Overview

URLmail.kimsinh.vn/fedexon/trackingresult.php
IP 112.213.89.153 (Vietnam)
ASN#45544 SUPERDATA
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-12-04 00:07:44 UTC
StatusLoading report..
IDS alerts0
Blocklist alert7
urlquery alerts No alerts detected
Tags None

Domain Summary (9)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
ocsp.digicert.com (2) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-12-03 17:13:43 UTC 34.117.237.239
mail.kimsinh.vn (10) 0 2020-08-11 11:58:29 UTC 2022-12-03 13:15:23 UTC 112.213.89.153 Unknown ranking
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 44.240.57.100
portal.postnord.com (1) 884845 2019-07-04 10:12:02 UTC 2020-02-29 06:52:16 UTC 54.230.111.70
r3.o.lencr.org (6) 344 No data No data 95.101.11.115
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-12-03 17:15:13 UTC 34.102.187.140

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
Scan Date Severity Indicator Comment
2022-12-03 2 mail.kimsinh.vn/fedexon/trackingresult.php FedEx Corporation

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-12-04 2 mail.kimsinh.vn/fedexon/trackingresult.php Phishing
2022-12-04 2 mail.kimsinh.vn/fedexon/filez/claim-receipt-illustration.svg Phishing
2022-12-04 2 mail.kimsinh.vn/fedexon/filez/PostNordSans-Medium.woff2 Phishing
2022-12-04 2 mail.kimsinh.vn/fedexon/filez/PostNordSans-Light.woff2 Phishing
2022-12-04 2 mail.kimsinh.vn/fedexon/filez/PostNordSans-Bold.woff2 Phishing
2022-12-04 2 mail.kimsinh.vn/fedexon/filez/PostNordSans-Regular.woff2 Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 112.213.89.153
Date UQ / IDS / BL URL IP
2023-01-08 14:15:25 +0000 0 - 0 - 2 medtek.vn/storage/file/13778100567.pdf 112.213.89.153
2023-01-08 07:17:45 +0000 0 - 0 - 6 email.baohuyco.com.vn/.well-known/pki-validat (...) 112.213.89.153
2023-01-06 14:26:00 +0000 0 - 0 - 2 www.mucinvitinh.vn/public/images/image_upload (...) 112.213.89.153
2023-01-06 14:25:57 +0000 0 - 0 - 2 www.mucinvitinh.vn/public/images/image_upload (...) 112.213.89.153
2022-12-30 14:31:29 +0000 0 - 0 - 1 www.mucinvitinh.vn/public/images/image_upload (...) 112.213.89.153


Last 5 reports on ASN: SUPERDATA
Date UQ / IDS / BL URL IP
2023-02-04 11:19:01 +0000 0 - 0 - 2 vietcredit.click/login 27.0.15.60
2023-02-01 19:23:24 +0000 0 - 0 - 1 chithanhplastics.com/uploads/userfiles/file/n (...) 103.1.237.27
2023-02-01 18:47:15 +0000 0 - 2 - 0 ebnbestprice.com/ 103.77.162.20
2023-02-01 18:01:19 +0000 0 - 0 - 2 oncredit247.com/ 27.0.15.60
2023-02-01 08:12:25 +0000 0 - 0 - 3 justplay.asia/google/2LE/ 112.213.89.145


Last 5 reports on domain: kimsinh.vn
Date UQ / IDS / BL URL IP
2022-12-26 07:12:12 +0000 0 - 0 - 2 mail.kimsinh.vn/ 112.213.89.153
2022-12-06 00:33:50 +0000 0 - 0 - 3 mail.kimsinh.vn/webhk/trackingresult.php 112.213.89.153
2022-12-04 00:20:47 +0000 0 - 0 - 2 mail.kimsinh.vn/fedexon/formz.php?data=error 112.213.89.153
2022-12-04 00:07:44 +0000 0 - 0 - 7 mail.kimsinh.vn/fedexon/trackingresult.php 112.213.89.153
2022-12-03 22:39:15 +0000 0 - 0 - 2 mail.kimsinh.vn/fedexon/formz.php?data=error 112.213.89.153


Last 3 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-12-03 22:26:12 +0000 0 - 0 - 7 mail.kimsinh.vn/fedexon/trackingresult.php 112.213.89.153
2022-12-03 19:39:35 +0000 0 - 0 - 7 mail.kimsinh.vn/fedexon/trackingresult.php 112.213.89.153
2022-12-03 16:01:17 +0000 0 - 0 - 7 mail.kimsinh.vn/fedexon/trackingresult.php 112.213.89.153

JavaScript

Executed Scripts (0)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (30)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11873
Expires: Sun, 04 Dec 2022 03:25:26 GMT
Date: Sun, 04 Dec 2022 00:07:33 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 329
Cache-Control: max-age=124148
Date: Sun, 04 Dec 2022 00:07:33 GMT
Etag: "638b2570-1d7"
Expires: Mon, 05 Dec 2022 10:36:41 GMT
Last-Modified: Sat, 03 Dec 2022 10:31:12 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6693
Expires: Sun, 04 Dec 2022 01:59:06 GMT
Date: Sun, 04 Dec 2022 00:07:33 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 03 Dec 2022 23:18:19 GMT
cache-control: public,max-age=3600
age: 2954
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    30db107dcf4380cef05efea409c2e6a3
Sha1:   96e6a306fbc07299aba64e5c14e2bfca35872fa9
Sha256: b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: aNVRW1QEAsjg7+cFuJuU9S3xpOBnRfRX9XC6dan6AmJLC28NczzmqkzecqcJIQFdIeaf7F7wUVc=
x-amz-request-id: 9P3WEKH757ZPXAV8
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 03 Dec 2022 23:46:45 GMT
age: 1248
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sun, 04 Dec 2022 00:07:33 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 03 Dec 2022 23:11:19 GMT
cache-control: public,max-age=3600
age: 3374
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 321
Cache-Control: max-age=119078
Date: Sun, 04 Dec 2022 00:07:34 GMT
Etag: "638b11ab-1d7"
Expires: Mon, 05 Dec 2022 09:12:12 GMT
Last-Modified: Sat, 03 Dec 2022 09:06:51 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /fedexon/trackingresult.php HTTP/1.1 
Host: mail.kimsinh.vn
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         112.213.89.153
HTTP/1.1 200 OK
content-type: text/html; charset=UTF-8
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/5.6.40
set-cookie: PHPSESSID=5bbrooe2qd7hldv5232b0bgno6; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
transfer-encoding: chunked
content-encoding: gzip
vary: Accept-Encoding,User-Agent
date: Sun, 04 Dec 2022 00:07:32 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (55429), with CRLF line terminators
Size:   17584
Md5:    97873a528ddc613476a18165326b9d3d
Sha1:   0aa2637bafecad66d17c923a6a87fe31db45bb06
Sha256: ec0ae42770c993ec4c52217f530edbeb5f47e4df07483274226fa1065271c075

Alerts:
  Blocklists:
    - openphish: FedEx Corporation
    - fortinet: Phishing
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8+htHGQWcLfvQ0aCID3jJg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         44.240.57.100
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: xJsHcnlxpZxbIqc6mmKg+5ibfCw=

                                        
                                            GET /fedexon/filez/styles.ffbf76d959774ee94a2e.css HTTP/1.1 
Host: mail.kimsinh.vn
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.kimsinh.vn/fedexon/trackingresult.php
Cookie: PHPSESSID=5bbrooe2qd7hldv5232b0bgno6

search
                                         112.213.89.153
HTTP/1.1 200 OK
content-type: text/css
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=2592000
expires: Tue, 03 Jan 2023 00:07:32 GMT
last-modified: Sat, 03 Dec 2022 01:18:42 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 1090
date: Sun, 04 Dec 2022 00:07:32 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  ASCII text, with very long lines (3562), with CRLF line terminators
Size:   1090
Md5:    80283dfee00094fc831c1b1d838f32ea
Sha1:   1864c25743bd7d9d656932baaf0af2c6ef57d8c8
Sha256: 98700cea19e273e6457c19a177fdf0d957c813a7af92ef42250a5753b0aa10d4
                                        
                                            GET /fedexon/filez/icon.css HTTP/1.1 
Host: mail.kimsinh.vn
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.kimsinh.vn/fedexon/trackingresult.php
Cookie: PHPSESSID=5bbrooe2qd7hldv5232b0bgno6

search
                                         112.213.89.153
HTTP/1.1 200 OK
content-type: text/css
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=2592000
expires: Tue, 03 Jan 2023 00:07:32 GMT
last-modified: Sat, 03 Dec 2022 01:18:42 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 282
date: Sun, 04 Dec 2022 00:07:32 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   282
Md5:    33c2a68726e67e7338018efeadbfa405
Sha1:   ae47618db4ca042747d35e354c35ff4576a8b16f
Sha256: 80ed140364395ae9c34a7291b50b806b1e062d806cdd44bb312fd12cb9910bda
                                        
                                            GET /fedexon/filez/claim-receipt-illustration.svg HTTP/1.1 
Host: mail.kimsinh.vn
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.kimsinh.vn/fedexon/trackingresult.php
Cookie: PHPSESSID=5bbrooe2qd7hldv5232b0bgno6

search
                                         112.213.89.153
HTTP/1.1 200 OK
content-type: image/svg+xml
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 00:07:33 GMT
last-modified: Sat, 03 Dec 2022 01:18:42 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 2660
date: Sun, 04 Dec 2022 00:07:33 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (478)
Size:   2660
Md5:    b43b5b1c9def31ae567f62f70b6a4bc7
Sha1:   6eee9ef45e1f769046c81c1b92daba7aed4e8cb2
Sha256: ec877221c0dcf48b6e0a9710bc7865ee22fa4725377637f9f97927d8f88c1359

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /fedexon/filez/PostNordSans-Medium.woff2 HTTP/1.1 
Host: mail.kimsinh.vn
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://mail.kimsinh.vn/fedexon/filez/styles.ffbf76d959774ee94a2e.css
Cookie: PHPSESSID=5bbrooe2qd7hldv5232b0bgno6

search
                                         112.213.89.153
HTTP/1.1 200 OK
content-type: font/woff2
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 00:07:33 GMT
last-modified: Sat, 03 Dec 2022 01:18:42 GMT
accept-ranges: bytes
content-length: 18624
date: Sun, 04 Dec 2022 00:07:33 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 18624, version 1.13107\012- data
Size:   18624
Md5:    b898c7be9a6c426c57ee711801142417
Sha1:   548050136e42631932b95e37eff36b06af94f64c
Sha256: a5907fb0803d2aba227d0c8179633ad5feaab2975bb7883ac09a8657ef933f11

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /fedexon/filez/fedex.png HTTP/1.1 
Host: mail.kimsinh.vn
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.kimsinh.vn/fedexon/trackingresult.php
Cookie: PHPSESSID=5bbrooe2qd7hldv5232b0bgno6

search
                                         112.213.89.153
HTTP/1.1 200 OK
content-type: image/png
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000
expires: Mon, 04 Dec 2023 00:07:33 GMT
last-modified: Sat, 03 Dec 2022 01:18:42 GMT
accept-ranges: bytes
content-length: 17964
date: Sun, 04 Dec 2022 00:07:33 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  PNG image data, 176 x 50, 8-bit/color RGBA, non-interlaced\012- data
Size:   17964
Md5:    f9f3a4bf508eec8270bf7c8fe4397384
Sha1:   8b47c45b41e159b9dc2d6fe563b1197bd2a3ec16
Sha256: 99f7cd905d160e4bf4408195b22a893a45661a8855a0841e207d5bafe7411d90
                                        
                                            GET /fedexon/filez/PostNordSans-Light.woff2 HTTP/1.1 
Host: mail.kimsinh.vn
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://mail.kimsinh.vn/fedexon/filez/styles.ffbf76d959774ee94a2e.css
Cookie: PHPSESSID=5bbrooe2qd7hldv5232b0bgno6

search
                                         112.213.89.153
HTTP/1.1 200 OK
content-type: font/woff2
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 00:07:33 GMT
last-modified: Sat, 03 Dec 2022 01:18:42 GMT
accept-ranges: bytes
content-length: 17924
date: Sun, 04 Dec 2022 00:07:33 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 17924, version 1.13107\012- data
Size:   17924
Md5:    204691ef357645f1b88b79a6b5800583
Sha1:   241420ed81efb677b44383408cb461e06cf95e4e
Sha256: cb33b31f39c7c5e0b59f023ffa494d951544a4d97d86d83648b4ce9a87e8e838

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /fedexon/filez/PostNordSans-Bold.woff2 HTTP/1.1 
Host: mail.kimsinh.vn
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://mail.kimsinh.vn/fedexon/filez/styles.ffbf76d959774ee94a2e.css
Cookie: PHPSESSID=5bbrooe2qd7hldv5232b0bgno6

search
                                         112.213.89.153
HTTP/1.1 200 OK
content-type: font/woff2
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 00:07:33 GMT
last-modified: Sat, 03 Dec 2022 01:18:42 GMT
accept-ranges: bytes
content-length: 18684
date: Sun, 04 Dec 2022 00:07:33 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 18684, version 1.13107\012- data
Size:   18684
Md5:    cdbb430eb8a959e54d03839a49c2f293
Sha1:   e4d1299f89c0e38ddd10f7c38efb62f558b0c2d5
Sha256: 925c29d9c349984b2c2fa129f9123515d42dddfb9c59fe08a6ac8eb85123d4e6

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11675
Expires: Sun, 04 Dec 2022 03:22:10 GMT
Date: Sun, 04 Dec 2022 00:07:35 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11675
Expires: Sun, 04 Dec 2022 03:22:10 GMT
Date: Sun, 04 Dec 2022 00:07:35 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11675
Expires: Sun, 04 Dec 2022 03:22:10 GMT
Date: Sun, 04 Dec 2022 00:07:35 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11675
Expires: Sun, 04 Dec 2022 03:22:10 GMT
Date: Sun, 04 Dec 2022 00:07:35 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4666
x-amzn-requestid: 850d341f-5ccb-453c-8adf-a8194f8fbdad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clr_-GiboAMFwww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc066-766293f2526e637235067aca;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: z5uqgjB-Bsl0U55a8aFi37cpJ65Vnbjm6bJ2GnMpaO7RXsMZsOCbPQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:44:01 GMT
age: 8614
etag: "a9a529dc9894827f6243a1bf57f81caa4fe88fc2"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4666
Md5:    c01fe1cccdb3b672bbade6d98217ffe9
Sha1:   a9a529dc9894827f6243a1bf57f81caa4fe88fc2
Sha256: c43da6212c79a08e22e78e04e99e8f5422e64b4b0a87f30b7907f1b4bc675c71
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ef13a87-7179-4643-9f9e-199878f42764.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6344
x-amzn-requestid: 1c11b153-5494-4656-ad96-33bc541f93f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cgaEAGmooAMFwlA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6389a3b3-1984a9194065807d36f29532;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 07:05:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: xNjdYH9Rb0Sunnv8GTfNikc6WvQogmZP0qUM8BmhGe4h8ETPaZDH9w==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 07:16:04 GMT
age: 60691
etag: "188edc080e8a683c3fdc2968ee1e6aae114d75d2"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6344
Md5:    69411fa7c0f94e7179c2cf84b716e427
Sha1:   188edc080e8a683c3fdc2968ee1e6aae114d75d2
Sha256: 713514c9afaa1953e3387aa1d1b6203fe6387e007f9fb5347558b77dd72425e9
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8315
x-amzn-requestid: f1bcc33b-aad9-4d3b-b1f9-49282f2d4fb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMGVboAMFfxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-13472a097177d4751c8f7a8c;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6UQ_BhPmpVpe9w6gsExB-EpNq_syeCCK6fr4Y1FFK1jDJh_n1Sd0Eg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:52:47 GMT
age: 8088
etag: "22a8c4bd58c729c1abcf794466e8f3231dfb034b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8315
Md5:    db1701b7b9d161a0c935bb6e10b17893
Sha1:   22a8c4bd58c729c1abcf794466e8f3231dfb034b
Sha256: b495524a33e5b1d3ba34cfbe867ada0da956c061370b1fcde06b23a6194a9787
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F826f887d-ca78-40db-9b7d-6c693667c155.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7503
x-amzn-requestid: a4120308-c51e-4cff-99c2-90e86018b05d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cgZjCGkVIAMFpsw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6389a2e0-6fdf362a6d32449239476155;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 07:01:52 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dy619jlSTwCjwDhGuLmwTMcmuYj1Kg2oLA7xORyAYX8IHWimhNo6pw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 07:16:04 GMT
age: 60691
etag: "6a0258e8c97ce09f1723382c8a16d9682b7dc50c"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7503
Md5:    c1a6f4805f59db44f9d3520d88701a58
Sha1:   6a0258e8c97ce09f1723382c8a16d9682b7dc50c
Sha256: ae120df5e96352c6998c24c69c709dfd2b01a7ff8a7b935d496757fd7661f2f5
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 16143
x-amzn-requestid: dc86fad4-4e53-42c9-9b0a-5e4d2cfcd087
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdGyLGqmoAMFnaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851a7-0ea324b31e8c6578098b8ab9;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:03 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kRs3oBWnSs5asyPdvz6kkooy7pqm2Yr8R_2x8EXCVn3dBz_aEJurRQ==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 07:26:43 GMT
age: 60052
etag: "1d702df3a64258628f4124eafd580695f2d350af"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   16143
Md5:    14dcca2a9c4792d835ee709bcd947402
Sha1:   1d702df3a64258628f4124eafd580695f2d350af
Sha256: da01dcd8fef7c50bdb6f7a8a6a4955694092f479df3dba72f7fa69d7280d07b2
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5681
x-amzn-requestid: 8f0d66b8-d532-48d9-9a29-74540cd6ab3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltXnEotIAMFqkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc296-27349a376ff819ab63b04a81;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:41:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Uz-wJTZjej3sjP-O68BQ4hB_kkAecG0o7GkeZUan90ZgV87g0Cg_ZA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:52:38 GMT
age: 8097
etag: "36f4682ca6a33ff80ee02129c77e6f27e996ede0"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5681
Md5:    43309032a892c486f9985ef520df696e
Sha1:   36f4682ca6a33ff80ee02129c77e6f27e996ede0
Sha256: 24225ff504f30405d9ec3feb2555c738fcca0d6b265f285aa9c73a64c78a496e
                                        
                                            GET /fedexon/filez/favicon.ico HTTP/1.1 
Host: mail.kimsinh.vn
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mail.kimsinh.vn/fedexon/trackingresult.php
Cookie: PHPSESSID=5bbrooe2qd7hldv5232b0bgno6

search
                                         112.213.89.153
HTTP/1.1 200 OK
content-type: image/x-icon
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000
expires: Mon, 04 Dec 2023 00:07:33 GMT
last-modified: Sat, 03 Dec 2022 01:18:42 GMT
accept-ranges: bytes
content-length: 5430
date: Sun, 04 Dec 2022 00:07:33 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size:   5430
Md5:    a53129769d15f251d4e5c5cb966765b4
Sha1:   043d6a7b9cca5d05aba04fc0a3f4527e3ad075e0
Sha256: eab1b9a0ef942d84e3a8ed8c3e3996acb7a46af9a0b9f914ced662bcbe0e54be
                                        
                                            GET /pwa/icons/192.png HTTP/1.1 
Host: portal.postnord.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mail.kimsinh.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         54.230.111.70
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 3626
x-amz-id-2: YBGoUl86SJ/KRMCXft2ptLFWSfxCmQ3KA/TKSOxhYeCbtQKw/eefwbJigC6EbyxR+PKzgGBCqoY=
x-amz-request-id: FCF8C91NFWCRNW2J
date: Sun, 04 Dec 2022 00:07:36 GMT
cache-control: max-age=120
last-modified: Mon, 23 May 2022 14:53:00 GMT
etag: "0054e5d9a7199ca8f7646c50dcc7ca4f"
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: GDkqQ5Eo5vA3YbbHnpTREkrliXA5Gwv5AldfLsf8-EMQ-3yowEB32g==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size:   3626
Md5:    0054e5d9a7199ca8f7646c50dcc7ca4f
Sha1:   3dc357b213bd83c6a5f3d23aee546118d761d20d
Sha256: efd305becfa5fc004c0c137e1fe617738d66ba1b828c2d8ee0b59aca40712d93
                                        
                                            GET /fedexon/filez/PostNordSans-Regular.woff2 HTTP/1.1 
Host: mail.kimsinh.vn
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://mail.kimsinh.vn/fedexon/filez/styles.ffbf76d959774ee94a2e.css
Cookie: PHPSESSID=5bbrooe2qd7hldv5232b0bgno6

search
                                         112.213.89.153
HTTP/1.1 200 OK
content-type: font/woff2
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 00:07:33 GMT
last-modified: Sat, 03 Dec 2022 01:18:42 GMT
accept-ranges: bytes
content-length: 18456
date: Sun, 04 Dec 2022 00:07:33 GMT
server: LiteSpeed
vary: User-Agent


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 18456, version 1.13107\012- data
Size:   18456
Md5:    6e27090a4c7ad65ab906ec97e02eb795
Sha1:   5818906b1e545626d81224a483ae11d11d0f86af
Sha256: c3d6ac7c111917aa295e295cf90f5ab148f4b9b004bfcdfade7ad6ccca6da5cc

Alerts:
  Blocklists:
    - fortinet: Phishing