Report - couriernote-001-site1.jtempurl.com/bbuDKiwXUCwESbMdNEc1taAkl1CIucCf

Report Overview

Submitted URL
couriernote-001-site1.jtempurl.com/bbuDKiwXUCwESbMdNEc1taAkl1CIucCf
IP
45.58.159.112
ASN
#46844 SHARKTECH
Submitted
2024-04-16 18:22:13
Access
public
Website Title
DHL
Final URL
couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne
Tags
dhl logistics phishing
urlquery detections
Phishing - DHL

Detections

urlquery
50
Network Intrusion Detection
0
Threat Detection Systems
34

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.lr-in.com	13237	2021-07-19	2021-07-19	2024-04-16	435 B	172 kB	104.21.234.144
r.lr-in.com	16828	2021-07-19	2021-07-27	2024-03-24	681 B	853 B	104.198.23.205
files.killbot.org	unknown	2020-04-17	2021-08-07	2023-09-13	880 B	0 B	0.0.0.0
couriernote-001-site1.jtempurl.com	unknown	unknown	No data	No data	22 kB	358 kB	45.58.159.112
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-04-16	1.1 kB	85 kB	104.17.25.14
kit.fontawesome.com	1868	2012-10-18	2019-12-16	2024-04-16	473 B	7.1 kB	104.18.40.68
ka-f.fontawesome.com	3598	2012-10-18	2019-12-17	2024-04-16	3.2 kB	414 kB	104.21.26.223
ws-mt1.pusher.com	8253	1997-06-03	2018-09-20	2024-04-15	2.4 kB	1.1 kB	44.194.99.111

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-16	medium	couriernote-001-site1.jtempurl.com/bbuDKiwXUCwESbMdNEc1taAkl1CIucCf	DHL Airways, Inc.
2024-04-15	medium	couriernote-001-site1.jtempurl.com/	DHL Airways, Inc.
2024-04-15	medium	couriernote-001-site1.jtempurl.com/	DHL Airways, Inc.
2024-04-15	medium	couriernote-001-site1.jtempurl.com/	DHL Airways, Inc.
2024-04-15	medium	couriernote-001-site1.jtempurl.com/	DHL Airways, Inc.
2024-04-15	medium	couriernote-001-site1.jtempurl.com/	DHL Airways, Inc.
2024-04-15	medium	couriernote-001-site1.jtempurl.com/	DHL Airways, Inc.
2024-04-15	medium	couriernote-001-site1.jtempurl.com/	DHL Airways, Inc.
2024-04-15	medium	couriernote-001-site1.jtempurl.com/	DHL Airways, Inc.
2024-04-15	medium	couriernote-001-site1.jtempurl.com/	DHL Airways, Inc.
2024-04-15	medium	couriernote-001-site1.jtempurl.com/	DHL Airways, Inc.
2024-04-15	medium	couriernote-001-site1.jtempurl.com/	DHL Airways, Inc.
2024-04-15	medium	couriernote-001-site1.jtempurl.com/	DHL Airways, Inc.
2024-04-15	medium	couriernote-001-site1.jtempurl.com/	DHL Airways, Inc.
2024-04-15	medium	couriernote-001-site1.jtempurl.com/	DHL Airways, Inc.
2024-04-15	medium	couriernote-001-site1.jtempurl.com/	DHL Airways, Inc.
2024-04-15	medium	couriernote-001-site1.jtempurl.com/	DHL Airways, Inc.

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne	215 B	2023-03-07	2024-04-17
Pretty URL couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne IP 45.58.159.112 ASN #46844 SHARKTECH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:20:33 Last Seen2024-04-17 08:04:36 Times Seen9534 Hash 19d003664195690a4bac0900372478e4 dcc88af518379f0793777be014231b322df0edf3 cdbb7ab30297d50ee74d49f97fe7cf040dd013c103ef5a13c0bbc53003b64d6d Loading...

	cdn.lr-in.com/logger-1.min.js	864 kB	2024-04-13	2024-04-16
Pretty URL cdn.lr-in.com/logger-1.min.js IP 104.21.234.144 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-13 19:20:40 Last Seen2024-04-16 20:22:22 Times Seen12 Hash 17181d1a746df2a2fa3f91f929ec326b 6f8e68d817a3322da8b88ba3de2bb48d32f855e3 aab8eca4156c17a6d02e8f0332c556d0cbebd0a2de33c9b7e1b32d0881dbe6f0 Loading...

	kit.fontawesome.com/f7165dd215.js	12 kB	2024-04-10	2024-04-17
Pretty URL kit.fontawesome.com/f7165dd215.js IP 104.18.40.68 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-10 19:54:19 Last Seen2024-04-17 08:04:36 Times Seen12 Hash adb0e6067a6ca73e99c1245c2edfc480 11cdc9ee8858343f213ac041a64df0636a10b985 9a653bb277cab3af282b44b2c6279aaaf368bb2c09977eac06f93572d70035c3 Loading...

	couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne	551 B	2024-04-16	2024-04-16
Pretty URL couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne IP 45.58.159.112 ASN #46844 SHARKTECH Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-16 20:22:22 Last Seen2024-04-16 20:22:22 Times Seen1 Hash 92c05634bdb5f840119f33a311fb4032 7216c0e03902641915db71ea6c40e636aa16a1d2 4afdd0bd985a2fa8e2477510514ad8e9b04c52a35c3506bc07059869248c3485 Loading...

	couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne	391 B	2023-03-07	2024-04-17
Pretty URL couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne IP 45.58.159.112 ASN #46844 SHARKTECH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:20:33 Last Seen2024-04-17 08:04:36 Times Seen7237 Hash c890bb901ff0030837b3565d30db7cc2 88b46d77f0fce8c23c77fcc2c125c210c7fce3c2 5618690ba2bc408543ac11bffc4d30f178e7c9fcd9482133469385d747981779 Loading...

	couriernote-001-site1.jtempurl.com/js/app.js	1.6 MB	2023-03-07	2024-04-17
Pretty URL couriernote-001-site1.jtempurl.com/js/app.js IP 45.58.159.112 ASN #46844 SHARKTECH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:06:51 Last Seen2024-04-17 08:04:36 Times Seen13729 Hash fd900f643203761f2eeca2132fc15f1d 375f23ca9ad75b647373bda03b02e2d0f6e729be 399e233cea4e5468820e5c5f98ddbb156de729983710cf576a6508f076326c68 Loading...

	couriernote-001-site1.jtempurl.com/js/session-recorder.js	45 kB	2023-03-07	2024-04-17
Pretty URL couriernote-001-site1.jtempurl.com/js/session-recorder.js IP 45.58.159.112 ASN #46844 SHARKTECH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:20:33 Last Seen2024-04-17 08:04:36 Times Seen21730 Hash 701984b4995f3c29820e83c999b7eb23 a3b50104a3bfa05bf59a317273816c7d8ae1f81d 67ad94e12a745b1b09c6cd616e20a2ad283ed68f8060bd1dd0d9a2b6ad9dc7ee Loading...

HTTP Transactions (36)

URL IP Response Size

couriernote-001-site1.jtempurl.com/bbuDKiwXUCwESbMdNEc1taAkl1CIucCf

45.58.159.112

210 B

URL
couriernote-001-site1.jtempurl.com/bbuDKiwXUCwESbMdNEc1taAkl1CIucCf
IP
45.58.159.112:0
ASN
#46844 SHARKTECH

File type
HTML document, ASCII text
Size
210 B (210 bytes)
Hash
31b6183945b23f3237cea6acdcb91853
483ea3ac6b6491cee1fde0bddeae208a8f147e95
4a59ea7a803e2c7de336103d84f319efbb0c900f1a65dad4aa826db264640f62

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
OpenPhish	phishing	DHL Airways, Inc.

HTTP Headers

GET /bbuDKiwXUCwESbMdNEc1taAkl1CIucCf HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Cache-Control: no-cache, private
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Location: http://couriernote-001-site1.jtempurl.com
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Set-Cookie: XSRF-TOKEN=eyJpdiI6IjBWa3R4WXNVOU5tRW9kVS8xMGNyQ2c9PSIsInZhbHVlIjoidmp5a0svbWFyeXhOcjRWMUg2Zy9EOEN2ZWgwMS9aZ2gvdndiU3pmVVRoWHR2VS9HTHFycm9URXRLMWp6cWxxMExqUjNwcGFoY3JZQ25KMjlOWjVwcHRmTUUxZE5WczRkWWxRTkJvZUNLYVdteVBxSE1uS2h5RGNETEhrN0dVOHkiLCJtYWMiOiJjY2I3YmE2OWFkNzIxNWU5MTAzOGYyZGJhMmQ2NWIwNjBlMjYxMTBjNjM1M2ExMzJhNDJlYjljNWNjZGYzNjM0IiwidGFnIjoiIn0%3D; expires=Tue, 16-Apr-2024 20:21:46 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6IldKMlFJWGVOQjJlYWJZcTJSWVcvbmc9PSIsInZhbHVlIjoiei9ielZlZkk0UXpGVnpvakZNcW1RZVZjZnNiejlzVWFDS1dJZjBDeHlJc2VBc2h0alB3cTRxUFdyZ1hNd0ZlMWxMa0lYcGIwdFQrbS81VWRNcGV6ajlWdTY0RUg1K1hsV2taSWk1Ui8wT09CdURHcHgvVWdxN2J4Q2JqTGhHa2siLCJtYWMiOiI2ZTQyNDdiMTY0ZDEzZjkzNTg5NWVjZDU2MmIwMGQ2Y2NiODI2Zjg2ZGYyMDYzZDUyOTczZWI4MTNlYWRhYmVhIiwidGFnIjoiIn0%3D; expires=Tue, 16-Apr-2024 20:21:46 GMT; Max-Age=7200; path=/; httponly; samesite=lax
X-Powered-By: PHP/8.0.23, ASP.NET
Date: Tue, 16 Apr 2024 18:21:45 GMT
Content-Length: 210

couriernote-001-site1.jtempurl.com/

45.58.159.112

346 B

URL
couriernote-001-site1.jtempurl.com/
IP
45.58.159.112:0
ASN
#46844 SHARKTECH

File type
HTML document, ASCII text
Size
346 B (346 bytes)
Hash
4d49a441dde37e234dbe8ab0f49bfb8b
07f049888e4fe1fbebc298897633d8c9d3acfd8e
f47dbf7c4de385d38155fc2b05675224fcd8a1ec771cc1f2b0b9115ac592ba97

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
OpenPhish	phishing	DHL Airways, Inc.

HTTP Headers

GET / HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IjBWa3R4WXNVOU5tRW9kVS8xMGNyQ2c9PSIsInZhbHVlIjoidmp5a0svbWFyeXhOcjRWMUg2Zy9EOEN2ZWgwMS9aZ2gvdndiU3pmVVRoWHR2VS9HTHFycm9URXRLMWp6cWxxMExqUjNwcGFoY3JZQ25KMjlOWjVwcHRmTUUxZE5WczRkWWxRTkJvZUNLYVdteVBxSE1uS2h5RGNETEhrN0dVOHkiLCJtYWMiOiJjY2I3YmE2OWFkNzIxNWU5MTAzOGYyZGJhMmQ2NWIwNjBlMjYxMTBjNjM1M2ExMzJhNDJlYjljNWNjZGYzNjM0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IldKMlFJWGVOQjJlYWJZcTJSWVcvbmc9PSIsInZhbHVlIjoiei9ielZlZkk0UXpGVnpvakZNcW1RZVZjZnNiejlzVWFDS1dJZjBDeHlJc2VBc2h0alB3cTRxUFdyZ1hNd0ZlMWxMa0lYcGIwdFQrbS81VWRNcGV6ajlWdTY0RUg1K1hsV2taSWk1Ui8wT09CdURHcHgvVWdxN2J4Q2JqTGhHa2siLCJtYWMiOiI2ZTQyNDdiMTY0ZDEzZjkzNTg5NWVjZDU2MmIwMGQ2Y2NiODI2Zjg2ZGYyMDYzZDUyOTczZWI4MTNlYWRhYmVhIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-cache, private
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Set-Cookie: XSRF-TOKEN=eyJpdiI6IisxVXBBRWRvbDBablJkWEF5TVV1M0E9PSIsInZhbHVlIjoiaE1ERFIrR0Q3WGhrU292MWVsYkVQSmtxNWNVMThpdEVNcUdEWk1wcVYzK1ZJN0x1cldSYUU4TWNwMjh0WTNCY2o3TWRnamgrbnJQQkNISEtNVnpYZjlOVUpiTkg1ODRLdytKUUI3S2VqSFUrdXlDSzQwZ3MxQnZoUkkycFgwWWYiLCJtYWMiOiJlYzhlMjRiZjUwOGVjNDdlMjY0MDZkNWQxZWI4NThkY2NkMjc0NzU5NWYzNWNmMjMyNmU1MzAzYmZiODE3ZmNlIiwidGFnIjoiIn0%3D; expires=Tue, 16-Apr-2024 20:21:47 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6ImxkOUdNN0lKdmdzQ1JIbWpKTkxSdnc9PSIsInZhbHVlIjoiWldsdGh1aGlLbzltbWRFd242YTAyZkYwYlRvdTZEZDNVWlFScGxMcGkwcFYvaDNmSEhvMUU3Zmg4bmkvNEdCTUp6dDdIYXUyUUFGL1c3MnZFWTdOT0diREg4M2gzNXFDSy9QMzhsZWEyb3duSit2N1g3NTAvYlVLakdMb3g1SUwiLCJtYWMiOiI3NmI2NjQyNzk4M2YxOTE4ODRlYmNiNTFmZTMxYmY3OWZmMWZjODQ3Y2JmOWM2ZTY5ZTY2OGU2ZmUwYmVmMGRiIiwidGFnIjoiIn0%3D; expires=Tue, 16-Apr-2024 20:21:47 GMT; Max-Age=7200; path=/; httponly; samesite=lax
X-Powered-By: PHP/8.0.23, ASP.NET
Date: Tue, 16 Apr 2024 18:21:46 GMT
Content-Length: 346

couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne/

45.58.159.112

301 Moved Permanently

284 B

URL User Request GET HTTP/1.1
couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne/
IP
45.58.159.112:80
ASN
#46844 SHARKTECH

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
284 B (284 bytes)
Hash
5fe9ade0f76c969903d673037af536d2
105e935ba32a1f345c44b62bfb979c3c21303ed4
ddfb694120453cec7959a7d9218b5f3500ea55e4041714191f70aa015b4c4cbd

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
OpenPhish	phishing	DHL Airways, Inc.

HTTP Headers

GET /B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne/ HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://couriernote-001-site1.jtempurl.com/
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IisxVXBBRWRvbDBablJkWEF5TVV1M0E9PSIsInZhbHVlIjoiaE1ERFIrR0Q3WGhrU292MWVsYkVQSmtxNWNVMThpdEVNcUdEWk1wcVYzK1ZJN0x1cldSYUU4TWNwMjh0WTNCY2o3TWRnamgrbnJQQkNISEtNVnpYZjlOVUpiTkg1ODRLdytKUUI3S2VqSFUrdXlDSzQwZ3MxQnZoUkkycFgwWWYiLCJtYWMiOiJlYzhlMjRiZjUwOGVjNDdlMjY0MDZkNWQxZWI4NThkY2NkMjc0NzU5NWYzNWNmMjMyNmU1MzAzYmZiODE3ZmNlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImxkOUdNN0lKdmdzQ1JIbWpKTkxSdnc9PSIsInZhbHVlIjoiWldsdGh1aGlLbzltbWRFd242YTAyZkYwYlRvdTZEZDNVWlFScGxMcGkwcFYvaDNmSEhvMUU3Zmg4bmkvNEdCTUp6dDdIYXUyUUFGL1c3MnZFWTdOT0diREg4M2gzNXFDSy9QMzhsZWEyb3duSit2N1g3NTAvYlVLakdMb3g1SUwiLCJtYWMiOiI3NmI2NjQyNzk4M2YxOTE4ODRlYmNiNTFmZTMxYmY3OWZmMWZjODQ3Y2JmOWM2ZTY5ZTY2OGU2ZmUwYmVmMGRiIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Content-Length: 284
Content-Type: text/html
Location: http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 16 Apr 2024 18:21:48 GMT

couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne

45.58.159.112

200 OK

15 kB

URL User Request GET HTTP/1.1
couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne
IP
45.58.159.112:80
ASN
#46844 SHARKTECH

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (39884)
Size
15 kB (14644 bytes)
Hash
3ae89f9ee8e383fec15cf3fe0592251a
41b18e26f2d4c0c67a8bf2bdb036ba4641f63eca
cc8d762a9f2ccd6b400cacb58d2dda7e5ee096caee8b5881defcb5535f489e70

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
OpenPhish	phishing	DHL Airways, Inc.

HTTP Headers

GET /B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://couriernote-001-site1.jtempurl.com/
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IisxVXBBRWRvbDBablJkWEF5TVV1M0E9PSIsInZhbHVlIjoiaE1ERFIrR0Q3WGhrU292MWVsYkVQSmtxNWNVMThpdEVNcUdEWk1wcVYzK1ZJN0x1cldSYUU4TWNwMjh0WTNCY2o3TWRnamgrbnJQQkNISEtNVnpYZjlOVUpiTkg1ODRLdytKUUI3S2VqSFUrdXlDSzQwZ3MxQnZoUkkycFgwWWYiLCJtYWMiOiJlYzhlMjRiZjUwOGVjNDdlMjY0MDZkNWQxZWI4NThkY2NkMjc0NzU5NWYzNWNmMjMyNmU1MzAzYmZiODE3ZmNlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImxkOUdNN0lKdmdzQ1JIbWpKTkxSdnc9PSIsInZhbHVlIjoiWldsdGh1aGlLbzltbWRFd242YTAyZkYwYlRvdTZEZDNVWlFScGxMcGkwcFYvaDNmSEhvMUU3Zmg4bmkvNEdCTUp6dDdIYXUyUUFGL1c3MnZFWTdOT0diREg4M2gzNXFDSy9QMzhsZWEyb3duSit2N1g3NTAvYlVLakdMb3g1SUwiLCJtYWMiOiI3NmI2NjQyNzk4M2YxOTE4ODRlYmNiNTFmZTMxYmY3OWZmMWZjODQ3Y2JmOWM2ZTY5ZTY2OGU2ZmUwYmVmMGRiIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-cache, private
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Set-Cookie: XSRF-TOKEN=eyJpdiI6ImpkbXBZa2lQNldRZHpMWkg0UmFTS0E9PSIsInZhbHVlIjoiZHZnOHMwaGdjMnlyeWVXZHArNUN6dTZ4ZFNhNnhJc2NSV05JRjU1US9TcHVSN3VleUZEQk9aUjZvdy9ZYmxaK0dBeGdkK04xbDcxdnZCc0RWMHpmRzhYS2xsSE01eE0wR0dJdDZEZUNlMU5vUFF1dS9ZdUhBWXF2NDBjYVB4dTgiLCJtYWMiOiIxZDA1MWU0MDMyMGZmNTFkZGQ1YWE4NmQ1OWFjYmU5ZmJhMzEwZWFmZDE3ZTAyNzM5YWZhN2UyYjI5YTc0YzVkIiwidGFnIjoiIn0%3D; expires=Tue, 16-Apr-2024 20:21:49 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6Im9pTjRCSDdoVTZadVRTa3F1VDJJMnc9PSIsInZhbHVlIjoienhxS3hvZnlWd3RNNWhVQUdtd2FIN2xCbjlORkdPWjI2UzAwRDJwTGxldzlTbU80RjdhK0YrOGRaL0VOaGhXVTNjVW52YkRzY1BiQVIvUVdySlhhUkwvYm1PNnk2d25NQ01IUGRXdEFUT3ZqcGYwbkV4a3pRdnAwblFycGdVTFgiLCJtYWMiOiIxMDQwNmQ5MDE5NzQ1NTQxNzdiY2Y1ZDI0ZjIzODI3MzgwMDQyYjUwOWI1ZTk3Mzk1OGIxZDk5ZWU1Yjk0OTYyIiwidGFnIjoiIn0%3D; expires=Tue, 16-Apr-2024 20:21:49 GMT; Max-Age=7200; path=/; httponly; samesite=lax
X-Powered-By: PHP/8.0.23, ASP.NET
Date: Tue, 16 Apr 2024 18:21:49 GMT
Content-Length: 14644

couriernote-001-site1.jtempurl.com/css/app.css

45.58.159.112

200 OK

56 kB

URL GET HTTP/1.1
couriernote-001-site1.jtempurl.com/css/app.css
IP
45.58.159.112:80
ASN
#46844 SHARKTECH

Requested by
http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne

File type
ASCII text
Size
56 kB (55863 bytes)
Hash
181990cc2279e4cea65c9363fb37fee9
b85a7ba40043b0c48a034d8382629ef7ec6a1e24
36839348d4cd3d5ffcb15317bc5e8f32b77c644d0c6c0f8f19bdf216caf49293

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
OpenPhish	phishing	DHL Airways, Inc.

HTTP Headers

GET /css/app.css HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne
Cookie: XSRF-TOKEN=eyJpdiI6ImpkbXBZa2lQNldRZHpMWkg0UmFTS0E9PSIsInZhbHVlIjoiZHZnOHMwaGdjMnlyeWVXZHArNUN6dTZ4ZFNhNnhJc2NSV05JRjU1US9TcHVSN3VleUZEQk9aUjZvdy9ZYmxaK0dBeGdkK04xbDcxdnZCc0RWMHpmRzhYS2xsSE01eE0wR0dJdDZEZUNlMU5vUFF1dS9ZdUhBWXF2NDBjYVB4dTgiLCJtYWMiOiIxZDA1MWU0MDMyMGZmNTFkZGQ1YWE4NmQ1OWFjYmU5ZmJhMzEwZWFmZDE3ZTAyNzM5YWZhN2UyYjI5YTc0YzVkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im9pTjRCSDdoVTZadVRTa3F1VDJJMnc9PSIsInZhbHVlIjoienhxS3hvZnlWd3RNNWhVQUdtd2FIN2xCbjlORkdPWjI2UzAwRDJwTGxldzlTbU80RjdhK0YrOGRaL0VOaGhXVTNjVW52YkRzY1BiQVIvUVdySlhhUkwvYm1PNnk2d25NQ01IUGRXdEFUT3ZqcGYwbkV4a3pRdnAwblFycGdVTFgiLCJtYWMiOiIxMDQwNmQ5MDE5NzQ1NTQxNzdiY2Y1ZDI0ZjIzODI3MzgwMDQyYjUwOWI1ZTk3Mzk1OGIxZDk5ZWU1Yjk0OTYyIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=31536000
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Tue, 29 Mar 2022 20:11:08 GMT
Accept-Ranges: bytes
ETag: "0566d20a943d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 16 Apr 2024 18:21:49 GMT
Content-Length: 55863

couriernote-001-site1.jtempurl.com/js/session-recorder.js

45.58.159.112

200 OK

11 kB

URL GET HTTP/1.1
couriernote-001-site1.jtempurl.com/js/session-recorder.js
IP
45.58.159.112:80
ASN
#46844 SHARKTECH

Requested by
http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne

File type
JavaScript source, ASCII text, with very long lines (44992)
Size
11 kB (11151 bytes)
Hash
701984b4995f3c29820e83c999b7eb23
a3b50104a3bfa05bf59a317273816c7d8ae1f81d
67ad94e12a745b1b09c6cd616e20a2ad283ed68f8060bd1dd0d9a2b6ad9dc7ee

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
OpenPhish	phishing	DHL Airways, Inc.

HTTP Headers

GET /js/session-recorder.js HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne
Cookie: XSRF-TOKEN=eyJpdiI6ImpkbXBZa2lQNldRZHpMWkg0UmFTS0E9PSIsInZhbHVlIjoiZHZnOHMwaGdjMnlyeWVXZHArNUN6dTZ4ZFNhNnhJc2NSV05JRjU1US9TcHVSN3VleUZEQk9aUjZvdy9ZYmxaK0dBeGdkK04xbDcxdnZCc0RWMHpmRzhYS2xsSE01eE0wR0dJdDZEZUNlMU5vUFF1dS9ZdUhBWXF2NDBjYVB4dTgiLCJtYWMiOiIxZDA1MWU0MDMyMGZmNTFkZGQ1YWE4NmQ1OWFjYmU5ZmJhMzEwZWFmZDE3ZTAyNzM5YWZhN2UyYjI5YTc0YzVkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im9pTjRCSDdoVTZadVRTa3F1VDJJMnc9PSIsInZhbHVlIjoienhxS3hvZnlWd3RNNWhVQUdtd2FIN2xCbjlORkdPWjI2UzAwRDJwTGxldzlTbU80RjdhK0YrOGRaL0VOaGhXVTNjVW52YkRzY1BiQVIvUVdySlhhUkwvYm1PNnk2d25NQ01IUGRXdEFUT3ZqcGYwbkV4a3pRdnAwblFycGdVTFgiLCJtYWMiOiIxMDQwNmQ5MDE5NzQ1NTQxNzdiY2Y1ZDI0ZjIzODI3MzgwMDQyYjUwOWI1ZTk3Mzk1OGIxZDk5ZWU1Yjk0OTYyIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=31536000
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 29 Mar 2022 19:35:56 GMT
Accept-Ranges: bytes
ETag: "0b69335a443d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 16 Apr 2024 18:21:49 GMT
Content-Length: 11151

couriernote-001-site1.jtempurl.com/js/app.js

45.58.159.112

200 OK

201 kB

URL GET HTTP/1.1
couriernote-001-site1.jtempurl.com/js/app.js
IP
45.58.159.112:80
ASN
#46844 SHARKTECH

Requested by
http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne

File type
JavaScript source, Unicode text, UTF-8 text
Size
201 kB (201031 bytes)
Hash
fd900f643203761f2eeca2132fc15f1d
375f23ca9ad75b647373bda03b02e2d0f6e729be
399e233cea4e5468820e5c5f98ddbb156de729983710cf576a6508f076326c68

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
OpenPhish	phishing	DHL Airways, Inc.

HTTP Headers

GET /js/app.js HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne
Cookie: XSRF-TOKEN=eyJpdiI6ImpkbXBZa2lQNldRZHpMWkg0UmFTS0E9PSIsInZhbHVlIjoiZHZnOHMwaGdjMnlyeWVXZHArNUN6dTZ4ZFNhNnhJc2NSV05JRjU1US9TcHVSN3VleUZEQk9aUjZvdy9ZYmxaK0dBeGdkK04xbDcxdnZCc0RWMHpmRzhYS2xsSE01eE0wR0dJdDZEZUNlMU5vUFF1dS9ZdUhBWXF2NDBjYVB4dTgiLCJtYWMiOiIxZDA1MWU0MDMyMGZmNTFkZGQ1YWE4NmQ1OWFjYmU5ZmJhMzEwZWFmZDE3ZTAyNzM5YWZhN2UyYjI5YTc0YzVkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im9pTjRCSDdoVTZadVRTa3F1VDJJMnc9PSIsInZhbHVlIjoienhxS3hvZnlWd3RNNWhVQUdtd2FIN2xCbjlORkdPWjI2UzAwRDJwTGxldzlTbU80RjdhK0YrOGRaL0VOaGhXVTNjVW52YkRzY1BiQVIvUVdySlhhUkwvYm1PNnk2d25NQ01IUGRXdEFUT3ZqcGYwbkV4a3pRdnAwblFycGdVTFgiLCJtYWMiOiIxMDQwNmQ5MDE5NzQ1NTQxNzdiY2Y1ZDI0ZjIzODI3MzgwMDQyYjUwOWI1ZTk3Mzk1OGIxZDk5ZWU1Yjk0OTYyIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=31536000
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 29 Mar 2022 19:35:56 GMT
Accept-Ranges: bytes
ETag: "0b69335a443d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 16 Apr 2024 18:21:49 GMT
Content-Length: 201031

cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

104.17.25.14

200 OK

5.6 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (30837)
Size
5.6 kB (5631 bytes)
Hash
269550530cc127b6aa5a35925a7de6ce
512c7d79033e3028a9be61b540cf1a6870c896f8
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

HTTP Headers

GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 18:21:50 GMT
content-type: text/css; charset=utf-8
content-length: 5631
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-7918"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 85195
expires: Sun, 06 Apr 2025 18:21:50 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5Ca7fmUSN5xI8hn3lO5LDPzXyNacxyN2l9xO9ojxQxplr3F4sUNP2o48vlJMuivhp%2FeT09tGMSBN6m495nZTTDkvvgScds60ICT2B5hRvE%2BKG24CuHixdLAtOEhQgwHKhOrMnA1t"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 875632837fcfb521-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

couriernote-001-site1.jtempurl.com/images/logo.png

45.58.159.112

200 OK

2.0 kB

URL GET HTTP/1.1
couriernote-001-site1.jtempurl.com/images/logo.png
IP
45.58.159.112:80
ASN
#46844 SHARKTECH

Requested by
http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne

File type
PNG image data, 214 x 20, 8-bit/color RGBA, non-interlaced
Size
2.0 kB (1998 bytes)
Hash
5d14ab93691604e826e1319d53599eb9
78724360e9d25da584445b851e37bca05abe6b85
3f0c62b5ccdcdbf3b3ae3885f1e6959e2d937eba9b29dea9a6bdb98788041756

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
OpenPhish	phishing	DHL Airways, Inc.

HTTP Headers

GET /images/logo.png HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne
Cookie: XSRF-TOKEN=eyJpdiI6ImpkbXBZa2lQNldRZHpMWkg0UmFTS0E9PSIsInZhbHVlIjoiZHZnOHMwaGdjMnlyeWVXZHArNUN6dTZ4ZFNhNnhJc2NSV05JRjU1US9TcHVSN3VleUZEQk9aUjZvdy9ZYmxaK0dBeGdkK04xbDcxdnZCc0RWMHpmRzhYS2xsSE01eE0wR0dJdDZEZUNlMU5vUFF1dS9ZdUhBWXF2NDBjYVB4dTgiLCJtYWMiOiIxZDA1MWU0MDMyMGZmNTFkZGQ1YWE4NmQ1OWFjYmU5ZmJhMzEwZWFmZDE3ZTAyNzM5YWZhN2UyYjI5YTc0YzVkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im9pTjRCSDdoVTZadVRTa3F1VDJJMnc9PSIsInZhbHVlIjoienhxS3hvZnlWd3RNNWhVQUdtd2FIN2xCbjlORkdPWjI2UzAwRDJwTGxldzlTbU80RjdhK0YrOGRaL0VOaGhXVTNjVW52YkRzY1BiQVIvUVdySlhhUkwvYm1PNnk2d25NQ01IUGRXdEFUT3ZqcGYwbkV4a3pRdnAwblFycGdVTFgiLCJtYWMiOiIxMDQwNmQ5MDE5NzQ1NTQxNzdiY2Y1ZDI0ZjIzODI3MzgwMDQyYjUwOWI1ZTk3Mzk1OGIxZDk5ZWU1Yjk0OTYyIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=31536000
Content-Type: image/png
Last-Modified: Sun, 17 Apr 2022 13:24:00 GMT
Accept-Ranges: bytes
ETag: "098d665e52d81:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 16 Apr 2024 18:21:50 GMT
Content-Length: 1998

couriernote-001-site1.jtempurl.com/images/all.png

45.58.159.112

200 OK

12 kB

URL GET HTTP/1.1
couriernote-001-site1.jtempurl.com/images/all.png
IP
45.58.159.112:80
ASN
#46844 SHARKTECH

Requested by
http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne

File type
PNG image data, 123 x 84, 8-bit/color RGBA, non-interlaced
Size
12 kB (12499 bytes)
Hash
2cb0b7f615faf2deb9ec6f53d3149a3b
694a2c881c83e2ab86365bf1d16302ac5b9d500f
c1d5409eecb402a99f10718b06c266ba314d9e25f0b56c6fd063699334b8be6d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
OpenPhish	phishing	DHL Airways, Inc.

HTTP Headers

GET /images/all.png HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne
Cookie: XSRF-TOKEN=eyJpdiI6ImpkbXBZa2lQNldRZHpMWkg0UmFTS0E9PSIsInZhbHVlIjoiZHZnOHMwaGdjMnlyeWVXZHArNUN6dTZ4ZFNhNnhJc2NSV05JRjU1US9TcHVSN3VleUZEQk9aUjZvdy9ZYmxaK0dBeGdkK04xbDcxdnZCc0RWMHpmRzhYS2xsSE01eE0wR0dJdDZEZUNlMU5vUFF1dS9ZdUhBWXF2NDBjYVB4dTgiLCJtYWMiOiIxZDA1MWU0MDMyMGZmNTFkZGQ1YWE4NmQ1OWFjYmU5ZmJhMzEwZWFmZDE3ZTAyNzM5YWZhN2UyYjI5YTc0YzVkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im9pTjRCSDdoVTZadVRTa3F1VDJJMnc9PSIsInZhbHVlIjoienhxS3hvZnlWd3RNNWhVQUdtd2FIN2xCbjlORkdPWjI2UzAwRDJwTGxldzlTbU80RjdhK0YrOGRaL0VOaGhXVTNjVW52YkRzY1BiQVIvUVdySlhhUkwvYm1PNnk2d25NQ01IUGRXdEFUT3ZqcGYwbkV4a3pRdnAwblFycGdVTFgiLCJtYWMiOiIxMDQwNmQ5MDE5NzQ1NTQxNzdiY2Y1ZDI0ZjIzODI3MzgwMDQyYjUwOWI1ZTk3Mzk1OGIxZDk5ZWU1Yjk0OTYyIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=31536000
Content-Type: image/png
Last-Modified: Sun, 17 Apr 2022 13:24:34 GMT
Accept-Ranges: bytes
ETag: "095517a5e52d81:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 16 Apr 2024 18:21:50 GMT
Content-Length: 12499

couriernote-001-site1.jtempurl.com/images/foo.png

45.58.159.112

404 Not Found

2.1 kB

URL GET HTTP/1.1
couriernote-001-site1.jtempurl.com/images/foo.png
IP
45.58.159.112:80
ASN
#46844 SHARKTECH

Requested by
http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne

File type
HTML document, ASCII text, with very long lines (5395)
Size
2.1 kB (2123 bytes)
Hash
307dca9c775906b8de45869cabe98fcd
2b80c3a2fd4a235b2cc9f89315a554d0721c0dd1
8437bd0ef46a19c9a7c294c53e0429b40e76ebbd5fe9fd73a9025752495ddb1c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
OpenPhish	phishing	DHL Airways, Inc.

HTTP Headers

GET /images/foo.png HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne
Cookie: XSRF-TOKEN=eyJpdiI6ImpkbXBZa2lQNldRZHpMWkg0UmFTS0E9PSIsInZhbHVlIjoiZHZnOHMwaGdjMnlyeWVXZHArNUN6dTZ4ZFNhNnhJc2NSV05JRjU1US9TcHVSN3VleUZEQk9aUjZvdy9ZYmxaK0dBeGdkK04xbDcxdnZCc0RWMHpmRzhYS2xsSE01eE0wR0dJdDZEZUNlMU5vUFF1dS9ZdUhBWXF2NDBjYVB4dTgiLCJtYWMiOiIxZDA1MWU0MDMyMGZmNTFkZGQ1YWE4NmQ1OWFjYmU5ZmJhMzEwZWFmZDE3ZTAyNzM5YWZhN2UyYjI5YTc0YzVkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im9pTjRCSDdoVTZadVRTa3F1VDJJMnc9PSIsInZhbHVlIjoienhxS3hvZnlWd3RNNWhVQUdtd2FIN2xCbjlORkdPWjI2UzAwRDJwTGxldzlTbU80RjdhK0YrOGRaL0VOaGhXVTNjVW52YkRzY1BiQVIvUVdySlhhUkwvYm1PNnk2d25NQ01IUGRXdEFUT3ZqcGYwbkV4a3pRdnAwblFycGdVTFgiLCJtYWMiOiIxMDQwNmQ5MDE5NzQ1NTQxNzdiY2Y1ZDI0ZjIzODI3MzgwMDQyYjUwOWI1ZTk3Mzk1OGIxZDk5ZWU1Yjk0OTYyIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Cache-Control: no-cache, private
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.23, ASP.NET
Date: Tue, 16 Apr 2024 18:21:50 GMT
Content-Length: 2123

couriernote-001-site1.jtempurl.com/fonts/vendor/@fontsource/roboto/files/roboto-latin-400-normal.woff2?4673b4537a84c7f7a130799aa6af329b

45.58.159.112

404 Not Found

6.6 kB

URL GET HTTP/1.1
couriernote-001-site1.jtempurl.com/fonts/vendor/@fontsource/roboto/files/roboto-latin-400-normal.woff2?4673b4537a84c7f7a130799aa6af329b
IP
45.58.159.112:80
ASN
#46844 SHARKTECH

Requested by
http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne

File type
HTML document, ASCII text, with very long lines (5395)
Size
6.6 kB (6609 bytes)
Hash
307dca9c775906b8de45869cabe98fcd
2b80c3a2fd4a235b2cc9f89315a554d0721c0dd1
8437bd0ef46a19c9a7c294c53e0429b40e76ebbd5fe9fd73a9025752495ddb1c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
OpenPhish	phishing	DHL Airways, Inc.

HTTP Headers

GET /fonts/vendor/@fontsource/roboto/files/roboto-latin-400-normal.woff2?4673b4537a84c7f7a130799aa6af329b HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6ImpkbXBZa2lQNldRZHpMWkg0UmFTS0E9PSIsInZhbHVlIjoiZHZnOHMwaGdjMnlyeWVXZHArNUN6dTZ4ZFNhNnhJc2NSV05JRjU1US9TcHVSN3VleUZEQk9aUjZvdy9ZYmxaK0dBeGdkK04xbDcxdnZCc0RWMHpmRzhYS2xsSE01eE0wR0dJdDZEZUNlMU5vUFF1dS9ZdUhBWXF2NDBjYVB4dTgiLCJtYWMiOiIxZDA1MWU0MDMyMGZmNTFkZGQ1YWE4NmQ1OWFjYmU5ZmJhMzEwZWFmZDE3ZTAyNzM5YWZhN2UyYjI5YTc0YzVkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im9pTjRCSDdoVTZadVRTa3F1VDJJMnc9PSIsInZhbHVlIjoienhxS3hvZnlWd3RNNWhVQUdtd2FIN2xCbjlORkdPWjI2UzAwRDJwTGxldzlTbU80RjdhK0YrOGRaL0VOaGhXVTNjVW52YkRzY1BiQVIvUVdySlhhUkwvYm1PNnk2d25NQ01IUGRXdEFUT3ZqcGYwbkV4a3pRdnAwblFycGdVTFgiLCJtYWMiOiIxMDQwNmQ5MDE5NzQ1NTQxNzdiY2Y1ZDI0ZjIzODI3MzgwMDQyYjUwOWI1ZTk3Mzk1OGIxZDk5ZWU1Yjk0OTYyIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Cache-Control: no-cache, private
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.23, ASP.NET
Date: Tue, 16 Apr 2024 18:21:50 GMT
Content-Length: 6609

couriernote-001-site1.jtempurl.com/css/fonts/webfa-brands-400.woff2?d878b0a6a1144760244ff0665888404c

45.58.159.112

404 Not Found

6.6 kB

URL GET HTTP/1.1
couriernote-001-site1.jtempurl.com/css/fonts/webfa-brands-400.woff2?d878b0a6a1144760244ff0665888404c
IP
45.58.159.112:80
ASN
#46844 SHARKTECH

Requested by
http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne

File type
HTML document, ASCII text, with very long lines (5395)
Size
6.6 kB (6609 bytes)
Hash
307dca9c775906b8de45869cabe98fcd
2b80c3a2fd4a235b2cc9f89315a554d0721c0dd1
8437bd0ef46a19c9a7c294c53e0429b40e76ebbd5fe9fd73a9025752495ddb1c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
OpenPhish	phishing	DHL Airways, Inc.

HTTP Headers

GET /css/fonts/webfa-brands-400.woff2?d878b0a6a1144760244ff0665888404c HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6ImpkbXBZa2lQNldRZHpMWkg0UmFTS0E9PSIsInZhbHVlIjoiZHZnOHMwaGdjMnlyeWVXZHArNUN6dTZ4ZFNhNnhJc2NSV05JRjU1US9TcHVSN3VleUZEQk9aUjZvdy9ZYmxaK0dBeGdkK04xbDcxdnZCc0RWMHpmRzhYS2xsSE01eE0wR0dJdDZEZUNlMU5vUFF1dS9ZdUhBWXF2NDBjYVB4dTgiLCJtYWMiOiIxZDA1MWU0MDMyMGZmNTFkZGQ1YWE4NmQ1OWFjYmU5ZmJhMzEwZWFmZDE3ZTAyNzM5YWZhN2UyYjI5YTc0YzVkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im9pTjRCSDdoVTZadVRTa3F1VDJJMnc9PSIsInZhbHVlIjoienhxS3hvZnlWd3RNNWhVQUdtd2FIN2xCbjlORkdPWjI2UzAwRDJwTGxldzlTbU80RjdhK0YrOGRaL0VOaGhXVTNjVW52YkRzY1BiQVIvUVdySlhhUkwvYm1PNnk2d25NQ01IUGRXdEFUT3ZqcGYwbkV4a3pRdnAwblFycGdVTFgiLCJtYWMiOiIxMDQwNmQ5MDE5NzQ1NTQxNzdiY2Y1ZDI0ZjIzODI3MzgwMDQyYjUwOWI1ZTk3Mzk1OGIxZDk5ZWU1Yjk0OTYyIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Cache-Control: no-cache, private
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.23, ASP.NET
Date: Tue, 16 Apr 2024 18:21:50 GMT
Content-Length: 6609

couriernote-001-site1.jtempurl.com/fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.woff2?1551f4f60c37af51121f106501f69b80

45.58.159.112

404 Not Found

6.6 kB

URL GET HTTP/1.1
couriernote-001-site1.jtempurl.com/fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.woff2?1551f4f60c37af51121f106501f69b80
IP
45.58.159.112:80
ASN
#46844 SHARKTECH

Requested by
http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne

File type
HTML document, ASCII text, with very long lines (5395)
Size
6.6 kB (6609 bytes)
Hash
307dca9c775906b8de45869cabe98fcd
2b80c3a2fd4a235b2cc9f89315a554d0721c0dd1
8437bd0ef46a19c9a7c294c53e0429b40e76ebbd5fe9fd73a9025752495ddb1c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
OpenPhish	phishing	DHL Airways, Inc.

HTTP Headers

GET /fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.woff2?1551f4f60c37af51121f106501f69b80 HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6ImpkbXBZa2lQNldRZHpMWkg0UmFTS0E9PSIsInZhbHVlIjoiZHZnOHMwaGdjMnlyeWVXZHArNUN6dTZ4ZFNhNnhJc2NSV05JRjU1US9TcHVSN3VleUZEQk9aUjZvdy9ZYmxaK0dBeGdkK04xbDcxdnZCc0RWMHpmRzhYS2xsSE01eE0wR0dJdDZEZUNlMU5vUFF1dS9ZdUhBWXF2NDBjYVB4dTgiLCJtYWMiOiIxZDA1MWU0MDMyMGZmNTFkZGQ1YWE4NmQ1OWFjYmU5ZmJhMzEwZWFmZDE3ZTAyNzM5YWZhN2UyYjI5YTc0YzVkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im9pTjRCSDdoVTZadVRTa3F1VDJJMnc9PSIsInZhbHVlIjoienhxS3hvZnlWd3RNNWhVQUdtd2FIN2xCbjlORkdPWjI2UzAwRDJwTGxldzlTbU80RjdhK0YrOGRaL0VOaGhXVTNjVW52YkRzY1BiQVIvUVdySlhhUkwvYm1PNnk2d25NQ01IUGRXdEFUT3ZqcGYwbkV4a3pRdnAwblFycGdVTFgiLCJtYWMiOiIxMDQwNmQ5MDE5NzQ1NTQxNzdiY2Y1ZDI0ZjIzODI3MzgwMDQyYjUwOWI1ZTk3Mzk1OGIxZDk5ZWU1Yjk0OTYyIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Cache-Control: no-cache, private
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.23, ASP.NET
Date: Tue, 16 Apr 2024 18:21:50 GMT
Content-Length: 6609

cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

104.17.25.14

200 OK

77 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 77160, version 4.459
Size
77 kB (77160 bytes)
Hash
af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

HTTP Headers

GET /ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://couriernote-001-site1.jtempurl.com
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 18:21:50 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 77160
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "5eb03e5f-12d68"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 84870
expires: Sun, 06 Apr 2025 18:21:50 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9GcoPC5R1FNgju4QjHVe4obuapXMkXO9bm0wWgv7zJZjhwXYb3AyS3TKC9pcrjta0qzhSsITLi7oXqpaaURd4%2B9bmILERRU%2F4v5nnRfVHTKOCRmG8ux93q3upG%2ByGWte3rnNPJ84"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87563285cbcb0b45-OSL
alt-svc: h3=":443"; ma=86400

couriernote-001-site1.jtempurl.com/fonts/vendor/@fontsource/roboto/files/roboto-all-400-normal.woff?376ea5d93f71583052f65de4e0c6a92c

45.58.159.112

404 Not Found

6.6 kB

URL GET HTTP/1.1
couriernote-001-site1.jtempurl.com/fonts/vendor/@fontsource/roboto/files/roboto-all-400-normal.woff?376ea5d93f71583052f65de4e0c6a92c
IP
45.58.159.112:80
ASN
#46844 SHARKTECH

Requested by
http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne

File type
HTML document, ASCII text, with very long lines (5395)
Size
6.6 kB (6609 bytes)
Hash
307dca9c775906b8de45869cabe98fcd
2b80c3a2fd4a235b2cc9f89315a554d0721c0dd1
8437bd0ef46a19c9a7c294c53e0429b40e76ebbd5fe9fd73a9025752495ddb1c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
OpenPhish	phishing	DHL Airways, Inc.

HTTP Headers

GET /fonts/vendor/@fontsource/roboto/files/roboto-all-400-normal.woff?376ea5d93f71583052f65de4e0c6a92c HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6ImpkbXBZa2lQNldRZHpMWkg0UmFTS0E9PSIsInZhbHVlIjoiZHZnOHMwaGdjMnlyeWVXZHArNUN6dTZ4ZFNhNnhJc2NSV05JRjU1US9TcHVSN3VleUZEQk9aUjZvdy9ZYmxaK0dBeGdkK04xbDcxdnZCc0RWMHpmRzhYS2xsSE01eE0wR0dJdDZEZUNlMU5vUFF1dS9ZdUhBWXF2NDBjYVB4dTgiLCJtYWMiOiIxZDA1MWU0MDMyMGZmNTFkZGQ1YWE4NmQ1OWFjYmU5ZmJhMzEwZWFmZDE3ZTAyNzM5YWZhN2UyYjI5YTc0YzVkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im9pTjRCSDdoVTZadVRTa3F1VDJJMnc9PSIsInZhbHVlIjoienhxS3hvZnlWd3RNNWhVQUdtd2FIN2xCbjlORkdPWjI2UzAwRDJwTGxldzlTbU80RjdhK0YrOGRaL0VOaGhXVTNjVW52YkRzY1BiQVIvUVdySlhhUkwvYm1PNnk2d25NQ01IUGRXdEFUT3ZqcGYwbkV4a3pRdnAwblFycGdVTFgiLCJtYWMiOiIxMDQwNmQ5MDE5NzQ1NTQxNzdiY2Y1ZDI0ZjIzODI3MzgwMDQyYjUwOWI1ZTk3Mzk1OGIxZDk5ZWU1Yjk0OTYyIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Cache-Control: no-cache, private
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.23, ASP.NET
Date: Tue, 16 Apr 2024 18:21:50 GMT
Content-Length: 6609

couriernote-001-site1.jtempurl.com/fonts/vendor/@fortawesome/fontawesome-free/webfa-brands-400.woff?2285773e6b4b172f07d9b777c81b0775

45.58.159.112

404 Not Found

6.6 kB

URL GET HTTP/1.1
couriernote-001-site1.jtempurl.com/fonts/vendor/@fortawesome/fontawesome-free/webfa-brands-400.woff?2285773e6b4b172f07d9b777c81b0775
IP
45.58.159.112:80
ASN
#46844 SHARKTECH

Requested by
http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne

File type
HTML document, ASCII text, with very long lines (5395)
Size
6.6 kB (6609 bytes)
Hash
307dca9c775906b8de45869cabe98fcd
2b80c3a2fd4a235b2cc9f89315a554d0721c0dd1
8437bd0ef46a19c9a7c294c53e0429b40e76ebbd5fe9fd73a9025752495ddb1c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
OpenPhish	phishing	DHL Airways, Inc.

HTTP Headers

GET /fonts/vendor/@fortawesome/fontawesome-free/webfa-brands-400.woff?2285773e6b4b172f07d9b777c81b0775 HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6ImpkbXBZa2lQNldRZHpMWkg0UmFTS0E9PSIsInZhbHVlIjoiZHZnOHMwaGdjMnlyeWVXZHArNUN6dTZ4ZFNhNnhJc2NSV05JRjU1US9TcHVSN3VleUZEQk9aUjZvdy9ZYmxaK0dBeGdkK04xbDcxdnZCc0RWMHpmRzhYS2xsSE01eE0wR0dJdDZEZUNlMU5vUFF1dS9ZdUhBWXF2NDBjYVB4dTgiLCJtYWMiOiIxZDA1MWU0MDMyMGZmNTFkZGQ1YWE4NmQ1OWFjYmU5ZmJhMzEwZWFmZDE3ZTAyNzM5YWZhN2UyYjI5YTc0YzVkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im9pTjRCSDdoVTZadVRTa3F1VDJJMnc9PSIsInZhbHVlIjoienhxS3hvZnlWd3RNNWhVQUdtd2FIN2xCbjlORkdPWjI2UzAwRDJwTGxldzlTbU80RjdhK0YrOGRaL0VOaGhXVTNjVW52YkRzY1BiQVIvUVdySlhhUkwvYm1PNnk2d25NQ01IUGRXdEFUT3ZqcGYwbkV4a3pRdnAwblFycGdVTFgiLCJtYWMiOiIxMDQwNmQ5MDE5NzQ1NTQxNzdiY2Y1ZDI0ZjIzODI3MzgwMDQyYjUwOWI1ZTk3Mzk1OGIxZDk5ZWU1Yjk0OTYyIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Cache-Control: no-cache, private
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.23, ASP.NET
Date: Tue, 16 Apr 2024 18:21:50 GMT
Content-Length: 6609

couriernote-001-site1.jtempurl.com/fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.woff?eeccf4f66002c6f2ba24d3d22f2434c2

45.58.159.112

404 Not Found

6.6 kB

URL GET HTTP/1.1
couriernote-001-site1.jtempurl.com/fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.woff?eeccf4f66002c6f2ba24d3d22f2434c2
IP
45.58.159.112:80
ASN
#46844 SHARKTECH

Requested by
http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne

File type
HTML document, ASCII text, with very long lines (5395)
Size
6.6 kB (6609 bytes)
Hash
307dca9c775906b8de45869cabe98fcd
2b80c3a2fd4a235b2cc9f89315a554d0721c0dd1
8437bd0ef46a19c9a7c294c53e0429b40e76ebbd5fe9fd73a9025752495ddb1c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.woff?eeccf4f66002c6f2ba24d3d22f2434c2 HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6ImpkbXBZa2lQNldRZHpMWkg0UmFTS0E9PSIsInZhbHVlIjoiZHZnOHMwaGdjMnlyeWVXZHArNUN6dTZ4ZFNhNnhJc2NSV05JRjU1US9TcHVSN3VleUZEQk9aUjZvdy9ZYmxaK0dBeGdkK04xbDcxdnZCc0RWMHpmRzhYS2xsSE01eE0wR0dJdDZEZUNlMU5vUFF1dS9ZdUhBWXF2NDBjYVB4dTgiLCJtYWMiOiIxZDA1MWU0MDMyMGZmNTFkZGQ1YWE4NmQ1OWFjYmU5ZmJhMzEwZWFmZDE3ZTAyNzM5YWZhN2UyYjI5YTc0YzVkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im9pTjRCSDdoVTZadVRTa3F1VDJJMnc9PSIsInZhbHVlIjoienhxS3hvZnlWd3RNNWhVQUdtd2FIN2xCbjlORkdPWjI2UzAwRDJwTGxldzlTbU80RjdhK0YrOGRaL0VOaGhXVTNjVW52YkRzY1BiQVIvUVdySlhhUkwvYm1PNnk2d25NQ01IUGRXdEFUT3ZqcGYwbkV4a3pRdnAwblFycGdVTFgiLCJtYWMiOiIxMDQwNmQ5MDE5NzQ1NTQxNzdiY2Y1ZDI0ZjIzODI3MzgwMDQyYjUwOWI1ZTk3Mzk1OGIxZDk5ZWU1Yjk0OTYyIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Cache-Control: no-cache, private
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.23, ASP.NET
Date: Tue, 16 Apr 2024 18:21:50 GMT
Content-Length: 6609

couriernote-001-site1.jtempurl.com/fonts/vendor/@fortawesome/fontawesome-free/webfa-brands-400.ttf?527940b104eb2ea366c8630f3f038603

45.58.159.112

404 Not Found

2.1 kB

URL GET HTTP/1.1
couriernote-001-site1.jtempurl.com/fonts/vendor/@fortawesome/fontawesome-free/webfa-brands-400.ttf?527940b104eb2ea366c8630f3f038603
IP
45.58.159.112:80
ASN
#46844 SHARKTECH

Requested by
http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne

File type
HTML document, ASCII text, with very long lines (5395)
Size
2.1 kB (2123 bytes)
Hash
307dca9c775906b8de45869cabe98fcd
2b80c3a2fd4a235b2cc9f89315a554d0721c0dd1
8437bd0ef46a19c9a7c294c53e0429b40e76ebbd5fe9fd73a9025752495ddb1c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /fonts/vendor/@fortawesome/fontawesome-free/webfa-brands-400.ttf?527940b104eb2ea366c8630f3f038603 HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6ImpkbXBZa2lQNldRZHpMWkg0UmFTS0E9PSIsInZhbHVlIjoiZHZnOHMwaGdjMnlyeWVXZHArNUN6dTZ4ZFNhNnhJc2NSV05JRjU1US9TcHVSN3VleUZEQk9aUjZvdy9ZYmxaK0dBeGdkK04xbDcxdnZCc0RWMHpmRzhYS2xsSE01eE0wR0dJdDZEZUNlMU5vUFF1dS9ZdUhBWXF2NDBjYVB4dTgiLCJtYWMiOiIxZDA1MWU0MDMyMGZmNTFkZGQ1YWE4NmQ1OWFjYmU5ZmJhMzEwZWFmZDE3ZTAyNzM5YWZhN2UyYjI5YTc0YzVkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im9pTjRCSDdoVTZadVRTa3F1VDJJMnc9PSIsInZhbHVlIjoienhxS3hvZnlWd3RNNWhVQUdtd2FIN2xCbjlORkdPWjI2UzAwRDJwTGxldzlTbU80RjdhK0YrOGRaL0VOaGhXVTNjVW52YkRzY1BiQVIvUVdySlhhUkwvYm1PNnk2d25NQ01IUGRXdEFUT3ZqcGYwbkV4a3pRdnAwblFycGdVTFgiLCJtYWMiOiIxMDQwNmQ5MDE5NzQ1NTQxNzdiY2Y1ZDI0ZjIzODI3MzgwMDQyYjUwOWI1ZTk3Mzk1OGIxZDk5ZWU1Yjk0OTYyIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Cache-Control: no-cache, private
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.23, ASP.NET
Date: Tue, 16 Apr 2024 18:21:50 GMT
Content-Length: 2123

kit.fontawesome.com/f7165dd215.js

104.18.40.68

200 OK

6.5 kB

URL GET HTTP/2
kit.fontawesome.com/f7165dd215.js
IP
104.18.40.68:443
ASN
#13335 CLOUDFLARENET

Requested by
http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint93:F9:69:8C:73:B0:08:60:65:F3:39:41:39:66:D3:2B:78:3A:6E:3D
ValidityMon, 04 Dec 2023 00:00:00 GMT - Fri, 03 Jan 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (11461)
Size
6.5 kB (6472 bytes)
Hash
437bfac0666b5e3aabcae8631813f6db
7abc0ae3b9273c4712a47e144a724b9174626dd8
5198e430619ec4163119ff66ded1a659dbc1a6e7817f31363c814bf31e128449

HTTP Headers

GET /f7165dd215.js HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://couriernote-001-site1.jtempurl.com
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 18:21:50 GMT
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, stale-while-revalidate=30
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: F8alvxc2PR1qkpUO9NBB
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 87563282f9f10b49-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

ka-f.fontawesome.com/releases/v6.5.2/webfonts/free-fa-brands-400.woff2

104.21.26.223

200 OK

118 kB

URL GET HTTP/2
ka-f.fontawesome.com/releases/v6.5.2/webfonts/free-fa-brands-400.woff2
IP
104.21.26.223:443
ASN
#13335 CLOUDFLARENET

Requested by
http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne
Certificate
IssuerGoogle Trust Services LLC
Subjectka-f.fontawesome.com
Fingerprint8D:43:33:42:48:C0:F5:34:71:EC:49:69:9C:62:01:4A:6F:41:11:98
ValidityTue, 05 Mar 2024 09:23:28 GMT - Mon, 03 Jun 2024 09:23:27 GMT

File type
Web Open Font Format (Version 2), TrueType, length 117856, version 773.1280
Size
118 kB (117856 bytes)
Hash
5674af1ac41fe62c1b4568cbb6a031ff
83ac1707f24f448c43d0656f224a827014154c4f
0de3edeabe89b14f48e7856d2cb631722c600ff66839fae178d0567902d62a91

HTTP Headers

GET /releases/v6.5.2/webfonts/free-fa-brands-400.woff2 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://couriernote-001-site1.jtempurl.com
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 16 Apr 2024 18:21:50 GMT
content-type: font/woff2
content-length: 117856
last-modified: Tue, 02 Apr 2024 15:51:14 GMT
etag: "5674af1ac41fe62c1b4568cbb6a031ff"
x-amz-server-side-encryption: AES256
cache-control: max-age=31556926
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-headers: fa-kit-token
access-control-max-age: 3000
x-cache: Hit from cloudfront
via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: eUIw6b-PFGbLiHjHF_K3Vtg0jodejNwKQoHgRz5mdnQfy2YcF89c7g==
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ytEoJrrdaM5OUDbZhhPcIl%2BOMTS1j2BZjFVC3cjNCBphy0ctj64nGvNZ9kLjeb1VpgH%2B5kg2UyhqLQ%2FTm%2Bp5TeIcDNdNpAgyadPlGt6ts5F6a9XWuI%2Fhd5AvO4YsMfjNp2N%2FZs5fAw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8756328709cc56be-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ka-f.fontawesome.com/releases/v6.5.2/webfonts/free-fa-solid-900.woff2

104.21.26.223

200 OK

156 kB

URL GET HTTP/3
ka-f.fontawesome.com/releases/v6.5.2/webfonts/free-fa-solid-900.woff2
IP
104.21.26.223:443
ASN
#13335 CLOUDFLARENET

Requested by
http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne
Certificate
IssuerGoogle Trust Services LLC
Subjectka-f.fontawesome.com
Fingerprint8D:43:33:42:48:C0:F5:34:71:EC:49:69:9C:62:01:4A:6F:41:11:98
ValidityTue, 05 Mar 2024 09:23:28 GMT - Mon, 03 Jun 2024 09:23:27 GMT

File type
Web Open Font Format (Version 2), TrueType, length 156388, version 773.1280
Size
156 kB (156388 bytes)
Hash
ae015e3286ef56a0daf8e83838a32a88
7c18577fd6c4e7d9036b244215ace3945372eefe
41dca0965bdfd255f85e7fc8e9a3dc1fe3eb810996c553d4ef2b8872737ee825

HTTP Headers

GET /releases/v6.5.2/webfonts/free-fa-solid-900.woff2 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://couriernote-001-site1.jtempurl.com
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 18:21:50 GMT
content-type: font/woff2
content-length: 156388
last-modified: Tue, 02 Apr 2024 15:51:14 GMT
etag: "ae015e3286ef56a0daf8e83838a32a88"
x-amz-server-side-encryption: AES256
cache-control: max-age=31556926
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-headers: fa-kit-token
access-control-max-age: 3000
x-cache: Hit from cloudfront
via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: YD_ijoUnuAAjvuWmP5OWE2i-QUu7fKdjy55hoBZHhabB0aRdQsFY7w==
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6dZ%2BJUZLib1b7cTZ6LPp2L%2Foc0Su8Z74h2oqrfkqgi1kHNQPifBmPuYt%2FHc69t83Q0SPkYrJksGgFGD%2B5MwSkJQ0Xp9%2FwtBIHKes6zutRn0Np%2F6MQbF77ia6dNizC%2BB3JAXxoi0sLA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875632873a3f56be-OSL
alt-svc: h3=":443"; ma=86400

couriernote-001-site1.jtempurl.com/images/favicon.gif

45.58.159.112

200 OK

2.2 kB

URL GET HTTP/1.1
couriernote-001-site1.jtempurl.com/images/favicon.gif
IP
45.58.159.112:80
ASN
#46844 SHARKTECH

Requested by
http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne

File type
MS Windows icon resource - 1 icon, 32x32, 8 bits/pixel
Size
2.2 kB (2238 bytes)
Hash
a6f1af8e79a11829ba9a66474b06bb97
d99e3ec7747c865033a8dfad43c9f49634404bc1
b0dbd00f3650fa6b931e678a9d8f79a405d23c7adf111ab91b1a01a0e7109807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
OpenPhish	phishing	DHL Airways, Inc.

HTTP Headers

GET /images/favicon.gif HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne
Cookie: XSRF-TOKEN=eyJpdiI6ImpkbXBZa2lQNldRZHpMWkg0UmFTS0E9PSIsInZhbHVlIjoiZHZnOHMwaGdjMnlyeWVXZHArNUN6dTZ4ZFNhNnhJc2NSV05JRjU1US9TcHVSN3VleUZEQk9aUjZvdy9ZYmxaK0dBeGdkK04xbDcxdnZCc0RWMHpmRzhYS2xsSE01eE0wR0dJdDZEZUNlMU5vUFF1dS9ZdUhBWXF2NDBjYVB4dTgiLCJtYWMiOiIxZDA1MWU0MDMyMGZmNTFkZGQ1YWE4NmQ1OWFjYmU5ZmJhMzEwZWFmZDE3ZTAyNzM5YWZhN2UyYjI5YTc0YzVkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im9pTjRCSDdoVTZadVRTa3F1VDJJMnc9PSIsInZhbHVlIjoienhxS3hvZnlWd3RNNWhVQUdtd2FIN2xCbjlORkdPWjI2UzAwRDJwTGxldzlTbU80RjdhK0YrOGRaL0VOaGhXVTNjVW52YkRzY1BiQVIvUVdySlhhUkwvYm1PNnk2d25NQ01IUGRXdEFUT3ZqcGYwbkV4a3pRdnAwblFycGdVTFgiLCJtYWMiOiIxMDQwNmQ5MDE5NzQ1NTQxNzdiY2Y1ZDI0ZjIzODI3MzgwMDQyYjUwOWI1ZTk3Mzk1OGIxZDk5ZWU1Yjk0OTYyIiwidGFnIjoiIn0%3D; _lr_tabs_-mnnzup%2Fdus={%22sessionID%22:0%2C%22recordingID%22:%225-0d1208d2-b0e9-4bbf-9f32-3aa501746a22%22%2C%22webViewID%22:null%2C%22lastActivity%22:1713291710615}; _lr_hb_-mnnzup%2Fdus={%22heartbeat%22:1713291710616}; _lr_uf_-mnnzup=054836f1-bb1a-4715-bbe4-5adf8491fd35
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=31536000
Content-Type: image/gif
Last-Modified: Sun, 17 Apr 2022 13:25:28 GMT
Accept-Ranges: bytes
ETag: "054819a5e52d81:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 16 Apr 2024 18:21:50 GMT
Content-Length: 2238

ws-mt1.pusher.com/app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false

44.194.99.111

0 B

URL
ws-mt1.pusher.com/app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false
IP
44.194.99.111:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false HTTP/1.1
Host: ws-mt1.pusher.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Sec-WebSocket-Version: 13
Origin: http://couriernote-001-site1.jtempurl.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: +IEhyDRRiQebuYRAB86bCw==
DNT: 1
Connection: keep-alive, Upgrade
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Tue, 16 Apr 2024 18:21:50 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Qw+iDE8yEsmLeLbiZs0nGVuUrvs=
Sec-WebSocket-Extensions: permessage-deflate; client_no_context_takeover; server_no_context_takeover

ws-mt1.pusher.com/app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false

44.194.99.111

0 B

URL
ws-mt1.pusher.com/app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false
IP
44.194.99.111:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false HTTP/1.1
Host: ws-mt1.pusher.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: http://couriernote-001-site1.jtempurl.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: jE3XpT8cEmsj7XgDde2f/A==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Tue, 16 Apr 2024 18:21:53 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: NcjJ3w+2olpbARADH5OM7EWSvQE=
Sec-WebSocket-Extensions: permessage-deflate; client_no_context_takeover; server_no_context_takeover

cdn.lr-in.com/logger-1.min.js

104.21.234.144

200 OK

171 kB

URL GET HTTP/2
cdn.lr-in.com/logger-1.min.js
IP
104.21.234.144:443
ASN
#13335 CLOUDFLARENET

Requested by
http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne
Certificate
IssuerLet's Encrypt
Subjectlr-in.com
Fingerprint9C:36:E8:C7:3B:FC:3A:32:F6:4B:7E:92:80:E3:9C:F6:8E:D3:5C:9A
ValiditySat, 09 Mar 2024 13:34:25 GMT - Fri, 07 Jun 2024 13:34:24 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
171 kB (170580 bytes)
Hash
17181d1a746df2a2fa3f91f929ec326b
6f8e68d817a3322da8b88ba3de2bb48d32f855e3
aab8eca4156c17a6d02e8f0332c556d0cbebd0a2de33c9b7e1b32d0881dbe6f0

HTTP Headers

GET /logger-1.min.js HTTP/1.1
Host: cdn.lr-in.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 18:21:50 GMT
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400
cross-origin-resource-policy: cross-origin
etag: W/"82a3247d9a85ac4854430900bd5545c30dd07713487852236b85ae9d69909b79-br"
last-modified: Fri, 12 Apr 2024 22:46:51 GMT
strict-transport-security: max-age=31556926
x-served-by: cache-lcy-eglc8600082-LCY
x-cache: HIT
x-cache-hits: 1
x-timer: S1712962140.133700,VS0,VE1
vary: x-fh-requested-host, accept-encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1Lh3H9gV8NxGZT8ZJUVsNSjhBZ1u9gFBmnvVDZ9nY0as0tMYKphTuNQyhMI5ECA8p13lAO9gZ4xhai8v6fZtiJRmMK3OobrgFh6thSkN4hd9PijN8oJfn5okCY2GXtHy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875632860aee23c0-LHR
content-encoding: br

r.lr-in.com/i?a=mnnzup%2Fdus&r=5-0d1208d2-b0e9-4bbf-9f32-3aa501746a22&t=10942e4d-2892-4464-9114-fd06c7eb7688&s=0&rs=0%2Cu&u=8b07917e-851d-4650-9276-80c80fc2d516&is=1

104.198.23.205

201 Created

165 B

URL POST HTTP/2
r.lr-in.com/i?a=mnnzup%2Fdus&r=5-0d1208d2-b0e9-4bbf-9f32-3aa501746a22&t=10942e4d-2892-4464-9114-fd06c7eb7688&s=0&rs=0%2Cu&u=8b07917e-851d-4650-9276-80c80fc2d516&is=1
IP
104.198.23.205:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne
Certificate
IssuerLet's Encrypt
Subjectapi.logrocket.com
Fingerprint3E:B3:D8:9E:94:E5:B8:E0:B2:FB:40:36:42:BA:B1:67:70:1E:A1:A3
ValidityFri, 05 Apr 2024 14:45:08 GMT - Thu, 04 Jul 2024 14:45:07 GMT

File type
JSON text data
Size
165 B (165 bytes)
Hash
718ccbcd55db37c391512cb65953b9b4
f64b3bc2a1d438df87245b98925a2f7ce8f7a199
96cc9d14ff0939bd8435e082d7875ceba84b9a575dcf27cfec1e97adf2e3fa7a

HTTP Headers

POST /i?a=mnnzup%2Fdus&r=5-0d1208d2-b0e9-4bbf-9f32-3aa501746a22&t=10942e4d-2892-4464-9114-fd06c7eb7688&s=0&rs=0%2Cu&u=8b07917e-851d-4650-9276-80c80fc2d516&is=1 HTTP/1.1
Host: r.lr-in.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-LogRocket-Relay-Version: 2023.12.0
Content-Length: 393626
Origin: http://couriernote-001-site1.jtempurl.com
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 201 Created
date: Tue, 16 Apr 2024 18:21:54 GMT
content-type: application/json; charset=utf-8
content-length: 165
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
etag: W/"a5-9ks7wqHUON+HJFuYklovfOj3oZk"
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-credentials: true
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,X-Csrftoken,If-Modified-Since,Cache-Control,Content-Type,Authorization,Accept,Origin,X-Logrocket-Url,X-Logrocket-Ignore,X-Logrocket-Secret,X-LogRocket-Relay-Version
access-control-max-age: 1728000
X-Firefox-Spdy: h2

ka-f.fontawesome.com/releases/v6.5.2/css/free.min.css?token=f7165dd215

104.21.26.223

200 OK

104 kB

URL GET HTTP/2
ka-f.fontawesome.com/releases/v6.5.2/css/free.min.css?token=f7165dd215
IP
104.21.26.223:443
ASN
#13335 CLOUDFLARENET

Requested by
http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne
Certificate
IssuerGoogle Trust Services LLC
Subjectka-f.fontawesome.com
Fingerprint8D:43:33:42:48:C0:F5:34:71:EC:49:69:9C:62:01:4A:6F:41:11:98
ValidityTue, 05 Mar 2024 09:23:28 GMT - Mon, 03 Jun 2024 09:23:27 GMT

File type
ASCII text, with very long lines (65321)
Size
104 kB (103541 bytes)
Hash
7f29cd8c97789aa298af8c61623ca28b
af8109e0e5c8bb2c1c3ab44ba7b5d25900ca454a
3e9c73fa687cd4110688668977a7caa87f5a1dee0d11f03687bd4871deedf1c1

HTTP Headers

GET /releases/v6.5.2/css/free.min.css?token=f7165dd215 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://couriernote-001-site1.jtempurl.com/
Origin: http://couriernote-001-site1.jtempurl.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 18:21:50 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Tue, 02 Apr 2024 15:26:25 GMT
etag: W/"7f29cd8c97789aa298af8c61623ca28b"
x-amz-server-side-encryption: AES256
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 86L0yJ-hWmVjxK87P_BKMwU2Ba--VlLHn28vsBVySe2EJ4URrKLvdQ==
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4WFfq9wbPVrvSFhnEFGeHrY2bGcqweEtTdDzYrl2lzBvD%2B3j%2B34ffGekzxe0pqKQGzfs3IlSYuxcmdcgh%2BXzyxP20Si3m8KBrejODYV3XmNmmUEqGFUnbIIRYsZAOEPsR4CBelGlDw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875632858ef656be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ka-f.fontawesome.com/releases/v6.5.2/css/free-v4-font-face.min.css?token=f7165dd215

104.21.26.223

200 OK

1.8 kB

URL GET HTTP/2
ka-f.fontawesome.com/releases/v6.5.2/css/free-v4-font-face.min.css?token=f7165dd215
IP
104.21.26.223:443
ASN
#13335 CLOUDFLARENET

Requested by
http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne
Certificate
IssuerGoogle Trust Services LLC
Subjectka-f.fontawesome.com
Fingerprint8D:43:33:42:48:C0:F5:34:71:EC:49:69:9C:62:01:4A:6F:41:11:98
ValidityTue, 05 Mar 2024 09:23:28 GMT - Mon, 03 Jun 2024 09:23:27 GMT

File type
ASCII text, with very long lines (1803), with no line terminators
Size
1.8 kB (1775 bytes)
Hash
36f549800bc029aaadd0d7ac3d1d0f54
45bfcbb57c0155a2f22a47117deae6dc87706d4a
4048a832df1b9ac88058b1964ab9c45300daf6c10b0a02d697a29d729a81ea30

HTTP Headers

GET /releases/v6.5.2/css/free-v4-font-face.min.css?token=f7165dd215 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://couriernote-001-site1.jtempurl.com/
Origin: http://couriernote-001-site1.jtempurl.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 18:21:50 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Tue, 02 Apr 2024 15:26:25 GMT
etag: W/"9c9f596493867f0e7ef5f9fe99103fce"
x-amz-server-side-encryption: AES256
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: EQN4BAWw_kjPfjcwrpXx5SWJWbzs8Dh3Utx_bmcPsf0UXXZekT0Vdg==
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=arvmbqcCRzTjuZuIuHfRIblUO3YwnR15fm1%2Bd1elmE4LlGRtBwAOXDYQOnyvIWyX1cPaw8CV0IbHlRSjQ%2FNFcLLGNUKsD05qhXlwQB59YZ%2BNA0dSVE2et4dBBBz3Vf%2BSBfFO%2BrohTw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875632857eee56be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

couriernote-001-site1.jtempurl.com/fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.ttf?be9ee23c0c6390141475d519c2c5fb8f

45.58.159.112

404 Not Found

6.6 kB

URL GET HTTP/1.1
couriernote-001-site1.jtempurl.com/fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.ttf?be9ee23c0c6390141475d519c2c5fb8f
IP
45.58.159.112:80
ASN
#46844 SHARKTECH

Requested by
http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne

File type
HTML document, ASCII text, with very long lines (6693), with no line terminators
Size
6.6 kB (6609 bytes)
Hash
637c64dcfa59899545c1dce3f050200d
8cf7d3405932c23d2b4ee4c3473a611cb924c05f
bc61d266b689e585d2ae0c93c625d665dff0f4dfcbfc0263df35ca4c1bb1494f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
OpenPhish	phishing	DHL Airways, Inc.

HTTP Headers

GET /fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.ttf?be9ee23c0c6390141475d519c2c5fb8f HTTP/1.1
Host: couriernote-001-site1.jtempurl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/css/app.css
Cookie: XSRF-TOKEN=eyJpdiI6ImpkbXBZa2lQNldRZHpMWkg0UmFTS0E9PSIsInZhbHVlIjoiZHZnOHMwaGdjMnlyeWVXZHArNUN6dTZ4ZFNhNnhJc2NSV05JRjU1US9TcHVSN3VleUZEQk9aUjZvdy9ZYmxaK0dBeGdkK04xbDcxdnZCc0RWMHpmRzhYS2xsSE01eE0wR0dJdDZEZUNlMU5vUFF1dS9ZdUhBWXF2NDBjYVB4dTgiLCJtYWMiOiIxZDA1MWU0MDMyMGZmNTFkZGQ1YWE4NmQ1OWFjYmU5ZmJhMzEwZWFmZDE3ZTAyNzM5YWZhN2UyYjI5YTc0YzVkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im9pTjRCSDdoVTZadVRTa3F1VDJJMnc9PSIsInZhbHVlIjoienhxS3hvZnlWd3RNNWhVQUdtd2FIN2xCbjlORkdPWjI2UzAwRDJwTGxldzlTbU80RjdhK0YrOGRaL0VOaGhXVTNjVW52YkRzY1BiQVIvUVdySlhhUkwvYm1PNnk2d25NQ01IUGRXdEFUT3ZqcGYwbkV4a3pRdnAwblFycGdVTFgiLCJtYWMiOiIxMDQwNmQ5MDE5NzQ1NTQxNzdiY2Y1ZDI0ZjIzODI3MzgwMDQyYjUwOWI1ZTk3Mzk1OGIxZDk5ZWU1Yjk0OTYyIiwidGFnIjoiIn0%3D
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Cache-Control: no-cache, private
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.0.23, ASP.NET
Date: Tue, 16 Apr 2024 18:21:50 GMT
Content-Length: 2123

ka-f.fontawesome.com/releases/v6.5.2/css/free-v5-font-face.min.css?token=f7165dd215

104.21.26.223

200 OK

823 B

URL GET HTTP/2
ka-f.fontawesome.com/releases/v6.5.2/css/free-v5-font-face.min.css?token=f7165dd215
IP
104.21.26.223:443
ASN
#13335 CLOUDFLARENET

Requested by
http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne
Certificate
IssuerGoogle Trust Services LLC
Subjectka-f.fontawesome.com
Fingerprint8D:43:33:42:48:C0:F5:34:71:EC:49:69:9C:62:01:4A:6F:41:11:98
ValidityTue, 05 Mar 2024 09:23:28 GMT - Mon, 03 Jun 2024 09:23:27 GMT

File type
ASCII text, with very long lines (845), with no line terminators
Size
823 B (823 bytes)
Hash
d8a0274a5097af25642c9310d6d4bb3e
61512d739400e60d9360863446eaf008395859fb
84f5ae05668bcfe4bd7447d5035e909686423e998d8dfc2c96789875ef78cdd3

HTTP Headers

GET /releases/v6.5.2/css/free-v5-font-face.min.css?token=f7165dd215 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://couriernote-001-site1.jtempurl.com/
Origin: http://couriernote-001-site1.jtempurl.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 18:21:50 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Tue, 02 Apr 2024 15:26:25 GMT
etag: W/"a3d53e21a02e37af6cbc00ac63b3cc1e"
x-amz-server-side-encryption: AES256
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
x-cache: Hit from cloudfront
via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 6Q4O_ntgjRd5wervDdxiowY5PfvkMK8spAoxaehzdVJ2l5I2ivF29g==
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JfIp0z4ofbctDV2k8FI2G0MQdKkBjFIr%2FvJpWp4%2FyH9N9FP97r13Mk4bdoxLKebcPG0IHmpjr0BHhOOIQ0md5%2F85CA%2Ffo61M2OlsnFeDzx0Vjd28aal3C4xmtXlBR%2FkG63z2vjg%2Bbw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87563286180156be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ws-mt1.pusher.com/app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false

44.194.99.111

101 Switching Protocols

0 B

URL GET HTTP/1.1
ws-mt1.pusher.com/app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false
IP
44.194.99.111:80
ASN
#14618 AMAZON-AES

Requested by
http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false HTTP/1.1
Host: ws-mt1.pusher.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Sec-WebSocket-Version: 13
Origin: http://couriernote-001-site1.jtempurl.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: +IEhyDRRiQebuYRAB86bCw==
DNT: 1
Connection: keep-alive, Upgrade
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Tue, 16 Apr 2024 18:21:50 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Qw+iDE8yEsmLeLbiZs0nGVuUrvs=
Sec-WebSocket-Extensions: permessage-deflate; client_no_context_takeover; server_no_context_takeover

ws-mt1.pusher.com/app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false

44.194.99.111

101 Switching Protocols

0 B

URL GET HTTP/1.1
ws-mt1.pusher.com/app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false
IP
44.194.99.111:443
ASN
#14618 AMAZON-AES

Requested by
http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne
Certificate
IssuerAmazon
Subjectpusher.com
Fingerprint7F:21:03:8F:D0:81:ED:06:33:D6:8D:83:17:DA:79:19:72:2E:BF:39
ValiditySun, 25 Jun 2023 00:00:00 GMT - Wed, 24 Jul 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false HTTP/1.1
Host: ws-mt1.pusher.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: http://couriernote-001-site1.jtempurl.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: jE3XpT8cEmsj7XgDde2f/A==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Tue, 16 Apr 2024 18:21:53 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: NcjJ3w+2olpbARADH5OM7EWSvQE=
Sec-WebSocket-Extensions: permessage-deflate; client_no_context_takeover; server_no_context_takeover

ka-f.fontawesome.com/releases/v6.5.2/css/free-v4-shims.min.css?token=f7165dd215

104.21.26.223

200 OK

28 kB

URL GET HTTP/2
ka-f.fontawesome.com/releases/v6.5.2/css/free-v4-shims.min.css?token=f7165dd215
IP
104.21.26.223:443
ASN
#13335 CLOUDFLARENET

Requested by
http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne
Certificate
IssuerGoogle Trust Services LLC
Subjectka-f.fontawesome.com
Fingerprint8D:43:33:42:48:C0:F5:34:71:EC:49:69:9C:62:01:4A:6F:41:11:98
ValidityTue, 05 Mar 2024 09:23:28 GMT - Mon, 03 Jun 2024 09:23:27 GMT

File type
ASCII text, with very long lines (27377)
Size
28 kB (27592 bytes)
Hash
940b066040a876fa1dc7b2ee2d222a58
64b2aea0b4d60d879d4ff7540192a906ffc0fd92
f4e953827930889e844103c3a6771bd2e9de17d091b36378c40362271858e075

HTTP Headers

GET /releases/v6.5.2/css/free-v4-shims.min.css?token=f7165dd215 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://couriernote-001-site1.jtempurl.com/
Origin: http://couriernote-001-site1.jtempurl.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 18:21:50 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Tue, 02 Apr 2024 15:26:25 GMT
etag: W/"940b066040a876fa1dc7b2ee2d222a58"
x-amz-server-side-encryption: AES256
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2afd697fc5d0058ea30d6c4b939e714c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: OYf54piaObezPw0Cez6pAlb2trY_tTx6wG7APjKZ54H778m4bojI3A==
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=57iAxzGPR%2BEke6LPIdw8yaarHG2VWYsnQCxPkVC26utGdphgFn4harY7%2BcNHWldr07wgo%2BM6npUkYp1r9aXTW9YJwvYDVAPsxNQbyPzK17lKMmvvMOgq6GuEE5tPRS3iY7WFrFMFGw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875632857ee656be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

files.killbot.org/.cdn-cgi/killbot-security.js

0.0.0.0

0 B

URL GET
files.killbot.org/.cdn-cgi/killbot-security.js
IP
0.0.0.0:0
ASN
#0

Requested by
http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /.cdn-cgi/killbot-security.js HTTP/1.1
Host: files.killbot.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

files.killbot.org/.cdn-cgi/killbot-security.js

0.0.0.0

0 B

URL GET
files.killbot.org/.cdn-cgi/killbot-security.js
IP
0.0.0.0:0
ASN
#0

Requested by
http://couriernote-001-site1.jtempurl.com/B92hrMmGVjbty8XwmoiMM2Z6CEPT65Ne

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /.cdn-cgi/killbot-security.js HTTP/1.1
Host: files.killbot.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://couriernote-001-site1.jtempurl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (36)

URL

IP

ASN

File type