| couriernote-001-site1.jtempurl.com/x02CzHXoa89WRbWhRV6PkzuPaLbTYgQO | 45.58.159.112 | | 210 B |
URL couriernote-001-site1.jtempurl.com/x02CzHXoa89WRbWhRV6PkzuPaLbTYgQO IP45.58.159.112:0
File typeHTML document, ASCII text Hash31b6183945b23f3237cea6acdcb91853 483ea3ac6b6491cee1fde0bddeae208a8f147e95 4a59ea7a803e2c7de336103d84f319efbb0c900f1a65dad4aa826db264640f62
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - DHL | OpenPhish | phishing | DHL Airways, Inc. |
GET /x02CzHXoa89WRbWhRV6PkzuPaLbTYgQO HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Cache-Control: no-cache, private
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Location: http://couriernote-001-site1.jtempurl.com
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Set-Cookie: XSRF-TOKEN=eyJpdiI6Ik9iMk5mdlBVcDZTRjNDajZXeVJhMkE9PSIsInZhbHVlIjoiWFZIVjd3STJCOGJubTNvbmt1T2NJVHNaenRrM0N6dzhKV2pzYy94cFM0ZURvc3JYTXRSV3VYTUdIRjFEcWJlN3F0blZjdGdsU2VIZC9iVTU0Smw0ZE9EMkxtMkwyVmFKNEtIdkNrMkNnYWNrWHViRFI5QlJZbldIWG9WU1ZTL1AiLCJtYWMiOiJlN2QxYmNhNDg1M2UxNGM0ZjMzOTYzMjIzNzkxY2Q0ODY1ZmQ0OWIzOGQyOWI1ODc0NTY0MTE2MWY4ODliMjJiIiwidGFnIjoiIn0%3D; expires=Wed, 17-Apr-2024 07:57:08 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6IjgrYld5ajlPSU0vOTRQSXNZeVdlNnc9PSIsInZhbHVlIjoiUEtRbzFSYW95UEtpZnNqeVoxYmJESHZLc0txSGlDSUVRYm9xb0F2aW5oTmFlL2VuVHZSK3VkbjlRdExGc2JDK2Z1L3laTXVySzN3NmNYZXhReDhHN1Zzb2w3QS83dmJUMVhQd2lRVmVsUjcvTGZnWkRhbFBmZVE0bDE3OFphbEUiLCJtYWMiOiI4ZGQ3MmI1Nzk2NWFkNGY1ZmRmYzJiYmE4MjRjOGM2ZDVhZDA1MjAyZTliMzMwNzg3MDA0MDUyNDBkNTM5Yjk1IiwidGFnIjoiIn0%3D; expires=Wed, 17-Apr-2024 07:57:08 GMT; Max-Age=7200; path=/; httponly; samesite=lax
X-Powered-By: PHP/8.0.23, ASP.NET
Date: Wed, 17 Apr 2024 05:57:07 GMT
Content-Length: 210
|
|
| couriernote-001-site1.jtempurl.com/ | 45.58.159.112 | | 348 B |
URL couriernote-001-site1.jtempurl.com/ IP45.58.159.112:0
File typeHTML document, ASCII text Hash37194051b3d5fdcfba48ac32e425cca2 f027c744bbac1764a4735e5d7fffa934c6026a67 6cf692726c14621eb3a0079f836d0b219e76026d94cfdf689494d5419853bb43
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - DHL | OpenPhish | phishing | DHL Airways, Inc. |
GET / HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ik9iMk5mdlBVcDZTRjNDajZXeVJhMkE9PSIsInZhbHVlIjoiWFZIVjd3STJCOGJubTNvbmt1T2NJVHNaenRrM0N6dzhKV2pzYy94cFM0ZURvc3JYTXRSV3VYTUdIRjFEcWJlN3F0blZjdGdsU2VIZC9iVTU0Smw0ZE9EMkxtMkwyVmFKNEtIdkNrMkNnYWNrWHViRFI5QlJZbldIWG9WU1ZTL1AiLCJtYWMiOiJlN2QxYmNhNDg1M2UxNGM0ZjMzOTYzMjIzNzkxY2Q0ODY1ZmQ0OWIzOGQyOWI1ODc0NTY0MTE2MWY4ODliMjJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjgrYld5ajlPSU0vOTRQSXNZeVdlNnc9PSIsInZhbHVlIjoiUEtRbzFSYW95UEtpZnNqeVoxYmJESHZLc0txSGlDSUVRYm9xb0F2aW5oTmFlL2VuVHZSK3VkbjlRdExGc2JDK2Z1L3laTXVySzN3NmNYZXhReDhHN1Zzb2w3QS83dmJUMVhQd2lRVmVsUjcvTGZnWkRhbFBmZVE0bDE3OFphbEUiLCJtYWMiOiI4ZGQ3MmI1Nzk2NWFkNGY1ZmRmYzJiYmE4MjRjOGM2ZDVhZDA1MjAyZTliMzMwNzg3MDA0MDUyNDBkNTM5Yjk1IiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-cache, private
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Set-Cookie: XSRF-TOKEN=eyJpdiI6ImdSVnVvSVFQaXliMlVlWGVrcVNkQVE9PSIsInZhbHVlIjoiTVVsdWhlTnZ2eFFkdEFPWjZPdFc0RjlaL1ZRVW1jdGZNS0xhR3RWSlhWbmxNMzZ1SFVlWDFmQlZSMmU3cFRSZVorSXM0RXR6REQrUHZFN2xBUlh3Y1NQQmIrbmRTS1lwalpjRWh5YjJlWjZ4UEdJU0pLbk1SZk9ySHZENERsZWQiLCJtYWMiOiI1MmEzNGQwMjY1OTFmMWVlOGU5NTJhMmM4NmU3NjE3NDVjNWFjNzNkNWUwNGJlY2MwZmI1ZDUxZGY3NDM0OTVmIiwidGFnIjoiIn0%3D; expires=Wed, 17-Apr-2024 07:57:09 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6IkNzZFJZeW05Y3pZc0VnTHdTeklRcnc9PSIsInZhbHVlIjoicUNLTzdRRFFUTUo4ZUQxWk5NNkdQWU9SaDlnQkNkVDdlWTlWMWJaNmM3Z1IvVWRRUG5jb1QzUVlPemRjRDlVcW9ZZm5JMzdYeDRXL3pNc2tYQlpDY1JZY3RWOEdPZTNENWt3b29tRGkwbE02TUw2azllWnE4RENQOTdGMVRGcjciLCJtYWMiOiI4ZjUwZjczNmIyYzg3NjI2ZmQzZDFjNWZkYmIxNzQwZWQ4NzVjNjJkYmYzMDI2NzMyOGRlNGVhZjE0MmNmYTUwIiwidGFnIjoiIn0%3D; expires=Wed, 17-Apr-2024 07:57:09 GMT; Max-Age=7200; path=/; httponly; samesite=lax
X-Powered-By: PHP/8.0.23, ASP.NET
Date: Wed, 17 Apr 2024 05:57:09 GMT
Content-Length: 348
|
|
| couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I/ | 45.58.159.112 | 301 Moved Permanently | 284 B |
URL User Request GET HTTP/1.1couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I/ IP45.58.159.112:80
File typeHTML document, ASCII text, with CRLF, LF line terminators Hash595d786190b276c26cab7c7232975f86 f0ca61ce740f24edc9aaefec69c31645ce894c4d be554212269746d35e887304d2a436d7aa0f18bcdcb13e9bd36489e8c47cd175
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - DHL | OpenPhish | phishing | DHL Airways, Inc. |
GET /sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I/ HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://couriernote-001-site1.jtempurl.com/
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImdSVnVvSVFQaXliMlVlWGVrcVNkQVE9PSIsInZhbHVlIjoiTVVsdWhlTnZ2eFFkdEFPWjZPdFc0RjlaL1ZRVW1jdGZNS0xhR3RWSlhWbmxNMzZ1SFVlWDFmQlZSMmU3cFRSZVorSXM0RXR6REQrUHZFN2xBUlh3Y1NQQmIrbmRTS1lwalpjRWh5YjJlWjZ4UEdJU0pLbk1SZk9ySHZENERsZWQiLCJtYWMiOiI1MmEzNGQwMjY1OTFmMWVlOGU5NTJhMmM4NmU3NjE3NDVjNWFjNzNkNWUwNGJlY2MwZmI1ZDUxZGY3NDM0OTVmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNzZFJZeW05Y3pZc0VnTHdTeklRcnc9PSIsInZhbHVlIjoicUNLTzdRRFFUTUo4ZUQxWk5NNkdQWU9SaDlnQkNkVDdlWTlWMWJaNmM3Z1IvVWRRUG5jb1QzUVlPemRjRDlVcW9ZZm5JMzdYeDRXL3pNc2tYQlpDY1JZY3RWOEdPZTNENWt3b29tRGkwbE02TUw2azllWnE4RENQOTdGMVRGcjciLCJtYWMiOiI4ZjUwZjczNmIyYzg3NjI2ZmQzZDFjNWZkYmIxNzQwZWQ4NzVjNjJkYmYzMDI2NzMyOGRlNGVhZjE0MmNmYTUwIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Content-Length: 284
Content-Type: text/html
Location: http://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 17 Apr 2024 05:57:09 GMT
|
|
| couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I | 45.58.159.112 | | 15 kB |
URL User Request GET couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I IP45.58.159.112:0
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (39884) Hashcfbd013d3007573f09d502e2739061d6 f6bb74926e487ae9ae75949735f8166b40da75b0 aa3f31818a4501a582596a2083df47d0791ace6ff285076147bd206cd4ea49d3
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - DHL | OpenPhish | phishing | DHL Airways, Inc. |
GET /sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://couriernote-001-site1.jtempurl.com/
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImdSVnVvSVFQaXliMlVlWGVrcVNkQVE9PSIsInZhbHVlIjoiTVVsdWhlTnZ2eFFkdEFPWjZPdFc0RjlaL1ZRVW1jdGZNS0xhR3RWSlhWbmxNMzZ1SFVlWDFmQlZSMmU3cFRSZVorSXM0RXR6REQrUHZFN2xBUlh3Y1NQQmIrbmRTS1lwalpjRWh5YjJlWjZ4UEdJU0pLbk1SZk9ySHZENERsZWQiLCJtYWMiOiI1MmEzNGQwMjY1OTFmMWVlOGU5NTJhMmM4NmU3NjE3NDVjNWFjNzNkNWUwNGJlY2MwZmI1ZDUxZGY3NDM0OTVmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNzZFJZeW05Y3pZc0VnTHdTeklRcnc9PSIsInZhbHVlIjoicUNLTzdRRFFUTUo4ZUQxWk5NNkdQWU9SaDlnQkNkVDdlWTlWMWJaNmM3Z1IvVWRRUG5jb1QzUVlPemRjRDlVcW9ZZm5JMzdYeDRXL3pNc2tYQlpDY1JZY3RWOEdPZTNENWt3b29tRGkwbE02TUw2azllWnE4RENQOTdGMVRGcjciLCJtYWMiOiI4ZjUwZjczNmIyYzg3NjI2ZmQzZDFjNWZkYmIxNzQwZWQ4NzVjNjJkYmYzMDI2NzMyOGRlNGVhZjE0MmNmYTUwIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-cache, private
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Set-Cookie: XSRF-TOKEN=eyJpdiI6IjV5KzIxNHlUTkFDVHdYZ3I5em5Rdmc9PSIsInZhbHVlIjoibkY1ZlNUcStIWFpDY3dzMHVWYTdYL3pFejAycXU1OVlaRkh6MnZ6dTgvSExEdmNMYkFCcDV6MFg5cmVZQlRCZktWdUoyYWxpWk1ya2M5U2lzQWg2Z2ticE9BRWR1aDI2RTN5UE9nWWpQSUp1UXZKNnowVWJyb3FhYkJNQlV3N1AiLCJtYWMiOiJkNzZlNTkxNTBmYTAwMjQ2M2UyYWIzZmEwNTI5YWFjMmYzZGQ3YzY1MTg2YzQwMThlMjcxYWJkOTg0ZWRkMDU1IiwidGFnIjoiIn0%3D; expires=Wed, 17-Apr-2024 07:57:11 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6InRuWWxySFIzaWo4WkloYldLS2dkdnc9PSIsInZhbHVlIjoia3QzcmVYd3JOWGloZDRZNGQyN1ZTbWpBa2pNSk1ERCtKWDYzaDd6SGdabmo1M3NpZ1NCTWlwY2VwUEMwYnZYSUJTWWVxODlNbm9ESFhCMjhSZThsVm9SZEhXZDRpZjNETkZheFJ0Mk9RTitNRFBHUlhhcnhFUDd3c1RjQTlzVXQiLCJtYWMiOiIxMjI1YjIzZjAyM2Q4YTMyZDkwMTNhMmQzZmZiM2VhNGYwM2U0ZDVjMTFjNWJhZGM1NGIzZGZkNzkxNDg2NzExIiwidGFnIjoiIn0%3D; expires=Wed, 17-Apr-2024 07:57:11 GMT; Max-Age=7200; path=/; httponly; samesite=lax
X-Powered-By: PHP/8.0.23, ASP.NET
Date: Wed, 17 Apr 2024 05:57:11 GMT
Content-Length: 14644
|
|
| couriernote-001-site1.jtempurl.com/css/app.css | 45.58.159.112 | 200 OK | 56 kB |
URL GET HTTP/1.1couriernote-001-site1.jtempurl.com/css/app.css IP45.58.159.112:80
Requested byhttp://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I
Hash181990cc2279e4cea65c9363fb37fee9 b85a7ba40043b0c48a034d8382629ef7ec6a1e24 36839348d4cd3d5ffcb15317bc5e8f32b77c644d0c6c0f8f19bdf216caf49293
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - DHL | OpenPhish | phishing | DHL Airways, Inc. |
GET /css/app.css HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I
Cookie: XSRF-TOKEN=eyJpdiI6IjV5KzIxNHlUTkFDVHdYZ3I5em5Rdmc9PSIsInZhbHVlIjoibkY1ZlNUcStIWFpDY3dzMHVWYTdYL3pFejAycXU1OVlaRkh6MnZ6dTgvSExEdmNMYkFCcDV6MFg5cmVZQlRCZktWdUoyYWxpWk1ya2M5U2lzQWg2Z2ticE9BRWR1aDI2RTN5UE9nWWpQSUp1UXZKNnowVWJyb3FhYkJNQlV3N1AiLCJtYWMiOiJkNzZlNTkxNTBmYTAwMjQ2M2UyYWIzZmEwNTI5YWFjMmYzZGQ3YzY1MTg2YzQwMThlMjcxYWJkOTg0ZWRkMDU1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InRuWWxySFIzaWo4WkloYldLS2dkdnc9PSIsInZhbHVlIjoia3QzcmVYd3JOWGloZDRZNGQyN1ZTbWpBa2pNSk1ERCtKWDYzaDd6SGdabmo1M3NpZ1NCTWlwY2VwUEMwYnZYSUJTWWVxODlNbm9ESFhCMjhSZThsVm9SZEhXZDRpZjNETkZheFJ0Mk9RTitNRFBHUlhhcnhFUDd3c1RjQTlzVXQiLCJtYWMiOiIxMjI1YjIzZjAyM2Q4YTMyZDkwMTNhMmQzZmZiM2VhNGYwM2U0ZDVjMTFjNWJhZGM1NGIzZGZkNzkxNDg2NzExIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=31536000
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Tue, 29 Mar 2022 20:11:08 GMT
Accept-Ranges: bytes
ETag: "0566d20a943d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 17 Apr 2024 05:57:11 GMT
Content-Length: 55863
|
|
| couriernote-001-site1.jtempurl.com/js/session-recorder.js | 45.58.159.112 | 200 OK | 11 kB |
URL GET HTTP/1.1couriernote-001-site1.jtempurl.com/js/session-recorder.js IP45.58.159.112:80
Requested byhttp://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I
File typeJavaScript source, ASCII text, with very long lines (44992) Hash701984b4995f3c29820e83c999b7eb23 a3b50104a3bfa05bf59a317273816c7d8ae1f81d 67ad94e12a745b1b09c6cd616e20a2ad283ed68f8060bd1dd0d9a2b6ad9dc7ee
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - DHL | OpenPhish | phishing | DHL Airways, Inc. |
GET /js/session-recorder.js HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I
Cookie: XSRF-TOKEN=eyJpdiI6IjV5KzIxNHlUTkFDVHdYZ3I5em5Rdmc9PSIsInZhbHVlIjoibkY1ZlNUcStIWFpDY3dzMHVWYTdYL3pFejAycXU1OVlaRkh6MnZ6dTgvSExEdmNMYkFCcDV6MFg5cmVZQlRCZktWdUoyYWxpWk1ya2M5U2lzQWg2Z2ticE9BRWR1aDI2RTN5UE9nWWpQSUp1UXZKNnowVWJyb3FhYkJNQlV3N1AiLCJtYWMiOiJkNzZlNTkxNTBmYTAwMjQ2M2UyYWIzZmEwNTI5YWFjMmYzZGQ3YzY1MTg2YzQwMThlMjcxYWJkOTg0ZWRkMDU1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InRuWWxySFIzaWo4WkloYldLS2dkdnc9PSIsInZhbHVlIjoia3QzcmVYd3JOWGloZDRZNGQyN1ZTbWpBa2pNSk1ERCtKWDYzaDd6SGdabmo1M3NpZ1NCTWlwY2VwUEMwYnZYSUJTWWVxODlNbm9ESFhCMjhSZThsVm9SZEhXZDRpZjNETkZheFJ0Mk9RTitNRFBHUlhhcnhFUDd3c1RjQTlzVXQiLCJtYWMiOiIxMjI1YjIzZjAyM2Q4YTMyZDkwMTNhMmQzZmZiM2VhNGYwM2U0ZDVjMTFjNWJhZGM1NGIzZGZkNzkxNDg2NzExIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=31536000
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 29 Mar 2022 19:35:56 GMT
Accept-Ranges: bytes
ETag: "0b69335a443d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 17 Apr 2024 05:57:11 GMT
Content-Length: 11151
|
|
| cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css | 104.17.25.14 | 200 OK | 5.6 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css IP104.17.25.14:443
Requested byhttp://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeASCII text, with very long lines (30837) Hash269550530cc127b6aa5a35925a7de6ce 512c7d79033e3028a9be61b540cf1a6870c896f8 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 17 Apr 2024 05:57:11 GMT
content-type: text/css; charset=utf-8
content-length: 5631
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-7918"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 134823
expires: Mon, 07 Apr 2025 05:57:11 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WddI8WzebFMWlr96VdH%2B5qsIvARUV%2BXabKD9vE5rt3b5UEeBiI8j3OrrVIaw%2F5o5t5KZz3IsqjGaDQ2tRzESVRUBHH%2FwR7OXr6p70jlj1qfg6TXuaa7CBWLD0j1goHE4CQUXi98W"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 875a2d19a94510ef-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| couriernote-001-site1.jtempurl.com/js/app.js | 45.58.159.112 | 200 OK | 201 kB |
URL GET HTTP/1.1couriernote-001-site1.jtempurl.com/js/app.js IP45.58.159.112:80
Requested byhttp://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I
File typeJavaScript source, Unicode text, UTF-8 text Size201 kB (201031 bytes) Hashfd900f643203761f2eeca2132fc15f1d 375f23ca9ad75b647373bda03b02e2d0f6e729be 399e233cea4e5468820e5c5f98ddbb156de729983710cf576a6508f076326c68
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - DHL | OpenPhish | phishing | DHL Airways, Inc. |
GET /js/app.js HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I
Cookie: XSRF-TOKEN=eyJpdiI6IjV5KzIxNHlUTkFDVHdYZ3I5em5Rdmc9PSIsInZhbHVlIjoibkY1ZlNUcStIWFpDY3dzMHVWYTdYL3pFejAycXU1OVlaRkh6MnZ6dTgvSExEdmNMYkFCcDV6MFg5cmVZQlRCZktWdUoyYWxpWk1ya2M5U2lzQWg2Z2ticE9BRWR1aDI2RTN5UE9nWWpQSUp1UXZKNnowVWJyb3FhYkJNQlV3N1AiLCJtYWMiOiJkNzZlNTkxNTBmYTAwMjQ2M2UyYWIzZmEwNTI5YWFjMmYzZGQ3YzY1MTg2YzQwMThlMjcxYWJkOTg0ZWRkMDU1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InRuWWxySFIzaWo4WkloYldLS2dkdnc9PSIsInZhbHVlIjoia3QzcmVYd3JOWGloZDRZNGQyN1ZTbWpBa2pNSk1ERCtKWDYzaDd6SGdabmo1M3NpZ1NCTWlwY2VwUEMwYnZYSUJTWWVxODlNbm9ESFhCMjhSZThsVm9SZEhXZDRpZjNETkZheFJ0Mk9RTitNRFBHUlhhcnhFUDd3c1RjQTlzVXQiLCJtYWMiOiIxMjI1YjIzZjAyM2Q4YTMyZDkwMTNhMmQzZmZiM2VhNGYwM2U0ZDVjMTFjNWJhZGM1NGIzZGZkNzkxNDg2NzExIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=31536000
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 29 Mar 2022 19:35:56 GMT
Accept-Ranges: bytes
ETag: "0b69335a443d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 17 Apr 2024 05:57:11 GMT
Content-Length: 201031
|
|
| couriernote-001-site1.jtempurl.com/images/logo.png | 45.58.159.112 | 200 OK | 2.0 kB |
URL GET HTTP/1.1couriernote-001-site1.jtempurl.com/images/logo.png IP45.58.159.112:80
Requested byhttp://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I
File typePNG image data, 214 x 20, 8-bit/color RGBA, non-interlaced Hash5d14ab93691604e826e1319d53599eb9 78724360e9d25da584445b851e37bca05abe6b85 3f0c62b5ccdcdbf3b3ae3885f1e6959e2d937eba9b29dea9a6bdb98788041756
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - DHL | OpenPhish | phishing | DHL Airways, Inc. |
GET /images/logo.png HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I
Cookie: XSRF-TOKEN=eyJpdiI6IjV5KzIxNHlUTkFDVHdYZ3I5em5Rdmc9PSIsInZhbHVlIjoibkY1ZlNUcStIWFpDY3dzMHVWYTdYL3pFejAycXU1OVlaRkh6MnZ6dTgvSExEdmNMYkFCcDV6MFg5cmVZQlRCZktWdUoyYWxpWk1ya2M5U2lzQWg2Z2ticE9BRWR1aDI2RTN5UE9nWWpQSUp1UXZKNnowVWJyb3FhYkJNQlV3N1AiLCJtYWMiOiJkNzZlNTkxNTBmYTAwMjQ2M2UyYWIzZmEwNTI5YWFjMmYzZGQ3YzY1MTg2YzQwMThlMjcxYWJkOTg0ZWRkMDU1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InRuWWxySFIzaWo4WkloYldLS2dkdnc9PSIsInZhbHVlIjoia3QzcmVYd3JOWGloZDRZNGQyN1ZTbWpBa2pNSk1ERCtKWDYzaDd6SGdabmo1M3NpZ1NCTWlwY2VwUEMwYnZYSUJTWWVxODlNbm9ESFhCMjhSZThsVm9SZEhXZDRpZjNETkZheFJ0Mk9RTitNRFBHUlhhcnhFUDd3c1RjQTlzVXQiLCJtYWMiOiIxMjI1YjIzZjAyM2Q4YTMyZDkwMTNhMmQzZmZiM2VhNGYwM2U0ZDVjMTFjNWJhZGM1NGIzZGZkNzkxNDg2NzExIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=31536000
Content-Type: image/png
Last-Modified: Sun, 17 Apr 2022 13:24:00 GMT
Accept-Ranges: bytes
ETag: "098d665e52d81:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 17 Apr 2024 05:57:11 GMT
Content-Length: 1998
|
|
| couriernote-001-site1.jtempurl.com/images/all.png | 45.58.159.112 | 200 OK | 12 kB |
URL GET HTTP/1.1couriernote-001-site1.jtempurl.com/images/all.png IP45.58.159.112:80
Requested byhttp://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I
File typePNG image data, 123 x 84, 8-bit/color RGBA, non-interlaced Hash2cb0b7f615faf2deb9ec6f53d3149a3b 694a2c881c83e2ab86365bf1d16302ac5b9d500f c1d5409eecb402a99f10718b06c266ba314d9e25f0b56c6fd063699334b8be6d
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - DHL | OpenPhish | phishing | DHL Airways, Inc. |
GET /images/all.png HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I
Cookie: XSRF-TOKEN=eyJpdiI6IjV5KzIxNHlUTkFDVHdYZ3I5em5Rdmc9PSIsInZhbHVlIjoibkY1ZlNUcStIWFpDY3dzMHVWYTdYL3pFejAycXU1OVlaRkh6MnZ6dTgvSExEdmNMYkFCcDV6MFg5cmVZQlRCZktWdUoyYWxpWk1ya2M5U2lzQWg2Z2ticE9BRWR1aDI2RTN5UE9nWWpQSUp1UXZKNnowVWJyb3FhYkJNQlV3N1AiLCJtYWMiOiJkNzZlNTkxNTBmYTAwMjQ2M2UyYWIzZmEwNTI5YWFjMmYzZGQ3YzY1MTg2YzQwMThlMjcxYWJkOTg0ZWRkMDU1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InRuWWxySFIzaWo4WkloYldLS2dkdnc9PSIsInZhbHVlIjoia3QzcmVYd3JOWGloZDRZNGQyN1ZTbWpBa2pNSk1ERCtKWDYzaDd6SGdabmo1M3NpZ1NCTWlwY2VwUEMwYnZYSUJTWWVxODlNbm9ESFhCMjhSZThsVm9SZEhXZDRpZjNETkZheFJ0Mk9RTitNRFBHUlhhcnhFUDd3c1RjQTlzVXQiLCJtYWMiOiIxMjI1YjIzZjAyM2Q4YTMyZDkwMTNhMmQzZmZiM2VhNGYwM2U0ZDVjMTFjNWJhZGM1NGIzZGZkNzkxNDg2NzExIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=31536000
Content-Type: image/png
Last-Modified: Sun, 17 Apr 2022 13:24:34 GMT
Accept-Ranges: bytes
ETag: "095517a5e52d81:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 17 Apr 2024 05:57:11 GMT
Content-Length: 12499
|
|
| couriernote-001-site1.jtempurl.com/images/foo.png | 45.58.159.112 | 404 Not Found | 2.1 kB |
URL GET HTTP/1.1couriernote-001-site1.jtempurl.com/images/foo.png IP45.58.159.112:80
Requested byhttp://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I
File typeHTML document, ASCII text, with very long lines (5395) Hash307dca9c775906b8de45869cabe98fcd 2b80c3a2fd4a235b2cc9f89315a554d0721c0dd1 8437bd0ef46a19c9a7c294c53e0429b40e76ebbd5fe9fd73a9025752495ddb1c
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - DHL | OpenPhish | phishing | DHL Airways, Inc. |
GET /images/foo.png HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I
Cookie: XSRF-TOKEN=eyJpdiI6IjV5KzIxNHlUTkFDVHdYZ3I5em5Rdmc9PSIsInZhbHVlIjoibkY1ZlNUcStIWFpDY3dzMHVWYTdYL3pFejAycXU1OVlaRkh6MnZ6dTgvSExEdmNMYkFCcDV6MFg5cmVZQlRCZktWdUoyYWxpWk1ya2M5U2lzQWg2Z2ticE9BRWR1aDI2RTN5UE9nWWpQSUp1UXZKNnowVWJyb3FhYkJNQlV3N1AiLCJtYWMiOiJkNzZlNTkxNTBmYTAwMjQ2M2UyYWIzZmEwNTI5YWFjMmYzZGQ3YzY1MTg2YzQwMThlMjcxYWJkOTg0ZWRkMDU1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InRuWWxySFIzaWo4WkloYldLS2dkdnc9PSIsInZhbHVlIjoia3QzcmVYd3JOWGloZDRZNGQyN1ZTbWpBa2pNSk1ERCtKWDYzaDd6SGdabmo1M3NpZ1NCTWlwY2VwUEMwYnZYSUJTWWVxODlNbm9ESFhCMjhSZThsVm9SZEhXZDRpZjNETkZheFJ0Mk9RTitNRFBHUlhhcnhFUDd3c1RjQTlzVXQiLCJtYWMiOiIxMjI1YjIzZjAyM2Q4YTMyZDkwMTNhMmQzZmZiM2VhNGYwM2U0ZDVjMTFjNWJhZGM1NGIzZGZkNzkxNDg2NzExIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Cache-Control: no-cache, private
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.23, ASP.NET
Date: Wed, 17 Apr 2024 05:57:11 GMT
Content-Length: 2123
|
|
| couriernote-001-site1.jtempurl.com/fonts/vendor/@fontsource/roboto/files/roboto-latin-400-normal.woff2?4673b4537a84c7f7a130799aa6af329b | 45.58.159.112 | 404 Not Found | 6.6 kB |
URL GET HTTP/1.1couriernote-001-site1.jtempurl.com/fonts/vendor/@fontsource/roboto/files/roboto-latin-400-normal.woff2?4673b4537a84c7f7a130799aa6af329b IP45.58.159.112:80
Requested byhttp://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I
File typeHTML document, ASCII text, with very long lines (5395) Hash307dca9c775906b8de45869cabe98fcd 2b80c3a2fd4a235b2cc9f89315a554d0721c0dd1 8437bd0ef46a19c9a7c294c53e0429b40e76ebbd5fe9fd73a9025752495ddb1c
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - DHL | OpenPhish | phishing | DHL Airways, Inc. |
GET /fonts/vendor/@fontsource/roboto/files/roboto-latin-400-normal.woff2?4673b4537a84c7f7a130799aa6af329b HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6IjV5KzIxNHlUTkFDVHdYZ3I5em5Rdmc9PSIsInZhbHVlIjoibkY1ZlNUcStIWFpDY3dzMHVWYTdYL3pFejAycXU1OVlaRkh6MnZ6dTgvSExEdmNMYkFCcDV6MFg5cmVZQlRCZktWdUoyYWxpWk1ya2M5U2lzQWg2Z2ticE9BRWR1aDI2RTN5UE9nWWpQSUp1UXZKNnowVWJyb3FhYkJNQlV3N1AiLCJtYWMiOiJkNzZlNTkxNTBmYTAwMjQ2M2UyYWIzZmEwNTI5YWFjMmYzZGQ3YzY1MTg2YzQwMThlMjcxYWJkOTg0ZWRkMDU1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InRuWWxySFIzaWo4WkloYldLS2dkdnc9PSIsInZhbHVlIjoia3QzcmVYd3JOWGloZDRZNGQyN1ZTbWpBa2pNSk1ERCtKWDYzaDd6SGdabmo1M3NpZ1NCTWlwY2VwUEMwYnZYSUJTWWVxODlNbm9ESFhCMjhSZThsVm9SZEhXZDRpZjNETkZheFJ0Mk9RTitNRFBHUlhhcnhFUDd3c1RjQTlzVXQiLCJtYWMiOiIxMjI1YjIzZjAyM2Q4YTMyZDkwMTNhMmQzZmZiM2VhNGYwM2U0ZDVjMTFjNWJhZGM1NGIzZGZkNzkxNDg2NzExIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Cache-Control: no-cache, private
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.23, ASP.NET
Date: Wed, 17 Apr 2024 05:57:11 GMT
Content-Length: 6609
|
|
| couriernote-001-site1.jtempurl.com/images/foo.png | 45.58.159.112 | 404 Not Found | 2.1 kB |
URL GET HTTP/1.1couriernote-001-site1.jtempurl.com/images/foo.png IP45.58.159.112:80
Requested byhttp://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I
File typeHTML document, ASCII text, with very long lines (5395) Hash307dca9c775906b8de45869cabe98fcd 2b80c3a2fd4a235b2cc9f89315a554d0721c0dd1 8437bd0ef46a19c9a7c294c53e0429b40e76ebbd5fe9fd73a9025752495ddb1c
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - DHL | OpenPhish | phishing | DHL Airways, Inc. |
GET /images/foo.png HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I
Cookie: XSRF-TOKEN=eyJpdiI6IjV5KzIxNHlUTkFDVHdYZ3I5em5Rdmc9PSIsInZhbHVlIjoibkY1ZlNUcStIWFpDY3dzMHVWYTdYL3pFejAycXU1OVlaRkh6MnZ6dTgvSExEdmNMYkFCcDV6MFg5cmVZQlRCZktWdUoyYWxpWk1ya2M5U2lzQWg2Z2ticE9BRWR1aDI2RTN5UE9nWWpQSUp1UXZKNnowVWJyb3FhYkJNQlV3N1AiLCJtYWMiOiJkNzZlNTkxNTBmYTAwMjQ2M2UyYWIzZmEwNTI5YWFjMmYzZGQ3YzY1MTg2YzQwMThlMjcxYWJkOTg0ZWRkMDU1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InRuWWxySFIzaWo4WkloYldLS2dkdnc9PSIsInZhbHVlIjoia3QzcmVYd3JOWGloZDRZNGQyN1ZTbWpBa2pNSk1ERCtKWDYzaDd6SGdabmo1M3NpZ1NCTWlwY2VwUEMwYnZYSUJTWWVxODlNbm9ESFhCMjhSZThsVm9SZEhXZDRpZjNETkZheFJ0Mk9RTitNRFBHUlhhcnhFUDd3c1RjQTlzVXQiLCJtYWMiOiIxMjI1YjIzZjAyM2Q4YTMyZDkwMTNhMmQzZmZiM2VhNGYwM2U0ZDVjMTFjNWJhZGM1NGIzZGZkNzkxNDg2NzExIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Cache-Control: no-cache, private
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.23, ASP.NET
Date: Wed, 17 Apr 2024 05:57:11 GMT
Content-Length: 2123
|
|
| couriernote-001-site1.jtempurl.com/css/fonts/webfa-brands-400.woff2?d878b0a6a1144760244ff0665888404c | 45.58.159.112 | 404 Not Found | 6.6 kB |
URL GET HTTP/1.1couriernote-001-site1.jtempurl.com/css/fonts/webfa-brands-400.woff2?d878b0a6a1144760244ff0665888404c IP45.58.159.112:80
Requested byhttp://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I
File typeHTML document, ASCII text, with very long lines (5395) Hash307dca9c775906b8de45869cabe98fcd 2b80c3a2fd4a235b2cc9f89315a554d0721c0dd1 8437bd0ef46a19c9a7c294c53e0429b40e76ebbd5fe9fd73a9025752495ddb1c
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - DHL | OpenPhish | phishing | DHL Airways, Inc. |
GET /css/fonts/webfa-brands-400.woff2?d878b0a6a1144760244ff0665888404c HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6IjV5KzIxNHlUTkFDVHdYZ3I5em5Rdmc9PSIsInZhbHVlIjoibkY1ZlNUcStIWFpDY3dzMHVWYTdYL3pFejAycXU1OVlaRkh6MnZ6dTgvSExEdmNMYkFCcDV6MFg5cmVZQlRCZktWdUoyYWxpWk1ya2M5U2lzQWg2Z2ticE9BRWR1aDI2RTN5UE9nWWpQSUp1UXZKNnowVWJyb3FhYkJNQlV3N1AiLCJtYWMiOiJkNzZlNTkxNTBmYTAwMjQ2M2UyYWIzZmEwNTI5YWFjMmYzZGQ3YzY1MTg2YzQwMThlMjcxYWJkOTg0ZWRkMDU1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InRuWWxySFIzaWo4WkloYldLS2dkdnc9PSIsInZhbHVlIjoia3QzcmVYd3JOWGloZDRZNGQyN1ZTbWpBa2pNSk1ERCtKWDYzaDd6SGdabmo1M3NpZ1NCTWlwY2VwUEMwYnZYSUJTWWVxODlNbm9ESFhCMjhSZThsVm9SZEhXZDRpZjNETkZheFJ0Mk9RTitNRFBHUlhhcnhFUDd3c1RjQTlzVXQiLCJtYWMiOiIxMjI1YjIzZjAyM2Q4YTMyZDkwMTNhMmQzZmZiM2VhNGYwM2U0ZDVjMTFjNWJhZGM1NGIzZGZkNzkxNDg2NzExIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Cache-Control: no-cache, private
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.23, ASP.NET
Date: Wed, 17 Apr 2024 05:57:11 GMT
Content-Length: 6609
|
|
| couriernote-001-site1.jtempurl.com/fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.woff2?1551f4f60c37af51121f106501f69b80 | 45.58.159.112 | 404 Not Found | 6.6 kB |
URL GET HTTP/1.1couriernote-001-site1.jtempurl.com/fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.woff2?1551f4f60c37af51121f106501f69b80 IP45.58.159.112:80
Requested byhttp://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I
File typeHTML document, ASCII text, with very long lines (5395) Hash307dca9c775906b8de45869cabe98fcd 2b80c3a2fd4a235b2cc9f89315a554d0721c0dd1 8437bd0ef46a19c9a7c294c53e0429b40e76ebbd5fe9fd73a9025752495ddb1c
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - DHL | OpenPhish | phishing | DHL Airways, Inc. |
GET /fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.woff2?1551f4f60c37af51121f106501f69b80 HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6IjV5KzIxNHlUTkFDVHdYZ3I5em5Rdmc9PSIsInZhbHVlIjoibkY1ZlNUcStIWFpDY3dzMHVWYTdYL3pFejAycXU1OVlaRkh6MnZ6dTgvSExEdmNMYkFCcDV6MFg5cmVZQlRCZktWdUoyYWxpWk1ya2M5U2lzQWg2Z2ticE9BRWR1aDI2RTN5UE9nWWpQSUp1UXZKNnowVWJyb3FhYkJNQlV3N1AiLCJtYWMiOiJkNzZlNTkxNTBmYTAwMjQ2M2UyYWIzZmEwNTI5YWFjMmYzZGQ3YzY1MTg2YzQwMThlMjcxYWJkOTg0ZWRkMDU1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InRuWWxySFIzaWo4WkloYldLS2dkdnc9PSIsInZhbHVlIjoia3QzcmVYd3JOWGloZDRZNGQyN1ZTbWpBa2pNSk1ERCtKWDYzaDd6SGdabmo1M3NpZ1NCTWlwY2VwUEMwYnZYSUJTWWVxODlNbm9ESFhCMjhSZThsVm9SZEhXZDRpZjNETkZheFJ0Mk9RTitNRFBHUlhhcnhFUDd3c1RjQTlzVXQiLCJtYWMiOiIxMjI1YjIzZjAyM2Q4YTMyZDkwMTNhMmQzZmZiM2VhNGYwM2U0ZDVjMTFjNWJhZGM1NGIzZGZkNzkxNDg2NzExIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Cache-Control: no-cache, private
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.23, ASP.NET
Date: Wed, 17 Apr 2024 05:57:11 GMT
Content-Length: 6609
|
|
| ka-f.fontawesome.com/releases/v6.5.2/css/free-v4-shims.min.css?token=f7165dd215 | 172.67.139.119 | 200 OK | 11 kB |
URL GET HTTP/2ka-f.fontawesome.com/releases/v6.5.2/css/free-v4-shims.min.css?token=f7165dd215 IP172.67.139.119:443
Requested byhttp://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I CertificateIssuerGoogle Trust Services LLC Subjectka-f.fontawesome.com Fingerprint8D:43:33:42:48:C0:F5:34:71:EC:49:69:9C:62:01:4A:6F:41:11:98 ValidityTue, 05 Mar 2024 09:23:28 GMT - Mon, 03 Jun 2024 09:23:27 GMT
File typeASCII text, with very long lines (27377) Hash940b066040a876fa1dc7b2ee2d222a58 64b2aea0b4d60d879d4ff7540192a906ffc0fd92 f4e953827930889e844103c3a6771bd2e9de17d091b36378c40362271858e075
GET /releases/v6.5.2/css/free-v4-shims.min.css?token=f7165dd215 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://couriernote-001-site1.jtempurl.com/
Origin: http://couriernote-001-site1.jtempurl.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 17 Apr 2024 05:57:11 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Tue, 02 Apr 2024 15:26:25 GMT
etag: W/"940b066040a876fa1dc7b2ee2d222a58"
x-amz-server-side-encryption: AES256
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6851e5f468b237438eae4078fbc9d3b8.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P2
x-amz-cf-id: XiKuTRvTBTi_PAoXrS4jEpjhIpq5flbgs8Gj_2s1zRkQZdvdmGAi3A==
age: 4894
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jeogDQ3KluNURwNBthIK7iB%2F2CrfX4bq%2F48YVeudV8JPCD6qpyvBwuqxlJx28CZ6ugDie6ZH8eBfv3c02yJoAtGzk8iATOBoDcHnTViZ%2BaoD8zvGW8YBipqgyr4qMSqwnQkhB8%2FNaw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875a2d1b9bb392aa-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ka-f.fontawesome.com/releases/v6.5.2/css/free-v5-font-face.min.css?token=f7165dd215 | 172.67.139.119 | 200 OK | 6.9 kB |
URL GET HTTP/2ka-f.fontawesome.com/releases/v6.5.2/css/free-v5-font-face.min.css?token=f7165dd215 IP172.67.139.119:443
Requested byhttp://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I CertificateIssuerGoogle Trust Services LLC Subjectka-f.fontawesome.com Fingerprint8D:43:33:42:48:C0:F5:34:71:EC:49:69:9C:62:01:4A:6F:41:11:98 ValidityTue, 05 Mar 2024 09:23:28 GMT - Mon, 03 Jun 2024 09:23:27 GMT
File typeASCII text, with very long lines (608) Hasha3d53e21a02e37af6cbc00ac63b3cc1e e4f2269bae4b37ccba5282a154724a3b91720aca e1dc27b700a62c005e4521b670cac08fb0b4b3e02a73c1ac44e7f9a9784bd672
GET /releases/v6.5.2/css/free-v5-font-face.min.css?token=f7165dd215 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://couriernote-001-site1.jtempurl.com/
Origin: http://couriernote-001-site1.jtempurl.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 17 Apr 2024 05:57:11 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Tue, 02 Apr 2024 15:26:25 GMT
etag: W/"a3d53e21a02e37af6cbc00ac63b3cc1e"
x-amz-server-side-encryption: AES256
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
x-cache: Hit from cloudfront
via: 1.1 beda7ef1ba9a3d6628bdfdae06bd482c.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P2
x-amz-cf-id: chuQcz-hZhRRGEdepqDSXJcyaFweyyXvQ8vUuwJ0aOQkRkhHqBnbmg==
age: 4894
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=igCpDF5RkNnBwLw4yhL%2F0q2mQi5nXfuV9bhv9ImqgzjAtvFwNF6sA05pJ%2Fg1G%2BD%2F9zP7kvqpEFepiQGKK9PlsiakW7UITQc96sk%2ByXS4lzV%2FiscA9WK%2Beu%2BRefA3AmT%2Brx4cXbjkQA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875a2d1b9bad92aa-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0 | 104.17.25.14 | 200 OK | 77 kB |
URL GET HTTP/3cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0 IP104.17.25.14:443
Requested byhttp://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 77160, version 4.459 Hashaf7ae505a9eed503f8b8e6982036873e d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
GET /ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://couriernote-001-site1.jtempurl.com
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 05:57:11 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 77160
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "5eb03e5f-12d68"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 517518
expires: Mon, 07 Apr 2025 05:57:11 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y2DFuNkb8Q%2ByzAKLifPEgD4JpJ7EWvRDqJ%2BdMWWTN57FQkNkZ6AdxQInYhp%2BvMzYWkai%2BufA1s%2B2B6TdGdY49L6PuU%2Bp%2BzwcgkkDZP%2BjfCGnhvixC%2BwQqPxe18fmnsuUzjJbRMUK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 875a2d1c5cfdabde-CPH
alt-svc: h3=":443"; ma=86400
|
|
| couriernote-001-site1.jtempurl.com/fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.woff?eeccf4f66002c6f2ba24d3d22f2434c2 | 45.58.159.112 | 404 Not Found | 6.6 kB |
URL GET HTTP/1.1couriernote-001-site1.jtempurl.com/fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.woff?eeccf4f66002c6f2ba24d3d22f2434c2 IP45.58.159.112:80
Requested byhttp://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I
File typeHTML document, ASCII text, with very long lines (5395) Hash307dca9c775906b8de45869cabe98fcd 2b80c3a2fd4a235b2cc9f89315a554d0721c0dd1 8437bd0ef46a19c9a7c294c53e0429b40e76ebbd5fe9fd73a9025752495ddb1c
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - DHL |
GET /fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.woff?eeccf4f66002c6f2ba24d3d22f2434c2 HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6IjV5KzIxNHlUTkFDVHdYZ3I5em5Rdmc9PSIsInZhbHVlIjoibkY1ZlNUcStIWFpDY3dzMHVWYTdYL3pFejAycXU1OVlaRkh6MnZ6dTgvSExEdmNMYkFCcDV6MFg5cmVZQlRCZktWdUoyYWxpWk1ya2M5U2lzQWg2Z2ticE9BRWR1aDI2RTN5UE9nWWpQSUp1UXZKNnowVWJyb3FhYkJNQlV3N1AiLCJtYWMiOiJkNzZlNTkxNTBmYTAwMjQ2M2UyYWIzZmEwNTI5YWFjMmYzZGQ3YzY1MTg2YzQwMThlMjcxYWJkOTg0ZWRkMDU1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InRuWWxySFIzaWo4WkloYldLS2dkdnc9PSIsInZhbHVlIjoia3QzcmVYd3JOWGloZDRZNGQyN1ZTbWpBa2pNSk1ERCtKWDYzaDd6SGdabmo1M3NpZ1NCTWlwY2VwUEMwYnZYSUJTWWVxODlNbm9ESFhCMjhSZThsVm9SZEhXZDRpZjNETkZheFJ0Mk9RTitNRFBHUlhhcnhFUDd3c1RjQTlzVXQiLCJtYWMiOiIxMjI1YjIzZjAyM2Q4YTMyZDkwMTNhMmQzZmZiM2VhNGYwM2U0ZDVjMTFjNWJhZGM1NGIzZGZkNzkxNDg2NzExIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Cache-Control: no-cache, private
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.23, ASP.NET
Date: Wed, 17 Apr 2024 05:57:11 GMT
Content-Length: 6609
|
|
| couriernote-001-site1.jtempurl.com/fonts/vendor/@fortawesome/fontawesome-free/webfa-brands-400.ttf?527940b104eb2ea366c8630f3f038603 | 45.58.159.112 | 404 Not Found | 2.1 kB |
URL GET HTTP/1.1couriernote-001-site1.jtempurl.com/fonts/vendor/@fortawesome/fontawesome-free/webfa-brands-400.ttf?527940b104eb2ea366c8630f3f038603 IP45.58.159.112:80
Requested byhttp://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I
File typeHTML document, ASCII text, with very long lines (5395) Hash307dca9c775906b8de45869cabe98fcd 2b80c3a2fd4a235b2cc9f89315a554d0721c0dd1 8437bd0ef46a19c9a7c294c53e0429b40e76ebbd5fe9fd73a9025752495ddb1c
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - DHL |
GET /fonts/vendor/@fortawesome/fontawesome-free/webfa-brands-400.ttf?527940b104eb2ea366c8630f3f038603 HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6IjV5KzIxNHlUTkFDVHdYZ3I5em5Rdmc9PSIsInZhbHVlIjoibkY1ZlNUcStIWFpDY3dzMHVWYTdYL3pFejAycXU1OVlaRkh6MnZ6dTgvSExEdmNMYkFCcDV6MFg5cmVZQlRCZktWdUoyYWxpWk1ya2M5U2lzQWg2Z2ticE9BRWR1aDI2RTN5UE9nWWpQSUp1UXZKNnowVWJyb3FhYkJNQlV3N1AiLCJtYWMiOiJkNzZlNTkxNTBmYTAwMjQ2M2UyYWIzZmEwNTI5YWFjMmYzZGQ3YzY1MTg2YzQwMThlMjcxYWJkOTg0ZWRkMDU1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InRuWWxySFIzaWo4WkloYldLS2dkdnc9PSIsInZhbHVlIjoia3QzcmVYd3JOWGloZDRZNGQyN1ZTbWpBa2pNSk1ERCtKWDYzaDd6SGdabmo1M3NpZ1NCTWlwY2VwUEMwYnZYSUJTWWVxODlNbm9ESFhCMjhSZThsVm9SZEhXZDRpZjNETkZheFJ0Mk9RTitNRFBHUlhhcnhFUDd3c1RjQTlzVXQiLCJtYWMiOiIxMjI1YjIzZjAyM2Q4YTMyZDkwMTNhMmQzZmZiM2VhNGYwM2U0ZDVjMTFjNWJhZGM1NGIzZGZkNzkxNDg2NzExIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Cache-Control: no-cache, private
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.23, ASP.NET
Date: Wed, 17 Apr 2024 05:57:11 GMT
Content-Length: 2123
|
|
| couriernote-001-site1.jtempurl.com/fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.ttf?be9ee23c0c6390141475d519c2c5fb8f | 45.58.159.112 | 404 Not Found | 2.1 kB |
URL GET HTTP/1.1couriernote-001-site1.jtempurl.com/fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.ttf?be9ee23c0c6390141475d519c2c5fb8f IP45.58.159.112:80
Requested byhttp://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I
File typeHTML document, ASCII text, with very long lines (5395) Hash307dca9c775906b8de45869cabe98fcd 2b80c3a2fd4a235b2cc9f89315a554d0721c0dd1 8437bd0ef46a19c9a7c294c53e0429b40e76ebbd5fe9fd73a9025752495ddb1c
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - DHL | OpenPhish | phishing | DHL Airways, Inc. |
GET /fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.ttf?be9ee23c0c6390141475d519c2c5fb8f HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6IjV5KzIxNHlUTkFDVHdYZ3I5em5Rdmc9PSIsInZhbHVlIjoibkY1ZlNUcStIWFpDY3dzMHVWYTdYL3pFejAycXU1OVlaRkh6MnZ6dTgvSExEdmNMYkFCcDV6MFg5cmVZQlRCZktWdUoyYWxpWk1ya2M5U2lzQWg2Z2ticE9BRWR1aDI2RTN5UE9nWWpQSUp1UXZKNnowVWJyb3FhYkJNQlV3N1AiLCJtYWMiOiJkNzZlNTkxNTBmYTAwMjQ2M2UyYWIzZmEwNTI5YWFjMmYzZGQ3YzY1MTg2YzQwMThlMjcxYWJkOTg0ZWRkMDU1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InRuWWxySFIzaWo4WkloYldLS2dkdnc9PSIsInZhbHVlIjoia3QzcmVYd3JOWGloZDRZNGQyN1ZTbWpBa2pNSk1ERCtKWDYzaDd6SGdabmo1M3NpZ1NCTWlwY2VwUEMwYnZYSUJTWWVxODlNbm9ESFhCMjhSZThsVm9SZEhXZDRpZjNETkZheFJ0Mk9RTitNRFBHUlhhcnhFUDd3c1RjQTlzVXQiLCJtYWMiOiIxMjI1YjIzZjAyM2Q4YTMyZDkwMTNhMmQzZmZiM2VhNGYwM2U0ZDVjMTFjNWJhZGM1NGIzZGZkNzkxNDg2NzExIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Cache-Control: no-cache, private
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.23, ASP.NET
Date: Wed, 17 Apr 2024 05:57:11 GMT
Content-Length: 2123
|
|
| ka-f.fontawesome.com/releases/v6.5.2/webfonts/free-fa-brands-400.woff2 | 172.67.139.119 | 200 OK | 118 kB |
URL GET HTTP/2ka-f.fontawesome.com/releases/v6.5.2/webfonts/free-fa-brands-400.woff2 IP172.67.139.119:443
Requested byhttp://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I CertificateIssuerGoogle Trust Services LLC Subjectka-f.fontawesome.com Fingerprint8D:43:33:42:48:C0:F5:34:71:EC:49:69:9C:62:01:4A:6F:41:11:98 ValidityTue, 05 Mar 2024 09:23:28 GMT - Mon, 03 Jun 2024 09:23:27 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 117856, version 773.1280 Size118 kB (117856 bytes) Hash5674af1ac41fe62c1b4568cbb6a031ff 83ac1707f24f448c43d0656f224a827014154c4f 0de3edeabe89b14f48e7856d2cb631722c600ff66839fae178d0567902d62a91
GET /releases/v6.5.2/webfonts/free-fa-brands-400.woff2 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://couriernote-001-site1.jtempurl.com
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 17 Apr 2024 05:57:11 GMT
content-type: font/woff2
content-length: 117856
last-modified: Tue, 02 Apr 2024 15:51:14 GMT
etag: "5674af1ac41fe62c1b4568cbb6a031ff"
x-amz-server-side-encryption: AES256
cache-control: max-age=31556926
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-headers: fa-kit-token
access-control-max-age: 3000
x-cache: Hit from cloudfront
via: 1.1 c38563a65534cacc21516bd5450b0818.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P2
x-amz-cf-id: GuFdcUyUacAkDxYvm9F4vNNo6gb6KRGqLnPUOyAAKTezNJLFF0GQRw==
age: 4893
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eEyrzmWgsLEPEjg4TIH7hZ%2B333ZOOCoSRCzSTkH4U7oVkllisbfoqGwr5zBi7a5%2BudDGMPw705d2gl%2BlFj3rTt%2BG3pCJkHRkbM1jm9LTWOWDyC48cKhnnR%2BOy8BqHgl45ZsZQg%2Batg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875a2d1d3e3492aa-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| couriernote-001-site1.jtempurl.com/images/favicon.gif | 45.58.159.112 | 200 OK | 2.2 kB |
URL GET HTTP/1.1couriernote-001-site1.jtempurl.com/images/favicon.gif IP45.58.159.112:80
Requested byhttp://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I
File typeMS Windows icon resource - 1 icon, 32x32, 8 bits/pixel Hasha6f1af8e79a11829ba9a66474b06bb97 d99e3ec7747c865033a8dfad43c9f49634404bc1 b0dbd00f3650fa6b931e678a9d8f79a405d23c7adf111ab91b1a01a0e7109807
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - DHL | OpenPhish | phishing | DHL Airways, Inc. |
GET /images/favicon.gif HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I
Cookie: XSRF-TOKEN=eyJpdiI6IjV5KzIxNHlUTkFDVHdYZ3I5em5Rdmc9PSIsInZhbHVlIjoibkY1ZlNUcStIWFpDY3dzMHVWYTdYL3pFejAycXU1OVlaRkh6MnZ6dTgvSExEdmNMYkFCcDV6MFg5cmVZQlRCZktWdUoyYWxpWk1ya2M5U2lzQWg2Z2ticE9BRWR1aDI2RTN5UE9nWWpQSUp1UXZKNnowVWJyb3FhYkJNQlV3N1AiLCJtYWMiOiJkNzZlNTkxNTBmYTAwMjQ2M2UyYWIzZmEwNTI5YWFjMmYzZGQ3YzY1MTg2YzQwMThlMjcxYWJkOTg0ZWRkMDU1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InRuWWxySFIzaWo4WkloYldLS2dkdnc9PSIsInZhbHVlIjoia3QzcmVYd3JOWGloZDRZNGQyN1ZTbWpBa2pNSk1ERCtKWDYzaDd6SGdabmo1M3NpZ1NCTWlwY2VwUEMwYnZYSUJTWWVxODlNbm9ESFhCMjhSZThsVm9SZEhXZDRpZjNETkZheFJ0Mk9RTitNRFBHUlhhcnhFUDd3c1RjQTlzVXQiLCJtYWMiOiIxMjI1YjIzZjAyM2Q4YTMyZDkwMTNhMmQzZmZiM2VhNGYwM2U0ZDVjMTFjNWJhZGM1NGIzZGZkNzkxNDg2NzExIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=31536000
Content-Type: image/gif
Last-Modified: Sun, 17 Apr 2022 13:25:28 GMT
Accept-Ranges: bytes
ETag: "054819a5e52d81:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Wed, 17 Apr 2024 05:57:11 GMT
Content-Length: 2238
|
|
| ws-mt1.pusher.com/app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false | 34.196.19.203 | | 0 B |
URL ws-mt1.pusher.com/app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false IP34.196.19.203:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false HTTP/1.1
Host: ws-mt1.pusher.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Sec-WebSocket-Version: 13
Origin: http://couriernote-001-site1.jtempurl.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: HI9QFxCeIAmj3lcRHOvN4w==
DNT: 1
Connection: keep-alive, Upgrade
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Wed, 17 Apr 2024 05:57:11 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: iAAvQ0ZwVRdZzZJPkKqSWkTSp8E=
Sec-WebSocket-Extensions: permessage-deflate; client_no_context_takeover; server_no_context_takeover
|
|
| ka-f.fontawesome.com/releases/v6.5.2/webfonts/free-fa-solid-900.woff2 | 172.67.139.119 | 200 OK | 156 kB |
URL GET HTTP/3ka-f.fontawesome.com/releases/v6.5.2/webfonts/free-fa-solid-900.woff2 IP172.67.139.119:443
Requested byhttp://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I CertificateIssuerGoogle Trust Services LLC Subjectka-f.fontawesome.com Fingerprint8D:43:33:42:48:C0:F5:34:71:EC:49:69:9C:62:01:4A:6F:41:11:98 ValidityTue, 05 Mar 2024 09:23:28 GMT - Mon, 03 Jun 2024 09:23:27 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 156388, version 773.1280 Size156 kB (156388 bytes) Hashae015e3286ef56a0daf8e83838a32a88 7c18577fd6c4e7d9036b244215ace3945372eefe 41dca0965bdfd255f85e7fc8e9a3dc1fe3eb810996c553d4ef2b8872737ee825
GET /releases/v6.5.2/webfonts/free-fa-solid-900.woff2 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://couriernote-001-site1.jtempurl.com
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 05:57:11 GMT
content-type: font/woff2
content-length: 156388
last-modified: Tue, 02 Apr 2024 15:51:14 GMT
etag: "ae015e3286ef56a0daf8e83838a32a88"
x-amz-server-side-encryption: AES256
cache-control: max-age=31556926
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-headers: fa-kit-token
access-control-max-age: 3000
x-cache: Hit from cloudfront
via: 1.1 8662e3c152f0b241b5d273e9b0c8f9fc.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P2
x-amz-cf-id: xklk1m_kKCojt59U46OZ9wYeOcllyjr9xsRKc6WLB3XRurZ4cVfXGw==
age: 4893
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LFO8qxKid9XKIywN7XnFN4dwpae1nkdvkgLd%2Bw14yUt%2BR4Vw6Q%2Frsnh0MPrwaVEw4onAaqIXUNxT1vRcJFZYkph%2Bw0TDoMclaYndGsvPVRT8xzmYIwXmUO15TC%2FJC2Woy8vVF9WsHA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875a2d1ddad79308-CPH
alt-svc: h3=":443"; ma=86400
|
|
| ws-mt1.pusher.com/app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false | 34.196.19.203 | | 0 B |
URL ws-mt1.pusher.com/app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false IP34.196.19.203:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false HTTP/1.1
Host: ws-mt1.pusher.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: http://couriernote-001-site1.jtempurl.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: zTQIhKi9A0Pa4WkVQAoeUA==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Wed, 17 Apr 2024 05:57:14 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 1CJn52OhisX11oSCcKpViA0Ka/o=
Sec-WebSocket-Extensions: permessage-deflate; client_no_context_takeover; server_no_context_takeover
|
|
| cdn.lr-in.com/logger-1.min.js | 104.21.234.145 | 200 OK | 171 kB |
URL GET HTTP/3cdn.lr-in.com/logger-1.min.js IP104.21.234.145:443
Requested byhttp://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I CertificateIssuerLet's Encrypt Subjectlr-in.com Fingerprint9C:36:E8:C7:3B:FC:3A:32:F6:4B:7E:92:80:E3:9C:F6:8E:D3:5C:9A ValiditySat, 09 Mar 2024 13:34:25 GMT - Fri, 07 Jun 2024 13:34:24 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size171 kB (170580 bytes) Hash355fe0562edfd6205ef894f08502772b d7defde805c10c9e744951b8c24013bb4bf10c03 916c788c8555964e9d3bc522bc77e20653065fd80ef2f256edeae1a6ebe27c42
GET /logger-1.min.js HTTP/1.1
Host: cdn.lr-in.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 17 Apr 2024 05:57:11 GMT
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400
cross-origin-resource-policy: cross-origin
etag: W/"c8f76234a7eaef03e2127653218599191ae237cf79b2488a74c814396319bded-br"
last-modified: Tue, 16 Apr 2024 22:45:40 GMT
strict-transport-security: max-age=31556926
x-served-by: cache-lcy-eglc8600096-LCY
x-cache: MISS
x-cache-hits: 0
x-timer: S1713307784.311712,VS0,VE40
vary: x-fh-requested-host, accept-encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 32
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Nrskgb5vXUwlAhY3%2FKbRg1A9fBUSImPlRIsYsBs3xGrUFlYnvrXO2aErjkMN%2FNpVWdvUg5%2BHvgZRctV6Nd1H9WPr06XMuLAddlUw6YRrEyf7ihbOx0ejmjzjnEKGnRTu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875a2d1c4ce363fc-LHR
content-encoding: br
|
|
| kit.fontawesome.com/f7165dd215.js | 104.18.40.68 | 200 OK | 33 kB |
URL GET HTTP/2kit.fontawesome.com/f7165dd215.js IP104.18.40.68:443
Requested byhttp://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I CertificateIssuerDigiCert Inc Subject*.fontawesome.com Fingerprint93:F9:69:8C:73:B0:08:60:65:F3:39:41:39:66:D3:2B:78:3A:6E:3D ValidityMon, 04 Dec 2023 00:00:00 GMT - Fri, 03 Jan 2025 23:59:59 GMT
File typegzip compressed data, from Unix Hashb5c0d3c67e697f170934a31fca4b6872 2c88db55e1aefe0bb7735db50e54ef4729e45945 96820344690f97b6a3b166504fa86672e1bfd1e0c12c892007c3a9a1373a8af9
GET /f7165dd215.js HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://couriernote-001-site1.jtempurl.com
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 17 Apr 2024 05:57:11 GMT
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, stale-while-revalidate=30
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: F8btk8IehbrUpj_hH5bi
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 875a2d19ac1f92c4-CPH
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| r.lr-in.com/i?a=mnnzup%2Fdus&r=5-b6dab8df-1b49-439f-a7be-3378168f8844&t=cda7121a-f18d-46a0-bef4-f8bcc76637ba&s=0&rs=0%2Cu&u=e2466a48-ef72-4208-8930-16cbe17e179d&is=1 | 104.198.23.205 | 201 Created | 165 B |
URL POST HTTP/2r.lr-in.com/i?a=mnnzup%2Fdus&r=5-b6dab8df-1b49-439f-a7be-3378168f8844&t=cda7121a-f18d-46a0-bef4-f8bcc76637ba&s=0&rs=0%2Cu&u=e2466a48-ef72-4208-8930-16cbe17e179d&is=1 IP104.198.23.205:443 ASN#396982 GOOGLE-CLOUD-PLATFORM
Requested byhttp://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I CertificateIssuerLet's Encrypt Subjectapi.logrocket.com Fingerprint3E:B3:D8:9E:94:E5:B8:E0:B2:FB:40:36:42:BA:B1:67:70:1E:A1:A3 ValidityFri, 05 Apr 2024 14:45:08 GMT - Thu, 04 Jul 2024 14:45:07 GMT
Hash718ccbcd55db37c391512cb65953b9b4 f64b3bc2a1d438df87245b98925a2f7ce8f7a199 96cc9d14ff0939bd8435e082d7875ceba84b9a575dcf27cfec1e97adf2e3fa7a
POST /i?a=mnnzup%2Fdus&r=5-b6dab8df-1b49-439f-a7be-3378168f8844&t=cda7121a-f18d-46a0-bef4-f8bcc76637ba&s=0&rs=0%2Cu&u=e2466a48-ef72-4208-8930-16cbe17e179d&is=1 HTTP/1.1
Host: r.lr-in.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-LogRocket-Relay-Version: 2023.12.0
Content-Length: 393773
Origin: http://couriernote-001-site1.jtempurl.com
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 201 Created
date: Wed, 17 Apr 2024 05:57:16 GMT
content-type: application/json; charset=utf-8
content-length: 165
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
etag: W/"a5-9ks7wqHUON+HJFuYklovfOj3oZk"
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-credentials: true
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,X-Csrftoken,If-Modified-Since,Cache-Control,Content-Type,Authorization,Accept,Origin,X-Logrocket-Url,X-Logrocket-Ignore,X-Logrocket-Secret,X-LogRocket-Relay-Version
access-control-max-age: 1728000
X-Firefox-Spdy: h2
|
|
| couriernote-001-site1.jtempurl.com/fonts/vendor/@fontsource/roboto/files/roboto-all-400-normal.woff?376ea5d93f71583052f65de4e0c6a92c | 45.58.159.112 | 404 Not Found | 6.6 kB |
URL GET HTTP/1.1couriernote-001-site1.jtempurl.com/fonts/vendor/@fontsource/roboto/files/roboto-all-400-normal.woff?376ea5d93f71583052f65de4e0c6a92c IP45.58.159.112:80
Requested byhttp://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I
File typeHTML document, ASCII text, with very long lines (6693), with no line terminators Hash637c64dcfa59899545c1dce3f050200d 8cf7d3405932c23d2b4ee4c3473a611cb924c05f bc61d266b689e585d2ae0c93c625d665dff0f4dfcbfc0263df35ca4c1bb1494f
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - DHL | OpenPhish | phishing | DHL Airways, Inc. |
GET /fonts/vendor/@fontsource/roboto/files/roboto-all-400-normal.woff?376ea5d93f71583052f65de4e0c6a92c HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6IjV5KzIxNHlUTkFDVHdYZ3I5em5Rdmc9PSIsInZhbHVlIjoibkY1ZlNUcStIWFpDY3dzMHVWYTdYL3pFejAycXU1OVlaRkh6MnZ6dTgvSExEdmNMYkFCcDV6MFg5cmVZQlRCZktWdUoyYWxpWk1ya2M5U2lzQWg2Z2ticE9BRWR1aDI2RTN5UE9nWWpQSUp1UXZKNnowVWJyb3FhYkJNQlV3N1AiLCJtYWMiOiJkNzZlNTkxNTBmYTAwMjQ2M2UyYWIzZmEwNTI5YWFjMmYzZGQ3YzY1MTg2YzQwMThlMjcxYWJkOTg0ZWRkMDU1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InRuWWxySFIzaWo4WkloYldLS2dkdnc9PSIsInZhbHVlIjoia3QzcmVYd3JOWGloZDRZNGQyN1ZTbWpBa2pNSk1ERCtKWDYzaDd6SGdabmo1M3NpZ1NCTWlwY2VwUEMwYnZYSUJTWWVxODlNbm9ESFhCMjhSZThsVm9SZEhXZDRpZjNETkZheFJ0Mk9RTitNRFBHUlhhcnhFUDd3c1RjQTlzVXQiLCJtYWMiOiIxMjI1YjIzZjAyM2Q4YTMyZDkwMTNhMmQzZmZiM2VhNGYwM2U0ZDVjMTFjNWJhZGM1NGIzZGZkNzkxNDg2NzExIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Cache-Control: no-cache, private
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.23, ASP.NET
Date: Wed, 17 Apr 2024 05:57:11 GMT
Content-Length: 6609
|
|
| couriernote-001-site1.jtempurl.com/fonts/vendor/@fortawesome/fontawesome-free/webfa-brands-400.woff?2285773e6b4b172f07d9b777c81b0775 | 45.58.159.112 | 404 Not Found | 6.6 kB |
URL GET HTTP/1.1couriernote-001-site1.jtempurl.com/fonts/vendor/@fortawesome/fontawesome-free/webfa-brands-400.woff?2285773e6b4b172f07d9b777c81b0775 IP45.58.159.112:80
Requested byhttp://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I
File typeHTML document, ASCII text, with very long lines (6693), with no line terminators Hash637c64dcfa59899545c1dce3f050200d 8cf7d3405932c23d2b4ee4c3473a611cb924c05f bc61d266b689e585d2ae0c93c625d665dff0f4dfcbfc0263df35ca4c1bb1494f
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - DHL | OpenPhish | phishing | DHL Airways, Inc. |
GET /fonts/vendor/@fortawesome/fontawesome-free/webfa-brands-400.woff?2285773e6b4b172f07d9b777c81b0775 HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6IjV5KzIxNHlUTkFDVHdYZ3I5em5Rdmc9PSIsInZhbHVlIjoibkY1ZlNUcStIWFpDY3dzMHVWYTdYL3pFejAycXU1OVlaRkh6MnZ6dTgvSExEdmNMYkFCcDV6MFg5cmVZQlRCZktWdUoyYWxpWk1ya2M5U2lzQWg2Z2ticE9BRWR1aDI2RTN5UE9nWWpQSUp1UXZKNnowVWJyb3FhYkJNQlV3N1AiLCJtYWMiOiJkNzZlNTkxNTBmYTAwMjQ2M2UyYWIzZmEwNTI5YWFjMmYzZGQ3YzY1MTg2YzQwMThlMjcxYWJkOTg0ZWRkMDU1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InRuWWxySFIzaWo4WkloYldLS2dkdnc9PSIsInZhbHVlIjoia3QzcmVYd3JOWGloZDRZNGQyN1ZTbWpBa2pNSk1ERCtKWDYzaDd6SGdabmo1M3NpZ1NCTWlwY2VwUEMwYnZYSUJTWWVxODlNbm9ESFhCMjhSZThsVm9SZEhXZDRpZjNETkZheFJ0Mk9RTitNRFBHUlhhcnhFUDd3c1RjQTlzVXQiLCJtYWMiOiIxMjI1YjIzZjAyM2Q4YTMyZDkwMTNhMmQzZmZiM2VhNGYwM2U0ZDVjMTFjNWJhZGM1NGIzZGZkNzkxNDg2NzExIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Cache-Control: no-cache, private
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.23, ASP.NET
Date: Wed, 17 Apr 2024 05:57:11 GMT
Content-Length: 6609
|
|
| ws-mt1.pusher.com/app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false | 34.196.19.203 | 101 Switching Protocols | 0 B |
URL GET HTTP/1.1ws-mt1.pusher.com/app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false IP34.196.19.203:443
Requested byhttp://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I CertificateIssuerAmazon Subjectpusher.com Fingerprint7F:21:03:8F:D0:81:ED:06:33:D6:8D:83:17:DA:79:19:72:2E:BF:39 ValiditySun, 25 Jun 2023 00:00:00 GMT - Wed, 24 Jul 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false HTTP/1.1
Host: ws-mt1.pusher.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: http://couriernote-001-site1.jtempurl.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: zTQIhKi9A0Pa4WkVQAoeUA==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Wed, 17 Apr 2024 05:57:14 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 1CJn52OhisX11oSCcKpViA0Ka/o=
Sec-WebSocket-Extensions: permessage-deflate; client_no_context_takeover; server_no_context_takeover
|
|
| ws-mt1.pusher.com/app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false | 34.196.19.203 | 101 Switching Protocols | 0 B |
URL GET HTTP/1.1ws-mt1.pusher.com/app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false IP34.196.19.203:80
Requested byhttp://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false HTTP/1.1
Host: ws-mt1.pusher.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Sec-WebSocket-Version: 13
Origin: http://couriernote-001-site1.jtempurl.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: HI9QFxCeIAmj3lcRHOvN4w==
DNT: 1
Connection: keep-alive, Upgrade
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Wed, 17 Apr 2024 05:57:11 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: iAAvQ0ZwVRdZzZJPkKqSWkTSp8E=
Sec-WebSocket-Extensions: permessage-deflate; client_no_context_takeover; server_no_context_takeover
|
|
| files.killbot.org/.cdn-cgi/killbot-security.js | 0.0.0.0 | | 0 B |
URL GET files.killbot.org/.cdn-cgi/killbot-security.js IP0.0.0.0:0
Requested byhttp://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /.cdn-cgi/killbot-security.js HTTP/1.1
Host: files.killbot.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| files.killbot.org/.cdn-cgi/killbot-security.js | 0.0.0.0 | | 0 B |
URL GET files.killbot.org/.cdn-cgi/killbot-security.js IP0.0.0.0:0
Requested byhttp://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /.cdn-cgi/killbot-security.js HTTP/1.1
Host: files.killbot.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| ka-f.fontawesome.com/releases/v6.5.2/css/free-v4-font-face.min.css?token=f7165dd215 | 172.67.139.119 | 200 OK | 1.8 kB |
URL GET HTTP/2ka-f.fontawesome.com/releases/v6.5.2/css/free-v4-font-face.min.css?token=f7165dd215 IP172.67.139.119:443
Requested byhttp://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I CertificateIssuerGoogle Trust Services LLC Subjectka-f.fontawesome.com Fingerprint8D:43:33:42:48:C0:F5:34:71:EC:49:69:9C:62:01:4A:6F:41:11:98 ValidityTue, 05 Mar 2024 09:23:28 GMT - Mon, 03 Jun 2024 09:23:27 GMT
File typeASCII text, with very long lines (1803), with no line terminators Hash36f549800bc029aaadd0d7ac3d1d0f54 45bfcbb57c0155a2f22a47117deae6dc87706d4a 4048a832df1b9ac88058b1964ab9c45300daf6c10b0a02d697a29d729a81ea30
GET /releases/v6.5.2/css/free-v4-font-face.min.css?token=f7165dd215 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://couriernote-001-site1.jtempurl.com/
Origin: http://couriernote-001-site1.jtempurl.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 17 Apr 2024 05:57:11 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Tue, 02 Apr 2024 15:26:25 GMT
etag: W/"9c9f596493867f0e7ef5f9fe99103fce"
x-amz-server-side-encryption: AES256
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 96e04892ec84a7161914f66c3ba3b5f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P2
x-amz-cf-id: Jwg234-xM9BSlUD13IvHzdqFWtUS4GgoaH4E1KsslROc72PW6Me74g==
age: 4894
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=liceXXkEJTPJpwGoB25JWi1P0uQUds0GY0cj%2B2SCfQ2nkWAPJn5%2B0jiSRRlhGUc98o5rJromt60oY1hTpjEDjYRBeLGx64MZE8lsJlgQasNdUV8IBWf399AZkT%2BbBH11C9nQ6s3ivw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875a2d1b9bb992aa-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ka-f.fontawesome.com/releases/v6.5.2/css/free.min.css?token=f7165dd215 | 172.67.139.119 | 200 OK | 104 kB |
URL GET HTTP/2ka-f.fontawesome.com/releases/v6.5.2/css/free.min.css?token=f7165dd215 IP172.67.139.119:443
Requested byhttp://couriernote-001-site1.jtempurl.com/sRB5V2IO1qCgB5vr0bPRSKUGbpdzCL4I CertificateIssuerGoogle Trust Services LLC Subjectka-f.fontawesome.com Fingerprint8D:43:33:42:48:C0:F5:34:71:EC:49:69:9C:62:01:4A:6F:41:11:98 ValidityTue, 05 Mar 2024 09:23:28 GMT - Mon, 03 Jun 2024 09:23:27 GMT
File typeASCII text, with very long lines (65321) Size104 kB (103541 bytes) Hash7f29cd8c97789aa298af8c61623ca28b af8109e0e5c8bb2c1c3ab44ba7b5d25900ca454a 3e9c73fa687cd4110688668977a7caa87f5a1dee0d11f03687bd4871deedf1c1
GET /releases/v6.5.2/css/free.min.css?token=f7165dd215 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://couriernote-001-site1.jtempurl.com/
Origin: http://couriernote-001-site1.jtempurl.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 17 Apr 2024 05:57:11 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Tue, 02 Apr 2024 15:26:25 GMT
etag: W/"7f29cd8c97789aa298af8c61623ca28b"
x-amz-server-side-encryption: AES256
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 8118e4598aac4892a3dfbc36812e88d4.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P2
x-amz-cf-id: 3ZchJ060525nODvpKCzZiuPlF_PU5DlnY9XalyDKKeCCEEK8AOS4lQ==
age: 4894
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JQ8ig7MFHSjgTkJNkQDTolXuyUw7mBcDaMSXaM2CV5d73xtqY%2BFu1JmUoLlb0mNkyBxDM6mM635moH8DObFTyyB8Zia7IMKZ%2FzFVQIcWfF0SRSNwBaHNfde%2BYUWieW9huy2TNKKUkw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875a2d1b9ba792aa-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|