r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5c6a87f6d6b5c54dcb1b630ae6001c73
e0315c9936d6f2f58ff7d078e74a8ec7802265a8
d88ef07b9fcfb42d27a490cb57df4adaf3261efc7d0b38246db387da3ca32a8d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D88EF07B9FCFB42D27A490CB57DF4ADAF3261EFC7D0B38246DB387DA3CA32A8D"
Last-Modified: Fri, 30 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5956
Expires: Fri, 30 Dec 2022 22:29:44 GMT
Date: Fri, 30 Dec 2022 20:50:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0e93d32de9bcebd3483b40a8fed30718
7e1fe5db1f08b75a079780717e4f18ad76767212
4f0aaacfefd27c89225a1a0d2fbe778ec4f3369b5e4e1599255bf12866196cd4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4F0AAACFEFD27C89225A1A0D2FBE778EC4F3369B5E4E1599255BF12866196CD4"
Last-Modified: Fri, 30 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3377
Expires: Fri, 30 Dec 2022 21:46:45 GMT
Date: Fri, 30 Dec 2022 20:50:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6d6d99cd1201f65eeb7d437b62bad1f3
6d5e41d7a2786ccaad7c7276ecdd9411f8cbd6ba
db2b42007fc4ad126c8af8d7cce27af88947231d09ded56da33cfee3d2594e23
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DB2B42007FC4AD126C8AF8D7CCE27AF88947231D09DED56DA33CFEE3D2594E23"
Last-Modified: Fri, 30 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3150
Expires: Fri, 30 Dec 2022 21:42:58 GMT
Date: Fri, 30 Dec 2022 20:50:28 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 30 Dec 2022 20:47:03 GMT
content-type: application/json
age: 205
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: t5XG3ev4rRfOgtXV069MIxKfRRIn1zOpnjkIrAT1DY8+tmJLqi6n1V14sIafz/OHEeFQBwBRHug=
x-amz-request-id: G50CMT7GJ15G83PK
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 30 Dec 2022 19:57:08 GMT
age: 3200
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 30 Dec 2022 20:50:28 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Alert, ETag, Content-Type, Last-Modified, Cache-Control, Expires, Content-Length, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 30 Dec 2022 20:33:31 GMT
age: 1018
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 553f97ab8a2c2f1abe4ee932cf6dab42
9e9433075523efb0cf7d13b6811d237c4b48f099
8a7c26f298fb34ec9d5cbd977a2677118b9360ad3134bb56171c13d4d13da540
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4620
Cache-Control: max-age=135198
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 20:50:29 GMT
Etag: "63aeaa27-1d7"
Expires: Sun, 01 Jan 2023 10:23:47 GMT
Last-Modified: Fri, 30 Dec 2022 09:06:47 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
35.164.56.167101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.164.56.167:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: +Wyej7wHf786aUoCjoivVQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: W1sIEKS5wRVEcF9hFePpXKObWaI=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 118862dd91acadbe96bd8df464b5d944
1f18ca3394c0502b2447001d8115d8f69211a72b
599a2f13cae2edc7b4ffbaee442cc40363b809400452364e21a05fd3599f72c6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "599A2F13CAE2EDC7B4FFBAEE442CC40363B809400452364E21A05FD3599F72C6"
Last-Modified: Fri, 30 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19849
Expires: Sat, 31 Dec 2022 02:21:20 GMT
Date: Fri, 30 Dec 2022 20:50:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 118862dd91acadbe96bd8df464b5d944
1f18ca3394c0502b2447001d8115d8f69211a72b
599a2f13cae2edc7b4ffbaee442cc40363b809400452364e21a05fd3599f72c6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "599A2F13CAE2EDC7B4FFBAEE442CC40363B809400452364E21A05FD3599F72C6"
Last-Modified: Fri, 30 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19849
Expires: Sat, 31 Dec 2022 02:21:20 GMT
Date: Fri, 30 Dec 2022 20:50:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 118862dd91acadbe96bd8df464b5d944
1f18ca3394c0502b2447001d8115d8f69211a72b
599a2f13cae2edc7b4ffbaee442cc40363b809400452364e21a05fd3599f72c6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "599A2F13CAE2EDC7B4FFBAEE442CC40363B809400452364E21A05FD3599F72C6"
Last-Modified: Fri, 30 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19849
Expires: Sat, 31 Dec 2022 02:21:20 GMT
Date: Fri, 30 Dec 2022 20:50:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 118862dd91acadbe96bd8df464b5d944
1f18ca3394c0502b2447001d8115d8f69211a72b
599a2f13cae2edc7b4ffbaee442cc40363b809400452364e21a05fd3599f72c6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "599A2F13CAE2EDC7B4FFBAEE442CC40363B809400452364E21A05FD3599F72C6"
Last-Modified: Fri, 30 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19849
Expires: Sat, 31 Dec 2022 02:21:20 GMT
Date: Fri, 30 Dec 2022 20:50:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 118862dd91acadbe96bd8df464b5d944
1f18ca3394c0502b2447001d8115d8f69211a72b
599a2f13cae2edc7b4ffbaee442cc40363b809400452364e21a05fd3599f72c6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "599A2F13CAE2EDC7B4FFBAEE442CC40363B809400452364E21A05FD3599F72C6"
Last-Modified: Fri, 30 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19849
Expires: Sat, 31 Dec 2022 02:21:20 GMT
Date: Fri, 30 Dec 2022 20:50:31 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b72d4d2-0340-4f3f-9cb2-a0ff1e1ece28.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b72d4d2-0340-4f3f-9cb2-a0ff1e1ece28.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d0f02288213f270c5a4a8944107c81e9
d17f3594e4aa86aa1b28849bbc3c7f1d45d938ea
770e6cc997aafc1c0485af4fa413fa255868a5d333e8e60e7de90b4c74bf29bf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b72d4d2-0340-4f3f-9cb2-a0ff1e1ece28.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8494
x-amzn-requestid: 8dc4c6ae-ecb5-427d-be0a-535585f19b03
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d7ZUXHR1IAMFn4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ae08e8-326ee70106b8fa9d2c4d540b;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 21:38:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: fR6Tky8KiadgDTqrGN7QKIldTbOm8rIxJXZOtT6FyjBC6gafdCd33A==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 22:01:38 GMT
age: 82133
etag: "d17f3594e4aa86aa1b28849bbc3c7f1d45d938ea"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e77cad2-6b0d-46d1-a2e4-ce29f7cc173e.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e77cad2-6b0d-46d1-a2e4-ce29f7cc173e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a4adb7268aa0a520dcee9f1d936d16dd
9364105419c6662123999ed11912de21ad32f6ba
6d593122db8b8514db4d3d0d0e6d037f57d39e5aab9a9f493fed359eb4b73b2e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e77cad2-6b0d-46d1-a2e4-ce29f7cc173e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8505
x-amzn-requestid: de8ce29e-7947-4c4f-95f5-14efae45cfda
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d4p9MGW9IAMFqdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63acf054-5cf23dcf7bdbd784373222a9;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 01:41:40 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kEM8R4PYVJN8BQXhr9w-osn4-pAjeVnOtinJu1yfvjc5sTEL6LqTeQ==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Dec 2022 02:49:23 GMT
age: 64868
etag: "9364105419c6662123999ed11912de21ad32f6ba"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F26073be1-1851-4348-a892-ee39e3b6f635.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F26073be1-1851-4348-a892-ee39e3b6f635.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d9f3c92ff3db8e0ec87e86aa28346ea5
c4cc987d54675d9285b43954ab8f010e5a258d9e
94be9c845c6373424c519720e61e2a1397f7390028d43dcdbf536686a7740b6b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F26073be1-1851-4348-a892-ee39e3b6f635.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9569
x-amzn-requestid: 5e67dc3c-470b-4b8e-a2fd-0a7ae7ade4dc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d21gLHgLIAMFygQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ac3600-6317a97c21aae4fc13cdd27b;Sampled=0
x-amzn-remapped-date: Wed, 28 Dec 2022 12:26:40 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xScDAd-p3iFuIWh0vmyGngwsfeLiYAB9iae-rbakrgil9cLtKWejRw==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 21:46:54 GMT
age: 83017
etag: "c4cc987d54675d9285b43954ab8f010e5a258d9e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5684f9da-4da1-47fc-a5ba-8f30a894d588.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5684f9da-4da1-47fc-a5ba-8f30a894d588.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9ebe131c7787411178a93d045ba57b5a
40b601b6ad3a3d7738b5b55777981598f4dc0519
68ea133b346bd1f76cd7b4dcf5023d8f987935dff380bacec73dec957effb97e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5684f9da-4da1-47fc-a5ba-8f30a894d588.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11516
x-amzn-requestid: e4e9ceeb-b2e5-454f-9550-d412fc0be82a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d7aRLGuqoAMF3JA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ae0a6d-6ed43b46144121dc2dd7db2f;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 21:45:17 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: k0PrvFSOqoZYQXx_0QjokoJbSVcXMpPcLFw2qrfQvyvegLMw4rghTA==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 22:16:26 GMT
age: 81245
etag: "40b601b6ad3a3d7738b5b55777981598f4dc0519"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb9607c6-9a7f-483e-afc4-9004ad7691ab.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb9607c6-9a7f-483e-afc4-9004ad7691ab.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6e270e4d21abb133d068a56a552b1708
2d5c698f982dcdb9a86de4e45e30d7caf9b42336
723573f9908c5a2aa1d3dfe1146a764d7052c866ff2076a9096daccf5697328b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb9607c6-9a7f-483e-afc4-9004ad7691ab.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11775
x-amzn-requestid: 5a37b577-ac86-4cab-a580-865059074844
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d7aqKGzTIAMFmIw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ae0b0d-7de39bba5583d757794dbd9e;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 21:47:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 4OqJ-KiLeDe3iVqhLUhzcqiWrDHc3sZa808qTuPMDLdhP6FOFdGhkg==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 22:10:15 GMT
etag: "2d5c698f982dcdb9a86de4e45e30d7caf9b42336"
content-type: image/jpeg
age: 81616
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab5cb9e-53fc-4a70-831a-6d6bd503103e.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab5cb9e-53fc-4a70-831a-6d6bd503103e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a9d1857128ab6a237e6854c7a3532b51
702ab1eb38be637f012e1454201b9a7561c29081
48fbf5b5aa1cf66fcdaafe68c72ac073d2ba9b6dedf76ebfaafdc88836fa0fde
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab5cb9e-53fc-4a70-831a-6d6bd503103e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4833
x-amzn-requestid: 46ef49d7-dadb-4665-84bf-1c331ed8fce6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d7ZU2E3IIAMFxAw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ae08eb-28af0ab9094d7c21560a60db;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 21:38:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: YyIKd_GHAixWYqzjn0XD2Jwal3Jt62L90StfgPkCkJWU3RQml-u6oA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 22:01:39 GMT
age: 82132
etag: "702ab1eb38be637f012e1454201b9a7561c29081"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/gtm.js
151.139.128.10200 OK 31 kB URL HTTP/2 demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/gtm.js
IP 151.139.128.10:0
File type ASCII text, with very long lines (1555)
Hash ca463889b9d537472f64f3366ce22eae
0586ebe6f8dfb3a1d03ab8448f2e8d44a7faa2f5
19f6456c07fec7e3f09d52da938b490b0d2c3c9a126bceafabd1a0356effa943
Analyzer Verdict Alert fortinet Phishing
GET /trial-y412xt64/Last_Correos/assets/recibir_paquete_files/gtm.js HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/Recibir_paquete.php
Cookie: SPSI=a91d0557a11bca5c3dd056d030f9fe69; SPSE=iJDnZ37qpHqAdfC29eha9Y7IGmZc4pp6/aKCTgXy8Hh5q0c0yX2wgJVCGphJyPcPv/6smq9di9Eq26xNxLiFmw==; spcsrf=925916480da6e76a1f03bbbfc696dd2f; UTGv2=h4afcbc4867903a0930432b490c1019ba163; sbtsck=javDsO7Kv0CspJiEhgwWCNohGOjsnHeDCVzN6KsctFQN+o=; PRLST=; adOtr=0d95a71a511; PHPSESSID=14af7eef6fd7c25d49c1c322030f6d84; sp_lit=sH27dxi/R8x8UdGPWaE2hQ==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Dec 2022 20:50:33 GMT
etag: "1653332346"
cache-control: max-age=30
content-encoding: gzip
content-length: 30565
content-type: application/javascript; charset=utf-8
last-modified: Mon, 23 May 2022 18:59:06 GMT
accept-ranges: bytes
vary: Accept-Encoding
x-proxy-cache: MISS
x-robots-tag: noindex, nofollow, noarchive, nosnippet
strict-transport-security: max-age=31536000; includeSubDomains
server: fbs
x-sp-metadata: HS256.CKm6vZ0GEocBCiQyNmNiYTA0MC1lZGFkLTQyOGEtOWIyOS1lMjQ0ODFiOTNlZDQQ2J+KgafZ+wIaBgiZnr2dBiIMOTEuOTAuNDIuMTU0KP21ATADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGIyZTMyMTQ2MDdjMjc0ZTNiNzJmMTQ0NzFhMGFkZDlkGioSJDQ1NTEyZThiLTNhYjctNGE4OC04NjE0LWMzNDE3ZjBlYmQ5Mxjl7gEiGggCEhRjZHMyMTUuc2sxLmh3Y2RuLm5ldBgI.vuB3wrOYEPyTm9a3Dck1Wa2pnodMKOVBDOSx60Pp6Io=
x-hw: 1672433433.cds222.sk1.hc,1672433433.cds215.sk1.sc,1672433433.cds215.sk1.pr
link: <https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/gtm.js>; rel="canonical"
access-control-allow-origin: *
X-Firefox-Spdy: h2
demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/deco_bars.svg
151.139.128.10200 OK 390 B URL HTTP/2 demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/deco_bars.svg
IP 151.139.128.10:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82304b9a0023912a7a5ecf6bc3423a4d
74cdfe76217be9aef762ccc76c807b54bc627a35
0fbc2616c8ad67b276f458ff1896e233a0f803314318197dc00a13d53d026097
Analyzer Verdict Alert fortinet Phishing
GET /trial-y412xt64/Last_Correos/assets/recibir_paquete_files/deco_bars.svg HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/Recibir_paquete.php
Cookie: SPSI=a91d0557a11bca5c3dd056d030f9fe69; SPSE=iJDnZ37qpHqAdfC29eha9Y7IGmZc4pp6/aKCTgXy8Hh5q0c0yX2wgJVCGphJyPcPv/6smq9di9Eq26xNxLiFmw==; spcsrf=925916480da6e76a1f03bbbfc696dd2f; UTGv2=h4afcbc4867903a0930432b490c1019ba163; sbtsck=javDsO7Kv0CspJiEhgwWCNohGOjsnHeDCVzN6KsctFQN+o=; PRLST=; adOtr=0d95a71a511; PHPSESSID=14af7eef6fd7c25d49c1c322030f6d84; sp_lit=sH27dxi/R8x8UdGPWaE2hQ==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Dec 2022 20:50:33 GMT
etag: "1653332346"
cache-control: max-age=30
content-encoding: gzip
content-length: 390
content-type: image/svg+xml
last-modified: Mon, 23 May 2022 18:59:06 GMT
accept-ranges: bytes
x-proxy-cache: MISS
x-robots-tag: noindex, nofollow, noarchive, nosnippet
strict-transport-security: max-age=31536000; includeSubDomains
server: fbs
x-sp-metadata: HS256.CKm6vZ0GEocBCiQ1MjQxOGY3YS05ZDNlLTQxZTYtYjdiNC1kODMyNDQ0N2FiNzAQ2J+KgafZ+wIaBgiZnr2dBiIMOTEuOTAuNDIuMTU0KP21ATADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGIyZTMyMTQ2MDdjMjc0ZTNiNzJmMTQ0NzFhMGFkZDlkGikSJDk2OTUzMDllLWYxYzctNDdmMS1iOWRmLTg1NjlhZDc0NzIzNRiGAyIaCAISFGNkczI0NC5zazEuaHdjZG4ubmV0GAg=.yyrdfj0tKPeN2QjPJZHvtm0gqs0GqQVVEXgOuhH6ENQ=
x-hw: 1672433433.cds222.sk1.hc,1672433433.cds244.sk1.sc,1672433433.cds244.sk1.pr
link: <https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/deco_bars.svg>; rel="canonical"
access-control-allow-origin: *
X-Firefox-Spdy: h2
demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/deco_triangles.svg
151.139.128.10200 OK 451 B URL HTTP/2 demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/deco_triangles.svg
IP 151.139.128.10:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 9f484954ec83afedf792b8a54262b528
e6bbe505e712c396e0dca15915f68fa897f5ed77
e9fd41da5588466d5e7fda079a6555b926a422449e22e61e13c8356411fce3a8
Analyzer Verdict Alert fortinet Phishing
GET /trial-y412xt64/Last_Correos/assets/recibir_paquete_files/deco_triangles.svg HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/Recibir_paquete.php
Cookie: SPSI=a91d0557a11bca5c3dd056d030f9fe69; SPSE=iJDnZ37qpHqAdfC29eha9Y7IGmZc4pp6/aKCTgXy8Hh5q0c0yX2wgJVCGphJyPcPv/6smq9di9Eq26xNxLiFmw==; spcsrf=925916480da6e76a1f03bbbfc696dd2f; UTGv2=h4afcbc4867903a0930432b490c1019ba163; sbtsck=javDsO7Kv0CspJiEhgwWCNohGOjsnHeDCVzN6KsctFQN+o=; PRLST=; adOtr=0d95a71a511; PHPSESSID=14af7eef6fd7c25d49c1c322030f6d84; sp_lit=sH27dxi/R8x8UdGPWaE2hQ==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Dec 2022 20:50:33 GMT
etag: "1653332346"
cache-control: max-age=30
content-encoding: gzip
content-length: 451
content-type: image/svg+xml
last-modified: Mon, 23 May 2022 18:59:06 GMT
accept-ranges: bytes
x-proxy-cache: MISS
x-robots-tag: noindex, nofollow, noarchive, nosnippet
strict-transport-security: max-age=31536000; includeSubDomains
server: fbs
x-sp-metadata: HS256.CKm6vZ0GEocBCiQ5YzRjMTI1Mi0wOTE4LTQ1YjgtODY1Yi1iMzFjODY2ZjkxNGEQ2J+KgafZ+wIaBgiZnr2dBiIMOTEuOTAuNDIuMTU0KP21ATADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGIyZTMyMTQ2MDdjMjc0ZTNiNzJmMTQ0NzFhMGFkZDlkGikSJDA3ZDZjZTNlLTRiZjctNDI0YS1iZjk3LTg2MTcxNThjNDI5YxjDAyIaCAISFGNkczI1NC5zazEuaHdjZG4ubmV0GAg=.CMQX7PVSVbZIYgDW50HFY5TuvIi7epmhGqk8GPCnk8c=
x-hw: 1672433433.cds222.sk1.hc,1672433433.cds254.sk1.sc,1672433433.cds254.sk1.pr
link: <https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/deco_triangles.svg>; rel="canonical"
access-control-allow-origin: *
X-Firefox-Spdy: h2
demo2.cloudwp.dev/trial-y412xt64/Last_Correos/
151.139.128.10302 Found 387 B URL HTTP/2 demo2.cloudwp.dev/trial-y412xt64/Last_Correos/
IP 151.139.128.10:0
File type ASCII text, with very long lines (544), with CRLF, LF line terminators
Hash 046cb79aa5a1e5ed957e3e18034eb40e
5f8c05f148136e1c60535fe1e3e82711ab117d5c
b192c41e0a2bdb20bd49a9260928510d73b8085cfcd4cd76601eacb65c4c6057
Analyzer Verdict Alert openphish Correos
fortinet Phishing
GET /trial-y412xt64/Last_Correos/ HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: SPSI=a91d0557a11bca5c3dd056d030f9fe69; SPSE=iJDnZ37qpHqAdfC29eha9Y7IGmZc4pp6/aKCTgXy8Hh5q0c0yX2wgJVCGphJyPcPv/6smq9di9Eq26xNxLiFmw==; spcsrf=688a5492cc4cab145d9697c8f8dad13a; UTGv2=h4afcbc4867903a0930432b490c1019ba163; sbtsck=javDsO7Kv0CspJiEhgwWCNohGOjsnHeDCVzN6KsctFQN+o=; PRLST=Su; adOtr=0d95a71a511
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Fri, 30 Dec 2022 20:50:31 GMT
cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.33
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
set-cookie: spcsrf=0f0e0b4bf6d0ea5c7b9ddd151da0ec62; path=/; SameSite=Strict; HttpOnly; expires=Fri, 30-Dec-22 22:50:29 GMT
PHPSESSID=14af7eef6fd7c25d49c1c322030f6d84; path=/
location: Recibir_paquete.php
x-proxy-cache: MISS
x-robots-tag: noindex, nofollow, noarchive, nosnippet
strict-transport-security: max-age=31536000; includeSubDomains
server: fbs
link: <https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/>; rel="canonical"
x-hw: 1672433429.cds241.sk1.hc,1672433429.cds255.sk1.sc,1672433431.cdn2-wafbe01-arn1.stackpath.systems.-.wx,1672433431.cds255.sk1.p
access-control-allow-origin: *
x-sp-metadata: HS256.CKe6vZ0GEoYBCiQ2ZjU3YTY1NC1hYmI1LTQ0MWItYWUwZS1lZDQ5MGFmZTE0M2IQ2J+KgafZ+wIaBgiVnr2dBiIMOTEuOTAuNDIuMTU0KL5DMAM4BEIWVExTX0FFU18xMjhfR0NNX1NIQTI1NlogYjJlMzIxNDYwN2MyNzRlM2I3MmYxNDQ3MWEwYWRkOWQaJhIkOTY2YjE1NTgtYTI5OS00YmZmLWI2YzQtZTZjYTFhMzU3ZGZjIhoIAhIUY2RzMjU1LnNrMS5od2Nkbi5uZXQYCA==.dcouzWDEG3+jp9aRpyIrHnr/PIzTO73YsZ6lPMY4UV8=
X-Firefox-Spdy: h2
demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/apple_store.jpg
151.139.128.10200 OK 11 kB URL HTTP/2 demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/apple_store.jpg
IP 151.139.128.10:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 250x82, components 3\012- data
Hash 498c4a8cc089ec2fc0b87f460924b9b4
324b0ef1cf07829216653bf3fca04add4ebf553f
509066150aa1da2b163e681cff62f67f0becd0bb65cded95be964371835798f6
GET /trial-y412xt64/Last_Correos/assets/recibir_paquete_files/apple_store.jpg HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/Recibir_paquete.php
Cookie: SPSI=a91d0557a11bca5c3dd056d030f9fe69; SPSE=iJDnZ37qpHqAdfC29eha9Y7IGmZc4pp6/aKCTgXy8Hh5q0c0yX2wgJVCGphJyPcPv/6smq9di9Eq26xNxLiFmw==; spcsrf=925916480da6e76a1f03bbbfc696dd2f; UTGv2=h4afcbc4867903a0930432b490c1019ba163; sbtsck=javDsO7Kv0CspJiEhgwWCNohGOjsnHeDCVzN6KsctFQN+o=; PRLST=; adOtr=0d95a71a511; PHPSESSID=14af7eef6fd7c25d49c1c322030f6d84; sp_lit=sH27dxi/R8x8UdGPWaE2hQ==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Dec 2022 20:50:33 GMT
etag: "1653332346"
cache-control: max-age=30
content-length: 11255
content-type: image/jpeg
last-modified: Mon, 23 May 2022 18:59:06 GMT
accept-ranges: bytes
x-proxy-cache: MISS
x-robots-tag: noindex, nofollow, noarchive, nosnippet
strict-transport-security: max-age=31536000; includeSubDomains
server: fbs
x-sp-metadata: HS256.CKm6vZ0GEocBCiQxNTc5NDgzOC05ODMxLTQ0ZGEtOTUxNi01MjhkYTQ1N2VmNzQQ2J+KgafZ+wIaBgiZnr2dBiIMOTEuOTAuNDIuMTU0KP21ATADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGIyZTMyMTQ2MDdjMjc0ZTNiNzJmMTQ0NzFhMGFkZDlkGikSJGQyYTM5ODQ3LWQ1ZjUtNGJlYS04MmIwLTNhMjQzN2UxNzllZRj3VyIaCAISFGNkczIwOS5zazEuaHdjZG4ubmV0GAg=.iRC/x0aFzNHZlP5vZdX1dJKIUGpXCSum4BNNyBO3kbo=
x-hw: 1672433433.cds222.sk1.hc,1672433433.cds209.sk1.sc,1672433433.cds209.sk1.pr
link: <https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/apple_store.jpg>; rel="canonical"
access-control-allow-origin: *
X-Firefox-Spdy: h2
demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/google_play.jpg
151.139.128.10200 OK 12 kB URL HTTP/2 demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/google_play.jpg
IP 151.139.128.10:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 270x80, components 3\012- data
Hash 71405560fcf941f01e531e8564ad9e3f
a970b8084d6e7cdd714dbd1add272ac630cd9fe9
bda17ffead5e3809b288330e7aa2d2b689c45cfadcef8249416d07afe34477a7
GET /trial-y412xt64/Last_Correos/assets/recibir_paquete_files/google_play.jpg HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/Recibir_paquete.php
Cookie: SPSI=a91d0557a11bca5c3dd056d030f9fe69; SPSE=iJDnZ37qpHqAdfC29eha9Y7IGmZc4pp6/aKCTgXy8Hh5q0c0yX2wgJVCGphJyPcPv/6smq9di9Eq26xNxLiFmw==; spcsrf=925916480da6e76a1f03bbbfc696dd2f; UTGv2=h4afcbc4867903a0930432b490c1019ba163; sbtsck=javDsO7Kv0CspJiEhgwWCNohGOjsnHeDCVzN6KsctFQN+o=; PRLST=; adOtr=0d95a71a511; PHPSESSID=14af7eef6fd7c25d49c1c322030f6d84; sp_lit=sH27dxi/R8x8UdGPWaE2hQ==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Dec 2022 20:50:33 GMT
etag: "1653332346"
cache-control: max-age=30
content-length: 11827
content-type: image/jpeg
last-modified: Mon, 23 May 2022 18:59:06 GMT
accept-ranges: bytes
x-proxy-cache: MISS
x-robots-tag: noindex, nofollow, noarchive, nosnippet
strict-transport-security: max-age=31536000; includeSubDomains
server: fbs
x-sp-metadata: HS256.CKm6vZ0GEocBCiQ1NGQ4OGFiZi1mODk0LTRhOWItYTNlMC1hODliMmQ0OGYzNjcQ2J+KgafZ+wIaBgiZnr2dBiIMOTEuOTAuNDIuMTU0KP21ATADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGIyZTMyMTQ2MDdjMjc0ZTNiNzJmMTQ0NzFhMGFkZDlkGikSJDM5MzA1YzYwLWMyMjEtNDI0MS1hZTIyLWJhY2U2OWQyNDI3NRizXCIaCAISFGNkczA3MS5zazEuaHdjZG4ubmV0GAg=.vCSBJW/CMONnymo6KiPhrh9KclEHcth48DRwfyiZVI8=
x-hw: 1672433433.cds222.sk1.hc,1672433433.cds071.sk1.sc,1672433433.cds071.sk1.pr
link: <https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/google_play.jpg>; rel="canonical"
access-control-allow-origin: *
X-Firefox-Spdy: h2
demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/container.js
151.139.128.10200 OK 317 B URL HTTP/2 demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/container.js
IP 151.139.128.10:0
File type ASCII text, with very long lines (514)
Hash abbcd47293a1d3441d6c87604d5ab3c2
302f022c93d5114efcc2a8cf57d00ee743f3e8b4
c2bc7d8c507b509332bd93fbc743dbc7d6d5fec2e530461a94ad70b664fd19b0
Analyzer Verdict Alert fortinet Phishing
GET /trial-y412xt64/Last_Correos/assets/recibir_paquete_files/container.js HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/Recibir_paquete.php
Cookie: SPSI=a91d0557a11bca5c3dd056d030f9fe69; SPSE=iJDnZ37qpHqAdfC29eha9Y7IGmZc4pp6/aKCTgXy8Hh5q0c0yX2wgJVCGphJyPcPv/6smq9di9Eq26xNxLiFmw==; spcsrf=925916480da6e76a1f03bbbfc696dd2f; UTGv2=h4afcbc4867903a0930432b490c1019ba163; sbtsck=javDsO7Kv0CspJiEhgwWCNohGOjsnHeDCVzN6KsctFQN+o=; PRLST=; adOtr=0d95a71a511; PHPSESSID=14af7eef6fd7c25d49c1c322030f6d84; sp_lit=sH27dxi/R8x8UdGPWaE2hQ==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Dec 2022 20:50:33 GMT
etag: "1653332346"
cache-control: max-age=30
content-encoding: gzip
content-length: 317
content-type: application/javascript; charset=utf-8
last-modified: Mon, 23 May 2022 18:59:06 GMT
accept-ranges: bytes
vary: Accept-Encoding
x-proxy-cache: MISS
x-robots-tag: noindex, nofollow, noarchive, nosnippet
strict-transport-security: max-age=31536000; includeSubDomains
server: fbs
x-sp-metadata: HS256.CKm6vZ0GEocBCiQ3ODlmZWQzYy1mZDBkLTQ5M2QtODBlZC05ODg0M2ZlZTYxZmYQ2J+KgafZ+wIaBgiZnr2dBiIMOTEuOTAuNDIuMTU0KP21ATADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGIyZTMyMTQ2MDdjMjc0ZTNiNzJmMTQ0NzFhMGFkZDlkGikSJDA3MDQzMTA5LTY4OTEtNDU2My1iZDU3LTdiYjI0NmQwMTVjMxi9AiIaCAISFGNkczI0OS5zazEuaHdjZG4ubmV0GAg=./hv0bxLyyuhj3ADSjKmNare1y0SPh9qZpmTcI/ZVoTU=
x-hw: 1672433433.cds222.sk1.hc,1672433433.cds249.sk1.sc,1672433433.cds249.sk1.pr
link: <https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/container.js>; rel="canonical"
access-control-allow-origin: *
X-Firefox-Spdy: h2
demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/Seleccione%20medio%20de%20pago_fichiers/jquery-1.js
151.139.128.10200 OK 74 kB URL HTTP/2 demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/Seleccione%20medio%20de%20pago_fichiers/jquery-1.js
IP 151.139.128.10:0
Hash 5d3e19d799af1614d307455c75452443
95d21bc6d5395ea51c46ed0ec47d505c8fbaed7e
f3dffc814892061dcf6e19461105bb910de706b9859425f37083dc159e5f2aa9
Analyzer Verdict Alert fortinet Phishing
GET /trial-y412xt64/Last_Correos/assets/Seleccione%20medio%20de%20pago_fichiers/jquery-1.js HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/Recibir_paquete.php
Cookie: SPSI=a91d0557a11bca5c3dd056d030f9fe69; SPSE=iJDnZ37qpHqAdfC29eha9Y7IGmZc4pp6/aKCTgXy8Hh5q0c0yX2wgJVCGphJyPcPv/6smq9di9Eq26xNxLiFmw==; spcsrf=925916480da6e76a1f03bbbfc696dd2f; UTGv2=h4afcbc4867903a0930432b490c1019ba163; sbtsck=javDsO7Kv0CspJiEhgwWCNohGOjsnHeDCVzN6KsctFQN+o=; PRLST=; adOtr=0d95a71a511; PHPSESSID=14af7eef6fd7c25d49c1c322030f6d84; sp_lit=sH27dxi/R8x8UdGPWaE2hQ==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Dec 2022 20:50:34 GMT
etag: "1653332346"
cache-control: max-age=30
content-encoding: gzip
content-length: 73776
content-type: application/javascript; charset=utf-8
last-modified: Mon, 23 May 2022 18:59:06 GMT
accept-ranges: bytes
vary: Accept-Encoding
x-proxy-cache: MISS
x-robots-tag: noindex, nofollow, noarchive, nosnippet
strict-transport-security: max-age=31536000; includeSubDomains
server: fbs
x-sp-metadata: HS256.CKq6vZ0GEocBCiQ3NmMwNDRlYy01YmY2LTQzMGUtYmEzMC1kNzAwOTgyNGIyZGQQ2J+KgafZ+wIaBgiZnr2dBiIMOTEuOTAuNDIuMTU0KP21ATADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGIyZTMyMTQ2MDdjMjc0ZTNiNzJmMTQ0NzFhMGFkZDlkGioSJDIwYjU5ZTgwLTY2MzktNDFlNC04MGI2LTM0NTQ0YjNjMTFiORiwwAQiGggCEhRjZHMyNDMuc2sxLmh3Y2RuLm5ldBgI.wsS76izUSNTInOhT1BEsggKdlqUwaih11uOyPLAcfPI=
x-hw: 1672433433.cds222.sk1.hc,1672433433.cds243.sk1.sc,1672433434.cds243.sk1.pr
link: <https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/Seleccione%20medio%20de%20pago_fichiers/jquery-1.js>; rel="canonical"
access-control-allow-origin: *
X-Firefox-Spdy: h2
demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/Seleccione%20medio%20de%20pago_fichiers/jquery-1_002.js
151.139.128.10200 OK 33 kB URL HTTP/2 demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/Seleccione%20medio%20de%20pago_fichiers/jquery-1_002.js
IP 151.139.128.10:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32769)
Hash 76db83dd730f355d8a2b2445ca815c06
90e3cf9de8c028d5bfa8ad0250375aaed34abdf3
b7accca78a6dd5121a5c735bf66b608eef1c6f691dd00a14158e232fc77acb43
Analyzer Verdict Alert fortinet Phishing
GET /trial-y412xt64/Last_Correos/assets/Seleccione%20medio%20de%20pago_fichiers/jquery-1_002.js HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/Recibir_paquete.php
Cookie: SPSI=a91d0557a11bca5c3dd056d030f9fe69; SPSE=iJDnZ37qpHqAdfC29eha9Y7IGmZc4pp6/aKCTgXy8Hh5q0c0yX2wgJVCGphJyPcPv/6smq9di9Eq26xNxLiFmw==; spcsrf=925916480da6e76a1f03bbbfc696dd2f; UTGv2=h4afcbc4867903a0930432b490c1019ba163; sbtsck=javDsO7Kv0CspJiEhgwWCNohGOjsnHeDCVzN6KsctFQN+o=; PRLST=; adOtr=0d95a71a511; PHPSESSID=14af7eef6fd7c25d49c1c322030f6d84; sp_lit=sH27dxi/R8x8UdGPWaE2hQ==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Dec 2022 20:50:34 GMT
etag: "1653332346"
cache-control: max-age=30
content-encoding: gzip
content-length: 33409
content-type: application/javascript; charset=utf-8
last-modified: Mon, 23 May 2022 18:59:06 GMT
accept-ranges: bytes
vary: Accept-Encoding
x-proxy-cache: MISS
x-robots-tag: noindex, nofollow, noarchive, nosnippet
strict-transport-security: max-age=31536000; includeSubDomains
server: fbs
x-sp-metadata: HS256.CKq6vZ0GEocBCiQyZDFjZTJjNy02MTE3LTRkZjktOGY0Ny02NGE4ZDhmNjIxMTYQ2J+KgafZ+wIaBgiZnr2dBiIMOTEuOTAuNDIuMTU0KP21ATADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGIyZTMyMTQ2MDdjMjc0ZTNiNzJmMTQ0NzFhMGFkZDlkGioSJGZhMzdhMTg0LTQ4MDUtNDlkYy1hOTg0LWZmMjYwNjMxMjljZRiBhQIiGggCEhRjZHMyMzUuc2sxLmh3Y2RuLm5ldBgI.Chu39cx4v6mXDo6EC+kB6Eis4EsAm0QwSA1Tr8EziDM=
x-hw: 1672433433.cds222.sk1.hc,1672433433.cds235.sk1.sc,1672433434.cds235.sk1.pr
link: <https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/Seleccione%20medio%20de%20pago_fichiers/jquery-1_002.js>; rel="canonical"
access-control-allow-origin: *
X-Firefox-Spdy: h2
demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/correos-ui-kit.css
151.139.128.10200 OK 19 kB URL HTTP/2 demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/correos-ui-kit.css
IP 151.139.128.10:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash d7f060d473c184f8b561089afef22c42
a8f585ea300292f5084de28f54f5db190875883e
2b72949ea596dc03fb8fa6a6908571a30004c30d244c9156945cfdc151894fc1
GET /trial-y412xt64/Last_Correos/assets/recibir_paquete_files/correos-ui-kit.css HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/Recibir_paquete.php
Cookie: SPSI=a91d0557a11bca5c3dd056d030f9fe69; SPSE=iJDnZ37qpHqAdfC29eha9Y7IGmZc4pp6/aKCTgXy8Hh5q0c0yX2wgJVCGphJyPcPv/6smq9di9Eq26xNxLiFmw==; spcsrf=925916480da6e76a1f03bbbfc696dd2f; UTGv2=h4afcbc4867903a0930432b490c1019ba163; sbtsck=javDsO7Kv0CspJiEhgwWCNohGOjsnHeDCVzN6KsctFQN+o=; PRLST=; adOtr=0d95a71a511; PHPSESSID=14af7eef6fd7c25d49c1c322030f6d84; sp_lit=sH27dxi/R8x8UdGPWaE2hQ==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Dec 2022 20:50:34 GMT
etag: "1653332346"
cache-control: max-age=30
content-encoding: gzip
content-length: 18628
content-type: text/css
last-modified: Mon, 23 May 2022 18:59:06 GMT
accept-ranges: bytes
vary: Accept-Encoding
x-proxy-cache: MISS
x-robots-tag: noindex, nofollow, noarchive, nosnippet
strict-transport-security: max-age=31536000; includeSubDomains
server: fbs
x-sp-metadata: HS256.CKq6vZ0GEocBCiQwNGJlZTJkOC0zNDE2LTQ3MzAtOGM3MC1iYmY5MTk1YzU5YjAQ2J+KgafZ+wIaBgiZnr2dBiIMOTEuOTAuNDIuMTU0KP21ATADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGIyZTMyMTQ2MDdjMjc0ZTNiNzJmMTQ0NzFhMGFkZDlkGioSJGY5OTU1NTEzLWJkMTgtNDYyYS04NzdiLTQ0ZmQ5MjFkMTFiNxjEkQEiGggCEhRjZHMyMjcuc2sxLmh3Y2RuLm5ldBgI.bBiRvHEsf6eScLm3L3IYDK1Vm04yOj7B/FYq5+kRVBA=
x-hw: 1672433433.cds222.sk1.hc,1672433433.cds227.sk1.sc,1672433434.cds227.sk1.pr
link: <https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/correos-ui-kit.css>; rel="canonical"
access-control-allow-origin: *
X-Firefox-Spdy: h2
demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/Seleccione%20medio%20de%20pago_fichiers/jquery-ui-1.js
151.139.128.10200 OK 53 kB URL HTTP/2 demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/Seleccione%20medio%20de%20pago_fichiers/jquery-ui-1.js
IP 151.139.128.10:0
File type ASCII text, with very long lines (18557)
Hash 9674da53b48a950f8314ade4948962bc
89ad62ef463c3579bcce94a5b6fbf387330b2df0
029e91c4bf31ce2d8e7d88670f931d4eef989bb4ff3260ade30481584c18e433
Analyzer Verdict Alert fortinet Phishing
GET /trial-y412xt64/Last_Correos/assets/Seleccione%20medio%20de%20pago_fichiers/jquery-ui-1.js HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/Recibir_paquete.php
Cookie: SPSI=a91d0557a11bca5c3dd056d030f9fe69; SPSE=iJDnZ37qpHqAdfC29eha9Y7IGmZc4pp6/aKCTgXy8Hh5q0c0yX2wgJVCGphJyPcPv/6smq9di9Eq26xNxLiFmw==; spcsrf=925916480da6e76a1f03bbbfc696dd2f; UTGv2=h4afcbc4867903a0930432b490c1019ba163; sbtsck=javDsO7Kv0CspJiEhgwWCNohGOjsnHeDCVzN6KsctFQN+o=; PRLST=; adOtr=0d95a71a511; PHPSESSID=14af7eef6fd7c25d49c1c322030f6d84; sp_lit=sH27dxi/R8x8UdGPWaE2hQ==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Dec 2022 20:50:34 GMT
etag: "1653332346"
cache-control: max-age=30
content-encoding: gzip
content-length: 52924
content-type: application/javascript; charset=utf-8
last-modified: Mon, 23 May 2022 18:59:06 GMT
accept-ranges: bytes
vary: Accept-Encoding
x-proxy-cache: MISS
x-robots-tag: noindex, nofollow, noarchive, nosnippet
strict-transport-security: max-age=31536000; includeSubDomains
server: fbs
x-sp-metadata: HS256.CKq6vZ0GEocBCiQwMmNhOTExMS0xNDRmLTRlZGUtODNjYS03ZGNjNzQyMmM0MjcQ2J+KgafZ+wIaBgiZnr2dBiIMOTEuOTAuNDIuMTU0KP21ATADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGIyZTMyMTQ2MDdjMjc0ZTNiNzJmMTQ0NzFhMGFkZDlkGioSJGVmZTdlZDAyLTIyOGMtNGJmNi04Yjk4LTcyZTI5NWQ5ZDk5ZBi8nQMiGggCEhRjZHMwMDMuc2sxLmh3Y2RuLm5ldBgI.9EnpVU9V4LnXgT7/cUEIiDEBCZE7LadJlYeSEzOkRYk=
x-hw: 1672433433.cds222.sk1.hc,1672433433.cds003.sk1.sc,1672433434.cds003.sk1.pr
link: <https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/Seleccione%20medio%20de%20pago_fichiers/jquery-ui-1.js>; rel="canonical"
access-control-allow-origin: *
X-Firefox-Spdy: h2
demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/pic_image/package.jpg
151.139.128.10200 OK 80 kB URL HTTP/2 demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/pic_image/package.jpg
IP 151.139.128.10:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1440x960, components 3\012- data
Hash c8f62200abc0901f82eb57cfd63f11da
b57afb6c671cc84aff03656945c36af57ec0c68d
0e343f72b8fe95c764a97e83ec0b5f47910e7615045487174fb48e1ce6075372
GET /trial-y412xt64/Last_Correos/assets/pic_image/package.jpg HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/Recibir_paquete.php
Cookie: SPSI=a91d0557a11bca5c3dd056d030f9fe69; SPSE=iJDnZ37qpHqAdfC29eha9Y7IGmZc4pp6/aKCTgXy8Hh5q0c0yX2wgJVCGphJyPcPv/6smq9di9Eq26xNxLiFmw==; spcsrf=925916480da6e76a1f03bbbfc696dd2f; UTGv2=h4afcbc4867903a0930432b490c1019ba163; sbtsck=javDsO7Kv0CspJiEhgwWCNohGOjsnHeDCVzN6KsctFQN+o=; PRLST=; adOtr=0d95a71a511; PHPSESSID=14af7eef6fd7c25d49c1c322030f6d84; sp_lit=sH27dxi/R8x8UdGPWaE2hQ==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Dec 2022 20:50:35 GMT
etag: "1653332346"
cache-control: max-age=30
content-length: 79701
content-type: image/jpeg
last-modified: Mon, 23 May 2022 18:59:06 GMT
accept-ranges: bytes
x-proxy-cache: MISS
x-robots-tag: noindex, nofollow, noarchive, nosnippet
strict-transport-security: max-age=31536000; includeSubDomains
server: fbs
x-sp-metadata: HS256.CKu6vZ0GEocBCiQ0NzI5YmM0My03ZTMyLTQ0YmYtYTcyMi00YTA0MzFjODI1NjEQ2J+KgafZ+wIaBgianr2dBiIMOTEuOTAuNDIuMTU0KP21ATADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGIyZTMyMTQ2MDdjMjc0ZTNiNzJmMTQ0NzFhMGFkZDlkGioSJDRjNGI0MjcxLTQzZTgtNDQ0ZS1hODY0LTBlZmQ0ZGU2YmJkOBjV7gQiGggCEhRjZHMyMzcuc2sxLmh3Y2RuLm5ldBgI.TlDG1C3NGY9N3tHbYeP+hhUBLDYi9025yVYP84dsuzs=
x-hw: 1672433434.cds222.sk1.hc,1672433434.cds237.sk1.sc,1672433435.cds237.sk1.pr
link: <https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/pic_image/package.jpg>; rel="canonical"
access-control-allow-origin: *
X-Firefox-Spdy: h2
demo2.cloudwp.dev/trial-y412xt64/Last_Correos/Seleccione%20medio%20de%20pago_fichiers/main.css
151.139.128.10404 Not Found 9.9 kB URL HTTP/2 demo2.cloudwp.dev/trial-y412xt64/Last_Correos/Seleccione%20medio%20de%20pago_fichiers/main.css
IP 151.139.128.10:0
Hash 9195395ec6a1d0643ed9c48b528fd828
e26ec8167ab887bf4a9826c67b323d8fe72b3470
d8783d1cb4f5ce7a93c9224d131f18eda9c31b464b07b0dc7e05ecbadb16397a
GET /trial-y412xt64/Last_Correos/Seleccione%20medio%20de%20pago_fichiers/main.css HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/Recibir_paquete.php
Cookie: SPSI=a91d0557a11bca5c3dd056d030f9fe69; SPSE=iJDnZ37qpHqAdfC29eha9Y7IGmZc4pp6/aKCTgXy8Hh5q0c0yX2wgJVCGphJyPcPv/6smq9di9Eq26xNxLiFmw==; spcsrf=925916480da6e76a1f03bbbfc696dd2f; UTGv2=h4afcbc4867903a0930432b490c1019ba163; sbtsck=javDsO7Kv0CspJiEhgwWCNohGOjsnHeDCVzN6KsctFQN+o=; PRLST=; adOtr=0d95a71a511; PHPSESSID=14af7eef6fd7c25d49c1c322030f6d84; sp_lit=sH27dxi/R8x8UdGPWaE2hQ==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
date: Fri, 30 Dec 2022 20:50:34 GMT
accept-ranges: bytes
content-encoding: gzip
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
cache-control: no-cache, must-revalidate, max-age=0
server: fbs
link: <https://demo2.cloudwp.dev/trial-y412xt64/wp-json/>; rel="https://api.w.org/", <https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/Seleccione%20medio%20de%20pago_fichiers/main.css>; rel="canonical"
x-hw: 1672433433.cds222.sk1.hc,1672433433.cds213.sk1.sc,1672433434.cdn2-wafbe02-arn1.stackpath.systems.-.wx,1672433434.cds213.sk1.p
access-control-allow-origin: *
x-sp-metadata: HS256.CKq6vZ0GEocBCiRjYTBlNDc0Ny05OGNlLTQzMTYtYTk1NS0zZjM0NTQ1MzNkNDMQ2J+KgafZ+wIaBgiZnr2dBiIMOTEuOTAuNDIuMTU0KP21ATADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGIyZTMyMTQ2MDdjMjc0ZTNiNzJmMTQ0NzFhMGFkZDlkGiYSJDdjNjJkZTNkLTUwNTMtNDZlZi04ZjZhLWI4OGU0NDFkOWMwNyIaCAISFGNkczIxMy5zazEuaHdjZG4ubmV0GAg=.33FNoYoMlbpdeWyTjr770GqUIQY+daDUZJxY1Rv5Pa4=
X-Firefox-Spdy: h2
demo2.cloudwp.dev/etc.clientlibs/correos/clientlibs/clientlib-base/resources/assets/fonts/correos-icons.1648744842199.woff2
151.139.128.10301 Moved Permanently 246 B URL HTTP/2 demo2.cloudwp.dev/etc.clientlibs/correos/clientlibs/clientlib-base/resources/assets/fonts/correos-icons.1648744842199.woff2
IP 151.139.128.10:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 34e7e14b00c9dd2bccc95c97fc80b049
3489a6241b5a46a124b0eb5908dfeac166919eee
0ffeeccf9b904bc7cfe3a9d9554dc8e05907adec665e93a5921d79a9415ab5b0
Analyzer Verdict Alert fortinet Phishing
GET /etc.clientlibs/correos/clientlibs/clientlib-base/resources/assets/fonts/correos-icons.1648744842199.woff2 HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/correos-ui-kit.css
Cookie: SPSI=a91d0557a11bca5c3dd056d030f9fe69; SPSE=iJDnZ37qpHqAdfC29eha9Y7IGmZc4pp6/aKCTgXy8Hh5q0c0yX2wgJVCGphJyPcPv/6smq9di9Eq26xNxLiFmw==; spcsrf=925916480da6e76a1f03bbbfc696dd2f; UTGv2=h4afcbc4867903a0930432b490c1019ba163; sbtsck=javDsO7Kv0CspJiEhgwWCNohGOjsnHeDCVzN6KsctFQN+o=; PRLST=; adOtr=0d95a71a511; PHPSESSID=14af7eef6fd7c25d49c1c322030f6d84; sp_lit=sH27dxi/R8x8UdGPWaE2hQ==
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 301 Moved Permanently
date: Fri, 30 Dec 2022 20:50:35 GMT
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-length: 246
content-type: text/html; charset=iso-8859-1
set-cookie: spcsrf=44379c40ecbd47cd536e080017a5d0a9; path=/; SameSite=Strict; HttpOnly; expires=Fri, 30-Dec-22 22:50:34 GMT
pragma: no-cache
expires: Sun, 20 Apr 1975 05:05:00 GMT
location: https://demo2.cloudwp.dev/inactive.htm
x-proxy-cache: MISS
x-robots-tag: noindex, nofollow, noarchive, nosnippet
strict-transport-security: max-age=31536000; includeSubDomains
server: fbs
link: <https://demo2.cloudwp.dev/etc.clientlibs/correos/clientlibs/clientlib-base/resources/assets/fonts/correos-icons.1648744842199.woff2>; rel="canonical"
x-hw: 1672433434.cds222.sk1.hc,1672433434.cds253.sk1.sc,1672433435.cdn2-redis02-arn1.stackpath.systems.-.wx,1672433435.cds253.sk1.p
access-control-allow-origin: *
x-sp-metadata: HS256.CKu6vZ0GEocBCiQ3YzE5ZmJkMi1iOTE0LTRiY2MtYmQ0My1mZWE5NzViMTZkZDAQ2J+KgafZ+wIaBgianr2dBiIMOTEuOTAuNDIuMTU0KP21ATADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGIyZTMyMTQ2MDdjMjc0ZTNiNzJmMTQ0NzFhMGFkZDlkGikSJDM5OTU4YWQ5LTY4YmUtNGVhNi05ZTU0LTg1ZjljZjU4Zjk0MRj2ASIaCAISFGNkczI1My5zazEuaHdjZG4ubmV0GAg=.h4gaw1aWK2lFUwCRQPOngVAVjQYn1JfoHvSIwqYjOpI=
X-Firefox-Spdy: h2
demo2.cloudwp.dev/etc.clientlibs/correos/clientlibs/clientlib-base/resources/assets/fonts/cartero-light-webfont.woff2
151.139.128.10301 Moved Permanently 246 B URL HTTP/2 demo2.cloudwp.dev/etc.clientlibs/correos/clientlibs/clientlib-base/resources/assets/fonts/cartero-light-webfont.woff2
IP 151.139.128.10:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 34e7e14b00c9dd2bccc95c97fc80b049
3489a6241b5a46a124b0eb5908dfeac166919eee
0ffeeccf9b904bc7cfe3a9d9554dc8e05907adec665e93a5921d79a9415ab5b0
Analyzer Verdict Alert fortinet Phishing
GET /etc.clientlibs/correos/clientlibs/clientlib-base/resources/assets/fonts/cartero-light-webfont.woff2 HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/correos-ui-kit.css
Cookie: SPSI=a91d0557a11bca5c3dd056d030f9fe69; SPSE=iJDnZ37qpHqAdfC29eha9Y7IGmZc4pp6/aKCTgXy8Hh5q0c0yX2wgJVCGphJyPcPv/6smq9di9Eq26xNxLiFmw==; spcsrf=925916480da6e76a1f03bbbfc696dd2f; UTGv2=h4afcbc4867903a0930432b490c1019ba163; sbtsck=javDsO7Kv0CspJiEhgwWCNohGOjsnHeDCVzN6KsctFQN+o=; PRLST=; adOtr=0d95a71a511; PHPSESSID=14af7eef6fd7c25d49c1c322030f6d84; sp_lit=sH27dxi/R8x8UdGPWaE2hQ==
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 301 Moved Permanently
date: Fri, 30 Dec 2022 20:50:35 GMT
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-length: 246
content-type: text/html; charset=iso-8859-1
set-cookie: spcsrf=479abf5657171b8a3a83bdf64c1f80ec; path=/; SameSite=Strict; HttpOnly; expires=Fri, 30-Dec-22 22:50:34 GMT
pragma: no-cache
expires: Sun, 20 Apr 1975 05:05:00 GMT
location: https://demo2.cloudwp.dev/inactive.htm
x-proxy-cache: MISS
x-robots-tag: noindex, nofollow, noarchive, nosnippet
strict-transport-security: max-age=31536000; includeSubDomains
server: fbs
link: <https://demo2.cloudwp.dev/etc.clientlibs/correos/clientlibs/clientlib-base/resources/assets/fonts/cartero-light-webfont.woff2>; rel="canonical"
x-hw: 1672433434.cds222.sk1.hc,1672433434.cds246.sk1.sc,1672433435.cdn2-wafbe02-arn1.stackpath.systems.-.wx,1672433435.cds246.sk1.p
access-control-allow-origin: *
x-sp-metadata: HS256.CKu6vZ0GEocBCiQyMDcxNzRkZi0zMDEyLTQ4MGQtYjBjNi1lOTJjMThlZmMyMTMQ2J+KgafZ+wIaBgianr2dBiIMOTEuOTAuNDIuMTU0KP21ATADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGIyZTMyMTQ2MDdjMjc0ZTNiNzJmMTQ0NzFhMGFkZDlkGikSJDY2ZTYyZmE3LTNjMTctNDRiZi05NDMxLWQxODYyMTZjODlkYhj2ASIaCAISFGNkczI0Ni5zazEuaHdjZG4ubmV0GAg=.fJsnkrp4Sazzjh5rEDFFggZWobgRJU+iHFvYT8ReKqk=
X-Firefox-Spdy: h2
demo2.cloudwp.dev/etc.clientlibs/correos/clientlibs/clientlib-base/resources/assets/fonts/cartero-regular-webfont.woff2
151.139.128.10301 Moved Permanently 246 B URL HTTP/2 demo2.cloudwp.dev/etc.clientlibs/correos/clientlibs/clientlib-base/resources/assets/fonts/cartero-regular-webfont.woff2
IP 151.139.128.10:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 34e7e14b00c9dd2bccc95c97fc80b049
3489a6241b5a46a124b0eb5908dfeac166919eee
0ffeeccf9b904bc7cfe3a9d9554dc8e05907adec665e93a5921d79a9415ab5b0
Analyzer Verdict Alert fortinet Phishing
GET /etc.clientlibs/correos/clientlibs/clientlib-base/resources/assets/fonts/cartero-regular-webfont.woff2 HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/correos-ui-kit.css
Cookie: SPSI=a91d0557a11bca5c3dd056d030f9fe69; SPSE=iJDnZ37qpHqAdfC29eha9Y7IGmZc4pp6/aKCTgXy8Hh5q0c0yX2wgJVCGphJyPcPv/6smq9di9Eq26xNxLiFmw==; spcsrf=925916480da6e76a1f03bbbfc696dd2f; UTGv2=h4afcbc4867903a0930432b490c1019ba163; sbtsck=javDsO7Kv0CspJiEhgwWCNohGOjsnHeDCVzN6KsctFQN+o=; PRLST=; adOtr=0d95a71a511; PHPSESSID=14af7eef6fd7c25d49c1c322030f6d84; sp_lit=sH27dxi/R8x8UdGPWaE2hQ==
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 301 Moved Permanently
date: Fri, 30 Dec 2022 20:50:35 GMT
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-length: 246
content-type: text/html; charset=iso-8859-1
set-cookie: spcsrf=0e00d566647b6930cb75f8531900b590; path=/; SameSite=Strict; HttpOnly; expires=Fri, 30-Dec-22 22:50:34 GMT
pragma: no-cache
expires: Sun, 20 Apr 1975 05:05:00 GMT
location: https://demo2.cloudwp.dev/inactive.htm
x-proxy-cache: MISS
x-robots-tag: noindex, nofollow, noarchive, nosnippet
strict-transport-security: max-age=31536000; includeSubDomains
server: fbs
link: <https://demo2.cloudwp.dev/etc.clientlibs/correos/clientlibs/clientlib-base/resources/assets/fonts/cartero-regular-webfont.woff2>; rel="canonical"
x-hw: 1672433434.cds222.sk1.hc,1672433434.cds212.sk1.sc,1672433435.cdn2-wafbe01-arn1.stackpath.systems.-.wx,1672433435.cds212.sk1.p
access-control-allow-origin: *
x-sp-metadata: HS256.CKu6vZ0GEocBCiQyNjBkNjE4Ni1hM2FiLTQ0NzgtYjUxOS00YTVjOGJkYzNkNTAQ2J+KgafZ+wIaBgianr2dBiIMOTEuOTAuNDIuMTU0KP21ATADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGIyZTMyMTQ2MDdjMjc0ZTNiNzJmMTQ0NzFhMGFkZDlkGikSJDZlZGRlZWFkLTk0NzctNDE1MS04NDQzLWFmMjBjYjE1OTFlYhj2ASIaCAISFGNkczIxMi5zazEuaHdjZG4ubmV0GAg=.euXGApAZIlxuofnvxd3NOs1VFpHhURmzStaLeXifyc8=
X-Firefox-Spdy: h2
demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/CORREOS-favicon.ico
151.139.128.10200 OK 110 kB URL HTTP/2 demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/CORREOS-favicon.ico
IP 151.139.128.10:0
File type MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel\012- data
Size 110 kB (110021 bytes)
Hash 349246ee336d8b2986e584a4fa436128
598b9f95458a2426bf1688d616c4f6f3fea3580e
68554c17c00a589c2b29e1f74ac5efbcd8d30252792626f5fff81955e4d89ae7
Analyzer Verdict Alert fortinet Phishing
GET /trial-y412xt64/Last_Correos/assets/recibir_paquete_files/CORREOS-favicon.ico HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/Recibir_paquete.php
Cookie: SPSI=a91d0557a11bca5c3dd056d030f9fe69; SPSE=iJDnZ37qpHqAdfC29eha9Y7IGmZc4pp6/aKCTgXy8Hh5q0c0yX2wgJVCGphJyPcPv/6smq9di9Eq26xNxLiFmw==; spcsrf=0e00d566647b6930cb75f8531900b590; UTGv2=h4afcbc4867903a0930432b490c1019ba163; sbtsck=javDsO7Kv0CspJiEhgwWCNohGOjsnHeDCVzN6KsctFQN+o=; PRLST=; adOtr=0d95a71a511; PHPSESSID=14af7eef6fd7c25d49c1c322030f6d84; sp_lit=sH27dxi/R8x8UdGPWaE2hQ==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Dec 2022 20:50:36 GMT
etag: "1653332346"
cache-control: max-age=30
content-length: 110021
content-type: image/x-icon
last-modified: Mon, 23 May 2022 18:59:06 GMT
accept-ranges: bytes
x-proxy-cache: MISS
x-robots-tag: noindex, nofollow, noarchive, nosnippet
strict-transport-security: max-age=31536000; includeSubDomains
server: fbs
x-sp-metadata: HS256.CKy6vZ0GEocBCiQ0MGYzYjllMy03NDEyLTRiNjYtOWI1NC0xMWU2ZTk1Njg2MjMQ2J+KgafZ+wIaBgibnr2dBiIMOTEuOTAuNDIuMTU0KP21ATADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGIyZTMyMTQ2MDdjMjc0ZTNiNzJmMTQ0NzFhMGFkZDlkGioSJDNiODMxMDIxLThjYzUtNDZlZi1iMDY0LWNjZWMyOTRhZjc1NhjF2wYiGggCEhRjZHMyMzUuc2sxLmh3Y2RuLm5ldBgI.672KYtVYft3zI/eYnvOvE37cu9uOrUoxSWGyR+SlzAY=
x-hw: 1672433435.cds222.sk1.hc,1672433435.cds235.sk1.sc,1672433436.cds235.sk1.pr
link: <https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/CORREOS-favicon.ico>; rel="canonical"
access-control-allow-origin: *
X-Firefox-Spdy: h2
demo2.cloudwp.dev/inactive.htm
151.139.128.10200 OK 4.9 kB URL HTTP/2 demo2.cloudwp.dev/inactive.htm
IP 151.139.128.10:0
Hash 59e21e646b640852215a352dd3bdca53
70ebb240387168410e199eec69abfeb1ef9c8764
5125ee11df2c9ba91876391d342affe102117d2ea37af5458a02d447afef4058
Analyzer Verdict Alert fortinet Phishing
GET /inactive.htm HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/correos-ui-kit.css
Connection: keep-alive
Cookie: SPSI=a91d0557a11bca5c3dd056d030f9fe69; SPSE=iJDnZ37qpHqAdfC29eha9Y7IGmZc4pp6/aKCTgXy8Hh5q0c0yX2wgJVCGphJyPcPv/6smq9di9Eq26xNxLiFmw==; spcsrf=479abf5657171b8a3a83bdf64c1f80ec; UTGv2=h4afcbc4867903a0930432b490c1019ba163; sbtsck=javDsO7Kv0CspJiEhgwWCNohGOjsnHeDCVzN6KsctFQN+o=; PRLST=; adOtr=0d95a71a511; PHPSESSID=14af7eef6fd7c25d49c1c322030f6d84; sp_lit=sH27dxi/R8x8UdGPWaE2hQ==
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Dec 2022 20:50:35 GMT
cache-control: private
content-encoding: gzip
content-type: text/html; charset=utf-8
last-modified: Fri, 09 Jul 2021 17:42:39 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
x-robots-tag: noindex, nofollow, noarchive, nosnippet
strict-transport-security: max-age=31536000; includeSubDomains
server: fbs
set-cookie: spcsrf=56945d05f8d51538153530ef361f0701; path=/; SameSite=Strict; HttpOnly; expires=Fri, 30-Dec-22 22:50:35 GMT
PRLST=; Tue, 27-Dec-22 20:50:35 GMT; path=/; SameSite=Lax;
sp_lit=NzMEzsYLk+hKTeN4tWty6w==; path=/; SameSite=Strict; HttpOnly; expires=Fri, 30-Dec-22 20:55:35 GMT
link: <https://demo2.cloudwp.dev/inactive.htm>; rel="canonical"
x-hw: 1672433435.cds222.sk1.hc,1672433435.cds018.sk1.sc,1672433435.cdn2-wafbe01-arn1.stackpath.systems.-.wx,1672433435.cds018.sk1.p
access-control-allow-origin: *
x-sp-metadata: HS256.CKu6vZ0GEocBCiRlNzhiYjFmZC0yOGJiLTQwZTItOWY5NC0xMmIzN2IwYTRmZWQQ2J+KgafZ+wIaBgibnr2dBiIMOTEuOTAuNDIuMTU0KP21ATADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGIyZTMyMTQ2MDdjMjc0ZTNiNzJmMTQ0NzFhMGFkZDlkGigIARIkNTRiNjM1MTMtNzE4Yy00ZDMwLWJmM2EtODMyYzQxNGMxMmNlIhoIAhIUY2RzMDE4LnNrMS5od2Nkbi5uZXQYCA==.388YP5ugUYHdpCAjCbfEZT3M6L03Ie74ph2xYgm5qnY=
X-Firefox-Spdy: h2
demo2.cloudwp.dev/inactive.htm
151.139.128.10200 OK 4.9 kB URL HTTP/2 demo2.cloudwp.dev/inactive.htm
IP 151.139.128.10:0
Hash 5619fe7cea82b1f4e217b61dfb957eb9
42ce834d4dfd62482c2a6b660ea5ac411c4d1085
672dac63bcee3d72144614771c9a337fa5900de377c0d3537688885b759b1472
Analyzer Verdict Alert fortinet Phishing
GET /inactive.htm HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/correos-ui-kit.css
Connection: keep-alive
Cookie: SPSI=a91d0557a11bca5c3dd056d030f9fe69; SPSE=iJDnZ37qpHqAdfC29eha9Y7IGmZc4pp6/aKCTgXy8Hh5q0c0yX2wgJVCGphJyPcPv/6smq9di9Eq26xNxLiFmw==; spcsrf=0e00d566647b6930cb75f8531900b590; UTGv2=h4afcbc4867903a0930432b490c1019ba163; sbtsck=javDsO7Kv0CspJiEhgwWCNohGOjsnHeDCVzN6KsctFQN+o=; PRLST=; adOtr=0d95a71a511; PHPSESSID=14af7eef6fd7c25d49c1c322030f6d84; sp_lit=sH27dxi/R8x8UdGPWaE2hQ==
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Dec 2022 20:50:35 GMT
cache-control: private
content-encoding: gzip
content-type: text/html; charset=utf-8
last-modified: Fri, 09 Jul 2021 17:42:39 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
x-robots-tag: noindex, nofollow, noarchive, nosnippet
strict-transport-security: max-age=31536000; includeSubDomains
server: fbs
set-cookie: spcsrf=429948b9c7d30f2d915c4ff75075e393; path=/; SameSite=Strict; HttpOnly; expires=Fri, 30-Dec-22 22:50:35 GMT
PRLST=; Tue, 27-Dec-22 20:50:35 GMT; path=/; SameSite=Lax;
sp_lit=NzMEzsYLk+hKTeN4tWty6w==; path=/; SameSite=Strict; HttpOnly; expires=Fri, 30-Dec-22 20:55:35 GMT
link: <https://demo2.cloudwp.dev/inactive.htm>; rel="canonical"
x-hw: 1672433435.cds222.sk1.hc,1672433435.cds018.sk1.sc,1672433435.cdn2-redis02-arn1.stackpath.systems.-.wx,1672433435.cds018.sk1.p
access-control-allow-origin: *
x-sp-metadata: HS256.CKu6vZ0GEocBCiQwY2VhM2FlZi01MDk3LTRhM2UtYWJlNy0yZjkyZjcwYTc1NGEQ2J+KgafZ+wIaBgibnr2dBiIMOTEuOTAuNDIuMTU0KP21ATADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGIyZTMyMTQ2MDdjMjc0ZTNiNzJmMTQ0NzFhMGFkZDlkGigIARIkNWIxMjRkZTEtYzNhYy00ZDdlLTk2ODUtYTQwN2Q3OTg4ZWIyIhoIAhIUY2RzMDE4LnNrMS5od2Nkbi5uZXQYCA==.4Lm9vfV6Yr0W6Ep7jQbdWD2gVaSosBr0g0/jZ6UpKvk=
X-Firefox-Spdy: h2
demo2.cloudwp.dev/inactive.htm
151.139.128.10200 OK 4.9 kB URL HTTP/2 demo2.cloudwp.dev/inactive.htm
IP 151.139.128.10:0
Hash 79357439f8a2c34265a04067f5425b9b
251c6b414ad048414df1f9c91479bcaf2bd6d170
1ad8cf13f77eab32829daf6340f9fc52578959b113302ad62c3e847310e1b0c9
Analyzer Verdict Alert fortinet Phishing
GET /inactive.htm HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/Recibir_paquete.php
Connection: keep-alive
Cookie: SPSI=a91d0557a11bca5c3dd056d030f9fe69; SPSE=iJDnZ37qpHqAdfC29eha9Y7IGmZc4pp6/aKCTgXy8Hh5q0c0yX2wgJVCGphJyPcPv/6smq9di9Eq26xNxLiFmw==; spcsrf=0e00d566647b6930cb75f8531900b590; UTGv2=h4afcbc4867903a0930432b490c1019ba163; sbtsck=javDsO7Kv0CspJiEhgwWCNohGOjsnHeDCVzN6KsctFQN+o=; PRLST=; adOtr=0d95a71a511; PHPSESSID=14af7eef6fd7c25d49c1c322030f6d84; sp_lit=sH27dxi/R8x8UdGPWaE2hQ==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Dec 2022 20:50:35 GMT
cache-control: private
content-encoding: gzip
content-type: text/html; charset=utf-8
last-modified: Fri, 09 Jul 2021 17:42:39 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
x-robots-tag: noindex, nofollow, noarchive, nosnippet
strict-transport-security: max-age=31536000; includeSubDomains
server: fbs
set-cookie: spcsrf=5aa6536941370c658802e620b0a73e85; path=/; SameSite=Strict; HttpOnly; expires=Fri, 30-Dec-22 22:50:35 GMT
PRLST=; Tue, 27-Dec-22 20:50:35 GMT; path=/; SameSite=Lax;
sp_lit=NzMEzsYLk+hKTeN4tWty6w==; path=/; SameSite=Strict; HttpOnly; expires=Fri, 30-Dec-22 20:55:35 GMT
link: <https://demo2.cloudwp.dev/inactive.htm>; rel="canonical"
x-hw: 1672433435.cds222.sk1.hc,1672433435.cds018.sk1.sc,1672433435.cdn2-wafbe03-arn1.stackpath.systems.-.wx,1672433435.cds018.sk1.p
access-control-allow-origin: *
x-sp-metadata: HS256.CKu6vZ0GEocBCiQ3MDFmYzAwNS1lNzM5LTRiZTctYjZmMS1kYjY0NmZkNjE2NmEQ2J+KgafZ+wIaBgibnr2dBiIMOTEuOTAuNDIuMTU0KP21ATADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGIyZTMyMTQ2MDdjMjc0ZTNiNzJmMTQ0NzFhMGFkZDlkGigIARIkZjJkNjY2NmYtMTRkNS00MTUzLWIxOTctZjgzNDljMDE2OWZmIhoIAhIUY2RzMDE4LnNrMS5od2Nkbi5uZXQYCA==.SgIM37R+H44f9ETUt2nDDDxwj1ExSt9zP4JScsPiEV4=
X-Firefox-Spdy: h2
demo2.cloudwp.dev/inactive.htm
151.139.128.10200 OK 4.9 kB URL HTTP/2 demo2.cloudwp.dev/inactive.htm
IP 151.139.128.10:0
Hash 4a1547b212e39080d9bca2f6efea7b75
186066b441013c7d5085f15f9711cdfcd0304e15
89088d924d4fb65324e0155ef5520f0c934e3ad69376789bef24655dc0af4760
Analyzer Verdict Alert fortinet Phishing
GET /inactive.htm HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/correos-ui-kit.css
Connection: keep-alive
Cookie: SPSI=a91d0557a11bca5c3dd056d030f9fe69; SPSE=iJDnZ37qpHqAdfC29eha9Y7IGmZc4pp6/aKCTgXy8Hh5q0c0yX2wgJVCGphJyPcPv/6smq9di9Eq26xNxLiFmw==; spcsrf=0e00d566647b6930cb75f8531900b590; UTGv2=h4afcbc4867903a0930432b490c1019ba163; sbtsck=javDsO7Kv0CspJiEhgwWCNohGOjsnHeDCVzN6KsctFQN+o=; PRLST=; adOtr=0d95a71a511; PHPSESSID=14af7eef6fd7c25d49c1c322030f6d84; sp_lit=sH27dxi/R8x8UdGPWaE2hQ==
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Dec 2022 20:50:35 GMT
cache-control: private
content-encoding: gzip
content-type: text/html; charset=utf-8
last-modified: Fri, 09 Jul 2021 17:42:39 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
x-robots-tag: noindex, nofollow, noarchive, nosnippet
strict-transport-security: max-age=31536000; includeSubDomains
server: fbs
set-cookie: spcsrf=4221ba0c091266b72c5f78292f879c3d; path=/; SameSite=Strict; HttpOnly; expires=Fri, 30-Dec-22 22:50:35 GMT
PRLST=; Tue, 27-Dec-22 20:50:35 GMT; path=/; SameSite=Lax;
sp_lit=NzMEzsYLk+hKTeN4tWty6w==; path=/; SameSite=Strict; HttpOnly; expires=Fri, 30-Dec-22 20:55:35 GMT
link: <https://demo2.cloudwp.dev/inactive.htm>; rel="canonical"
x-hw: 1672433435.cds222.sk1.hc,1672433435.cds018.sk1.sc,1672433435.cdn2-wafbe02-arn1.stackpath.systems.-.wx,1672433435.cds018.sk1.p
access-control-allow-origin: *
x-sp-metadata: HS256.CKu6vZ0GEocBCiRmYzU2NjMzZC0zN2VlLTQzMGYtOTZiZi1hMTA5Zjg0NmJmMDcQ2J+KgafZ+wIaBgibnr2dBiIMOTEuOTAuNDIuMTU0KP21ATADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGIyZTMyMTQ2MDdjMjc0ZTNiNzJmMTQ0NzFhMGFkZDlkGigIARIkZjAyYTZjOTgtMmZmNC00MzEzLWEyZTEtNThmMGYwNTI0ZThiIhoIAhIUY2RzMDE4LnNrMS5od2Nkbi5uZXQYCA==.89+ry1zSqbHieXQvU3THgbalRbd1t3Vpcg/ax4vVt18=
X-Firefox-Spdy: h2
demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/CORREOS-favicon.ico
151.139.128.10200 OK 110 kB URL HTTP/2 demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/CORREOS-favicon.ico
IP 151.139.128.10:0
File type MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel\012- data
Size 110 kB (110021 bytes)
Hash 349246ee336d8b2986e584a4fa436128
598b9f95458a2426bf1688d616c4f6f3fea3580e
68554c17c00a589c2b29e1f74ac5efbcd8d30252792626f5fff81955e4d89ae7
Analyzer Verdict Alert fortinet Phishing
GET /trial-y412xt64/Last_Correos/assets/recibir_paquete_files/CORREOS-favicon.ico HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/Recibir_paquete.php
Cookie: SPSI=a91d0557a11bca5c3dd056d030f9fe69; SPSE=iJDnZ37qpHqAdfC29eha9Y7IGmZc4pp6/aKCTgXy8Hh5q0c0yX2wgJVCGphJyPcPv/6smq9di9Eq26xNxLiFmw==; spcsrf=0e00d566647b6930cb75f8531900b590; UTGv2=h4afcbc4867903a0930432b490c1019ba163; sbtsck=javDsO7Kv0CspJiEhgwWCNohGOjsnHeDCVzN6KsctFQN+o=; PRLST=; adOtr=0d95a71a511; PHPSESSID=14af7eef6fd7c25d49c1c322030f6d84; sp_lit=sH27dxi/R8x8UdGPWaE2hQ==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Dec 2022 20:50:36 GMT
etag: "1653332346"
cache-control: max-age=30
content-length: 110021
content-type: image/x-icon
last-modified: Mon, 23 May 2022 18:59:06 GMT
accept-ranges: bytes
x-proxy-cache: HIT
x-robots-tag: noindex, nofollow, noarchive, nosnippet
strict-transport-security: max-age=31536000; includeSubDomains
server: fbs
x-sp-metadata: HS256.CKy6vZ0GEocBCiQ4NzQ2MDUzNy1kNjhjLTQ5OGEtODMyNC00M2I1ODZkODk2ZTAQ2J+KgafZ+wIaBgibnr2dBiIMOTEuOTAuNDIuMTU0KP21ATADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGIyZTMyMTQ2MDdjMjc0ZTNiNzJmMTQ0NzFhMGFkZDlkGiwIARIkNjI2MGFmOTAtYWIyMi00NDFiLWIwNTItNTRmMDBiZjI0NTczGMXbBiIaCAISFGNkczIzNS5zazEuaHdjZG4ubmV0GAg=.N7mMr9RVnVgHDBJTlcByy60316qz1nosm0KRdXe5kwg=
x-hw: 1672433435.cds222.sk1.hc,1672433435.cds235.sk1.sc,1672433436.cds235.sk1.pr
link: <https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/CORREOS-favicon.ico>; rel="canonical"
access-control-allow-origin: *
X-Firefox-Spdy: h2
demo2.cloudwp.dev/inactive.htm
151.139.128.10200 OK 0 B URL HTTP/2 demo2.cloudwp.dev/inactive.htm
IP 151.139.128.10:0
Analyzer Verdict Alert fortinet Phishing
GET /inactive.htm HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/correos-ui-kit.css
Connection: keep-alive
Cookie: SPSI=a91d0557a11bca5c3dd056d030f9fe69; SPSE=iJDnZ37qpHqAdfC29eha9Y7IGmZc4pp6/aKCTgXy8Hh5q0c0yX2wgJVCGphJyPcPv/6smq9di9Eq26xNxLiFmw==; spcsrf=c31612d8be30decf4700b60f3244e279; UTGv2=h4afcbc4867903a0930432b490c1019ba163; sbtsck=javDsO7Kv0CspJiEhgwWCNohGOjsnHeDCVzN6KsctFQN+o=; PRLST=; adOtr=0d95a71a511; PHPSESSID=14af7eef6fd7c25d49c1c322030f6d84; sp_lit=NzMEzsYLk+hKTeN4tWty6w==
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Dec 2022 20:50:37 GMT
cache-control: private
content-encoding: gzip
content-type: text/html; charset=utf-8
last-modified: Fri, 09 Jul 2021 17:42:39 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
x-robots-tag: noindex, nofollow, noarchive, nosnippet
strict-transport-security: max-age=31536000; includeSubDomains
server: fbs
set-cookie: spcsrf=2abc8a01feeaa9c537dbe252c914c351; path=/; SameSite=Strict; HttpOnly; expires=Fri, 30-Dec-22 22:50:36 GMT
PRLST=; Tue, 27-Dec-22 20:50:36 GMT; path=/; SameSite=Lax;
sp_lit=4JpYpnpHCdn/HhOsKd9zug==; path=/; SameSite=Strict; HttpOnly; expires=Fri, 30-Dec-22 20:55:37 GMT
link: <https://demo2.cloudwp.dev/inactive.htm>; rel="canonical"
x-hw: 1672433436.cds222.sk1.hc,1672433436.cds018.sk1.sc,1672433437.cdn2-wafbe02-arn1.stackpath.systems.-.wx,1672433437.cds018.sk1.p
access-control-allow-origin: *
x-sp-metadata: HS256.CK26vZ0GEocBCiQwYTNiZjI2Yi0yYjE4LTRmZDctYWUyOS1mNmZiZDIzNGYzY2UQ2J+KgafZ+wIaBgicnr2dBiIMOTEuOTAuNDIuMTU0KP21ATADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGIyZTMyMTQ2MDdjMjc0ZTNiNzJmMTQ0NzFhMGFkZDlkGigIARIkOWU4OTUxZGItZjQ3OS00ZTM2LWJjOTctOWE4MzJjZWY5M2M0IhoIAhIUY2RzMDE4LnNrMS5od2Nkbi5uZXQYCA==.6AC1yPglQICIiWPlMXLTJzCL8OK7xLTmr7t/R0ccMfE=
X-Firefox-Spdy: h2
demo2.cloudwp.dev/inactive.htm
151.139.128.10200 OK 0 B URL HTTP/2 demo2.cloudwp.dev/inactive.htm
IP 151.139.128.10:0
Analyzer Verdict Alert fortinet Phishing
GET /inactive.htm HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/correos-ui-kit.css
Connection: keep-alive
Cookie: SPSI=a91d0557a11bca5c3dd056d030f9fe69; SPSE=iJDnZ37qpHqAdfC29eha9Y7IGmZc4pp6/aKCTgXy8Hh5q0c0yX2wgJVCGphJyPcPv/6smq9di9Eq26xNxLiFmw==; spcsrf=c31612d8be30decf4700b60f3244e279; UTGv2=h4afcbc4867903a0930432b490c1019ba163; sbtsck=javDsO7Kv0CspJiEhgwWCNohGOjsnHeDCVzN6KsctFQN+o=; PRLST=; adOtr=0d95a71a511; PHPSESSID=14af7eef6fd7c25d49c1c322030f6d84; sp_lit=NzMEzsYLk+hKTeN4tWty6w==
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Dec 2022 20:50:37 GMT
cache-control: private
content-encoding: gzip
content-type: text/html; charset=utf-8
last-modified: Fri, 09 Jul 2021 17:42:39 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
x-robots-tag: noindex, nofollow, noarchive, nosnippet
strict-transport-security: max-age=31536000; includeSubDomains
server: fbs
set-cookie: spcsrf=975bf685efb3aec1f40fb277bb488e1a; path=/; SameSite=Strict; HttpOnly; expires=Fri, 30-Dec-22 22:50:36 GMT
PRLST=; Tue, 27-Dec-22 20:50:36 GMT; path=/; SameSite=Lax;
sp_lit=4JpYpnpHCdn/HhOsKd9zug==; path=/; SameSite=Strict; HttpOnly; expires=Fri, 30-Dec-22 20:55:37 GMT
link: <https://demo2.cloudwp.dev/inactive.htm>; rel="canonical"
x-hw: 1672433436.cds222.sk1.hc,1672433436.cds018.sk1.sc,1672433437.cdn2-wafbe03-arn1.stackpath.systems.-.wx,1672433437.cds018.sk1.p
access-control-allow-origin: *
x-sp-metadata: HS256.CK26vZ0GEocBCiQ4ZDAwYWQ1Ni1iYjJiLTRlZTMtYTgwMS02NzJmNDhkYjBhYzAQ2J+KgafZ+wIaBgicnr2dBiIMOTEuOTAuNDIuMTU0KP21ATADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGIyZTMyMTQ2MDdjMjc0ZTNiNzJmMTQ0NzFhMGFkZDlkGiYSJGE0MDdhZjQ3LTJlNzktNDVmZS05MjMwLWQzYmRmYTYyYTA5OCIaCAISFGNkczAxOC5zazEuaHdjZG4ubmV0GAg=.17lwc5Y3ZPg8BlAK69D5o6PegAiwHL0/5QTR2w0C+Uw=
X-Firefox-Spdy: h2
demo2.cloudwp.dev/sbbi/?sbbpg=utMedia&vii=ah941adf0c5b5c74a81617b9c0a35ac039d3d0045362db043900fc91f0e1699bmaw1l6p3
151.139.128.10200 OK 0 B URL HTTP/2 demo2.cloudwp.dev/sbbi/?sbbpg=utMedia&vii=ah941adf0c5b5c74a81617b9c0a35ac039d3d0045362db043900fc91f0e1699bmaw1l6p3
IP 151.139.128.10:0
GET /sbbi/?sbbpg=utMedia&vii=ah941adf0c5b5c74a81617b9c0a35ac039d3d0045362db043900fc91f0e1699bmaw1l6p3 HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/
Cookie: SPSI=a91d0557a11bca5c3dd056d030f9fe69; SPSE=iJDnZ37qpHqAdfC29eha9Y7IGmZc4pp6/aKCTgXy8Hh5q0c0yX2wgJVCGphJyPcPv/6smq9di9Eq26xNxLiFmw==; spcsrf=688a5492cc4cab145d9697c8f8dad13a; UTGv2=h4afcbc4867903a0930432b490c1019ba163; sbtsck=javDsO7Kv0CspJiEhgwWCNohGOjsnHeDCVzN6KsctFQN+o=; PRLST=Su
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Dec 2022 20:50:28 GMT
cache-control: no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
content-type: image/gif
server: fbs
x-accel-expires: 0
link: <https://demo2.cloudwp.dev/sbbi/>; rel="canonical"
x-hw: 1672433428.cds213.sk1.hn,1672433428.cds256.sk1.sc,1672433428.cdn2-wafbe01-arn1.stackpath.systems.-.i,1672433428.cds256.sk1.p
access-control-allow-origin: *
x-sp-metadata: HS256.CKS6vZ0GEocBCiRmZDI5ZDM3MS1hYjNlLTRlZWMtOTJhYi1lYTNjMTA2YjRlY2MQ2J+KgafZ+wIaBgiUnr2dBiIMOTEuOTAuNDIuMTU0KLb/AzADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGM3ZDJiNGM0ODRhNDEzZTE5MWRlNmFjZmYyZGIyMDA5GiYSJDFjY2E4ZTA3LWQ1YzctNGQ1Yi1iMzhkLWUwOTA5Y2E5ZGZjMiIaCAISFGNkczI1Ni5zazEuaHdjZG4ubmV0GAg=.QkLuzkt3BFkNBnJvTFnGD2CMHqn5KjPP4YKzU8Ijjss=
X-Firefox-Spdy: h2
demo2.cloudwp.dev/sbbi/?sbbpg=sbbShell&gprid=Su&sbbgs=h4afcbc4867903a0930432b490c1019ba163&ddl=-5
151.139.128.10200 OK 0 B URL HTTP/2 demo2.cloudwp.dev/sbbi/?sbbpg=sbbShell&gprid=Su&sbbgs=h4afcbc4867903a0930432b490c1019ba163&ddl=-5
IP 151.139.128.10:0
POST /sbbi/?sbbpg=sbbShell&gprid=Su&sbbgs=h4afcbc4867903a0930432b490c1019ba163&ddl=-5 HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 498
Origin: https://demo2.cloudwp.dev
Connection: keep-alive
Referer: https://demo2.cloudwp.dev/sbbi/?sbbpg=sbbShell&gprid=Su&sbbgs=h4afcbc4867903a0930432b490c1019ba163&ddl=-5
Cookie: SPSI=a91d0557a11bca5c3dd056d030f9fe69; SPSE=iJDnZ37qpHqAdfC29eha9Y7IGmZc4pp6/aKCTgXy8Hh5q0c0yX2wgJVCGphJyPcPv/6smq9di9Eq26xNxLiFmw==; spcsrf=688a5492cc4cab145d9697c8f8dad13a; UTGv2=h4afcbc4867903a0930432b490c1019ba163; sbtsck=javDsO7Kv0CspJiEhgwWCNohGOjsnHeDCVzN6KsctFQN+o=; PRLST=Su; adOtr=0d95a71a511
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Dec 2022 20:50:29 GMT
cache-control: no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
server: fbs
x-accel-expires: 0
link: <https://demo2.cloudwp.dev/sbbi/>; rel="canonical"
x-hw: 1672433429.cds213.sk1.hn,1672433429.cds023.sk1.sc,1672433429.cdn2-wafbe03-arn1.stackpath.systems.-.i,1672433429.cds023.sk1.p
access-control-allow-origin: *
x-sp-metadata: HS256.CKW6vZ0GEocBCiQ0MmYxODA5Yy1lMGMxLTQ3YWYtYmJlMS0yYjU4YWVmYmU4NWQQ2J+KgafZ+wIaBgiVnr2dBiIMOTEuOTAuNDIuMTU0KLb/AzADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGM3ZDJiNGM0ODRhNDEzZTE5MWRlNmFjZmYyZGIyMDA5GiYSJDM0NDc1ZmNlLWYwMmItNGUwNC1hY2VjLThhMWI0ZWQ1YWNhZiIaCAISFGNkczAyMy5zazEuaHdjZG4ubmV0GAg=.jVaMgzx1A0XQO/3AfaUrimAUM4o9LwWWaVWbUYWNlek=
X-Firefox-Spdy: h2
demo2.cloudwp.dev/libs/granite/csrf/token.json
151.139.128.10301 Moved Permanently 0 B URL HTTP/2 demo2.cloudwp.dev/libs/granite/csrf/token.json
IP 151.139.128.10:0
Analyzer Verdict Alert fortinet Phishing
GET /libs/granite/csrf/token.json HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/Recibir_paquete.php
Cookie: SPSI=a91d0557a11bca5c3dd056d030f9fe69; SPSE=iJDnZ37qpHqAdfC29eha9Y7IGmZc4pp6/aKCTgXy8Hh5q0c0yX2wgJVCGphJyPcPv/6smq9di9Eq26xNxLiFmw==; spcsrf=925916480da6e76a1f03bbbfc696dd2f; UTGv2=h4afcbc4867903a0930432b490c1019ba163; sbtsck=javDsO7Kv0CspJiEhgwWCNohGOjsnHeDCVzN6KsctFQN+o=; PRLST=; adOtr=0d95a71a511; PHPSESSID=14af7eef6fd7c25d49c1c322030f6d84; sp_lit=sH27dxi/R8x8UdGPWaE2hQ==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 301 Moved Permanently
date: Fri, 30 Dec 2022 20:50:35 GMT
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: text/html; charset=iso-8859-1
pragma: no-cache
expires: Sun, 20 Apr 1975 05:05:00 GMT
location: https://demo2.cloudwp.dev/inactive.htm
x-proxy-cache: MISS
x-robots-tag: noindex, nofollow, noarchive, nosnippet
strict-transport-security: max-age=31536000; includeSubDomains
server: fbs
link: <https://demo2.cloudwp.dev/libs/granite/csrf/token.json>; rel="canonical"
x-hw: 1672433434.cds222.sk1.hc,1672433434.cds233.sk1.sc,1672433435.cdn2-wafbe01-arn1.stackpath.systems.-.wx,1672433435.cds233.sk1.p
access-control-allow-origin: *
x-sp-metadata: HS256.CKu6vZ0GEocBCiRjNTY3NjRjMy00MjdlLTQyYjYtYjJjYi0yZDkxMGU5MjJmNzIQ2J+KgafZ+wIaBgianr2dBiIMOTEuOTAuNDIuMTU0KP21ATADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGIyZTMyMTQ2MDdjMjc0ZTNiNzJmMTQ0NzFhMGFkZDlkGikSJDliMTIyZWY2LTA4YmUtNDE5NS1iOGIxLWNjNGRhZTFmNmQxORj2ASIaCAISFGNkczIzMy5zazEuaHdjZG4ubmV0GAg=.DEKPAgsbl2+UEL/kpAn6MJaHy7LeHvPPD20h+bEnMy8=
X-Firefox-Spdy: h2
demo2.cloudwp.dev/inactive.htm
151.139.128.10200 OK 0 B URL HTTP/2 demo2.cloudwp.dev/inactive.htm
IP 151.139.128.10:0
Analyzer Verdict Alert fortinet Phishing
GET /inactive.htm HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/correos-ui-kit.css
Connection: keep-alive
Cookie: SPSI=a91d0557a11bca5c3dd056d030f9fe69; SPSE=iJDnZ37qpHqAdfC29eha9Y7IGmZc4pp6/aKCTgXy8Hh5q0c0yX2wgJVCGphJyPcPv/6smq9di9Eq26xNxLiFmw==; spcsrf=c31612d8be30decf4700b60f3244e279; UTGv2=h4afcbc4867903a0930432b490c1019ba163; sbtsck=javDsO7Kv0CspJiEhgwWCNohGOjsnHeDCVzN6KsctFQN+o=; PRLST=; adOtr=0d95a71a511; PHPSESSID=14af7eef6fd7c25d49c1c322030f6d84; sp_lit=NzMEzsYLk+hKTeN4tWty6w==
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Dec 2022 20:50:37 GMT
cache-control: private
content-encoding: gzip
content-type: text/html; charset=utf-8
last-modified: Fri, 09 Jul 2021 17:42:39 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
x-robots-tag: noindex, nofollow, noarchive, nosnippet
strict-transport-security: max-age=31536000; includeSubDomains
server: fbs
set-cookie: spcsrf=1bd00dfb2132748f1b9034d15fab8eba; path=/; SameSite=Strict; HttpOnly; expires=Fri, 30-Dec-22 22:50:36 GMT
PRLST=; Tue, 27-Dec-22 20:50:36 GMT; path=/; SameSite=Lax;
sp_lit=4JpYpnpHCdn/HhOsKd9zug==; path=/; SameSite=Strict; HttpOnly; expires=Fri, 30-Dec-22 20:55:37 GMT
link: <https://demo2.cloudwp.dev/inactive.htm>; rel="canonical"
x-hw: 1672433436.cds222.sk1.hc,1672433436.cds018.sk1.sc,1672433437.cdn2-redis02-arn1.stackpath.systems.-.wx,1672433437.cds018.sk1.p
access-control-allow-origin: *
x-sp-metadata: HS256.CK26vZ0GEocBCiQzMjJjMjUzZi04MzFjLTQ5ZWEtYmIwMC1iYjM0NjQ1Y2RhNGMQ2J+KgafZ+wIaBgicnr2dBiIMOTEuOTAuNDIuMTU0KP21ATADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGIyZTMyMTQ2MDdjMjc0ZTNiNzJmMTQ0NzFhMGFkZDlkGigIARIkZmQ4OWE0ZGYtODFkMi00MTdhLWE3ZjUtNGEzMzVlODNhNzk5IhoIAhIUY2RzMDE4LnNrMS5od2Nkbi5uZXQYCA==.P8OtV+dAj8F+dBLw0rDNgLDMCYqLoluP6uQ5INbw5uA=
X-Firefox-Spdy: h2
demo2.cloudwp.dev/inactive.htm
151.139.128.10200 OK 0 B URL HTTP/2 demo2.cloudwp.dev/inactive.htm
IP 151.139.128.10:0
Analyzer Verdict Alert fortinet Phishing
GET /inactive.htm HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/correos-ui-kit.css
Connection: keep-alive
Cookie: SPSI=a91d0557a11bca5c3dd056d030f9fe69; SPSE=iJDnZ37qpHqAdfC29eha9Y7IGmZc4pp6/aKCTgXy8Hh5q0c0yX2wgJVCGphJyPcPv/6smq9di9Eq26xNxLiFmw==; spcsrf=c31612d8be30decf4700b60f3244e279; UTGv2=h4afcbc4867903a0930432b490c1019ba163; sbtsck=javDsO7Kv0CspJiEhgwWCNohGOjsnHeDCVzN6KsctFQN+o=; PRLST=; adOtr=0d95a71a511; PHPSESSID=14af7eef6fd7c25d49c1c322030f6d84; sp_lit=NzMEzsYLk+hKTeN4tWty6w==
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Dec 2022 20:50:37 GMT
cache-control: private
content-encoding: gzip
content-type: text/html; charset=utf-8
last-modified: Fri, 09 Jul 2021 17:42:39 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
x-robots-tag: noindex, nofollow, noarchive, nosnippet
strict-transport-security: max-age=31536000; includeSubDomains
server: fbs
set-cookie: spcsrf=f1bac0b16d7e39f20e25a0dfa6479c6c; path=/; SameSite=Strict; HttpOnly; expires=Fri, 30-Dec-22 22:50:36 GMT
PRLST=; Tue, 27-Dec-22 20:50:36 GMT; path=/; SameSite=Lax;
sp_lit=4JpYpnpHCdn/HhOsKd9zug==; path=/; SameSite=Strict; HttpOnly; expires=Fri, 30-Dec-22 20:55:37 GMT
link: <https://demo2.cloudwp.dev/inactive.htm>; rel="canonical"
x-hw: 1672433436.cds222.sk1.hc,1672433436.cds018.sk1.sc,1672433437.cdn2-wafbe01-arn1.stackpath.systems.-.wx,1672433437.cds018.sk1.p
access-control-allow-origin: *
x-sp-metadata: HS256.CK26vZ0GEocBCiRmMDM2MjRjMi1mNzVhLTQwYmQtOTUyMS0zMmQ2OWI2NmNjMzAQ2J+KgafZ+wIaBgicnr2dBiIMOTEuOTAuNDIuMTU0KP21ATADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGIyZTMyMTQ2MDdjMjc0ZTNiNzJmMTQ0NzFhMGFkZDlkGigIARIkZmI2NGYzMDMtNDg4OC00YmViLWE2MTUtZWJlNzMyMmQ3YzA0IhoIAhIUY2RzMDE4LnNrMS5od2Nkbi5uZXQYCA==.bWenvcNbdUFB9DdYNm+p7AqEjXATMq5NR1LZhqdkpIo=
X-Firefox-Spdy: h2
demo2.cloudwp.dev/inactive.htm
151.139.128.10200 OK 0 B URL HTTP/2 demo2.cloudwp.dev/inactive.htm
IP 151.139.128.10:0
Analyzer Verdict Alert fortinet Phishing
GET /inactive.htm HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/assets/recibir_paquete_files/correos-ui-kit.css
Connection: keep-alive
Cookie: SPSI=a91d0557a11bca5c3dd056d030f9fe69; SPSE=iJDnZ37qpHqAdfC29eha9Y7IGmZc4pp6/aKCTgXy8Hh5q0c0yX2wgJVCGphJyPcPv/6smq9di9Eq26xNxLiFmw==; spcsrf=479abf5657171b8a3a83bdf64c1f80ec; UTGv2=h4afcbc4867903a0930432b490c1019ba163; sbtsck=javDsO7Kv0CspJiEhgwWCNohGOjsnHeDCVzN6KsctFQN+o=; PRLST=; adOtr=0d95a71a511; PHPSESSID=14af7eef6fd7c25d49c1c322030f6d84; sp_lit=sH27dxi/R8x8UdGPWaE2hQ==
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Dec 2022 20:50:35 GMT
cache-control: private
content-encoding: gzip
content-type: text/html; charset=utf-8
last-modified: Fri, 09 Jul 2021 17:42:39 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
x-robots-tag: noindex, nofollow, noarchive, nosnippet
strict-transport-security: max-age=31536000; includeSubDomains
server: fbs
set-cookie: spcsrf=c31612d8be30decf4700b60f3244e279; path=/; SameSite=Strict; HttpOnly; expires=Fri, 30-Dec-22 22:50:35 GMT
PRLST=; Tue, 27-Dec-22 20:50:35 GMT; path=/; SameSite=Lax;
sp_lit=NzMEzsYLk+hKTeN4tWty6w==; path=/; SameSite=Strict; HttpOnly; expires=Fri, 30-Dec-22 20:55:35 GMT
link: <https://demo2.cloudwp.dev/inactive.htm>; rel="canonical"
x-hw: 1672433435.cds222.sk1.hc,1672433435.cds018.sk1.sc,1672433435.cdn2-wafbe03-arn1.stackpath.systems.-.wx,1672433435.cds018.sk1.p
access-control-allow-origin: *
x-sp-metadata: HS256.CKu6vZ0GEocBCiQ0NzQyYTI5YS1iZGQ5LTQzMDEtYTEzMS03NTAzOTJlYjA0ZWEQ2J+KgafZ+wIaBgibnr2dBiIMOTEuOTAuNDIuMTU0KP21ATADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGIyZTMyMTQ2MDdjMjc0ZTNiNzJmMTQ0NzFhMGFkZDlkGiYSJGIzNmViOTU5LWUyNDQtNDBiYy1hZWY1LTgzZTI2MjlkY2M1NiIaCAISFGNkczAxOC5zazEuaHdjZG4ubmV0GAg=.F6Lal9246kSlHSe6jgu5E+5fQxT2X0lB3VX9mQNE02U=
X-Firefox-Spdy: h2
demo2.cloudwp.dev/trial-y412xt64/Last_Correos/
151.139.128.10200 OK 0 B URL HTTP/2 demo2.cloudwp.dev/trial-y412xt64/Last_Correos/
IP 151.139.128.10:0
Analyzer Verdict Alert openphish Correos
fortinet Phishing
GET /trial-y412xt64/Last_Correos/ HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Fri, 30 Dec 2022 20:50:28 GMT
cache-control: no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
set-cookie: SPSI=a91d0557a11bca5c3dd056d030f9fe69; path=/; HttpOnly; SameSite=Lax;
SPSE=iJDnZ37qpHqAdfC29eha9Y7IGmZc4pp6/aKCTgXy8Hh5q0c0yX2wgJVCGphJyPcPv/6smq9di9Eq26xNxLiFmw==; path=/; HttpOnly; SameSite=Lax;
spcsrf=688a5492cc4cab145d9697c8f8dad13a; path=/; SameSite=Strict; HttpOnly; expires=Fri, 30-Dec-22 22:50:28 GMT
adOtr=obsvl; path=/; SameSite=Lax; expires=Thu, 2 Aug 2001 20:47:11 UTC
UTGv2=D-h4afcbc4867903a0930432b490c1019ba163; path=/; SameSite=Lax; expires=Wed, 28-Jun-23 20:50:28 GMT
server: fbs
x-accel-expires: 0
link: <https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/>; rel="canonical"
x-hw: 1672433428.cds213.sk1.hn,1672433428.cds255.sk1.sc,1672433428.cdn2-wafbe01-arn1.stackpath.systems.-.w,1672433428.cds255.sk1.p
access-control-allow-origin: *
x-sp-metadata: HS256.CKS6vZ0GEocBCiQwNTU5YzUyNS0wN2MzLTRjZTYtYTJmYy1kNzFiMmRiOGM3MmIQ2J+KgafZ+wIaBgiUnr2dBiIMOTEuOTAuNDIuMTU0KLb/AzADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGM3ZDJiNGM0ODRhNDEzZTE5MWRlNmFjZmYyZGIyMDA5GiYSJDEyN2E5YjYyLTE1MTItNDVkYi05NjUwLWUwYzY0ZTk4MzgyNiIaCAISFGNkczI1NS5zazEuaHdjZG4ubmV0GAg=.anrx2uaJnd8Ri2LxAymyGTHSk1sJEHx6CrLNmqofDpY=
X-Firefox-Spdy: h2
demo2.cloudwp.dev/sbbi/?sbbpg=sbbShell&gprid=Su&sbbgs=h4afcbc4867903a0930432b490c1019ba163&ddl=-5
151.139.128.10200 OK 0 B URL HTTP/2 demo2.cloudwp.dev/sbbi/?sbbpg=sbbShell&gprid=Su&sbbgs=h4afcbc4867903a0930432b490c1019ba163&ddl=-5
IP 151.139.128.10:0
GET /sbbi/?sbbpg=sbbShell&gprid=Su&sbbgs=h4afcbc4867903a0930432b490c1019ba163&ddl=-5 HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/
Cookie: SPSI=a91d0557a11bca5c3dd056d030f9fe69; SPSE=iJDnZ37qpHqAdfC29eha9Y7IGmZc4pp6/aKCTgXy8Hh5q0c0yX2wgJVCGphJyPcPv/6smq9di9Eq26xNxLiFmw==; spcsrf=688a5492cc4cab145d9697c8f8dad13a; UTGv2=h4afcbc4867903a0930432b490c1019ba163; sbtsck=javDsO7Kv0CspJiEhgwWCNohGOjsnHeDCVzN6KsctFQN+o=; PRLST=Su
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Dec 2022 20:50:28 GMT
cache-control: no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
server: fbs
x-accel-expires: 0
link: <https://demo2.cloudwp.dev/sbbi/>; rel="canonical"
x-hw: 1672433428.cds213.sk1.hn,1672433428.cds244.sk1.sc,1672433428.cdn2-wafbe04-arn1.stackpath.systems.-.i,1672433428.cds244.sk1.p
access-control-allow-origin: *
x-sp-metadata: HS256.CKS6vZ0GEocBCiQ0MTFiYmMwYi04OGRkLTRiOTctYWQxZC03NWJmNjNjNGMyNmMQ2J+KgafZ+wIaBgiUnr2dBiIMOTEuOTAuNDIuMTU0KLb/AzADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGM3ZDJiNGM0ODRhNDEzZTE5MWRlNmFjZmYyZGIyMDA5GiYSJDU2MjYzY2VlLWY0OWMtNDY4MC05ZTdiLTZiNmQ5ZjIxM2Q2YyIaCAISFGNkczI0NC5zazEuaHdjZG4ubmV0GAg=.af5Wiedh1ozeBvQCaakPGG9rYkAC97HqlHEkvVu1lGU=
X-Firefox-Spdy: h2
demo2.cloudwp.dev/trial-y412xt64/Last_Correos/Recibir_paquete.php
151.139.128.10200 OK 0 B URL HTTP/2 demo2.cloudwp.dev/trial-y412xt64/Last_Correos/Recibir_paquete.php
IP 151.139.128.10:0
Analyzer Verdict Alert fortinet Phishing
GET /trial-y412xt64/Last_Correos/Recibir_paquete.php HTTP/1.1
Host: demo2.cloudwp.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: SPSI=a91d0557a11bca5c3dd056d030f9fe69; SPSE=iJDnZ37qpHqAdfC29eha9Y7IGmZc4pp6/aKCTgXy8Hh5q0c0yX2wgJVCGphJyPcPv/6smq9di9Eq26xNxLiFmw==; spcsrf=0f0e0b4bf6d0ea5c7b9ddd151da0ec62; UTGv2=h4afcbc4867903a0930432b490c1019ba163; sbtsck=javDsO7Kv0CspJiEhgwWCNohGOjsnHeDCVzN6KsctFQN+o=; PRLST=Su; adOtr=0d95a71a511; PHPSESSID=14af7eef6fd7c25d49c1c322030f6d84
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 30 Dec 2022 20:50:33 GMT
cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
x-proxy-cache: MISS
x-robots-tag: noindex, nofollow, noarchive, nosnippet
strict-transport-security: max-age=31536000; includeSubDomains
server: fbs
set-cookie: spcsrf=925916480da6e76a1f03bbbfc696dd2f; path=/; SameSite=Strict; HttpOnly; expires=Fri, 30-Dec-22 22:50:31 GMT
PRLST=; Tue, 27-Dec-22 20:50:31 GMT; path=/; SameSite=Lax;
sp_lit=sH27dxi/R8x8UdGPWaE2hQ==; path=/; SameSite=Strict; HttpOnly; expires=Fri, 30-Dec-22 20:55:32 GMT
link: <https://demo2.cloudwp.dev/trial-y412xt64/Last_Correos/Recibir_paquete.php>; rel="canonical"
x-hw: 1672433431.cds222.sk1.hc,1672433431.cds014.sk1.sc,1672433433.cdn2-wafbe04-arn1.stackpath.systems.-.wx,1672433433.cds014.sk1.p
access-control-allow-origin: *
x-sp-metadata: HS256.CKm6vZ0GEocBCiRkNjBjNDYyOS05NjM1LTQ0ZDItOGZiMC1lZGFkOWY0Zjc4NjMQ2J+KgafZ+wIaBgiXnr2dBiIMOTEuOTAuNDIuMTU0KP21ATADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGIyZTMyMTQ2MDdjMjc0ZTNiNzJmMTQ0NzFhMGFkZDlkGiYSJDBmNGJkYzYwLTRmNzEtNDhkOC1hMzFhLTYzM2QwYjA0MTY2ZiIaCAISFGNkczAxNC5zazEuaHdjZG4ubmV0GAg=.GSsgtPGYb1mVZbxaYkhPcIR42OaAu4ucivGXlqhdb/c=
X-Firefox-Spdy: h2