Report - maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1

Report Overview

Submitted URL
maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1
IP
192.185.213.248
ASN
#46606 UNIFIEDLAYER-AS-1
Submitted
2023-03-18 12:37:10
Access
public
Website Title
Final URL
Tags
dhl logistics phishing suspicious
urlquery detections
Phishing - DHL
Suspicious - Suspicious JS code

Detections

urlquery
33
Network Intrusion Detection
0
Threat Detection Systems
36

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-25T18:12:03Z	3.4 kB	8.9 kB	23.36.76.226
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-25T18:14:26Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-26T05:11:12Z	413 B	5.9 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-26T05:11:59Z	333 B	391 B	34.117.237.239
code.jquery.com	634	2012-05-21T19:28:02Z	2023-03-26T05:11:14Z	408 B	31 kB	69.16.175.10
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-26T05:10:29Z	606 B	127 B	52.88.157.127
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-26T05:09:08Z	2.7 kB	45 kB	34.120.237.76
maescomadres.com.br	unknown	2017-03-22T18:09:19Z	2023-03-19T03:44:19Z	9.5 kB	691 kB	192.185.213.248

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-03-17	medium	maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1	DHL Airways, Inc.
2023-03-17	medium	maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1	DHL Airways, Inc.

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-03-18	medium	maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1	Phishing
2023-03-18	medium	maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1	Phishing
2023-03-18	medium	maescomadres.com.br/.well-known/en/dist/js.cookie.js	Phishing
2023-03-18	medium	maescomadres.com.br/.well-known/en/dist/jquery-lang.js	Phishing
2023-03-18	medium	maescomadres.com.br/.well-known/en/dist/fonts/default-274a65bae9742377aaf010bb1a7de971.woff	Phishing
2023-03-18	medium	maescomadres.com.br/.well-known/en/dist/DHL_head.html	Phishing
2023-03-18	medium	maescomadres.com.br/.well-known/en/dist/DHL_footer.html	Phishing
2023-03-18	medium	maescomadres.com.br/.well-known/en/dist/fonts/iconfont-e7bece496cd0e6d60e456bc2b48c9446.woff	Phishing
2023-03-18	medium	maescomadres.com.br/.well-known/en/dist/fonts/default-815fcbb4d2c57901701125d768f09d67.woff	Phishing
2023-03-18	medium	maescomadres.com.br/.well-known/en/dist/fonts/default-3e828e80f6e985c352eba4474518978d.woff	Phishing
2023-03-18	medium	maescomadres.com.br/.well-known/en/dist/load.php	Phishing
2023-03-18	medium	maescomadres.com.br/.well-known/en/dist/langpack/en.json	Phishing
2023-03-18	medium	maescomadres.com.br/.well-known/en/dist/langpack/en.json	Phishing
2023-03-18	medium	maescomadres.com.br/.well-known/en/dist/DHL_track.html	Phishing
2023-03-18	medium	maescomadres.com.br/.well-known/en/dist/jquery.validate.min.js	Phishing
2023-03-18	medium	maescomadres.com.br/.well-known/en/dist/fonts/default-5a6dd86f272b304a8b83f7df61f11c2f.woff	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (11)

	URL	Size	First Seen	Last Seen
	maescomadres.com.br/.well-known/en/dist/js.cookie.js	3.4 kB	2023-03-07	2024-04-22
Pretty URL maescomadres.com.br/.well-known/en/dist/js.cookie.js IP 192.185.213.248 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-22 02:04:43 Times Seen471 Hash 19d988c6d1e7cd9d601639a616dc769b 2cf3f170a083a3e4538a6f55b1064eaf737f6180 9df6e8c4bc8ea670d2f4da40a35a41772cc8857aca288a77acfa891cf1a54c36 Loading...

	maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1	1.8 kB	2023-03-07	2023-04-05
Pretty URL maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1 IP 192.185.213.248 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2023-04-05 02:10:37 Times Seen37 Hash 9ddee2a191326dc2605ceb1cc094990b d422115883d943f7449a253f252a830efdfeee71 c8504d5af9e4a9db87d3b945f0a2d75188098d24a3f87e99dcb7c01b98bd4029 Loading...

	maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1	1.0 kB	2023-03-07	2024-04-07
Pretty URL maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1 IP 192.185.213.248 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-07 07:13:32 Times Seen66 Hash 1d175bf3c30c7a41b8f0f6c60e2fcefc 1e1ac5cb8a33370b0eff734a461cf2bae98e1244 4323901acf3473e6164e79dcb144d4c5f97709819c0c572056c09174aa78dce9 Loading...

	maescomadres.com.br/.well-known/en/dist/jquery-lang.js	28 kB	2023-03-07	2024-04-22
Pretty URL maescomadres.com.br/.well-known/en/dist/jquery-lang.js IP 192.185.213.248 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-22 02:04:43 Times Seen478 Hash 1062fb1e2ffb1b8b6c596da423b9aef6 e0f54f2cdfce6d3861506744d6c52fbc23f612e9 67829a15eafd08a53376a78dc3574724e4bf87455bdc7b52c9b01828df272ca2 Loading...

	maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1	1.4 kB	2023-03-07	2023-04-05
Pretty URL maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1 IP 192.185.213.248 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2023-04-05 02:10:37 Times Seen37 Hash 5329f7468d15783c00be6fe3f9b06b32 34a468c9ba09e58351afa6c0021e454245699815 6ebae2c4b8815818d94884a0939c122eb1b81a1b17add5fda8aa0904aa81025b Loading...

	maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1	5 B	2023-03-07	2024-04-24
Pretty URL maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1 IP 192.185.213.248 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-24 21:17:40 Times Seen2674 Hash 230a091930a82c5ae47e29610ee98ceb 6376b33e5123bf09a271789a272103f957c8f38d 4dc501d66cd78903b81b1a53459d0432939728c537bbe9ffab55ab81521cb352 Loading...

	maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1	1.5 kB	2023-03-08	2024-04-03
Pretty URL maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1 IP 192.185.213.248 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:35:52 Last Seen2024-04-03 07:26:38 Times Seen126 Hash 333b1a68e11af5c6f3517aca58a09c79 e4116574c2f340348c8c29c326d55cdbec6f38dd 938c892b8d5aa6c4f123664ee91c8e209fc873138b56a722ff1a08a002e3f473 Loading...

	maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1	24 kB	2023-03-07	2023-04-05
Pretty URL maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1 IP 192.185.213.248 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:05 Last Seen2023-04-05 02:10:37 Times Seen48 Hash be2688fe29eb5135f6f36c94e2e53820 15364bc930a8e0f87a09b5aa645a312984a9da73 0ca6e9d89d18b037dcce799d02a32f53aca9497adba83f93ea6d8751fe2fa217 Loading...

	maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1	2.4 kB	2023-03-13	2023-03-26
Pretty URL maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1 IP 192.185.213.248 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 02:47:08 Last Seen2023-03-26 09:41:39 Times Seen32 Hash ab2291df6547d506300829be2c64038c 95984563a9ea462358820ee91a163ed30f4cc62c fa37564ade8f9c940a1992306f5314e87c9825e0a4fabac4a854a24ea466bbbd Loading...

	maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1	629 B	2023-03-07	2024-04-22
Pretty URL maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1 IP 192.185.213.248 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:05 Last Seen2024-04-22 02:04:43 Times Seen194 Hash 40caf4b9db3eeb421d7639f1c1cb39e0 d0afc8f3fef2cf87946a0eca6461a4a2d55a5680 4443f9401c6a316d9ac2cb120686003f32a7933a52b29894609185f058a5308e Loading...

	code.jquery.com/jquery-3.5.1.min.js	90 kB	2023-03-07	2024-04-25
Pretty URL code.jquery.com/jquery-3.5.1.min.js IP 69.16.175.10 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-25 13:15:30 Times Seen139115 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

HTTP Transactions (39)

URL IP Response Size

maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1

192.185.213.248

301 Moved Permanently

314 B

URL HTTP/1.1
maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1
IP
192.185.213.248:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
314 B (314 bytes)
Hash
3ef8cac7d51330c5e4842c0f24854fcd
ee33dcc9a19ea1aadf121d5fca2a7efe0007ba98
776d3115516754261ce3e1652291c9e1e6902b6ac007e211f22ce849a47b3024

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Suspicious JS code
openphish	DHL Airways, Inc.
fortinet	Phishing

HTTP Headers

GET /.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1 HTTP/1.1
Host: maescomadres.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Sat, 18 Mar 2023 12:36:59 GMT
Server: Apache
Location: https://maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1
Content-Length: 314
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3396075e8f2d9ceae3bd11f94111fed8
98ba4ccf6b0e38a91c69b76ac1dc07313773ed1d
e533d6bd6a8080facdff772bcbf359373dab2d5a6fe5eabe64f95e68a8cd23aa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E533D6BD6A8080FACDFF772BCBF359373DAB2D5A6FE5EABE64F95E68A8CD23AA"
Last-Modified: Fri, 17 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5840
Expires: Sat, 18 Mar 2023 14:14:19 GMT
Date: Sat, 18 Mar 2023 12:36:59 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2857be6f18459c7a4a7f00f6cd6076f1
570609086d72a9be57cde7bfefd25663c1035fba
bd8abb8f420d1e31462fca1d6a7caadf1e2bba6fc7db05684b5811e00e84107f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD8ABB8F420D1E31462FCA1D6A7CAADF1E2BBA6FC7DB05684B5811E00E84107F"
Last-Modified: Fri, 17 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14199
Expires: Sat, 18 Mar 2023 16:33:38 GMT
Date: Sat, 18 Mar 2023 12:36:59 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bc86ef2a0cee04915bc360f5821adc8f
3658f9028cce204d38f7f48fcfaa2a8e4f54383a
aeecd718d03811322457de4f20828bdba86b277e7e0e328cae9c0a8075638454

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Backoff, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 18 Mar 2023 12:14:34 GMT
content-type: application/json
age: 1345
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
eddc2a353d39e5ce5c30d7e90b3ed6a5
305e86e4b966344c135c50af9a6509ffd3a83e9e
bd775c38c2e11f1baedde5d92ab17ceaf4c2067f8ea996595a66801758a71813

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD775C38C2E11F1BAEDDE5D92AB17CEAF4C2067F8EA996595A66801758A71813"
Last-Modified: Fri, 17 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15842
Expires: Sat, 18 Mar 2023 17:01:01 GMT
Date: Sat, 18 Mar 2023 12:36:59 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: UVDVI4GrilrtKkuXmIvFdMfdBmrrBINLev89pteAetWJaO3eN4Vv4x/DKUHpnNyXIvy2Tr1Vo8Q=
x-amz-request-id: MNHZ9ZAB14Y9Q1HW
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 18 Mar 2023 11:57:51 GMT
age: 2348
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 18 Mar 2023 12:36:59 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9595b899985bc345a6d31e368a46ff4d
45ef6c2aa985362b7524eb969cd64f50c61aea6b
a2fb1be8b7c7996dc0e97c3d8e6c9ebdce3f60691c22cb88c8e557527314901f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A2FB1BE8B7C7996DC0E97C3D8E6C9EBDCE3F60691C22CB88C8E557527314901F"
Last-Modified: Fri, 17 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21513
Expires: Sat, 18 Mar 2023 18:35:33 GMT
Date: Sat, 18 Mar 2023 12:37:00 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Content-Length, Retry-After, Content-Type, Expires, Alert, Pragma, ETag, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 18 Mar 2023 12:14:32 GMT
age: 1348
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1

192.185.213.248

200 OK

1.9 kB

URL HTTP/2
maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1
IP
192.185.213.248:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
1.9 kB (1940 bytes)
Hash
f4f5e77456d168c2222869c8946e9515
b589e7dc76403a000524aaf989b0ab6a15fcd8cf
c703c214cb3623622f5395cf3d24e9172c7df619133198bb438a41323444d4bb

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
urlquery	suspicious	Suspicious - Suspicious JS code
openphish	DHL Airways, Inc.
fortinet	Phishing

HTTP Headers

GET /.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1 HTTP/1.1
Host: maescomadres.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
last-modified: Fri, 17 Mar 2023 17:06:38 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1940
content-type: text/html
date: Sat, 18 Mar 2023 12:37:00 GMT
server: Apache
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
0a4b141e90b0fb22cf6d10a6a4fd360d
37b081be1a69edb97a7c562b71474f4d7405d94e
5db17bb0a40658845e03d8237a69458a0576d955006ee224930b0310179af9af

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5DB17BB0A40658845E03D8237A69458A0576D955006EE224930B0310179AF9AF"
Last-Modified: Fri, 17 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3261
Expires: Sat, 18 Mar 2023 13:31:21 GMT
Date: Sat, 18 Mar 2023 12:37:00 GMT
Connection: keep-alive

code.jquery.com/jquery-3.5.1.min.js

69.16.175.10

200 OK

31 kB

URL HTTP/2
code.jquery.com/jquery-3.5.1.min.js
IP
69.16.175.10:0
ASN
#20446 STACKPATH-CDN

File type
ASCII text, with very long lines (65451)
Size
31 kB (30879 bytes)
Hash
3700d0b271343804b9b9aa1c13efa521
3d6b03dbd74872ca3dfbb0529f6c80943788f918
fda7541f8e4cf921d20bcd0dc1d0efe69644c79bd18a0be4ce2f34246c83603e

HTTP Headers

GET /jquery-3.5.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://maescomadres.com.br
Connection: keep-alive
Referer: https://maescomadres.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 18 Mar 2023 12:37:00 GMT
content-encoding: gzip
content-length: 30879
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-15d84"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1679143020.dop068.sk1.t,1679143020.cds237.sk1.hn,1679143020.cds208.sk1.c
X-Firefox-Spdy: h2

maescomadres.com.br/.well-known/en/dist/js.cookie.js

192.185.213.248

200 OK

1.5 kB

URL HTTP/2
maescomadres.com.br/.well-known/en/dist/js.cookie.js
IP
192.185.213.248:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text
Size
1.5 kB (1473 bytes)
Hash
ec2f367a216507a41e34abbade1f89fd
d408805850b47e6a211ac241930af239e6b02a1d
95e1d0a8fc339b0525a87e8cab877c4e5de1aa3a475e7ac7eb05362e60053a4b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

GET /.well-known/en/dist/js.cookie.js HTTP/1.1
Host: maescomadres.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 24 Dec 2022 15:30:26 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1473
content-type: application/javascript
date: Sat, 18 Mar 2023 12:37:00 GMT
server: Apache
X-Firefox-Spdy: h2

maescomadres.com.br/.well-known/en/dist/jquery-lang.js

192.185.213.248

200 OK

9.0 kB

URL HTTP/2
maescomadres.com.br/.well-known/en/dist/jquery-lang.js
IP
192.185.213.248:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text
Size
9.0 kB (8952 bytes)
Hash
190e96c0447d5cee90fe66b6c1ac3126
1a6283d204e59a8026f1fc2935b6e7787d828788
022e72b222f26c924a67740f0f06bcdcd1540b7693271e0cafcbf45bd2d158d9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

GET /.well-known/en/dist/jquery-lang.js HTTP/1.1
Host: maescomadres.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 24 Dec 2022 15:30:26 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 8952
content-type: application/javascript
date: Sat, 18 Mar 2023 12:37:00 GMT
server: Apache
X-Firefox-Spdy: h2

push.services.mozilla.com/

52.88.157.127

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.88.157.127:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: k7AiPv8ARaRW6SKLsqAGYw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: tXr+yNoePFYaw7Cy5M+Ge0+a8K4=

maescomadres.com.br/.well-known/en/dist/fonts/default-274a65bae9742377aaf010bb1a7de971.woff

192.185.213.248

200 OK

41 kB

URL HTTP/2
maescomadres.com.br/.well-known/en/dist/fonts/default-274a65bae9742377aaf010bb1a7de971.woff
IP
192.185.213.248:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
Web Open Font Format, TrueType, length 41084, version 1.66\012- data
Size
41 kB (41084 bytes)
Hash
03f859bf58e4d37841070de34be7d978
3436d4fa17e7ee470c3d62b08787cfa7de408408
5af5c3746b03792640b9cafdabddfb2c5407f72988e128541a88fa439607d940

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

GET /.well-known/en/dist/fonts/default-274a65bae9742377aaf010bb1a7de971.woff HTTP/1.1
Host: maescomadres.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://maescomadres.com.br/.well-known/en/dist/dhl.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 24 Dec 2022 15:30:26 GMT
accept-ranges: bytes
content-length: 41084
content-type: font/woff
date: Sat, 18 Mar 2023 12:37:01 GMT
server: Apache
X-Firefox-Spdy: h2

maescomadres.com.br/.well-known/en/dist/DHL_head.html

192.185.213.248

200 OK

3.8 kB

URL HTTP/2
maescomadres.com.br/.well-known/en/dist/DHL_head.html
IP
192.185.213.248:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (1836)
Size
3.8 kB (3756 bytes)
Hash
71068378e027d31dda9ce9985b85a2a9
24820d1fcbaafa77b7609fe113a57d39a34dabae
3ff8eaee5688ef15b80e24ac3dbf3edde2856294506b227faeda842c9297f865

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

GET /.well-known/en/dist/DHL_head.html HTTP/1.1
Host: maescomadres.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 24 Dec 2022 15:30:26 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 3756
content-type: text/html
date: Sat, 18 Mar 2023 12:37:01 GMT
server: Apache
X-Firefox-Spdy: h2

maescomadres.com.br/.well-known/en/dist/DHL_footer.html

192.185.213.248

200 OK

7.2 kB

URL HTTP/2
maescomadres.com.br/.well-known/en/dist/DHL_footer.html
IP
192.185.213.248:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (2591)
Size
7.2 kB (7223 bytes)
Hash
7f9219ca79463d23da83592fe5f2e482
4bfea16d7781fee78851a0da53b4eefc5e2d6cc6
aef2a9bc554e5a33b5ba3a6bd7814464166a6aa6a74b9f1f636137d3802d087f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /.well-known/en/dist/DHL_footer.html HTTP/1.1
Host: maescomadres.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 17 Jan 2023 17:37:14 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 7223
content-type: text/html
date: Sat, 18 Mar 2023 12:37:01 GMT
server: Apache
X-Firefox-Spdy: h2

maescomadres.com.br/.well-known/en/dist/fonts/iconfont-e7bece496cd0e6d60e456bc2b48c9446.woff

192.185.213.248

200 OK

9.3 kB

URL HTTP/2
maescomadres.com.br/.well-known/en/dist/fonts/iconfont-e7bece496cd0e6d60e456bc2b48c9446.woff
IP
192.185.213.248:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
Web Open Font Format, TrueType, length 9316, version 1.0\012- data
Size
9.3 kB (9316 bytes)
Hash
9355df62a665ef9249036bbccad8c54c
6b7779a10187a1a7473f604fbe3db96350868c6a
6d051536af97fbd33fae0683a1b6ce3749757ab43c8ee8c89295755fd4595807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

GET /.well-known/en/dist/fonts/iconfont-e7bece496cd0e6d60e456bc2b48c9446.woff HTTP/1.1
Host: maescomadres.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://maescomadres.com.br/.well-known/en/dist/dhl.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 24 Dec 2022 15:30:26 GMT
accept-ranges: bytes
content-length: 9316
content-type: font/woff
date: Sat, 18 Mar 2023 12:37:01 GMT
server: Apache
X-Firefox-Spdy: h2

maescomadres.com.br/.well-known/en/dist/fonts/default-815fcbb4d2c57901701125d768f09d67.woff

192.185.213.248

200 OK

41 kB

URL HTTP/2
maescomadres.com.br/.well-known/en/dist/fonts/default-815fcbb4d2c57901701125d768f09d67.woff
IP
192.185.213.248:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
Web Open Font Format, TrueType, length 41328, version 1.66\012- data
Size
41 kB (41328 bytes)
Hash
e39bd2e2657ce5dd6f9c33df18529233
6db81ebb91bfa67cef8f2f870f03046150568799
19d0bda83ecbc986620468801adf000c77c3c38398650903c63fac8dcbac4383

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

GET /.well-known/en/dist/fonts/default-815fcbb4d2c57901701125d768f09d67.woff HTTP/1.1
Host: maescomadres.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://maescomadres.com.br/.well-known/en/dist/dhl.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 24 Dec 2022 15:30:26 GMT
accept-ranges: bytes
content-length: 41328
content-type: font/woff
date: Sat, 18 Mar 2023 12:37:01 GMT
server: Apache
X-Firefox-Spdy: h2

maescomadres.com.br/.well-known/en/dist/fonts/default-3e828e80f6e985c352eba4474518978d.woff

192.185.213.248

200 OK

44 kB

URL HTTP/2
maescomadres.com.br/.well-known/en/dist/fonts/default-3e828e80f6e985c352eba4474518978d.woff
IP
192.185.213.248:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
Web Open Font Format, TrueType, length 44260, version 1.66\012- data
Size
44 kB (44260 bytes)
Hash
4a350e02a03ac62e72e9ea575b31ce84
d47b03b96b6e7034a1473a293bb594e597a41dc2
87c40e3961e21f759770615ae67568a3de3ec6e0735f1238a6aae062f4ea15d5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

GET /.well-known/en/dist/fonts/default-3e828e80f6e985c352eba4474518978d.woff HTTP/1.1
Host: maescomadres.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://maescomadres.com.br/.well-known/en/dist/dhl.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 24 Dec 2022 15:30:26 GMT
accept-ranges: bytes
content-length: 44260
content-type: font/woff
date: Sat, 18 Mar 2023 12:37:01 GMT
server: Apache
X-Firefox-Spdy: h2

maescomadres.com.br/.well-known/en/dist/favicon.ico

192.185.213.248

200 OK

1.2 kB

URL HTTP/2
maescomadres.com.br/.well-known/en/dist/favicon.ico
IP
192.185.213.248:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
1.2 kB (1150 bytes)
Hash
d8106bf3a1d00ab43b01e6e3c92500eb
202b5e8654ab1b28351378293bca3b9d844cc29b
9ada5709e264c31b04a05bd85448a9bd5e91925e8d83df5cef0762ec97cc283e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /.well-known/en/dist/favicon.ico HTTP/1.1
Host: maescomadres.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 24 Dec 2022 15:30:26 GMT
accept-ranges: bytes
content-length: 1150
cache-control: max-age=604800
expires: Sat, 25 Mar 2023 12:37:01 GMT
content-type: image/x-icon
date: Sat, 18 Mar 2023 12:37:01 GMT
server: Apache
X-Firefox-Spdy: h2

maescomadres.com.br/.well-known/en/dist/load.php

192.185.213.248

200 OK

1.3 kB

URL HTTP/2
maescomadres.com.br/.well-known/en/dist/load.php
IP
192.185.213.248:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document, ASCII text, with CRLF line terminators
Size
1.3 kB (1293 bytes)
Hash
9e005189b605ca55225dc6c65c2ef522
771724015c28340070be554fbb010e512399dea3
8cc755e85aa833f07b709c36d4a016437bf7a671b3a0591f91e331f004e46bbf

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

GET /.well-known/en/dist/load.php HTTP/1.1
Host: maescomadres.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 1293
content-type: text/html; charset=UTF-8
date: Sat, 18 Mar 2023 12:37:01 GMT
server: Apache
X-Firefox-Spdy: h2

maescomadres.com.br/.well-known/en/dist/langpack/en.json

192.185.213.248

200 OK

514 B

URL HTTP/2
maescomadres.com.br/.well-known/en/dist/langpack/en.json
IP
192.185.213.248:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
JSON data\012- , ASCII text
Size
514 B (514 bytes)
Hash
e5111c3d242107acc93f71f9c9182079
c648da6b0a6c4f9b89dbee1027cf9a7be36217ca
86f9abd216bc64ead1404975e2b6132aebc42ebd106e5be0f660b7e5852051a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

GET /.well-known/en/dist/langpack/en.json HTTP/1.1
Host: maescomadres.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 24 Dec 2022 15:30:26 GMT
accept-ranges: bytes
content-length: 514
content-type: application/json
date: Sat, 18 Mar 2023 12:37:01 GMT
server: Apache
X-Firefox-Spdy: h2

maescomadres.com.br/.well-known/en/dist/langpack/en.json

192.185.213.248

200 OK

514 B

URL HTTP/2
maescomadres.com.br/.well-known/en/dist/langpack/en.json
IP
192.185.213.248:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
JSON data\012- , ASCII text
Size
514 B (514 bytes)
Hash
e5111c3d242107acc93f71f9c9182079
c648da6b0a6c4f9b89dbee1027cf9a7be36217ca
86f9abd216bc64ead1404975e2b6132aebc42ebd106e5be0f660b7e5852051a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

GET /.well-known/en/dist/langpack/en.json HTTP/1.1
Host: maescomadres.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 24 Dec 2022 15:30:26 GMT
accept-ranges: bytes
content-length: 514
content-type: application/json
date: Sat, 18 Mar 2023 12:37:01 GMT
server: Apache
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
84762efcb2e1535ae49fca6c1523df33
93e7f138a491d4276a793c2e5b947195ae69a88c
920778735cfb5f0395bbfa1391cb4e90c547d455cac77c8bb161a0c3b55a6a3f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "920778735CFB5F0395BBFA1391CB4E90C547D455CAC77C8BB161A0C3B55A6A3F"
Last-Modified: Thu, 16 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15327
Expires: Sat, 18 Mar 2023 16:52:29 GMT
Date: Sat, 18 Mar 2023 12:37:02 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
84762efcb2e1535ae49fca6c1523df33
93e7f138a491d4276a793c2e5b947195ae69a88c
920778735cfb5f0395bbfa1391cb4e90c547d455cac77c8bb161a0c3b55a6a3f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "920778735CFB5F0395BBFA1391CB4E90C547D455CAC77C8BB161A0C3B55A6A3F"
Last-Modified: Thu, 16 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15327
Expires: Sat, 18 Mar 2023 16:52:29 GMT
Date: Sat, 18 Mar 2023 12:37:02 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
84762efcb2e1535ae49fca6c1523df33
93e7f138a491d4276a793c2e5b947195ae69a88c
920778735cfb5f0395bbfa1391cb4e90c547d455cac77c8bb161a0c3b55a6a3f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "920778735CFB5F0395BBFA1391CB4E90C547D455CAC77C8BB161A0C3B55A6A3F"
Last-Modified: Thu, 16 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15327
Expires: Sat, 18 Mar 2023 16:52:29 GMT
Date: Sat, 18 Mar 2023 12:37:02 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
84762efcb2e1535ae49fca6c1523df33
93e7f138a491d4276a793c2e5b947195ae69a88c
920778735cfb5f0395bbfa1391cb4e90c547d455cac77c8bb161a0c3b55a6a3f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "920778735CFB5F0395BBFA1391CB4E90C547D455CAC77C8BB161A0C3B55A6A3F"
Last-Modified: Thu, 16 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15327
Expires: Sat, 18 Mar 2023 16:52:29 GMT
Date: Sat, 18 Mar 2023 12:37:02 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
84762efcb2e1535ae49fca6c1523df33
93e7f138a491d4276a793c2e5b947195ae69a88c
920778735cfb5f0395bbfa1391cb4e90c547d455cac77c8bb161a0c3b55a6a3f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "920778735CFB5F0395BBFA1391CB4E90C547D455CAC77C8BB161A0C3B55A6A3F"
Last-Modified: Thu, 16 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15327
Expires: Sat, 18 Mar 2023 16:52:29 GMT
Date: Sat, 18 Mar 2023 12:37:02 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8afa2cdb-a5f3-4c78-a2ab-132c8b752b4b.png

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8afa2cdb-a5f3-4c78-a2ab-132c8b752b4b.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10338 bytes)
Hash
78453ba98b72eff3879ef163b59c86ed
80519bb3726ee1f9f211344cd433cefaed3a7f2e
61adfeff11af9583355ac7d1500e8a8d97357b2846f151f2421001994fb06655

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8afa2cdb-a5f3-4c78-a2ab-132c8b752b4b.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10338
x-amzn-requestid: 9f880b5b-056c-44bb-a811-36ea27c232aa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BvSgFGENoAMFuVw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640f9799-2318d444248f7610300c658f;Sampled=0
x-amzn-remapped-date: Mon, 13 Mar 2023 21:37:29 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: xfkObFQbeYQQjIJ4FWQ7xKbH5FPxBQ1vkTDCwWCM6IcAAu8H31BNhQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 ef8f66c83aecd87910ce2e1153544a20.cloudfront.net (CloudFront), 1.1 google
date: Sat, 18 Mar 2023 07:04:42 GMT
age: 19940
etag: "80519bb3726ee1f9f211344cd433cefaed3a7f2e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a465734-2031-4538-bcbc-9d828ea81250.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11673 bytes)
Hash
7f53bb1fb90c97461035e7f9f7f7837e
961b5fcbca5b49ca9136e74931253bb300aa1985
dad960991444a4cbd8841e5c673b0e4337bdeb8c18672b5cfadb93d4ac70e8d2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a465734-2031-4538-bcbc-9d828ea81250.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11673
x-amzn-requestid: 3675d2d9-47ab-4712-9511-0ad7570dd3cd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B8eNfFXSIAMFbhQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6414dd89-53c9817044fda17b212f0237;Sampled=0
x-amzn-remapped-date: Fri, 17 Mar 2023 21:37:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: 3NRQ90kGnSsxxMeQA9UqBNxrT5CpJWJgKKPWHwcj2XBkSIjiwE55sw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 74ab105148338444981d1b2277ffd9c4.cloudfront.net (CloudFront), 1.1 google
date: Fri, 17 Mar 2023 22:53:23 GMT
etag: "961b5fcbca5b49ca9136e74931253bb300aa1985"
content-type: image/jpeg
age: 49419
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff784a508-c4b6-43b8-aef0-aed98e41fff2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.3 kB (7328 bytes)
Hash
8895f37f5abd28598cae47303ec912d2
c5bc2c1ef3a7819b9456fff476ffa2f93b954b0a
e79cca3d8a87088262492024fe4c0d36d8b93dd88634e7ba75911d1393237008

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff784a508-c4b6-43b8-aef0-aed98e41fff2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7328
x-amzn-requestid: 7eee08f8-01f6-42d0-b3ef-e16a608a68be
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B8fJvFm0IAMFdtA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6414df0a-162212b7401ed34b32d72f4c;Sampled=0
x-amzn-remapped-date: Fri, 17 Mar 2023 21:43:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: vsTH4EJwryon5WGGcCmV-RqUiIpdM3LDxS1MczTaLWrxPem0nZ_yRg==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 1d000d0dfe9d69b4983f619fdc5499d6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 17 Mar 2023 22:12:08 GMT
age: 51894
etag: "c5bc2c1ef3a7819b9456fff476ffa2f93b954b0a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa364ba84-a707-4abe-b4c4-02d5e6726ed4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.2 kB (4230 bytes)
Hash
d9f21b4636bc8f91e6d456ae496c59ba
d7ca6a3c87043c863f1c23ff4e2062af0a2150ce
f4135a2239629fc461505652c7714515d22d99d8a1c911fdff19a590d68b10bb

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa364ba84-a707-4abe-b4c4-02d5e6726ed4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4230
x-amzn-requestid: a4e2dfd4-70d2-441e-bd8b-aa4b25491a3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B8eNfH7RoAMF14w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6414dd89-5c886cab698814b67d7ca624;Sampled=0
x-amzn-remapped-date: Fri, 17 Mar 2023 21:37:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: eYTXw16p8JL6VovuTC3CL52KzPFZPWu2vFYqHJlCSo77R8TMSfBBtw==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 3f3347264bcaae7af741e2a2f692c6a0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 17 Mar 2023 21:56:03 GMT
etag: "d7ca6a3c87043c863f1c23ff4e2062af0a2150ce"
content-type: image/jpeg
age: 52859
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

maescomadres.com.br/.well-known/en/dist/dhl.css

192.185.213.248

200 OK

470 kB

URL HTTP/2
maescomadres.com.br/.well-known/en/dist/dhl.css
IP
192.185.213.248:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
data
Size
470 kB (469665 bytes)
Hash
0229e914077e44e1b92c1cba91faec81
5eb118cafce48c10100fe062e95c10ec9be35f9a
5e235ce8595456f42509175938fd653c3b0386e74c85887d08d69d8fca6a24e9

HTTP Headers

GET /.well-known/en/dist/dhl.css HTTP/1.1
Host: maescomadres.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 24 Dec 2022 15:30:26 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Sat, 18 Mar 2023 12:37:00 GMT
server: Apache
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F261ec986-2f8d-4ff1-a532-841fb845618b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.2 kB (6151 bytes)
Hash
ae34f2fd5c842d15f05edef4c8b71dec
7e0306e3aa1b415cf9cae33b07da9f3303216a33
a5c1d1c217f6ebae09bbcb3c7ca6261e75773fdf32c1be4fedc29695f3233bf4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F261ec986-2f8d-4ff1-a532-841fb845618b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6151
x-amzn-requestid: 3df3d28e-80d9-40ff-a524-1c8d07c5b5f5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B8eWhHeBIAMF2pA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6414ddc3-023ab8d94bf6b98a5c0b4260;Sampled=0
x-amzn-remapped-date: Fri, 17 Mar 2023 21:38:11 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: Sf-LgGpKI-9JPfurhJ_S6vfH-mT0jEl77QDUUWeOE1jzGS6OU47QpA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 de2dd11312f7d5ad3bcd0cb112c7fd0e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 17 Mar 2023 21:48:47 GMT
age: 53295
etag: "7e0306e3aa1b415cf9cae33b07da9f3303216a33"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

maescomadres.com.br/.well-known/en/dist/DHL_track.html

192.185.213.248

200 OK

2.7 kB

URL HTTP/2
maescomadres.com.br/.well-known/en/dist/DHL_track.html
IP
192.185.213.248:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (356)
Size
2.7 kB (2703 bytes)
Hash
b6bcebaf1de619b0aa13940ab071a63f
70879fd5880b5988cdaa9f62d89f4bd8df690a77
76a30e217d0b205131004e456b00c6dc493e9d5fae42cb01c00fe9b76f8fdfa8

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /.well-known/en/dist/DHL_track.html HTTP/1.1
Host: maescomadres.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1
Cookie: langCookie=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 17 Jan 2023 17:28:48 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 2703
content-type: text/html
date: Sat, 18 Mar 2023 12:37:03 GMT
server: Apache
X-Firefox-Spdy: h2

maescomadres.com.br/.well-known/en/dist/jquery.validate.min.js

192.185.213.248

200 OK

9.7 kB

URL HTTP/2
maescomadres.com.br/.well-known/en/dist/jquery.validate.min.js
IP
192.185.213.248:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
Unicode text, UTF-8 text, with very long lines (24237)
Size
9.7 kB (9686 bytes)
Hash
c50acc59f088b48f986d7400d123c13a
6f2812aee7634048e0af06cdd459b51375e745a4
c65978e69eb8a1632b105d93e8c918c1c250c7a2a2223390b07ea71505263298

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

GET /.well-known/en/dist/jquery.validate.min.js HTTP/1.1
Host: maescomadres.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://maescomadres.com.br/.well-known/en/b274d5f1681bdc993cec0bd72f495271/execution.html?validation=e1s1
Cookie: langCookie=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 24 Dec 2022 15:30:26 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 9686
content-type: application/javascript
date: Sat, 18 Mar 2023 12:37:03 GMT
server: Apache
X-Firefox-Spdy: h2

maescomadres.com.br/.well-known/en/dist/fonts/default-5a6dd86f272b304a8b83f7df61f11c2f.woff

192.185.213.248

200 OK

41 kB

URL HTTP/2
maescomadres.com.br/.well-known/en/dist/fonts/default-5a6dd86f272b304a8b83f7df61f11c2f.woff
IP
192.185.213.248:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
Web Open Font Format, TrueType, length 41352, version 1.66\012- data
Size
41 kB (41352 bytes)
Hash
4e23ecf085132857bdb54b4da7373151
a50215c22a591536b21e509100d1707c6886ffd6
b033eff45e6e8ecd5c5bccd8ef9a96c4dc37325adc64c5aed8b1d909b24c4eb4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

GET /.well-known/en/dist/fonts/default-5a6dd86f272b304a8b83f7df61f11c2f.woff HTTP/1.1
Host: maescomadres.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://maescomadres.com.br/.well-known/en/dist/dhl.css
Cookie: langCookie=en
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 24 Dec 2022 15:30:26 GMT
accept-ranges: bytes
content-length: 41352
content-type: font/woff
date: Sat, 18 Mar 2023 12:37:03 GMT
server: Apache
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (11)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML