main-logo.svg HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 08 Apr 2021 04:06:14 GMT
Expires: Thu, 02 Feb 2023 12:17:17 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/img/MasterCard.png

192.151.157.182

200 OK

2.1 kB

URL HTTP/1.1
kdmh.live/web/img/MasterCard.png
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
PNG image data, 76 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
2.1 kB (2077 bytes)
Hash
b2702b4b6944f05e00e7a9065c9d071b
a40d684e4e7e4cb085c37bd942874a3d60f719b5
8c4f22dc313ee84b9c84d4295b3593584159ab23c8a1f095b366aff8ca05f196

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Canada Post
urlquery	phishing	Phishing - Canada Post

HTTP Headers

GET /web/img/MasterCard.png HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: image/png
Content-Length: 2077
Connection: keep-alive
Last-Modified: Sat, 10 Apr 2021 04:41:40 GMT
Expires: Thu, 02 Feb 2023 12:17:17 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Accept-Ranges: bytes

kdmh.live/web/img/VISA.png

192.151.157.182

200 OK

2.6 kB

URL HTTP/1.1
kdmh.live/web/img/VISA.png
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
PNG image data, 76 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
2.6 kB (2600 bytes)
Hash
725caa991a29101f5da78da2fc1e1e63
cf4f10dfd71289c43273496120b79ef01a437d19
ef844111dee838dc5c8d388a96108379b2c97ced776fc95b2fa32b28f7ef6bde

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Canada Post
urlquery	phishing	Phishing - Canada Post

HTTP Headers

GET /web/img/VISA.png HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: image/png
Content-Length: 2600
Connection: keep-alive
Last-Modified: Sat, 10 Apr 2021 04:41:34 GMT
Expires: Thu, 02 Feb 2023 12:17:17 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Accept-Ranges: bytes

kdmh.live/web/lib/js/txt-crypt.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/lib/js/txt-crypt.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/lib/js/txt-crypt.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:17 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/img/AmEx.png

192.151.157.182

200 OK

1.3 kB

URL HTTP/1.1
kdmh.live/web/img/AmEx.png
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
PNG image data, 76 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
1.3 kB (1261 bytes)
Hash
801b445314b9ff68a391c117d99619ed
7fa0bdd998a1edae990a6797cc023a304f05088d
be9293395bb536020f4052e431a51639c3c9256ddb3e16f2820f0ad90d43fb9e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Canada Post
urlquery	phishing	Phishing - Canada Post

HTTP Headers

GET /web/img/AmEx.png HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: image/png
Content-Length: 1261
Connection: keep-alive
Last-Modified: Sat, 10 Apr 2021 04:41:46 GMT
Expires: Thu, 02 Feb 2023 12:17:17 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Accept-Ranges: bytes

kdmh.live/web/img/CVV_icon.png

192.151.157.182

200 OK

4.6 kB

URL HTTP/1.1
kdmh.live/web/img/CVV_icon.png
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
PNG image data, 125 x 90, 8-bit/color RGBA, non-interlaced\012- data
Size
4.6 kB (4637 bytes)
Hash
6c1a7798f28815cbb8c4c8918e36080a
c475698985de9dbd65b56f389dce8eac58b4b000
107c0d3bba74e80c13517241c8c0dc093459f0c56a7f998eb53feaa0aa811200

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Canada Post
urlquery	phishing	Phishing - Canada Post

HTTP Headers

GET /web/img/CVV_icon.png HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: image/png
Content-Length: 4637
Connection: keep-alive
Last-Modified: Sat, 10 Apr 2021 04:49:54 GMT
Expires: Thu, 02 Feb 2023 12:17:17 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Accept-Ranges: bytes

kdmh.live/web/index_files/gov-canada-logo.svg

192.151.157.182

200 OK

5.4 kB

URL HTTP/1.1
kdmh.live/web/index_files/gov-canada-logo.svg
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2441)
Size
5.4 kB (5395 bytes)
Hash
01962c4f21efb2281020afae6cd29bf8
a1feea5e443f3e1546c69eac25f3ee42c7d4e5fd
2aee3e51d10a29bf075616dcd2ce4f0f1ecfa6e58879f9f5015d7896a9687fb6

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/gov-canada-logo.svg HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 08 Apr 2021 04:06:14 GMT
Expires: Thu, 02 Feb 2023 12:17:17 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/remove_screen_capture.png

192.151.157.182

200 OK

857 B

URL HTTP/1.1
kdmh.live/web/index_files/remove_screen_capture.png
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
PNG image data, 128 x 128, 8-bit gray+alpha, non-interlaced\012- data
Size
857 B (857 bytes)
Hash
e4387ea5cc65d51d08a60765f46cbbcb
f8314def36b28e99c28cda0f4369e4786bf18ca4
37f7e4cae3c3a409193078169c5731a142552e04ca3bbb19c85e87432ce58afb

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Canada Post
urlquery	phishing	Phishing - Canada Post

HTTP Headers

GET /web/index_files/remove_screen_capture.png HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: image/png
Content-Length: 857
Connection: keep-alive
Last-Modified: Thu, 08 Apr 2021 04:06:16 GMT
Expires: Thu, 02 Feb 2023 12:17:17 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Accept-Ranges: bytes

kdmh.live/web/index_files/building_preview.gif

192.151.157.182

200 OK

12 kB

URL HTTP/1.1
kdmh.live/web/index_files/building_preview.gif
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
GIF image data, version 89a, 113 x 108\012- data
Size
12 kB (12336 bytes)
Hash
3c3ba37130de5fe15faf97c18908283e
c15b49cb09745a9939315132e18f2e40fa2ccf22
9096646da2177d5db92f79352509450582a376913bb5387557c1efd28d0c377b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Canada Post
urlquery	phishing	Phishing - Canada Post

HTTP Headers

GET /web/index_files/building_preview.gif HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: image/gif
Content-Length: 12336
Connection: keep-alive
Last-Modified: Thu, 08 Apr 2021 04:06:16 GMT
Expires: Thu, 02 Feb 2023 12:17:17 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Accept-Ranges: bytes

kdmh.live/web/index_files/modernizr.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/modernizr.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/modernizr.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:17 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/jquery.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/jquery.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/jquery.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:18 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:18 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/css

192.151.157.182

200 OK

15 kB

URL HTTP/1.1
kdmh.live/web/index_files/css
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
data
Size
15 kB (15396 bytes)
Hash
10fb9aef4d121f570b7c588fdb834df6
866db05e29ab5c29a202d09af8eb390f3c82399f
e7d31ecce08514c9377b6a541714993655035bfe61a1df7535c93c24aeefedb8

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Length: 24218
Connection: keep-alive
Last-Modified: Thu, 08 Apr 2021 04:06:10 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: HIT
X-Server-Powered-By: Engintron
Accept-Ranges: bytes

kdmh.live/web/index_files/saved_resource

192.151.157.182

200 OK

18 kB

URL HTTP/1.1
kdmh.live/web/index_files/saved_resource
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
data
Size
18 kB (17558 bytes)
Hash
ac57cf7b810c08a259e9f0e220783e09
a5bbd3ba9ed8f320eeca35cc1a60a17a6addf0d8
e836a59bf94e2f631f855fef04b6909e8680fb479ed9e7b0d62c49f775b085af

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/saved_resource HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Length: 61477
Connection: keep-alive
Last-Modified: Thu, 08 Apr 2021 04:06:14 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: MISS
X-Server-Powered-By: Engintron
Accept-Ranges: bytes

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2865
Expires: Sun, 04 Dec 2022 13:05:03 GMT
Date: Sun, 04 Dec 2022 12:17:18 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2865
Expires: Sun, 04 Dec 2022 13:05:03 GMT
Date: Sun, 04 Dec 2022 12:17:18 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2382
Expires: Sun, 04 Dec 2022 12:57:00 GMT
Date: Sun, 04 Dec 2022 12:17:18 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp

34.120.237.76

200 OK

5.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.7 kB (5681 bytes)
Hash
43309032a892c486f9985ef520df696e
36f4682ca6a33ff80ee02129c77e6f27e996ede0
24225ff504f30405d9ec3feb2555c738fcca0d6b265f285aa9c73a64c78a496e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5681
x-amzn-requestid: 8f0d66b8-d532-48d9-9a29-74540cd6ab3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltXnEotIAMFqkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc296-27349a376ff819ab63b04a81;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:41:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vNP2rQwmWTntetjJyjonO8N_YOBqvQuZUm42BWX7c1GoX7jASOIpCg==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:49:42 GMT
age: 52056
etag: "36f4682ca6a33ff80ee02129c77e6f27e996ede0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.3 kB (8315 bytes)
Hash
db1701b7b9d161a0c935bb6e10b17893
22a8c4bd58c729c1abcf794466e8f3231dfb034b
b495524a33e5b1d3ba34cfbe867ada0da956c061370b1fcde06b23a6194a9787

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8315
x-amzn-requestid: f1bcc33b-aad9-4d3b-b1f9-49282f2d4fb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMGVboAMFfxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-13472a097177d4751c8f7a8c;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: JuY0xcLDiERwrVhq33d4PP64liDqFfk9bc9xX1H62o0tOwrt1ek7Pg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:42:39 GMT
age: 52479
etag: "22a8c4bd58c729c1abcf794466e8f3231dfb034b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

16 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
16 kB (16143 bytes)
Hash
14dcca2a9c4792d835ee709bcd947402
1d702df3a64258628f4124eafd580695f2d350af
da01dcd8fef7c50bdb6f7a8a6a4955694092f479df3dba72f7fa69d7280d07b2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 16143
x-amzn-requestid: dc86fad4-4e53-42c9-9b0a-5e4d2cfcd087
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdGyLGqmoAMFnaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851a7-0ea324b31e8c6578098b8ab9;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:03 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KHd4ajJWl-8TDH5HGbkuJXI4NL6I83IwSUBKzfq85cxpyRH_LGl6OA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 05:55:20 GMT
age: 22918
etag: "1d702df3a64258628f4124eafd580695f2d350af"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.7 kB (4666 bytes)
Hash
c01fe1cccdb3b672bbade6d98217ffe9
a9a529dc9894827f6243a1bf57f81caa4fe88fc2
c43da6212c79a08e22e78e04e99e8f5422e64b4b0a87f30b7907f1b4bc675c71

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4666
x-amzn-requestid: 850d341f-5ccb-453c-8adf-a8194f8fbdad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clr_-GiboAMFwww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc066-766293f2526e637235067aca;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: z5uqgjB-Bsl0U55a8aFi37cpJ65Vnbjm6bJ2GnMpaO7RXsMZsOCbPQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:44:01 GMT
age: 52397
etag: "a9a529dc9894827f6243a1bf57f81caa4fe88fc2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.0 kB (8989 bytes)
Hash
a6e7b32ac999cf3c899a234c621fa91a
fc5d4f3163ebb9faf85968cbb1d194e8e68418be
f12db3aed126006fee00649aba0b3eaae900de200b85b9523866a90b5494f18e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8989
x-amzn-requestid: abce0b01-f70c-42ad-b242-5a24735fe4c2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltl4Gk2oAMFSWQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc2f2-1cccffff5199dffe70264a95;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:43:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PFl7VUrzRkMFNnTiIw_cbGCyrEFn43eUSlZfT0nUhUmjjyXT7JfjMA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:50:01 GMT
age: 52037
etag: "fc5d4f3163ebb9faf85968cbb1d194e8e68418be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61cc2744-b517-4404-bfa2-25fadadfa3f3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10431 bytes)
Hash
2636f91bb8fa4d9bb7bef114c248a9ae
8637105f41058bc0d2b259d462b560881928adb6
3d93fd8fcf1af31d00ccbd453142dbea5f2b91d7f58373095943ed40a31ed1f7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61cc2744-b517-4404-bfa2-25fadadfa3f3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10431
x-amzn-requestid: f79ab5e7-8c1b-4827-a531-aaa19c1d80aa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsCGEwxIAMF34g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc073-6358d2950955884c470c0a89;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PQ7xh995cd1UVi3z42EVZGjQjHLLvtAP5BBC-xLEEGr4mEiXS6fC-w==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:47:06 GMT
age: 52212
etag: "8637105f41058bc0d2b259d462b560881928adb6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

kdmh.live/web/index_files/jquery-ui.min.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/jquery-ui.min.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/jquery-ui.min.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:18 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:18 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/selector.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/selector.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/selector.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:18 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:18 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/jquery-cookie.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/jquery-cookie.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/jquery-cookie.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:18 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:18 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/function.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/function.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/function.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:18 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:18 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/search_autocomplete.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/search_autocomplete.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/search_autocomplete.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:18 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:18 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/f(1).txt

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/f(1).txt
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
ASCII text, with very long lines (2584), with no line terminators
Size
1.1 kB (1105 bytes)
Hash
42efed92920ae65e31de8f8f25278fc8
845ae800ac734fbd54bde41999361132b88c22ad
8b16295dbfb3676fbfbe8cb9eace8df47ba8e6c4985be20e47a21837c9765a2b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/f(1).txt HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:18 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 08 Apr 2021 04:06:12 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: HIT
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/f(2).txt

192.151.157.182

200 OK

1.2 kB

URL HTTP/1.1
kdmh.live/web/index_files/f(2).txt
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
ASCII text, with very long lines (2858), with no line terminators
Size
1.2 kB (1161 bytes)
Hash
99ebd46f8aa935b50e7dc76a7abaa186
23085b76709963128c9b639d5fbba391c25535b6
ed4b4bc7ea8892971451c45e42be3978369b5ace11fd7d8ab594dc3dd42f2ad4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Canada Post
urlquery	phishing	Phishing - Canada Post
fortinet	Phishing

HTTP Headers

GET /web/index_files/f(2).txt HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:19 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 08 Apr 2021 04:06:12 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/jCarousel.min.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/jCarousel.min.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/jCarousel.min.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:19 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/google-dfp.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/google-dfp.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/google-dfp.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:19 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/app.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/app.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/app.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:19 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/cpo.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/cpo.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/cpo.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:19 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/cpo.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/cpo.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/cpo.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:19 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/chat-common.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/chat-common.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/chat-common.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:19 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/jquery.smartbanner.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/jquery.smartbanner.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/jquery.smartbanner.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:19 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/pubads_impl_2021040101.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/pubads_impl_2021040101.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/pubads_impl_2021040101.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:20 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/14.8f875927fce05bedfe11.chunk.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/14.8f875927fce05bedfe11.chunk.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/14.8f875927fce05bedfe11.chunk.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:20 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/RCf1b64ddc47d04c2ba552708d0de25b3b-source.min.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/RCf1b64ddc47d04c2ba552708d0de25b3b-source.min.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/RCf1b64ddc47d04c2ba552708d0de25b3b-source.min.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:20 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/1.5159a7a0ba1fcaed8917.chunk.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/1.5159a7a0ba1fcaed8917.chunk.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/1.5159a7a0ba1fcaed8917.chunk.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:20 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/14.8f875927fce05bedfe11.chunk.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/14.8f875927fce05bedfe11.chunk.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/14.8f875927fce05bedfe11.chunk.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:20 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
da9700d928847bca71f73dc9ca89bd1c
2f156a1557a7504da776ed9a82dc52563662be6f
428ed39905a42b1fc7aaf84f2144caf58ddcb53ac2fbda9af61784ca7394a344

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 12:17:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
da9700d928847bca71f73dc9ca89bd1c
2f156a1557a7504da776ed9a82dc52563662be6f
428ed39905a42b1fc7aaf84f2144caf58ddcb53ac2fbda9af61784ca7394a344

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 12:17:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://kdmh.live
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:54 GMT
expires: Thu, 30 Nov 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 319406
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Size
16 kB (15740 bytes)
Hash
b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://kdmh.live
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:34:15 GMT
expires: Thu, 30 Nov 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 319385
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

kdmh.live/web/index_files/1.5159a7a0ba1fcaed8917.chunk.js

192.151.157.182

200 OK

2.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/1.5159a7a0ba1fcaed8917.chunk.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
data
Size
2.1 kB (2079 bytes)
Hash
7908b4f6acde8d59dc8f47d624897cba
1a4235a832e76d95b2a2f69e2dd9965b14a4b109
9d287eb4e89203973c2ee7280ac8a394672d979c8951aeb6f798137c41748ba5

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/1.5159a7a0ba1fcaed8917.chunk.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:20 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
da9700d928847bca71f73dc9ca89bd1c
2f156a1557a7504da776ed9a82dc52563662be6f
428ed39905a42b1fc7aaf84f2144caf58ddcb53ac2fbda9af61784ca7394a344

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 12:17:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

kdmh.live/shop/mc/assets/images/app/ecomm/structure/chevron-right.svg

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/shop/mc/assets/images/app/ecomm/structure/chevron-right.svg
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /shop/mc/assets/images/app/ecomm/structure/chevron-right.svg HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/index_files/2012_eCommerce.css

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 02 Feb 2023 12:17:20 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/cpotools/mc/assets/images/structure/blue_question_icon.gif

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/cpotools/mc/assets/images/structure/blue_question_icon.gif
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

HTTP Headers

GET /cpotools/mc/assets/images/structure/blue_question_icon.gif HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/index_files/extendstyles.css

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 02 Feb 2023 12:17:20 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://kdmh.live
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:34:15 GMT
expires: Thu, 30 Nov 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 319385
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.canadapost.ca/cpc/assets/cpc/img/icons/global-alert/cancel.svg

104.88.13.190

301 Moved Permanently

0 B

URL HTTP/1.1
www.canadapost.ca/cpc/assets/cpc/img/icons/global-alert/cancel.svg
IP
104.88.13.190:0
ASN
#16625 AKAMAI-AS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cpc/assets/cpc/img/icons/global-alert/cancel.svg HTTP/1.1
Host: www.canadapost.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kdmh.live/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 301 Moved Permanently
Server: AkamaiGHost
Content-Length: 0
Location: https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/global-alert/cancel.svg
Date: Sun, 04 Dec 2022 12:17:20 GMT
Connection: keep-alive
strict-transport-security: max-age=31536000; includeSubdomains; preload

www.canadapost.ca/cpc/assets/cpc/img/icons/search.svg

104.88.13.190

301 Moved Permanently

0 B

URL HTTP/1.1
www.canadapost.ca/cpc/assets/cpc/img/icons/search.svg
IP
104.88.13.190:0
ASN
#16625 AKAMAI-AS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cpc/assets/cpc/img/icons/search.svg HTTP/1.1
Host: www.canadapost.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kdmh.live/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 301 Moved Permanently
Server: AkamaiGHost
Content-Length: 0
Location: https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/search.svg
Date: Sun, 04 Dec 2022 12:17:20 GMT
Connection: keep-alive
strict-transport-security: max-age=31536000; includeSubdomains; preload

kdmh.live/web/index_files/cwc.js

192.151.157.182

200 OK

1.0 kB

URL HTTP/1.1
kdmh.live/web/index_files/cwc.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
data
Size
1.0 kB (1025 bytes)
Hash
34e62985ae873d645093d306f2d5f319
d620606c55099f41c041ce317e93e13b9c0e0eb1
0122549cfb3d2e0dc75a1915f1102f9ffe175124edeaa82c7fdc0e84859bf13b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/cwc.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:18 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:18 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

www.canadapost.ca/cpc/assets/cpc/img/icons/arrow-down.svg

104.88.13.190

301 Moved Permanently

0 B

URL HTTP/1.1
www.canadapost.ca/cpc/assets/cpc/img/icons/arrow-down.svg
IP
104.88.13.190:0
ASN
#16625 AKAMAI-AS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cpc/assets/cpc/img/icons/arrow-down.svg HTTP/1.1
Host: www.canadapost.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kdmh.live/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 301 Moved Permanently
Server: AkamaiGHost
Content-Length: 0
Location: https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/arrow-down.svg
Date: Sun, 04 Dec 2022 12:17:20 GMT
Connection: keep-alive
strict-transport-security: max-age=31536000; includeSubdomains; preload

www.canadapost.ca/cpc/assets/cpc/img/icons/global-alert/alert.svg

104.88.13.190

301 Moved Permanently

0 B

URL HTTP/1.1
www.canadapost.ca/cpc/assets/cpc/img/icons/global-alert/alert.svg
IP
104.88.13.190:0
ASN
#16625 AKAMAI-AS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cpc/assets/cpc/img/icons/global-alert/alert.svg HTTP/1.1
Host: www.canadapost.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kdmh.live/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 301 Moved Permanently
Server: AkamaiGHost
Content-Length: 0
Location: https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/global-alert/alert.svg
Date: Sun, 04 Dec 2022 12:17:20 GMT
Connection: keep-alive
strict-transport-security: max-age=31536000; includeSubdomains; preload

www.canadapost.ca/cpc/assets/cpc/img/icons/toolbar-cg/feedback.svg

104.88.13.190

301 Moved Permanently

0 B

URL HTTP/1.1
www.canadapost.ca/cpc/assets/cpc/img/icons/toolbar-cg/feedback.svg
IP
104.88.13.190:0
ASN
#16625 AKAMAI-AS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cpc/assets/cpc/img/icons/toolbar-cg/feedback.svg HTTP/1.1
Host: www.canadapost.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kdmh.live/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 301 Moved Permanently
Server: AkamaiGHost
Content-Length: 0
Location: https://www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/toolbar-cg/feedback.svg
Date: Sun, 04 Dec 2022 12:17:20 GMT
Connection: keep-alive
strict-transport-security: max-age=31536000; includeSubdomains; preload

kdmh.live/web/index_files/foundation.equalizer.js

192.151.157.182

200 OK

2.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/foundation.equalizer.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
data
Size
2.1 kB (2079 bytes)
Hash
7908b4f6acde8d59dc8f47d624897cba
1a4235a832e76d95b2a2f69e2dd9965b14a4b109
9d287eb4e89203973c2ee7280ac8a394672d979c8951aeb6f798137c41748ba5

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/foundation.equalizer.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:20 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/SV_71iOFlig0vNugpn.html

192.151.157.182

200 OK

26 kB

URL HTTP/1.1
kdmh.live/web/index_files/SV_71iOFlig0vNugpn.html
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (30486)
Size
26 kB (26461 bytes)
Hash
be666aec53c9ca262e40e22c0d680df5
1082178933b40692e6396d89ac08fbbea47587fc
fbf88f5ea57b90b8a81228c90c0fca5c0434647cf1c78f10d265aa5dadf1922f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/SV_71iOFlig0vNugpn.html HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:21 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 08 Apr 2021 04:06:18 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: MISS
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/pixel.html

192.151.157.182

200 OK

402 B

URL HTTP/1.1
kdmh.live/web/index_files/pixel.html
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
402 B (402 bytes)
Hash
b24673e97151fad3d63fb661e638672d
196af9254d428e20df095cddb244ef1f759f9f70
5cafabe87db09818cca305d44f29d7c1e4ecd816f339d064ab6f5ed07b0c113c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Canada Post
urlquery	phishing	Phishing - Canada Post
fortinet	Phishing

HTTP Headers

GET /web/index_files/pixel.html HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:21 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 08 Apr 2021 04:06:18 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: MISS
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/pixel(1).html

192.151.157.182

200 OK

402 B

URL HTTP/1.1
kdmh.live/web/index_files/pixel(1).html
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
402 B (402 bytes)
Hash
b24673e97151fad3d63fb661e638672d
196af9254d428e20df095cddb244ef1f759f9f70
5cafabe87db09818cca305d44f29d7c1e4ecd816f339d064ab6f5ed07b0c113c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Canada Post
urlquery	phishing	Phishing - Canada Post
fortinet	Phishing

HTTP Headers

GET /web/index_files/pixel(1).html HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:21 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 08 Apr 2021 04:06:18 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: MISS
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/db.21026c4133e1c59eaf45.js.download

192.151.157.182

200 OK

707 B

URL HTTP/1.1
kdmh.live/web/index_files/db.21026c4133e1c59eaf45.js.download
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document, ASCII text, with very long lines (2653), with no line terminators
Size
707 B (707 bytes)
Hash
a995c23343daaec7ad2fe463f69afe9e
a4be07f4cef2050c9cbc2533690e061768b5734b
16f0233b190f12de81074cd1a5633f4ae19cce17e489b9e5372a32376c45c3d7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Canada Post
urlquery	phishing	Phishing - Canada Post
fortinet	Phishing

HTTP Headers

GET /web/index_files/db.21026c4133e1c59eaf45.js.download HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/index_files/SV_71iOFlig0vNugpn.html

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:21 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 08 Apr 2021 04:06:16 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: MISS
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/mc.3b7764525d9f2c925e16.js.download

192.151.157.182

200 OK

5.9 kB

URL HTTP/1.1
kdmh.live/web/index_files/mc.3b7764525d9f2c925e16.js.download
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
ASCII text, with very long lines (39237), with no line terminators
Size
5.9 kB (5935 bytes)
Hash
872fdd85f80d58deeef4584798deee3e
1b2c260fa862a987c3473ee5ba5c2a70f4ea7fe5
caf12b761b1f67079d549a17d1c9227226295a1b572be59d075d9d1262d9201b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/mc.3b7764525d9f2c925e16.js.download HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/index_files/SV_71iOFlig0vNugpn.html

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:21 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 08 Apr 2021 04:06:16 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: MISS
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/meta.ff17afb25384dfc7e22f.js.download

192.151.157.182

200 OK

946 B

URL HTTP/1.1
kdmh.live/web/index_files/meta.ff17afb25384dfc7e22f.js.download
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document, ASCII text, with very long lines (2437), with no line terminators
Size
946 B (946 bytes)
Hash
6b4d3e6e359df5d1f3afc5eab9b64045
b7c104cb3516b41f566d68942f19180427f9b11d
9db3841bc70828c71ab41dc0f00cf342b0b160438eba2b94546ff4c0e3f2f3b0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Canada Post
urlquery	phishing	Phishing - Canada Post
fortinet	Phishing

HTTP Headers

GET /web/index_files/meta.ff17afb25384dfc7e22f.js.download HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/index_files/SV_71iOFlig0vNugpn.html

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:21 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 08 Apr 2021 04:06:16 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: MISS
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/foundation.min.js

192.151.157.182

200 OK

2.7 kB

URL HTTP/1.1
kdmh.live/web/index_files/foundation.min.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
data
Size
2.7 kB (2677 bytes)
Hash
33298e179ca3ad942399703a12c3756b
74597912658dac1f8ae13fb000f2b31dfa501dfe
72f20457342b14bbc719d2b3343515c0db77cf4055b8137fa223e8f0a766319c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/foundation.min.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:20 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/prototype.213678de24c47bc84650.js.download

192.151.157.182

200 OK

29 kB

URL HTTP/1.1
kdmh.live/web/index_files/prototype.213678de24c47bc84650.js.download
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
ASCII text, with very long lines (65536), with no line terminators
Size
29 kB (28897 bytes)
Hash
438a6b686e9d5ae280582474f179e8d8
7093ccb3d7c6d8ca9c76d05259cea0b6e0cdf92b
375d93feec68315f90b13021238dc83135342214b0b29f274f2e16c95453c48b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/prototype.213678de24c47bc84650.js.download HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/index_files/SV_71iOFlig0vNugpn.html

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:21 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 08 Apr 2021 04:06:16 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: MISS
X-Server-Powered-By: Engintron
Content-Encoding: gzip

www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/search.svg

104.88.13.190

200 OK

218 B

URL HTTP/1.1
www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/search.svg
IP
104.88.13.190:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (320), with no line terminators
Size
218 B (218 bytes)
Hash
d3a621feba2c9afadc8e74c4f71021e1
5364a043f80e5dcbc81b81e86d406eedfc1b69a4
9616a4bbe31bf59f3ec6fd4a9f237bfb89d3424a45238b625b7f1620377d5401

HTTP Headers

GET /cpc/assets/cpc/img/icons/search.svg HTTP/1.1
Host: www.canadapost-postescanada.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://kdmh.live/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: image/svg+xml
ETag: "5a78a621-140"
Last-Modified: Mon, 05 Feb 2018 18:44:49 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
content-security-policy-report-only: object-src 'none'; connect-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.cpggpc.ca https://www.google-analytics.com https://siteintercept.qualtrics.com https://www.facebook.com https://sslstats.canadapost.ca https://*.wistia.com https://dpm.demdex.net https://csi.gstatic.com https://adservice.google.com https://*.googlesyndication.com https://*.g.doubleclick.net https://maps.googleapis.com https://vmss.boldchat.com https://www.linkedin.com https://canadapost.tt.omtrdc.net https://services.postcodeanywhere.co.uk https://embedwistia-a.akamaihd.net https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://fonts.gstatic.com https://*.arcgis.com; form-action 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca  https://*.epost.ca https://www.facebook.com https://google.com; frame-ancestors 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.cpggpc.ca https://www.adobetag.com https://assets.adobedtm.com https://siteintercept.qualtrics.com  https://zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com https://connect.facebook.net https://snap.licdn.com https://z.moatads.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.google.com https://www.googletagservices.com https://*.google-analytics.com https://*.googleadservices.com https://www.gstatic.com https://*.googlesyndication.com https://adservice.google.com https://adservice.google.ca https://maps.googleapis.com https://cdn.ampproject.org https://*.doubleclick.net https://*.twitter.com https://cdn.syndication.twimg.com https://dpm.demdex.net https://*.wistia.com https://*.frontlinesvc.com https://*.arcgis.com https://www.linkedin.com https://vmss.boldchat.com https://sb.scorecardresearch.com https://www.rnengage.com https://sjs.bizographics.com https://www.instagram.com https://secure.adnxs.com https://app.five9.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://*.frontlinesvc.com https://fonts.googleapis.com https://translate.googleapis.com https://*.twitter.com https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.arcgis.com https://*.arcgisonline.com https://app.five9.com; report-uri https://www.canadapost-postescanada.ca/cwc/components/rs/csp-reports;
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
Cache-Control: max-age=86400, private
Expires: Mon, 03 Oct 2022 08:27:21 GMT
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
Content-Security-Policy: frame-ancestors 'self'
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubdomains; preload
Content-Encoding: gzip
Content-Length: 218
Date: Sun, 04 Dec 2022 12:17:21 GMT
Connection: keep-alive
Vary: Accept-Encoding

www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/global-alert/cancel.svg

104.88.13.190

200 OK

377 B

URL HTTP/1.1
www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/global-alert/cancel.svg
IP
104.88.13.190:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text
Size
377 B (377 bytes)
Hash
3e69d3df64d1d2900137d925afc81ef4
27113030bc0a70e40c1ec28523c53118feb97454
2aaceded66a94f94d5bb275b056d4310327b9eb50004d6e985417cf7d792d251

HTTP Headers

GET /cpc/assets/cpc/img/icons/global-alert/cancel.svg HTTP/1.1
Host: www.canadapost-postescanada.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://kdmh.live/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: image/svg+xml
ETag: "5a6b5666-331"
Last-Modified: Fri, 26 Jan 2018 16:25:10 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
content-security-policy-report-only: object-src 'none'; connect-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.cpggpc.ca https://www.google-analytics.com https://siteintercept.qualtrics.com https://www.facebook.com https://sslstats.canadapost.ca https://*.wistia.com https://dpm.demdex.net https://csi.gstatic.com https://adservice.google.com https://*.googlesyndication.com https://*.g.doubleclick.net https://maps.googleapis.com https://vmss.boldchat.com https://www.linkedin.com https://canadapost.tt.omtrdc.net https://services.postcodeanywhere.co.uk https://embedwistia-a.akamaihd.net https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://fonts.gstatic.com https://*.arcgis.com; form-action 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca  https://*.epost.ca https://www.facebook.com https://google.com; frame-ancestors 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.cpggpc.ca https://www.adobetag.com https://assets.adobedtm.com https://siteintercept.qualtrics.com  https://zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com https://connect.facebook.net https://snap.licdn.com https://z.moatads.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.google.com https://www.googletagservices.com https://*.google-analytics.com https://*.googleadservices.com https://www.gstatic.com https://*.googlesyndication.com https://adservice.google.com https://adservice.google.ca https://maps.googleapis.com https://cdn.ampproject.org https://*.doubleclick.net https://*.twitter.com https://cdn.syndication.twimg.com https://dpm.demdex.net https://*.wistia.com https://*.frontlinesvc.com https://*.arcgis.com https://www.linkedin.com https://vmss.boldchat.com https://sb.scorecardresearch.com https://www.rnengage.com https://sjs.bizographics.com https://www.instagram.com https://secure.adnxs.com https://app.five9.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://*.frontlinesvc.com https://fonts.googleapis.com https://translate.googleapis.com https://*.twitter.com https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.arcgis.com https://*.arcgisonline.com https://app.five9.com; report-uri https://www.canadapost-postescanada.ca/cwc/components/rs/csp-reports;
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
Cache-Control: max-age=86400, private
Expires: Mon, 25 Jul 2022 13:51:51 GMT
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
Content-Security-Policy: frame-ancestors 'self'
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubdomains; preload
Content-Encoding: gzip
Content-Length: 377
Date: Sun, 04 Dec 2022 12:17:21 GMT
Connection: keep-alive
Vary: Accept-Encoding

www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/icon-lock.svg

104.88.13.190

200 OK

432 B

URL HTTP/1.1
www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/icon-lock.svg
IP
104.88.13.190:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (907), with no line terminators
Size
432 B (432 bytes)
Hash
2ad110b6a820845cf1b4b1d8e0585d48
6871d97125e77d9e676518742276710ec39279d9
e170143cc77d854d7bd7110f42251e13ae38c16b6f99a101b546c56d0b0ca23e

HTTP Headers

GET /cpc/assets/cpc/img/icons/icon-lock.svg HTTP/1.1
Host: www.canadapost-postescanada.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://kdmh.live/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: image/svg+xml
ETag: "5a78a622-38b"
Last-Modified: Mon, 05 Feb 2018 18:44:50 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
content-security-policy-report-only: object-src 'none'; connect-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.cpggpc.ca https://www.google-analytics.com https://siteintercept.qualtrics.com https://www.facebook.com https://sslstats.canadapost.ca https://*.wistia.com https://dpm.demdex.net https://csi.gstatic.com https://adservice.google.com https://*.googlesyndication.com https://*.g.doubleclick.net https://maps.googleapis.com https://vmss.boldchat.com https://www.linkedin.com https://canadapost.tt.omtrdc.net https://services.postcodeanywhere.co.uk https://embedwistia-a.akamaihd.net https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://fonts.gstatic.com https://*.arcgis.com; form-action 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca  https://*.epost.ca https://www.facebook.com https://google.com; frame-ancestors 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.cpggpc.ca https://www.adobetag.com https://assets.adobedtm.com https://siteintercept.qualtrics.com  https://zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com https://connect.facebook.net https://snap.licdn.com https://z.moatads.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.google.com https://www.googletagservices.com https://*.google-analytics.com https://*.googleadservices.com https://www.gstatic.com https://*.googlesyndication.com https://adservice.google.com https://adservice.google.ca https://maps.googleapis.com https://cdn.ampproject.org https://*.doubleclick.net https://*.twitter.com https://cdn.syndication.twimg.com https://dpm.demdex.net https://*.wistia.com https://*.frontlinesvc.com https://*.arcgis.com https://www.linkedin.com https://vmss.boldchat.com https://sb.scorecardresearch.com https://www.rnengage.com https://sjs.bizographics.com https://www.instagram.com https://secure.adnxs.com https://app.five9.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://*.frontlinesvc.com https://fonts.googleapis.com https://translate.googleapis.com https://*.twitter.com https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.arcgis.com https://*.arcgisonline.com https://app.five9.com; report-uri https://www.canadapost-postescanada.ca/cwc/components/rs/csp-reports;
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
Cache-Control: max-age=86400, private
Expires: Mon, 25 Jul 2022 13:51:51 GMT
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
Content-Security-Policy: frame-ancestors 'self'
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubdomains; preload
Content-Encoding: gzip
Content-Length: 432
Date: Sun, 04 Dec 2022 12:17:21 GMT
Connection: keep-alive
Vary: Accept-Encoding

www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/global-alert/alert.svg

104.88.13.190

200 OK

455 B

URL HTTP/1.1
www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/global-alert/alert.svg
IP
104.88.13.190:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text
Size
455 B (455 bytes)
Hash
ff8ab0bd64b81f01e5245fdcc5f86256
cb16cfd030e7f5758ff0320d3c467cc53b858d50
f36fd8c683ecf6ae26d06c171f584b955e5603ac12435b1fe0560a6e0a90d6dd

HTTP Headers

GET /cpc/assets/cpc/img/icons/global-alert/alert.svg HTTP/1.1
Host: www.canadapost-postescanada.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://kdmh.live/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: image/svg+xml
ETag: "5a6b5666-3ef"
Last-Modified: Fri, 26 Jan 2018 16:25:10 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
content-security-policy-report-only: object-src 'none'; connect-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.cpggpc.ca https://www.google-analytics.com https://siteintercept.qualtrics.com https://www.facebook.com https://sslstats.canadapost.ca https://*.wistia.com https://dpm.demdex.net https://csi.gstatic.com https://adservice.google.com https://*.googlesyndication.com https://*.g.doubleclick.net https://maps.googleapis.com https://vmss.boldchat.com https://www.linkedin.com https://canadapost.tt.omtrdc.net https://services.postcodeanywhere.co.uk https://embedwistia-a.akamaihd.net https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://fonts.gstatic.com https://*.arcgis.com; form-action 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca  https://*.epost.ca https://www.facebook.com https://google.com; frame-ancestors 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.cpggpc.ca https://www.adobetag.com https://assets.adobedtm.com https://siteintercept.qualtrics.com  https://zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com https://connect.facebook.net https://snap.licdn.com https://z.moatads.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.google.com https://www.googletagservices.com https://*.google-analytics.com https://*.googleadservices.com https://www.gstatic.com https://*.googlesyndication.com https://adservice.google.com https://adservice.google.ca https://maps.googleapis.com https://cdn.ampproject.org https://*.doubleclick.net https://*.twitter.com https://cdn.syndication.twimg.com https://dpm.demdex.net https://*.wistia.com https://*.frontlinesvc.com https://*.arcgis.com https://www.linkedin.com https://vmss.boldchat.com https://sb.scorecardresearch.com https://www.rnengage.com https://sjs.bizographics.com https://www.instagram.com https://secure.adnxs.com https://app.five9.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://*.frontlinesvc.com https://fonts.googleapis.com https://translate.googleapis.com https://*.twitter.com https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.arcgis.com https://*.arcgisonline.com https://app.five9.com; report-uri https://www.canadapost-postescanada.ca/cwc/components/rs/csp-reports;
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
Cache-Control: max-age=86400, private
Expires: Mon, 03 Oct 2022 08:11:50 GMT
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
Content-Security-Policy: frame-ancestors 'self'
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubdomains; preload
Content-Encoding: gzip
Content-Length: 455
Date: Sun, 04 Dec 2022 12:17:21 GMT
Connection: keep-alive
Vary: Accept-Encoding

www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/toolbar-cg/feedback.svg

104.88.13.190

200 OK

382 B

URL HTTP/1.1
www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/toolbar-cg/feedback.svg
IP
104.88.13.190:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (724), with no line terminators
Size
382 B (382 bytes)
Hash
b86b3f712d7d1224f22ce80ab788d8bc
1015427d965943c5acfda2a2b96174c96a30e715
827930f77d0aee840f92563e8da302b30e9f0b196f923edd0f6305faf4ae7df0

HTTP Headers

GET /cpc/assets/cpc/img/icons/toolbar-cg/feedback.svg HTTP/1.1
Host: www.canadapost-postescanada.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://kdmh.live/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: image/svg+xml
ETag: "5a78a638-2d4"
Last-Modified: Mon, 05 Feb 2018 18:45:12 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
content-security-policy-report-only: object-src 'none'; connect-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.cpggpc.ca https://www.google-analytics.com https://siteintercept.qualtrics.com https://www.facebook.com https://sslstats.canadapost.ca https://*.wistia.com https://dpm.demdex.net https://csi.gstatic.com https://adservice.google.com https://*.googlesyndication.com https://*.g.doubleclick.net https://maps.googleapis.com https://vmss.boldchat.com https://www.linkedin.com https://canadapost.tt.omtrdc.net https://services.postcodeanywhere.co.uk https://embedwistia-a.akamaihd.net https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://fonts.gstatic.com https://*.arcgis.com; form-action 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca  https://*.epost.ca https://www.facebook.com https://google.com; frame-ancestors 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.cpggpc.ca https://www.adobetag.com https://assets.adobedtm.com https://siteintercept.qualtrics.com  https://zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com https://connect.facebook.net https://snap.licdn.com https://z.moatads.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.google.com https://www.googletagservices.com https://*.google-analytics.com https://*.googleadservices.com https://www.gstatic.com https://*.googlesyndication.com https://adservice.google.com https://adservice.google.ca https://maps.googleapis.com https://cdn.ampproject.org https://*.doubleclick.net https://*.twitter.com https://cdn.syndication.twimg.com https://dpm.demdex.net https://*.wistia.com https://*.frontlinesvc.com https://*.arcgis.com https://www.linkedin.com https://vmss.boldchat.com https://sb.scorecardresearch.com https://www.rnengage.com https://sjs.bizographics.com https://www.instagram.com https://secure.adnxs.com https://app.five9.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://*.frontlinesvc.com https://fonts.googleapis.com https://translate.googleapis.com https://*.twitter.com https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.arcgis.com https://*.arcgisonline.com https://app.five9.com; report-uri https://www.canadapost-postescanada.ca/cwc/components/rs/csp-reports;
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
Cache-Control: max-age=86400, private
Expires: Mon, 03 Oct 2022 07:01:32 GMT
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
Content-Security-Policy: frame-ancestors 'self'
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubdomains; preload
Content-Encoding: gzip
Content-Length: 382
Date: Sun, 04 Dec 2022 12:17:21 GMT
Connection: keep-alive
Vary: Accept-Encoding

kdmh.live/web/index_files/stylesheet.css

192.151.157.182

200 OK

26 kB

URL HTTP/1.1
kdmh.live/web/index_files/stylesheet.css
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
Unicode text, UTF-8 text, with very long lines (559)
Size
26 kB (26427 bytes)
Hash
46cb7ec01d085abc4d74377b523e9109
bf9aa882070349281dada883d0a33ffe8643620b
4e1b1f6edda23fd5e1e53fc51ef363343c4368a22272c32093fe7fddd8ae8cc2

HTTP Headers

GET /web/index_files/stylesheet.css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/index_files/SV_71iOFlig0vNugpn.html

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:21 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 08 Apr 2021 04:06:16 GMT
Expires: Tue, 03 Jan 2023 12:17:21 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/arrow-down.svg

104.88.13.190

200 OK

167 B

URL HTTP/1.1
www.canadapost-postescanada.ca/cpc/assets/cpc/img/icons/arrow-down.svg
IP
104.88.13.190:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Size
167 B (167 bytes)
Hash
4ed5c36b7d9f92ed672bb1d5114b1b72
82b2a08c925663c452eb17d71d1c81dced90d334
2f598f2c792e57f0ad56a71362d58aef0b155d8eeaa139d3fd3e7c6cfdfb845e

HTTP Headers

GET /cpc/assets/cpc/img/icons/arrow-down.svg HTTP/1.1
Host: www.canadapost-postescanada.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://kdmh.live/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: image/svg+xml
ETag: "5a78a622-b9"
Last-Modified: Mon, 05 Feb 2018 18:44:50 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
content-security-policy-report-only: object-src 'none'; connect-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.cpggpc.ca https://www.google-analytics.com https://siteintercept.qualtrics.com https://www.facebook.com https://sslstats.canadapost.ca https://*.wistia.com https://dpm.demdex.net https://csi.gstatic.com https://adservice.google.com https://*.googlesyndication.com https://*.g.doubleclick.net https://maps.googleapis.com https://vmss.boldchat.com https://www.linkedin.com https://canadapost.tt.omtrdc.net https://services.postcodeanywhere.co.uk https://embedwistia-a.akamaihd.net https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://fonts.gstatic.com https://*.arcgis.com; form-action 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca  https://*.epost.ca https://www.facebook.com https://google.com; frame-ancestors 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.cpggpc.ca https://www.adobetag.com https://assets.adobedtm.com https://siteintercept.qualtrics.com  https://zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com https://connect.facebook.net https://snap.licdn.com https://z.moatads.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.google.com https://www.googletagservices.com https://*.google-analytics.com https://*.googleadservices.com https://www.gstatic.com https://*.googlesyndication.com https://adservice.google.com https://adservice.google.ca https://maps.googleapis.com https://cdn.ampproject.org https://*.doubleclick.net https://*.twitter.com https://cdn.syndication.twimg.com https://dpm.demdex.net https://*.wistia.com https://*.frontlinesvc.com https://*.arcgis.com https://www.linkedin.com https://vmss.boldchat.com https://sb.scorecardresearch.com https://www.rnengage.com https://sjs.bizographics.com https://www.instagram.com https://secure.adnxs.com https://app.five9.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://*.frontlinesvc.com https://fonts.googleapis.com https://translate.googleapis.com https://*.twitter.com https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.arcgis.com https://*.arcgisonline.com https://app.five9.com; report-uri https://www.canadapost-postescanada.ca/cwc/components/rs/csp-reports;
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
Cache-Control: max-age=86400, private
Expires: Tue, 20 Sep 2022 16:18:20 GMT
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
Content-Security-Policy: frame-ancestors 'self'
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubdomains; preload
Content-Encoding: gzip
Content-Length: 167
Date: Sun, 04 Dec 2022 12:17:21 GMT
Connection: keep-alive
Vary: Accept-Encoding

kdmh.live/web/index_files/jfe.c5d51c1772674a71d60c.js.download

192.151.157.182

200 OK

67 kB

URL HTTP/1.1
kdmh.live/web/index_files/jfe.c5d51c1772674a71d60c.js.download
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Size
67 kB (67141 bytes)
Hash
d37a61b5ead7edce39d8e6f15044811c
d51d8abaf4194ae3f39d4a91c7ceb9ad864eb5b3
546769dcd1317de2b98be35ceadc180e4d002c810356aadcc1337a2ec84228b4

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/jfe.c5d51c1772674a71d60c.js.download HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/index_files/SV_71iOFlig0vNugpn.html

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:21 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 08 Apr 2021 04:06:16 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: MISS
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/vendor.866d3d2023e5a297a1b9.js.download

192.151.157.182

200 OK

84 kB

URL HTTP/1.1
kdmh.live/web/index_files/vendor.866d3d2023e5a297a1b9.js.download
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
data
Size
84 kB (84086 bytes)
Hash
a2c2e93f43f39f47d73c331d7a9fe900
10c3eaa0b7d805af535a839fb6a4918554329bfa
cfbdcbd495e2dee7fff174d21cf7ce6f0c393a21122a4511452dd1772926bb34

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/vendor.866d3d2023e5a297a1b9.js.download HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/index_files/SV_71iOFlig0vNugpn.html

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:21 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 08 Apr 2021 04:06:16 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: MISS
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/jfe/static/dist/c/jsApi.8da1775e8131fb08b25b.js

192.151.157.182

404 Not Found

0 B

URL HTTP/1.1
kdmh.live/jfe/static/dist/c/jsApi.8da1775e8131fb08b25b.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Canada Post
urlquery	phishing	Phishing - Canada Post
fortinet	Phishing

HTTP Headers

GET /jfe/static/dist/c/jsApi.8da1775e8131fb08b25b.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/index_files/SV_71iOFlig0vNugpn.html

HTTP/1.1 404 Not Found
Server: nginx
Date: Sun, 04 Dec 2022 12:17:21 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff

kdmh.live/web/index_files/jsApi.8da1775e8131fb08b25b.js.download

192.151.157.182

200 OK

3.8 kB

URL HTTP/1.1
kdmh.live/web/index_files/jsApi.8da1775e8131fb08b25b.js.download
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
ASCII text, with very long lines (14066), with no line terminators
Size
3.8 kB (3843 bytes)
Hash
a24e027d7b693def8c4c7638b9b9df44
c1ef0e18962cd3495d43404160c9a0154c1fc8c5
e0747ee4533d5a1dd71311404100867a9b1e0fe4c5e920832936c9903997a9d4

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/jsApi.8da1775e8131fb08b25b.js.download HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/index_files/SV_71iOFlig0vNugpn.html

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:22 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 08 Apr 2021 04:06:16 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: MISS
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/CoreModule.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/CoreModule.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/CoreModule.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:22 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/ScreenCaptureModule.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/ScreenCaptureModule.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/ScreenCaptureModule.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:22 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/UserDefinedHTMLModule.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/UserDefinedHTMLModule.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/UserDefinedHTMLModule.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:22 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/ScreenCaptureModule.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/ScreenCaptureModule.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/ScreenCaptureModule.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:22 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/CoreModule.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/CoreModule.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/CoreModule.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:22 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/UserDefinedHTMLModule.js

192.151.157.182

200 OK

1.1 kB

URL HTTP/1.1
kdmh.live/web/index_files/UserDefinedHTMLModule.js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.1 kB (1054 bytes)
Hash
efd172d4a25cddd6df3a7c037df11673
3c39faae2ef9f9aef3f0f5463273a1edc69b79bd
59d7836faeb6ceb6f1fc98f3209a8bd5eaf8aacc9f0ca961397f8f7adc8539fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/UserDefinedHTMLModule.js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 03 Jan 2023 12:17:22 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Content-Encoding: gzip

b.scorecardresearch.com/beacon.js

143.204.55.8

200 OK

1.9 kB

URL HTTP/1.1
b.scorecardresearch.com/beacon.js
IP
143.204.55.8:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (3936)
Size
1.9 kB (1882 bytes)
Hash
95ead88a8555078b6f6bb9f697a8a4ec
1fbbfb3a67372b6b034d295a717e6601344e7216
4e0f7c7a56fc7a7bfc3d73b3ea4b4981c676efaaa126b6576e2b4f21eba78a88

HTTP Headers

GET /beacon.js HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/

HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 28 Jun 2022 13:19:23 GMT
x-amz-server-side-encryption: AES256
Server: AmazonS3
Content-Encoding: gzip
Date: Sun, 04 Dec 2022 01:57:21 GMT
Cache-Control: max-age=86400
ETag: W/"eaf85c1c6758e84acfe134efd70e9373"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: UUD-HkSCb8EzaDCCyEAcV-mK95I66R2QbnrgZH8NMuq0jKr_yMJQIw==
Age: 37202

static.ads-twitter.com/uwt.js

151.101.244.157

200 OK

15 kB

URL HTTP/1.1
static.ads-twitter.com/uwt.js
IP
151.101.244.157:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (57596), with no line terminators
Size
15 kB (15375 bytes)
Hash
573e6a7f86f6f3063763360ef0672c01
b12eab3b4ac8872d49ac6e15f9cd17741765c0cf
02445eb022a04139531f0ce8d8980c31083a1c670936f1477f5cfc4d252133f7

HTTP Headers

GET /uwt.js HTTP/1.1
Host: static.ads-twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/

HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 15375
Last-Modified: Thu, 27 Oct 2022 18:55:37 GMT
Cache-Control: no-cache
Content-Type: application/javascript; charset=utf-8
Content-Encoding: gzip
Etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
Accept-Ranges: bytes
Date: Sun, 04 Dec 2022 12:17:22 GMT
X-Served-By: cache-iad-kjyo7100147-IAD, cache-hel1410027-HEL
X-Cache: HIT, HIT
Vary: Accept-Encoding,Host
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
fd0b48347644ddc60fb16b04140cfcb7
ef8d6c8e3c979e98c82655290150aa14fe5d44d1
f3d27c16653ed979a7cce2dc6239a48a86c7dab2fc34949b540802e50b05275a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5642
Cache-Control: max-age=115930
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 12:17:22 GMT
Etag: "638b9ba3-1d7"
Expires: Mon, 05 Dec 2022 20:29:32 GMT
Last-Modified: Sat, 03 Dec 2022 18:55:31 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

sb.scorecardresearch.com/b?c1=2&c2=6035946&cs_it=b3&cv=3.8.0.210223&ns__t=1670156240127&ns_c=UTF-8&c7=http%3A%2F%2Fkdmh.live%2Fweb%2F&c8=Canada%20Post&c9=

143.204.55.96

204 No Content

0 B

URL HTTP/2
sb.scorecardresearch.com/b?c1=2&c2=6035946&cs_it=b3&cv=3.8.0.210223&ns__t=1670156240127&ns_c=UTF-8&c7=http%3A%2F%2Fkdmh.live%2Fweb%2F&c8=Canada%20Post&c9=
IP
143.204.55.96:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /b?c1=2&c2=6035946&cs_it=b3&cv=3.8.0.210223&ns__t=1670156240127&ns_c=UTF-8&c7=http%3A%2F%2Fkdmh.live%2Fweb%2F&c8=Canada%20Post&c9= HTTP/1.1
Host: sb.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kdmh.live/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Sun, 04 Dec 2022 12:17:22 GMT
set-cookie: UID=1046400381b5aceb4fda9931670156242; domain=.scorecardresearch.com; path=/; max-age=62208000
x-cache: Miss from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ig0W3-tbxQSEnKVda_93nhKjue_QkrbiHukChRQGOGq4XLwTrPiMDQ==
X-Firefox-Spdy: h2

kdmh.live/web/index_files/saved_resource(1)

192.151.157.182

200 OK

36 kB

URL HTTP/1.1
kdmh.live/web/index_files/saved_resource(1)
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type
data
Size
36 kB (35704 bytes)
Hash
90b8700a503b0eaf1f0a978a02254c9f
aaf64771628fce92f5b4a22a1af979aa93a4a313
1d48ee2e76afc714327a358c7f1e372f3a546f31677e89f0813e584a0e5ff3fe

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/saved_resource(1) HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:22 GMT
Content-Length: 61477
Connection: keep-alive
Last-Modified: Thu, 08 Apr 2021 04:06:14 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Accept-Ranges: bytes

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
fd0b48347644ddc60fb16b04140cfcb7
ef8d6c8e3c979e98c82655290150aa14fe5d44d1
f3d27c16653ed979a7cce2dc6239a48a86c7dab2fc34949b540802e50b05275a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5642
Cache-Control: max-age=115930
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 12:17:22 GMT
Etag: "638b9ba3-1d7"
Expires: Mon, 05 Dec 2022 20:29:32 GMT
Last-Modified: Sat, 03 Dec 2022 18:55:31 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

313 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
313 B (313 bytes)
Hash
0aa4d9affe7a391bc9e050267c005f02
f5a68f47540ee51f03ed4a2082e02329eda55e9e
b8e5a8c3ea5944de508556599eef8ea20a65983e0f5ad2ac3ea142d002ab46a6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3159
Cache-Control: max-age=88197
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 12:17:22 GMT
Etag: "638b3900-139"
Expires: Mon, 05 Dec 2022 12:47:19 GMT
Last-Modified: Sat, 03 Dec 2022 11:54:40 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 313

kdmh.live/web/errors/log

192.151.157.182

404 Not Found

0 B

URL HTTP/1.1
kdmh.live/web/errors/log
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Canada Post
urlquery	phishing	Phishing - Canada Post
fortinet	Phishing

HTTP Headers

POST /web/errors/log HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-type: application/json
Content-Length: 499
Origin: http://kdmh.live
Connection: keep-alive
Referer: http://kdmh.live/web/index_files/SV_71iOFlig0vNugpn.html

HTTP/1.1 404 Not Found
Server: nginx
Date: Sun, 04 Dec 2022 12:17:22 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff

t.co/i/adsct?bci=3&eci=2&event_id=f06ae7e3-fd3b-4926-b51b-435ec05a1edf&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=6a635b47-3cc6-48d7-9fef-5e7acf00db6f&tw_document_href=http%3A%2F%2Fkdmh.live%2Fweb%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=ny0qm&type=javascript&version=2.3.29

104.244.42.69

200 OK

43 B

URL HTTP/2
t.co/i/adsct?bci=3&eci=2&event_id=f06ae7e3-fd3b-4926-b51b-435ec05a1edf&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=6a635b47-3cc6-48d7-9fef-5e7acf00db6f&tw_document_href=http%3A%2F%2Fkdmh.live%2Fweb%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=ny0qm&type=javascript&version=2.3.29
IP
104.244.42.69:0
ASN
#13414 TWITTER

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
377d257f2d2e294916143c069141c1c5
b7cae69682cf31dd670b65088db8395acda6ed3e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

HTTP Headers

GET /i/adsct?bci=3&eci=2&event_id=f06ae7e3-fd3b-4926-b51b-435ec05a1edf&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=6a635b47-3cc6-48d7-9fef-5e7acf00db6f&tw_document_href=http%3A%2F%2Fkdmh.live%2Fweb%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=ny0qm&type=javascript&version=2.3.29 HTTP/1.1
Host: t.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kdmh.live/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 04 Dec 2022 12:17:22 GMT
perf: 7626143928
server: tsa_o
set-cookie: muc_ads=fce7a4f6-0ae6-48ed-9129-4a5b66436f48; Max-Age=63072000; Expires=Tue, 03 Dec 2024 12:17:22 GMT; Path=/; Domain=t.co; Secure; SameSite=None
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
content-length: 43
x-transaction-id: b6ea9c0c576c855f
strict-transport-security: max-age=0
x-response-time: 105
x-connection-hash: 8034ec492f3f1547ebad5cc5ab21d0ac274374d26618679ccd7aed73567959b4
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

314 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
314 B (314 bytes)
Hash
2752cb5fb329ef4efff0ca05497a1e43
656a2e4623d9dbcc2965dccb9d0f5a271660f70b
98c32ca93b27d7aae504a4be21e6fbdc6df77ee4fb8c62669cddae9a2f96a5e9

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3217
Cache-Control: max-age=129298
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 12:17:22 GMT
Etag: "638bd953-13a"
Expires: Tue, 06 Dec 2022 00:12:20 GMT
Last-Modified: Sat, 03 Dec 2022 23:18:43 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 314

www.canadapost-postescanada.ca/shop/mc/assets/images/structure/cpo.ico

104.88.13.190

301 Moved Permanently

134 B

URL HTTP/1.1
www.canadapost-postescanada.ca/shop/mc/assets/images/structure/cpo.ico
IP
104.88.13.190:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
134 B (134 bytes)
Hash
4aa7a432bb447f094408f1bd6229c605
1965c4952cc8c082a6307ed67061a57aab6632fa
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a

HTTP Headers

GET /shop/mc/assets/images/structure/cpo.ico HTTP/1.1
Host: www.canadapost-postescanada.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kdmh.live/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 301 Moved Permanently
Content-Length: 134
Content-Type: text/html
Location: https://www.canadapost-postescanada.ca/store-boutique/en
p3p: CP="NON CUR OTPi OUR NOR UNI"
content-security-policy-report-only: object-src 'none'; connect-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.cpggpc.ca https://www.google-analytics.com https://siteintercept.qualtrics.com https://www.facebook.com https://sslstats.canadapost.ca https://*.wistia.com https://dpm.demdex.net https://csi.gstatic.com https://adservice.google.com https://*.googlesyndication.com https://*.g.doubleclick.net https://maps.googleapis.com https://vmss.boldchat.com https://www.linkedin.com https://canadapost.tt.omtrdc.net https://services.postcodeanywhere.co.uk https://embedwistia-a.akamaihd.net https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://fonts.gstatic.com https://*.arcgis.com; form-action 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca  https://*.epost.ca https://www.facebook.com https://google.com; frame-ancestors 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.cpggpc.ca https://www.adobetag.com https://assets.adobedtm.com https://siteintercept.qualtrics.com  https://zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com https://connect.facebook.net https://snap.licdn.com https://z.moatads.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.google.com https://www.googletagservices.com https://*.google-analytics.com https://*.googleadservices.com https://www.gstatic.com https://*.googlesyndication.com https://adservice.google.com https://adservice.google.ca https://maps.googleapis.com https://cdn.ampproject.org https://*.doubleclick.net https://*.twitter.com https://cdn.syndication.twimg.com https://dpm.demdex.net https://*.wistia.com https://*.frontlinesvc.com https://*.arcgis.com https://www.linkedin.com https://vmss.boldchat.com https://sb.scorecardresearch.com https://www.rnengage.com https://sjs.bizographics.com https://www.instagram.com https://secure.adnxs.com https://app.five9.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://*.frontlinesvc.com https://fonts.googleapis.com https://translate.googleapis.com https://*.twitter.com https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.arcgis.com https://*.arcgisonline.com https://app.five9.com; report-uri https://www.canadapost-postescanada.ca/cwc/components/rs/csp-reports;
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
Content-Security-Policy: frame-ancestors 'self'
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubdomains; preload
Date: Sun, 04 Dec 2022 12:17:22 GMT
Connection: keep-alive

analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=f06ae7e3-fd3b-4926-b51b-435ec05a1edf&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=6a635b47-3cc6-48d7-9fef-5e7acf00db6f&tw_document_href=http%3A%2F%2Fkdmh.live%2Fweb%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=ny0qm&type=javascript&version=2.3.29

104.244.42.131

200 OK

43 B

URL HTTP/2
analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=f06ae7e3-fd3b-4926-b51b-435ec05a1edf&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=6a635b47-3cc6-48d7-9fef-5e7acf00db6f&tw_document_href=http%3A%2F%2Fkdmh.live%2Fweb%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=ny0qm&type=javascript&version=2.3.29
IP
104.244.42.131:0
ASN
#13414 TWITTER

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
377d257f2d2e294916143c069141c1c5
b7cae69682cf31dd670b65088db8395acda6ed3e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

HTTP Headers

GET /i/adsct?bci=3&eci=2&event_id=f06ae7e3-fd3b-4926-b51b-435ec05a1edf&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=6a635b47-3cc6-48d7-9fef-5e7acf00db6f&tw_document_href=http%3A%2F%2Fkdmh.live%2Fweb%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=ny0qm&type=javascript&version=2.3.29 HTTP/1.1
Host: analytics.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kdmh.live/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 04 Dec 2022 12:17:22 GMT
perf: 7626143928
server: tsa_o
set-cookie: personalization_id="v1_hVcfbdwh+YQqrOCYTW6NmQ=="; Max-Age=63072000; Expires=Tue, 03 Dec 2024 12:17:22 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=None
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
content-length: 43
x-transaction-id: e3775ef8adf26f27
strict-transport-security: max-age=631138519
x-response-time: 105
x-connection-hash: f1a3c71f4871e3035dd21ec73d0900204898bb8afa8e5dc9b2a44df509e319f7
X-Firefox-Spdy: h2

www.canadapost-postescanada.ca/store-boutique/en

104.88.13.190

307 Temporary Redirect

136 B

URL HTTP/1.1
www.canadapost-postescanada.ca/store-boutique/en
IP
104.88.13.190:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
136 B (136 bytes)
Hash
ed10607782c0c178ac891c97e9aa1470
5ce456cdbdcbdaab83e380dd5dc4d7a4033eaa90
8fc58eab6a6eb86985c8b65a22e5816abedaf9e82470bc3ff93bffd2dd7e8a41

HTTP Headers

GET /store-boutique/en HTTP/1.1
Host: www.canadapost-postescanada.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kdmh.live/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 307 Temporary Redirect
Content-Length: 136
Content-Type: text/html
Location: https://store.canadapost-postescanada.ca/store-boutique/en
p3p: CP="NON CUR OTPi OUR NOR UNI"
content-security-policy-report-only: object-src 'none'; connect-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.cpggpc.ca https://www.google-analytics.com https://siteintercept.qualtrics.com https://www.facebook.com https://sslstats.canadapost.ca https://*.wistia.com https://dpm.demdex.net https://csi.gstatic.com https://adservice.google.com https://*.googlesyndication.com https://*.g.doubleclick.net https://maps.googleapis.com https://vmss.boldchat.com https://www.linkedin.com https://canadapost.tt.omtrdc.net https://services.postcodeanywhere.co.uk https://embedwistia-a.akamaihd.net https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://fonts.gstatic.com https://*.arcgis.com; form-action 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca  https://*.epost.ca https://www.facebook.com https://google.com; frame-ancestors 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.cpggpc.ca https://www.adobetag.com https://assets.adobedtm.com https://siteintercept.qualtrics.com  https://zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com https://connect.facebook.net https://snap.licdn.com https://z.moatads.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.google.com https://www.googletagservices.com https://*.google-analytics.com https://*.googleadservices.com https://www.gstatic.com https://*.googlesyndication.com https://adservice.google.com https://adservice.google.ca https://maps.googleapis.com https://cdn.ampproject.org https://*.doubleclick.net https://*.twitter.com https://cdn.syndication.twimg.com https://dpm.demdex.net https://*.wistia.com https://*.frontlinesvc.com https://*.arcgis.com https://www.linkedin.com https://vmss.boldchat.com https://sb.scorecardresearch.com https://www.rnengage.com https://sjs.bizographics.com https://www.instagram.com https://secure.adnxs.com https://app.five9.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://*.frontlinesvc.com https://fonts.googleapis.com https://translate.googleapis.com https://*.twitter.com https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.arcgis.com https://*.arcgisonline.com https://app.five9.com; report-uri https://www.canadapost-postescanada.ca/cwc/components/rs/csp-reports;
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
Content-Security-Policy: frame-ancestors 'self'
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubdomains; preload
Date: Sun, 04 Dec 2022 12:17:22 GMT
Connection: keep-alive

www.facebook.com/tr/?id=614267586032718&ev=PageView&dl=http%3A%2F%2Fkdmh.live%2Fweb%2F&rl=&if=false&ts=1670156240963&sw=1280&sh=1024&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1670156240962.147569287&it=1670156240254&coo=false&rqm=GET

157.240.240.35

200 OK

86 kB

URL HTTP/2
www.facebook.com/tr/?id=614267586032718&ev=PageView&dl=http%3A%2F%2Fkdmh.live%2Fweb%2F&rl=&if=false&ts=1670156240963&sw=1280&sh=1024&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1670156240962.147569287&it=1670156240254&coo=false&rqm=GET
IP
157.240.240.35:0
ASN
#32934 FACEBOOK

File type
gzip compressed data, from Unix\012- data
Size
86 kB (86525 bytes)
Hash
96ae9809c80088472b1cc6e366c6bf9f
d8ccfc8bfa95bf7479c5bcaeb7a65cd427e9ef2a
8a519f7f0a6c8814ee3fda4768a9764f68c83b32728d7f39e443c3250a99f50a

HTTP Headers

GET /tr/?id=614267586032718&ev=PageView&dl=http%3A%2F%2Fkdmh.live%2Fweb%2F&rl=&if=false&ts=1670156240963&sw=1280&sh=1024&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1670156240962.147569287&it=1670156240254&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kdmh.live/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin: 
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Sun, 04 Dec 2022 12:17:23 GMT
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
12cd9faa14efe008864561bdf7377a8d
f29f80ed0ac4ddfebf806cc5f24d5ad8c8bb8cb1
10c66aaf086f012a7992f34aa9197756826d7c709e6fc2d5b003a13598a8fbfa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "10C66AAF086F012A7992F34AA9197756826D7C709E6FC2D5B003A13598A8FBFA"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14129
Expires: Sun, 04 Dec 2022 16:12:52 GMT
Date: Sun, 04 Dec 2022 12:17:23 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
9f0dd32ab6b93c8852071dca0bb89704
316572ea3065db04992a2c8a5ff0dce28881dc1d
2f95d3d307da9d14081c20a1d86cad9e180b8bcf4c65daf4b0119d89177e2a45

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6531
Cache-Control: max-age=90176
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 12:17:23 GMT
Etag: "638b3390-1d7"
Expires: Mon, 05 Dec 2022 13:20:19 GMT
Last-Modified: Sat, 03 Dec 2022 11:31:28 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
9f0dd32ab6b93c8852071dca0bb89704
316572ea3065db04992a2c8a5ff0dce28881dc1d
2f95d3d307da9d14081c20a1d86cad9e180b8bcf4c65daf4b0119d89177e2a45

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6531
Cache-Control: max-age=90176
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 12:17:23 GMT
Etag: "638b3390-1d7"
Expires: Mon, 05 Dec 2022 13:20:19 GMT
Last-Modified: Sat, 03 Dec 2022 11:31:28 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

store.canadapost-postescanada.ca/store-boutique/en

23.36.79.8

301 Moved Permanently

0 B

URL HTTP/2
store.canadapost-postescanada.ca/store-boutique/en
IP
23.36.79.8:0
ASN
#20940 Akamai International B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Canada Post
urlquery	phishing	Phishing - Canada Post

HTTP Headers

GET /store-boutique/en HTTP/1.1
Host: store.canadapost-postescanada.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kdmh.live/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 301 Moved Permanently
content-length: 0
location: /home
access-control-allow-origin: https://store.canadapost-postescanada.ca
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-vol-canonical-url: /home
x-vol-correlation: d998c34f935a41cbb85f6aa85f92b3fe
expires: Sun, 04 Dec 2022 12:17:23 GMT
cache-control: max-age=0, no-cache
pragma: no-cache
date: Sun, 04 Dec 2022 12:17:23 GMT
set-cookie: sb-sf-at-prod-s=at=jhJDDIgsOE4ZYYa4NE0Fz9pClPUXHpJDnXbhjHnEjTdfPaHYPzBtlfCuLBZwHS9uh0pJ3bM5hnnXFW%2FoLXr%2BZeJn99eDpLMkvw5BgKehLjTnIYGDnafys3AnNn3%2FGJTWkqzuT0ZVAnSeAE6mEE4OitRxp0I4Z5kNXdjKn3Dl%2BmGsa21u9bXzm1yvNb98ujHSwOEalJANuq6TSCPAiTR8%2FP5QimXnieBvpnfrrnt5B%2FH172fVkk4rgqpi9Z4%2Bom%2Bt1dNZOFMZXyB4YyHY5J4%2B7wawV8ren3glB4n041btRbADIV8RCitjKSJFaAfPxkMgJwtwVecx9nWIDtlTyZ7ntw%3D%3D&dt=2022-12-04T12%3A17%3A23.4604688Z; path=/; httponly
sb-sf-at-prod=at=jhJDDIgsOE4ZYYa4NE0Fz9pClPUXHpJDnXbhjHnEjTdfPaHYPzBtlfCuLBZwHS9uh0pJ3bM5hnnXFW%2FoLXr%2BZeJn99eDpLMkvw5BgKehLjTnIYGDnafys3AnNn3%2FGJTWkqzuT0ZVAnSeAE6mEE4OitRxp0I4Z5kNXdjKn3Dl%2BmGsa21u9bXzm1yvNb98ujHSwOEalJANuq6TSCPAiTR8%2FP5QimXnieBvpnfrrnt5B%2FH172fVkk4rgqpi9Z4%2Bom%2Bt1dNZOFMZXyB4YyHY5J4%2B7wawV8ren3glB4n041btRbADIV8RCitjKSJFaAfPxkMgJwtwVecx9nWIDtlTyZ7ntw%3D%3D; expires=Thu, 04 Dec 2042 12:17:23 GMT; path=/; httponly
_mzvr=_gnYXBVaok6FMCc5LMSUvg; expires=Mon, 04 Dec 2023 12:17:23 GMT; path=/; httponly
_mzvs=nn; path=/; httponly
_mzvt=mEcIWslzC0y5kziSvIlgQA; expires=Sun, 04 Dec 2022 12:47:23 GMT; path=/; httponly
_mzPc=eyJjb3JyZWxhdGlvbklkIjoiZDk5OGMzNGY5MzVhNDFjYmI4NWY2YWE4NWY5MmIzZmUiLCJpcEFkZHJlc3MiOiI5MS45MC40Mi4xNTQiLCJpc0RlYnVnTW9kZSI6ZmFsc2UsImlzQ3Jhd2xlciI6ZmFsc2UsImlzTW9iaWxlIjpmYWxzZSwiaXNUYWJsZXQiOmZhbHNlLCJpc0Rlc2t0b3AiOnRydWUsInZpc2l0Ijp7InZpc2l0SWQiOiJtRWNJV3NsekMweTVremlTdklsZ1FBIiwidmlzaXRvcklkIjoiX2duWVhCVmFvazZGTUNjNUxNU1V2ZyIsImlzVHJhY2tlZCI6ZmFsc2UsImlzVXNlclRyYWNrZWQiOmZhbHNlfSwidXNlciI6eyJpc0F1dGhlbnRpY2F0ZWQiOmZhbHNlLCJ1c2VySWQiOiJlYmNiY2QxOWEyOTE0NDg3YWQxNGYzYzA2MmMxNmIwZSIsImZpcnN0TmFtZSI6IiIsImxhc3ROYW1lIjoiIiwiZW1haWwiOiIiLCJpc0Fub255bW91cyI6dHJ1ZSwiYmVoYXZpb3JzIjpbMTAxNCwyMjJdLCJpc1NhbGVzUmVwIjpmYWxzZX0sInVzZXJQcm9maWxlIjp7InVzZXJJZCI6ImViY2JjZDE5YTI5MTQ0ODdhZDE0ZjNjMDYyYzE2YjBlIiwiZmlyc3ROYW1lIjoiIiwibGFzdE5hbWUiOiIiLCJlbWFpbEFkZHJlc3MiOiIiLCJ1c2VyTmFtZSI6IiJ9LCJpc0VkaXRNb2RlIjpmYWxzZSwiaXNBZG1pbk1vZGUiOmZhbHNlLCJub3ciOiIyMDIyLTEyLTA0VDEyOjE3OjIzLjQ2MTE1NDFaIiwiY3Jhd2xlckluZm8iOnsiaXNDcmF3bGVyIjpmYWxzZX0sImN1cnJlbmN5UmF0ZUluZm8iOnt9fQ%3D%3D; path=/
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
X-Firefox-Spdy: h2

zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_0xleIR6sWSZaNY9&Q_LOC=http%3A%2F%2Fkdmh.live%2Fweb%2F&t=1670156241044

104.17.208.240

200 OK

34 kB

URL HTTP/2
zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_0xleIR6sWSZaNY9&Q_LOC=http%3A%2F%2Fkdmh.live%2Fweb%2F&t=1670156241044
IP
104.17.208.240:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (6801)
Size
34 kB (33486 bytes)
Hash
1b6a96259d992bf2dd86bdadef1c39a7
17af71c744b019e0c24227fc0159cd6effb06a2d
6f2b2496169cae90b963ac6d936b1ae52c5e5aef8d67fcd7c2731ec4160f0e0f

HTTP Headers

GET /WRSiteInterceptEngine/?Q_ZID=ZN_0xleIR6sWSZaNY9&Q_LOC=http%3A%2F%2Fkdmh.live%2Fweb%2F&t=1670156241044 HTTP/1.1
Host: zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kdmh.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 04 Dec 2022 12:17:23 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 77447a89bd99b50f-OSL
access-control-allow-origin: *
age: 198657
cache-control: public, max-age=3600, s-maxage=604800
etag: W/"2127-yCXSqeWNF3QQ5gWuVWm89QaDdXQ"
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=8487
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

kdmh.live/web/index_files/f(1).txt

192.151.157.182

200 OK

0 B

URL HTTP/1.1
kdmh.live/web/index_files/f(1).txt
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/f(1).txt HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Thu, 08 Apr 2021 04:06:12 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Content-Encoding: gzip

kdmh.live/web/index_files/js

192.151.157.182

200 OK

0 B

URL HTTP/1.1
kdmh.live/web/index_files/js
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/js HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Length: 90278
Connection: keep-alive
Last-Modified: Thu, 08 Apr 2021 04:06:06 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Accept-Ranges: bytes

kdmh.live/web/index_files/saved_resource(1)

192.151.157.182

200 OK

0 B

URL HTTP/1.1
kdmh.live/web/index_files/saved_resource(1)
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/saved_resource(1) HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:17 GMT
Content-Length: 61477
Connection: keep-alive
Last-Modified: Thu, 08 Apr 2021 04:06:14 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: MISS
X-Server-Powered-By: Engintron
Accept-Ranges: bytes

kdmh.live/web/index_files/saved_resource

192.151.157.182

200 OK

0 B

URL HTTP/1.1
kdmh.live/web/index_files/saved_resource
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/saved_resource HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:22 GMT
Content-Length: 61477
Connection: keep-alive
Last-Modified: Thu, 08 Apr 2021 04:06:14 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Accept-Ranges: bytes

zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_0xleIR6sWSZaNY9&Q_LOC=http%3A%2F%2Fkdmh.live%2Fweb%2F&t=1670156241045

104.17.208.240

200 OK

0 B

URL HTTP/2
zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_0xleIR6sWSZaNY9&Q_LOC=http%3A%2F%2Fkdmh.live%2Fweb%2F&t=1670156241045
IP
104.17.208.240:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /WRSiteInterceptEngine/?Q_ZID=ZN_0xleIR6sWSZaNY9&Q_LOC=http%3A%2F%2Fkdmh.live%2Fweb%2F&t=1670156241045 HTTP/1.1
Host: zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kdmh.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 04 Dec 2022 12:17:23 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 77447a89cdb0b50f-OSL
access-control-allow-origin: *
age: 198657
cache-control: public, max-age=3600, s-maxage=604800
etag: W/"2127-yCXSqeWNF3QQ5gWuVWm89QaDdXQ"
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=8487
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_0xleIR6sWSZaNY9&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web

104.17.208.240

200 OK

0 B

URL HTTP/2
siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_0xleIR6sWSZaNY9&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web
IP
104.17.208.240:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_0xleIR6sWSZaNY9&Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 76
Origin: http://kdmh.live
Connection: keep-alive
Referer: http://kdmh.live/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Dec 2022 12:17:23 GMT
content-type: application/json
cf-ray: 77447a8a5e3ab50f-OSL
access-control-allow-origin: http://kdmh.live
cache-control: no-store, no-cache, must-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
trace-id: 21983e8e52c44c30
x-content-type-options: nosniff
vary: Accept-Encoding
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

kdmh.live/web/index_files/js(1)

192.151.157.182

200 OK

0 B

URL HTTP/1.1
kdmh.live/web/index_files/js(1)
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/js(1) HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:16 GMT
Content-Length: 90248
Connection: keep-alive
Last-Modified: Thu, 08 Apr 2021 04:06:08 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Accept-Ranges: bytes

kdmh.live/web/index_files/css

192.151.157.182

200 OK

0 B

URL HTTP/1.1
kdmh.live/web/index_files/css
IP
192.151.157.182:0
ASN
#33387 NOCIX

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /web/index_files/css HTTP/1.1
Host: kdmh.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://kdmh.live/web/

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Dec 2022 12:17:16 GMT
Content-Length: 24218
Connection: keep-alive
Last-Modified: Thu, 08 Apr 2021 04:06:10 GMT
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Accept-Ranges: bytes

siteintercept.qualtrics.com/dxjsmodule/1.8ce69394dfc154e65174.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=canadapostdigital

104.17.208.240

200 OK

0 B

URL HTTP/2
siteintercept.qualtrics.com/dxjsmodule/1.8ce69394dfc154e65174.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=canadapostdigital
IP
104.17.208.240:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /dxjsmodule/1.8ce69394dfc154e65174.chunk.js?Q_CLIENTVERSION=1.81.0&Q_CLIENTTYPE=web&Q_BRANDID=canadapostdigital HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kdmh.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Dec 2022 12:17:23 GMT
content-type: application/javascript
cf-ray: 77447a8b6f7ab50f-OSL
access-control-allow-origin: *
age: 469844
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"7380-1845383cf10"
last-modified: Mon, 07 Nov 2022 19:14:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=29568
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,500,700

142.250.74.74

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,500,700
IP
142.250.74.74:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Roboto:300,400,500,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://kdmh.live/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 04 Dec 2022 12:17:16 GMT
date: Sun, 04 Dec 2022 12:17:16 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (54)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations