Report - serves.dhlserveslivellc.com/

Report Overview

Submitted URL
serves.dhlserveslivellc.com/
IP
67.195.197.24
ASN
#26101 YAHOO-BF1
Submitted
2022-12-06 13:07:54
Access
Website Title
Final URL
Tags
None
urlquery detections
Phishing - DHL

Detections

urlquery
18
Network Intrusion Detection
0
Threat Detection Systems
56

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
serves.dhlserveslivellc.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	6.8 kB	1.9 MB	67.195.197.24
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	61 kB	34.120.237.76
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.2 kB	23.36.77.32
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.6 kB	93.184.220.29
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
kit-free.fontawesome.com	22974	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	426 B	861 B	104.21.54.58
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.42.148.177

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-12-05	medium	serves.dhlserveslivellc.com/	DHL Airways, Inc.
2022-12-05	medium	serves.dhlserveslivellc.com/	DHL Airways, Inc.
2022-12-05	medium	serves.dhlserveslivellc.com/	DHL Airways, Inc.
2022-12-05	medium	serves.dhlserveslivellc.com/	DHL Airways, Inc.
2022-12-05	medium	serves.dhlserveslivellc.com/	DHL Airways, Inc.
2022-12-05	medium	serves.dhlserveslivellc.com/	DHL Airways, Inc.
2022-12-05	medium	serves.dhlserveslivellc.com/	DHL Airways, Inc.
2022-12-05	medium	serves.dhlserveslivellc.com/	DHL Airways, Inc.
2022-12-05	medium	serves.dhlserveslivellc.com/	DHL Airways, Inc.
2022-12-05	medium	serves.dhlserveslivellc.com/	DHL Airways, Inc.
2022-12-05	medium	serves.dhlserveslivellc.com/	DHL Airways, Inc.
2022-12-05	medium	serves.dhlserveslivellc.com/	DHL Airways, Inc.
2022-12-05	medium	serves.dhlserveslivellc.com/	DHL Airways, Inc.
2022-12-05	medium	serves.dhlserveslivellc.com/	DHL Airways, Inc.
2022-12-05	medium	serves.dhlserveslivellc.com/	DHL Airways, Inc.
2022-12-05	medium	serves.dhlserveslivellc.com/	DHL Airways, Inc.
2022-12-05	medium	serves.dhlserveslivellc.com/	DHL Airways, Inc.
2022-12-05	medium	serves.dhlserveslivellc.com/	DHL Airways, Inc.

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-06	medium	serves.dhlserveslivellc.com/	Malware
2022-12-06	medium	serves.dhlserveslivellc.com/js/fa.js	Malware
2022-12-06	medium	serves.dhlserveslivellc.com/js/jquery.steps.js	Malware
2022-12-06	medium	serves.dhlserveslivellc.com/images/img.svg	Malware
2022-12-06	medium	serves.dhlserveslivellc.com/js/jquery-3.3.1.min.js	Malware
2022-12-06	medium	serves.dhlserveslivellc.com/js/jquery-ui.min.js	Malware
2022-12-06	medium	serves.dhlserveslivellc.com/fonts/Roboto/Roboto-Medium.ttf	Malware
2022-12-06	medium	serves.dhlserveslivellc.com/fonts/Roboto/Roboto-Bold.ttf	Malware
2022-12-06	medium	serves.dhlserveslivellc.com/fonts/Roboto/Roboto-Regular.ttf	Malware
2022-12-06	medium	serves.dhlserveslivellc.com/fonts/Roboto/Roboto-Black.ttf	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	serves.dhlserveslivellc.com/js/fa.js	5.8 kB	2023-03-07	2024-02-19
Pretty URL serves.dhlserveslivellc.com/js/fa.js IP 67.195.197.24 ASN #26101 YAHOO-BF1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:20:20 Last Seen2024-02-19 18:10:03 Times Seen89 Hash a8e6a3dde655976cfaa1ae45d67d78de 59d0646c28ea61558c1266ba00002a84b20868d9 717360f1759b6925a3e40ea293d825b50fc17e8bf7e849de44d70769664bf696 Loading...

	serves.dhlserveslivellc.com/js/jquery.steps.js	55 kB	2023-03-07	2024-02-28
Pretty URL serves.dhlserveslivellc.com/js/jquery.steps.js IP 67.195.197.24 ASN #26101 YAHOO-BF1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:20:20 Last Seen2024-02-28 06:00:28 Times Seen142 Hash f90f52a6cf425581cd6d4d9030206b7d c2108a6336dfa75271c155e026d86d4ed8149efb 1591281f92394d16d6cc50fd69c9ca67619cdff00f5447eecd9b6e2345c1afaa Loading...

	serves.dhlserveslivellc.com/js/jquery-3.3.1.min.js	87 kB	2023-03-07	2024-04-26
Pretty URL serves.dhlserveslivellc.com/js/jquery-3.3.1.min.js IP 67.195.197.24 ASN #26101 YAHOO-BF1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:32 Last Seen2024-04-26 00:00:13 Times Seen2985 Hash 378087a64e1394fc51f300bb9c11878c 0c3192b500a4fd550e483cf77a49806a5872185b 4fe68fa216176e6d1f4580e924bafecc9f519984ecc06b1a840a08b0d88c95de Loading...

	serves.dhlserveslivellc.com/js/jquery-ui.min.js	254 kB	2023-03-07	2024-03-19
Pretty URL serves.dhlserveslivellc.com/js/jquery-ui.min.js IP 67.195.197.24 ASN #26101 YAHOO-BF1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:20:20 Last Seen2024-03-19 05:09:47 Times Seen79 Hash d9770b4828d7480cd1f665c2c9363dbe 8ae1bdecefab956f66abd6c18f7de753e22c4704 35f185a2aacd3c120d77143582a9fede64aa4568dcc65a3137ff3a5a711de6a4 Loading...

	serves.dhlserveslivellc.com/	6.3 kB	2023-03-07	2023-12-21
Pretty URL serves.dhlserveslivellc.com/ IP 67.195.197.24 ASN #26101 YAHOO-BF1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:20:20 Last Seen2023-12-21 04:17:50 Times Seen25 Hash 66626b480cee6582749ef6889cc003a3 93a4dc0cb464023dccfd0230bd7725804fbc5e51 5f0aee4772099dffa6404875d4504ea7c1a126f4bd3cb4b42e39e37af8889726 Loading...

HTTP Transactions (40)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2498
Expires: Tue, 06 Dec 2022 13:49:21 GMT
Date: Tue, 06 Dec 2022 13:07:43 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
f83c5e33ba42e312ee398848bbb711f5
caa1fd23b1fbbe883292ded04404c1cfd861eb09
106d08fba45f1e13f85b4b5abc456594878494238933e54b6a06e21ed8a52bc9

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2144
Cache-Control: max-age=165559
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 13:07:43 GMT
Etag: "638f19f6-1d7"
Expires: Thu, 08 Dec 2022 11:07:02 GMT
Last-Modified: Tue, 06 Dec 2022 10:31:18 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2592
Expires: Tue, 06 Dec 2022 13:50:55 GMT
Date: Tue, 06 Dec 2022 13:07:43 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 06 Dec 2022 12:20:24 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2839
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: yHzGrjaa8VjZR9O/BrODlsDiHo6Lw+tQPEg0shYNGTyGjg2ythjI/BxwG7kSL3k6bmzDLIVcqj8=
x-amz-request-id: 5ZHKRE6VXJ56YWM9
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 06 Dec 2022 12:47:06 GMT
age: 1237
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 13:07:43 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 06 Dec 2022 12:08:58 GMT
cache-control: public,max-age=3600
age: 3525
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0f7dcaa590e32cfd1c075255188d5f06
d4bb4954fefdb3b59560b54adf500e806e252e39
195795c2511b31519134f5eb4442d8708918ecaff72f8e821a5473ad7c97c448

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2129
Cache-Control: max-age=160476
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 13:07:43 GMT
Etag: "638f062a-1d7"
Expires: Thu, 08 Dec 2022 09:42:19 GMT
Last-Modified: Tue, 06 Dec 2022 09:06:50 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

52.42.148.177

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.42.148.177:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: SVZCUIpqAqoj2WEsgOFFsA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 3WxulKzEWTOGWrYWuVCB+MSv/V0=

serves.dhlserveslivellc.com/

67.195.197.24

200 OK

16 kB

URL HTTP/1.1
serves.dhlserveslivellc.com/
IP
67.195.197.24:0
ASN
#26101 YAHOO-BF1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
16 kB (16529 bytes)
Hash
77a528574aee9285f031a220fdde4d96
ccdb76ca121e2edb6ba69f67a06b1d68c2de564c
89de13be738da3349478a740a5d864709b44c85f3d51c119daee8d726b542cbf

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.
fortinet	Malware

HTTP Headers

GET / HTTP/1.1
Host: serves.dhlserveslivellc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:07:42 GMT
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Age: 4
Transfer-Encoding: chunked
Connection: keep-alive
Server: ATS

serves.dhlserveslivellc.com/css/roboto-font.css

67.195.197.24

200 OK

246 B

URL HTTP/1.1
serves.dhlserveslivellc.com/css/roboto-font.css
IP
67.195.197.24:0
ASN
#26101 YAHOO-BF1

File type
ASCII text
Size
246 B (246 bytes)
Hash
a8c54b1d907c15f1a6a9fcd2a110ac48
67eec8b437f97baab49718fdcc58fe1762dfdb60
3db88c5b3f7cca116666523f39deb3f010eb482b5f0b1355bae7e6ed87aef60c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
openphish	DHL Airways, Inc.

HTTP Headers

GET /css/roboto-font.css HTTP/1.1
Host: serves.dhlserveslivellc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://serves.dhlserveslivellc.com/

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:07:44 GMT
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Wed, 06 May 2020 01:11:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 246
Content-Type: text/css
Age: 0
Connection: keep-alive
Server: ATS

serves.dhlserveslivellc.com/fonts/material-design-iconic-font/css/material-design-iconic-font.min.css

67.195.197.24

200 OK

8.0 kB

URL HTTP/1.1
serves.dhlserveslivellc.com/fonts/material-design-iconic-font/css/material-design-iconic-font.min.css
IP
67.195.197.24:0
ASN
#26101 YAHOO-BF1

File type
ASCII text, with very long lines (65536), with no line terminators
Size
8.0 kB (8004 bytes)
Hash
8e52d20cf4fddc255d601b84eb80ff21
bfee70e6b9023a19bdc803e525759d1baca76e3d
64e48e86e8ca9bb84b40fe9dddaec3c3f131552445fc9d9d5593a6174f9b8269

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.

HTTP Headers

GET /fonts/material-design-iconic-font/css/material-design-iconic-font.min.css HTTP/1.1
Host: serves.dhlserveslivellc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://serves.dhlserveslivellc.com/

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:07:44 GMT
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Wed, 06 May 2020 01:11:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8004
Content-Type: text/css
Age: 0
Connection: keep-alive
Server: ATS

serves.dhlserveslivellc.com/js/fa.js

67.195.197.24

200 OK

2.1 kB

URL HTTP/1.1
serves.dhlserveslivellc.com/js/fa.js
IP
67.195.197.24:0
ASN
#26101 YAHOO-BF1

File type
ASCII text, with very long lines (5479)
Size
2.1 kB (2092 bytes)
Hash
0822ea750affddf08220384a6b56ab61
b770d40cb9bb42d2d62c19c33752b9065824662b
90fb3b66cfd16764fd4a5eda42e4290bee645517e6ebd7b4dbc9dbee01514e63

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
openphish	DHL Airways, Inc.
fortinet	Malware

HTTP Headers

GET /js/fa.js HTTP/1.1
Host: serves.dhlserveslivellc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://serves.dhlserveslivellc.com/

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:07:44 GMT
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Wed, 06 May 2020 01:11:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2092
Content-Type: application/javascript
Age: 0
Connection: keep-alive
Server: ATS

serves.dhlserveslivellc.com/css/style.css

67.195.197.24

200 OK

2.7 kB

URL HTTP/1.1
serves.dhlserveslivellc.com/css/style.css
IP
67.195.197.24:0
ASN
#26101 YAHOO-BF1

File type
ASCII text, with CRLF line terminators
Size
2.7 kB (2693 bytes)
Hash
503d49c7558a766a38d7a062a5ac3b89
a600eef3a704ad71f57fe5adfdac7d9dccf9b4bc
6fa1dc1b150ccd4fbd431b7a80aa510ca4bd62483447345da028765fbbf0b40b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
openphish	DHL Airways, Inc.

HTTP Headers

GET /css/style.css HTTP/1.1
Host: serves.dhlserveslivellc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://serves.dhlserveslivellc.com/

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:07:44 GMT
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Wed, 06 May 2020 01:11:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2693
Content-Type: text/css
Age: 0
Connection: keep-alive
Server: ATS

serves.dhlserveslivellc.com/css/jquery-ui.min.css

67.195.197.24

200 OK

7.6 kB

URL HTTP/1.1
serves.dhlserveslivellc.com/css/jquery-ui.min.css
IP
67.195.197.24:0
ASN
#26101 YAHOO-BF1

File type
ASCII text, with very long lines (29135)
Size
7.6 kB (7604 bytes)
Hash
41ae81947849b538eaf3bf88dae31a2b
e99988f01e42d488cf529939ba25a0977014745c
f11647bd717bf277cbead3c981ba2c90aa67fb9a751e03ab27c1080da800c5ac

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
openphish	DHL Airways, Inc.

HTTP Headers

GET /css/jquery-ui.min.css HTTP/1.1
Host: serves.dhlserveslivellc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://serves.dhlserveslivellc.com/

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:07:44 GMT
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Wed, 06 May 2020 01:11:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7604
Content-Type: text/css
Age: 0
Connection: keep-alive
Server: ATS

serves.dhlserveslivellc.com/js/jquery.steps.js

67.195.197.24

200 OK

11 kB

URL HTTP/1.1
serves.dhlserveslivellc.com/js/jquery.steps.js
IP
67.195.197.24:0
ASN
#26101 YAHOO-BF1

File type
ASCII text, with CRLF line terminators
Size
11 kB (10689 bytes)
Hash
a32a3953e47065f001b8b736a48bc9d2
6029e07f4d38cd9b4ac3bb8f9e815775329259a9
e342e076f3b1dc0fdaf831f84f28561215ee034a558676994618c882f3642967

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
openphish	DHL Airways, Inc.
fortinet	Malware

HTTP Headers

GET /js/jquery.steps.js HTTP/1.1
Host: serves.dhlserveslivellc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://serves.dhlserveslivellc.com/

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:07:44 GMT
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Wed, 06 May 2020 01:11:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10689
Content-Type: application/javascript
Age: 0
Connection: keep-alive
Server: ATS

serves.dhlserveslivellc.com/images/wizard_v3_icon_1.png

67.195.197.24

200 OK

4.6 kB

URL HTTP/1.1
serves.dhlserveslivellc.com/images/wizard_v3_icon_1.png
IP
67.195.197.24:0
ASN
#26101 YAHOO-BF1

File type
PNG image data, 150 x 35, 8-bit/color RGBA, non-interlaced\012- data
Size
4.6 kB (4633 bytes)
Hash
9be5e19e6f7538afce632d82b855dd24
12dec760d83e8db9c2073d46512c1b76b7a4edc2
5abaa5a71c4481349f88fb44e395b25d99a953329d0d5fbb11880312f4752fec

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
openphish	DHL Airways, Inc.

HTTP Headers

GET /images/wizard_v3_icon_1.png HTTP/1.1
Host: serves.dhlserveslivellc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://serves.dhlserveslivellc.com/

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:07:44 GMT
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Wed, 06 May 2020 01:11:16 GMT
Accept-Ranges: bytes
Content-Length: 4633
Cache-Control: max-age=864000
Expires: Fri, 16 Dec 2022 13:07:44 GMT
Content-Type: image/png
Age: 0
Connection: keep-alive
Server: ATS

serves.dhlserveslivellc.com/images/img.svg

67.195.197.24

200 OK

722 B

URL HTTP/1.1
serves.dhlserveslivellc.com/images/img.svg
IP
67.195.197.24:0
ASN
#26101 YAHOO-BF1

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
722 B (722 bytes)
Hash
75e6a3a06ceab9d5d544db411b461773
6133136f4082d6e1286023a7a28e32fe69d0ad40
60f60db64661c2ec17815671734b616bab2fe1befacad5482953f3e7dc13961a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
openphish	DHL Airways, Inc.
fortinet	Malware

HTTP Headers

GET /images/img.svg HTTP/1.1
Host: serves.dhlserveslivellc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://serves.dhlserveslivellc.com/

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:07:44 GMT
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Wed, 06 May 2020 01:11:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 722
Content-Type: image/svg+xml
Age: 0
Connection: keep-alive
Server: ATS

serves.dhlserveslivellc.com/images/wizard_v4_icon.png

67.195.197.24

200 OK

1.1 kB

URL HTTP/1.1
serves.dhlserveslivellc.com/images/wizard_v4_icon.png
IP
67.195.197.24:0
ASN
#26101 YAHOO-BF1

File type
PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced\012- data
Size
1.1 kB (1131 bytes)
Hash
d3aab532241c4ae850bf45efa0047073
cfb509e3a77c0f8ab1a8083b7cd9754ac8b1a06e
4927e407f1f4b81dbc5d6269117fafdda60011698398015591dd10f33b779ffc

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
openphish	DHL Airways, Inc.

HTTP Headers

GET /images/wizard_v4_icon.png HTTP/1.1
Host: serves.dhlserveslivellc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://serves.dhlserveslivellc.com/css/style.css

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:07:44 GMT
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Wed, 06 May 2020 01:11:16 GMT
Accept-Ranges: bytes
Content-Length: 1131
Cache-Control: max-age=864000
Expires: Fri, 16 Dec 2022 13:07:44 GMT
Content-Type: image/png
Age: 0
Connection: keep-alive
Server: ATS

serves.dhlserveslivellc.com/js/jquery-3.3.1.min.js

67.195.197.24

200 OK

30 kB

URL HTTP/1.1
serves.dhlserveslivellc.com/js/jquery-3.3.1.min.js
IP
67.195.197.24:0
ASN
#26101 YAHOO-BF1

File type
ASCII text, with very long lines (65450), with CRLF line terminators
Size
30 kB (30313 bytes)
Hash
ce93c33b71763f3e28eb7143970bc99f
55be0c55a057d50145b5f98c1f052f037f4f8121
67de797f8fc77b76b35acde3b604f60aa8d768f1bf226eb20ed13db08cdbcb10

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
openphish	DHL Airways, Inc.
fortinet	Malware

HTTP Headers

GET /js/jquery-3.3.1.min.js HTTP/1.1
Host: serves.dhlserveslivellc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://serves.dhlserveslivellc.com/

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:07:44 GMT
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Wed, 06 May 2020 01:11:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 30313
Content-Type: application/javascript
Age: 0
Connection: keep-alive
Server: ATS

serves.dhlserveslivellc.com/fonts/material-design-iconic-font/fonts/Material-Design-Iconic-Font.woff2?v=2.2.0

67.195.197.24

200 OK

38 kB

URL HTTP/1.1
serves.dhlserveslivellc.com/fonts/material-design-iconic-font/fonts/Material-Design-Iconic-Font.woff2?v=2.2.0
IP
67.195.197.24:0
ASN
#26101 YAHOO-BF1

File type
Web Open Font Format (Version 2), TrueType, length 38384, version 1.0\012- data
Size
38 kB (38384 bytes)
Hash
a4d31128b633bc0b1cc1f18a34fb3851
6ee4c79372c3fd679706306ede47e4b03cf53d60
e8eea96e29a7c0a72612ab85ca3229979666467a28349642c2176e7189a1a39c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /fonts/material-design-iconic-font/fonts/Material-Design-Iconic-Font.woff2?v=2.2.0 HTTP/1.1
Host: serves.dhlserveslivellc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://serves.dhlserveslivellc.com/fonts/material-design-iconic-font/css/material-design-iconic-font.min.css

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:07:44 GMT
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Wed, 06 May 2020 01:11:16 GMT
Accept-Ranges: bytes
Content-Length: 38384
Content-Type: application/octet-stream
Age: 0
Connection: keep-alive
Server: ATS

serves.dhlserveslivellc.com/js/jquery-ui.min.js

67.195.197.24

200 OK

68 kB

URL HTTP/1.1
serves.dhlserveslivellc.com/js/jquery-ui.min.js
IP
67.195.197.24:0
ASN
#26101 YAHOO-BF1

File type
ASCII text, with very long lines (33326)
Size
68 kB (67747 bytes)
Hash
578f4306c216f42e85edab2fd92f6055
95769c57a5dc609079289962d7a1246c0e69f159
cd059bd301db04a93223aa6acf47625a7e02857004e0b2a6b234f84429ee8c0f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
openphish	DHL Airways, Inc.
fortinet	Malware

HTTP Headers

GET /js/jquery-ui.min.js HTTP/1.1
Host: serves.dhlserveslivellc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://serves.dhlserveslivellc.com/

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:07:44 GMT
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Wed, 06 May 2020 01:11:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/javascript
Age: 0
Transfer-Encoding: chunked
Connection: keep-alive
Server: ATS

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6871
Expires: Tue, 06 Dec 2022 15:02:16 GMT
Date: Tue, 06 Dec 2022 13:07:45 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6871
Expires: Tue, 06 Dec 2022 15:02:16 GMT
Date: Tue, 06 Dec 2022 13:07:45 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6871
Expires: Tue, 06 Dec 2022 15:02:16 GMT
Date: Tue, 06 Dec 2022 13:07:45 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6871
Expires: Tue, 06 Dec 2022 15:02:16 GMT
Date: Tue, 06 Dec 2022 13:07:45 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6871
Expires: Tue, 06 Dec 2022 15:02:16 GMT
Date: Tue, 06 Dec 2022 13:07:45 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffaf0de04-19bf-4944-9ac5-5178afafb192.jpeg

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffaf0de04-19bf-4944-9ac5-5178afafb192.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11352 bytes)
Hash
7f2c354a00ab51d4a41221b6bf191c10
01ceb7233fe05ad8dff3a0a43eef879ea2b83ec4
7d3c8417e1db0db41ceb8b4bf3f506864392dd1ad29319a06a8a6055f6f2ed12

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffaf0de04-19bf-4944-9ac5-5178afafb192.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11352
x-amzn-requestid: 7c3fc7bb-eb1f-46ec-8e92-b6ffc6261848
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSwuF1ToAMFiIA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64d1-7c53152a279f00595b9886bd;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:25 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: aYf5d6wAJlPSXVwF5uQXUb1g_65z-v6tInk7IF64bBV-w31d3MKeIQ==
via: 1.1 b6d577696b14c86cbfeb5b3459f38c50.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:22:23 GMT
age: 53122
etag: "01ceb7233fe05ad8dff3a0a43eef879ea2b83ec4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffbcb6f9-483c-4254-9451-927fa2fc2294.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.0 kB (3968 bytes)
Hash
9838b65dde746487c806ee9739f8b222
1c95a1e47e903cc6775df2c5ed3f2f58cca42dc8
cf3ddc240b33d0f588d5acb30593b6846874a192bff9f5b69455877d7f63be53

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffbcb6f9-483c-4254-9451-927fa2fc2294.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3968
x-amzn-requestid: 55111bc4-d002-44a0-855a-533251b144fb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSveGo_IAMFQvA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64c9-28e0a83d7f9f1ffc7544bb3d;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:17 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hTx-BIZT_THNG5yNlQDL6LCM5lBs8ezZK8-5FMFiarpRfhmBu6pbTQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:45:51 GMT
age: 55314
etag: "1c95a1e47e903cc6775df2c5ed3f2f58cca42dc8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11224 bytes)
Hash
b15136d60fd0a5e0f657a4f5c75d540f
36082b7329d473829178f280cb71a83b1531e486
79478269b1f5dcfd1e45ccd4264fa44805b37c5c8fec820bcbd2fa1689dfbbd8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11224
x-amzn-requestid: 938de0b8-1055-4416-9ad7-162ab5f4db9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUINEwdoAMFuOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6701-38b079ef341bb17e567de773;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:45 GMT
x-amz-cf-pop: YVR50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tGtiCE9C3j0BUruNaFN2j1mKxCSouLmocmTXpmLMBJaLNyVwkXu1gQ==
via: 1.1 f0ac467993db44dbfc36b778dfcaf73c.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:23:09 GMT
age: 53076
etag: "36082b7329d473829178f280cb71a83b1531e486"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa8a7b1a4-645c-4164-abf9-5450ef421f97.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8660 bytes)
Hash
fddffc8edfa3ca668c8ac740d34f46c5
63483fc211cfb2808c7f37940a4065b4f4177c59
3c736f085f8f25d68c3dd946d5a546dc6d1f5f6e94a0da17b7fd4662d61a0b50

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa8a7b1a4-645c-4164-abf9-5450ef421f97.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8660
x-amzn-requestid: d5cf901f-bd2b-4269-918a-29a0bec09a40
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_uBG9IIAMFxcw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d1326-63b4ea925878dab212409f2b;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: bywOU4HpwW6ebOdbHiI_ctX46Z-LXrUcRIVacGUtf_tyISXlXjOP4g==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:51:33 GMT
age: 54972
etag: "63483fc211cfb2808c7f37940a4065b4f4177c59"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d735c66-8946-4145-a67f-e17dd48087bc.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11175 bytes)
Hash
38b97436af942d5eb1111ca7043259a0
0234fe32c84c4711f0619714f3ac6d3db1b717d3
a76a7721355abbaecd5c8cb5218e7e4626dc345eb26e7541c71bf4ceaa7ae5d8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d735c66-8946-4145-a67f-e17dd48087bc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11175
x-amzn-requestid: 9c93ddca-1247-44af-a364-e617f69ace26
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSzYEnEoAMFa2A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64e2-7d38ea383725901524bc2ca0;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: jqWuNfsDgPOsqxlX2HGJdhXm9GnGC-TBafSbSCrztICFgEwcyqc_iA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:22:22 GMT
age: 53123
etag: "0234fe32c84c4711f0619714f3ac6d3db1b717d3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a1b8c21-bea6-4053-8dea-90393eea45b7.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8656 bytes)
Hash
30d72693680b3ac91c0eee4d47a26196
cd923a5a3810bfe86be2eca4b97c739d76756d93
69ca9e172f6b0c5bf158022d533701b89282630deaa0ce7df27ed459c9bfe75e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a1b8c21-bea6-4053-8dea-90393eea45b7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8656
x-amzn-requestid: cfc71f7f-d1c6-47c9-8107-864701dbf3c3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSwkEHmIAMFUnw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64d0-6705510852d26ae24b3e5ea4;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:24 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zTGiKMan3uG3edx5AsFabNE4eG_dmzrIIOFCWcOxYN0UgSCGTNTtxw==
via: 1.1 c9b161639a9353c2354b895548ea9fca.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:22:25 GMT
age: 53120
etag: "cd923a5a3810bfe86be2eca4b97c739d76756d93"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

serves.dhlserveslivellc.com/fonts/Roboto/Roboto-Medium.ttf

67.195.197.24

200 OK

172 kB

URL HTTP/1.1
serves.dhlserveslivellc.com/fonts/Roboto/Roboto-Medium.ttf
IP
67.195.197.24:0
ASN
#26101 YAHOO-BF1

File type
TrueType Font data, 18 tables, 1st "GDEF", 28 names, Macintosh, Copyright 2011 Google Inc. All Rights Reserved.Roboto MediumRegularVersion 2.137; 2017Roboto-Med\012- data
Size
172 kB (172064 bytes)
Hash
d08840599e05db7345652d3d417574a9
5f16f4d6dbb4a4f12d8ae96488ac209bb49762a5
f205cc511821ea56078a105557fcea6253129404d411c997e1866fbd006abb68

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
openphish	DHL Airways, Inc.
fortinet	Malware

HTTP Headers

GET /fonts/Roboto/Roboto-Medium.ttf HTTP/1.1
Host: serves.dhlserveslivellc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://serves.dhlserveslivellc.com/css/roboto-font.css

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:07:44 GMT
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Wed, 06 May 2020 01:11:16 GMT
Accept-Ranges: bytes
Content-Length: 172064
Content-Type: application/x-font-ttf
Age: 0
Connection: keep-alive
Server: ATS

serves.dhlserveslivellc.com/images/favicon.ico

67.195.197.24

200 OK

1.2 kB

URL HTTP/1.1
serves.dhlserveslivellc.com/images/favicon.ico
IP
67.195.197.24:0
ASN
#26101 YAHOO-BF1

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
1.2 kB (1150 bytes)
Hash
d8106bf3a1d00ab43b01e6e3c92500eb
202b5e8654ab1b28351378293bca3b9d844cc29b
9ada5709e264c31b04a05bd85448a9bd5e91925e8d83df5cef0762ec97cc283e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
openphish	DHL Airways, Inc.

HTTP Headers

GET /images/favicon.ico HTTP/1.1
Host: serves.dhlserveslivellc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://serves.dhlserveslivellc.com/

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:07:45 GMT
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Wed, 06 May 2020 01:11:16 GMT
Accept-Ranges: bytes
Content-Length: 1150
Content-Type: image/x-icon
Age: 0
Connection: keep-alive
Server: ATS

serves.dhlserveslivellc.com/fonts/Roboto/Roboto-Bold.ttf

67.195.197.24

200 OK

171 kB

URL HTTP/1.1
serves.dhlserveslivellc.com/fonts/Roboto/Roboto-Bold.ttf
IP
67.195.197.24:0
ASN
#26101 YAHOO-BF1

File type
TrueType Font data, 18 tables, 1st "GDEF", 26 names, Macintosh, Copyright 2011 Google Inc. All Rights Reserved.RobotoBoldRoboto BoldVersion 2.137; 2017Roboto-Bo\012- data
Size
171 kB (170760 bytes)
Hash
ee7b96fa85d8fdb8c126409326ac2d2b
0ce37ced9c5fcac9bdc452a432c1258870ba4677
7d0b991ee3e0be7af01ad7ea8cd2beea6c00a25e679a0226b6737f079aafff86

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
openphish	DHL Airways, Inc.
fortinet	Malware

HTTP Headers

GET /fonts/Roboto/Roboto-Bold.ttf HTTP/1.1
Host: serves.dhlserveslivellc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://serves.dhlserveslivellc.com/css/roboto-font.css

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:07:44 GMT
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Wed, 06 May 2020 01:11:16 GMT
Accept-Ranges: bytes
Content-Length: 170760
Content-Type: application/x-font-ttf
Age: 0
Connection: keep-alive
Server: ATS

serves.dhlserveslivellc.com/fonts/Roboto/Roboto-Regular.ttf

67.195.197.24

200 OK

172 kB

URL HTTP/1.1
serves.dhlserveslivellc.com/fonts/Roboto/Roboto-Regular.ttf
IP
67.195.197.24:0
ASN
#26101 YAHOO-BF1

File type
TrueType Font data, 18 tables, 1st "GDEF", 26 names, Macintosh, Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-RegularRob\012- data
Size
172 kB (171676 bytes)
Hash
3e1af3ef546b9e6ecef9f3ba197bf7d2
dd1b1db13ff1f72138c134c62f38fef83749f36a
79e851404657dac2106b3d22ad256d47824a9a5765458edb72c9102a45816d95

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
openphish	DHL Airways, Inc.
fortinet	Malware

HTTP Headers

GET /fonts/Roboto/Roboto-Regular.ttf HTTP/1.1
Host: serves.dhlserveslivellc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://serves.dhlserveslivellc.com/css/roboto-font.css

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:07:44 GMT
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Wed, 06 May 2020 01:11:16 GMT
Accept-Ranges: bytes
Content-Length: 171676
Content-Type: application/x-font-ttf
Age: 0
Connection: keep-alive
Server: ATS

serves.dhlserveslivellc.com/fonts/Roboto/Roboto-Black.ttf

67.195.197.24

200 OK

172 kB

URL HTTP/1.1
serves.dhlserveslivellc.com/fonts/Roboto/Roboto-Black.ttf
IP
67.195.197.24:0
ASN
#26101 YAHOO-BF1

File type
TrueType Font data, 18 tables, 1st "GDEF", 28 names, Macintosh, Copyright 2011 Google Inc. All Rights Reserved.Roboto BlackRegularVersion 2.137; 2017Roboto-Blac\012- data
Size
172 kB (171480 bytes)
Hash
ec4c9962ba54eb91787aa93d361c10a8
c572416b9587c40d49ea60c7128f7f17b9317ad8
3872e9b39760a1b59ac1e192633dbb3b58e595b4d423930ac7ded525e9ae25e0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
openphish	DHL Airways, Inc.
fortinet	Malware

HTTP Headers

GET /fonts/Roboto/Roboto-Black.ttf HTTP/1.1
Host: serves.dhlserveslivellc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://serves.dhlserveslivellc.com/css/roboto-font.css

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:07:45 GMT
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Wed, 06 May 2020 01:11:16 GMT
Accept-Ranges: bytes
Content-Length: 171480
Content-Type: application/x-font-ttf
Age: 0
Connection: keep-alive
Server: ATS

serves.dhlserveslivellc.com/images/bg.jpg

67.195.197.24

200 OK

1.1 MB

URL HTTP/1.1
serves.dhlserveslivellc.com/images/bg.jpg
IP
67.195.197.24:0
ASN
#26101 YAHOO-BF1

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=9, description=Frankfurt/ Main, 31 October 2002 Deutsche Post World Net launches STAR - Group-wide value enhancement programme ## Frankfurt/, orientation=upper-left, xresolution=354, yresolution=362, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2008:06:26 16:37:43, copyright=Deutsche Post World Net], baseline, precision 8, 2880x2045, components 4\012- data
Size
1.1 MB (1052344 bytes)
Hash
5c2ac9314ae3c0259449424163081404
c879027f32270cfe72949d12f73f09de8ae87a5f
81295e3657ad03f98dafc8b01981859656dcf33a052bfe61183ad7072821acd8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
openphish	DHL Airways, Inc.

HTTP Headers

GET /images/bg.jpg HTTP/1.1
Host: serves.dhlserveslivellc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://serves.dhlserveslivellc.com/

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 13:07:44 GMT
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Wed, 06 May 2020 01:11:16 GMT
Accept-Ranges: bytes
Content-Length: 1052344
Cache-Control: max-age=864000
Expires: Fri, 16 Dec 2022 13:07:44 GMT
Content-Type: image/jpeg
Age: 0
Connection: keep-alive
Server: ATS

kit-free.fontawesome.com/releases/latest/css/free-v4-shims.min.css

104.21.54.58

200 OK

0 B

URL HTTP/2
kit-free.fontawesome.com/releases/latest/css/free-v4-shims.min.css
IP
104.21.54.58:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /releases/latest/css/free-v4-shims.min.css HTTP/1.1
Host: kit-free.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://serves.dhlserveslivellc.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 06 Dec 2022 13:07:44 GMT
content-type: text/css
x-amz-id-2: yBVgXOI1p1cQzefoffXhziBF5Jgpek6e7OoszIxkICR473TwIFpWfHO7oW2w1nosT1t0IulOypU=
x-amz-request-id: 1JT537VQK7AMARG6
last-modified: Wed, 04 Aug 2021 21:22:51 GMT
etag: W/"76f34b71fc9fb641507ff6a822cc07f5"
cache-control: max-age=1800
cf-cache-status: HIT
age: 946
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xgZ1Yq9g5a%2FjstTdZlGfXp4T2196pUEI9T%2FmxVW%2BXcBA7yiRUUK2dT14CymAR6YJDSKQLG3jfAHXWGnTLp9RXCs9742ef93NUuGXVba6GJAZk%2FXzBK8eND9DCARTVQFHGpIOMteuMR8UL5M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77553f0c5c17b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (40)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size