Report - 21ovpo.ttu.cc/

Report Overview

Submitted URL
21ovpo.ttu.cc/
IP
47.251.24.196
ASN
#45102 Alibaba US Technology Co., Ltd.
Submitted
2024-05-10 15:26:42
Access
public
Website Title
DHL | Global - Norway
Final URL
dhl-parcel.20-240-220-64.cprapid.com/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
2
Threat Detection Systems
80

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
dhl-parcel.20-240-220-64.cprapid.com	unknown	unknown	No data	No data	7.8 kB	145 kB	20.240.220.64
unpkg.com	11693	2016-01-06	2016-01-08	2024-05-09	1.3 kB	24 kB	104.17.248.203
cdn.tailwindcss.com	422202	2017-07-20	2018-07-09	2024-05-08	434 B	119 kB	172.67.41.16
21ovpo.ttu.cc	unknown	unknown	No data	No data	384 B	357 B	47.251.24.196

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-05-10 15:26:17	high	47.251.24.196	Client IP	ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit)
2024-05-10 15:26:17	high	47.251.24.196	Client IP	ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	21ovpo.ttu.cc/	DHL Airways, Inc.
2024-05-08	medium	dhl-parcel.20-240-220-64.cprapid.com/	DHL Airways, Inc.
2024-05-08	medium	dhl-parcel.20-240-220-64.cprapid.com/	DHL Airways, Inc.
2024-05-08	medium	dhl-parcel.20-240-220-64.cprapid.com/	DHL Airways, Inc.
2024-05-08	medium	dhl-parcel.20-240-220-64.cprapid.com/	DHL Airways, Inc.
2024-05-08	medium	dhl-parcel.20-240-220-64.cprapid.com/	DHL Airways, Inc.
2024-05-08	medium	dhl-parcel.20-240-220-64.cprapid.com/	DHL Airways, Inc.
2024-05-08	medium	dhl-parcel.20-240-220-64.cprapid.com/	DHL Airways, Inc.
2024-05-08	medium	dhl-parcel.20-240-220-64.cprapid.com/	DHL Airways, Inc.
2024-05-08	medium	dhl-parcel.20-240-220-64.cprapid.com/	DHL Airways, Inc.
2024-05-08	medium	dhl-parcel.20-240-220-64.cprapid.com/	DHL Airways, Inc.
2024-05-08	medium	dhl-parcel.20-240-220-64.cprapid.com/	DHL Airways, Inc.
2024-05-08	medium	dhl-parcel.20-240-220-64.cprapid.com/	DHL Airways, Inc.
2024-05-08	medium	dhl-parcel.20-240-220-64.cprapid.com/	DHL Airways, Inc.

PhishTank

Scan Date	Severity	Indicator	Alert
2024-05-09	medium	dhl-parcel.20-240-220-64.cprapid.com/	DHL
2024-05-09	medium	dhl-parcel.20-240-220-64.cprapid.com/files/engine.js	DHL
2024-05-09	medium	dhl-parcel.20-240-220-64.cprapid.com/gate.php	DHL
2024-05-09	medium	dhl-parcel.20-240-220-64.cprapid.com/img/favicon.ico	DHL
2024-05-09	medium	dhl-parcel.20-240-220-64.cprapid.com/gate.php	DHL
2024-05-09	medium	dhl-parcel.20-240-220-64.cprapid.com/gate.php	DHL
2024-05-09	medium	dhl-parcel.20-240-220-64.cprapid.com/gate.php	DHL
2024-05-09	medium	dhl-parcel.20-240-220-64.cprapid.com/gate.php	DHL
2024-05-09	medium	dhl-parcel.20-240-220-64.cprapid.com/gate.php	DHL
2024-05-09	medium	dhl-parcel.20-240-220-64.cprapid.com/gate.php	DHL
2024-05-09	medium	dhl-parcel.20-240-220-64.cprapid.com/gate.php	DHL
2024-05-09	medium	dhl-parcel.20-240-220-64.cprapid.com/gate.php	DHL
2024-05-09	medium	dhl-parcel.20-240-220-64.cprapid.com/gate.php	DHL

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	dhl-parcel.20-240-220-64.cprapid.com	Sinkholed
2024-05-10	medium	dhl-parcel.20-240-220-64.cprapid.com	Sinkholed
2024-05-10	medium	dhl-parcel.20-240-220-64.cprapid.com	Sinkholed
2024-05-10	medium	dhl-parcel.20-240-220-64.cprapid.com	Sinkholed
2024-05-10	medium	dhl-parcel.20-240-220-64.cprapid.com	Sinkholed
2024-05-10	medium	dhl-parcel.20-240-220-64.cprapid.com	Sinkholed
2024-05-10	medium	dhl-parcel.20-240-220-64.cprapid.com	Sinkholed
2024-05-10	medium	dhl-parcel.20-240-220-64.cprapid.com	Sinkholed
2024-05-10	medium	dhl-parcel.20-240-220-64.cprapid.com	Sinkholed
2024-05-10	medium	dhl-parcel.20-240-220-64.cprapid.com	Sinkholed
2024-05-10	medium	dhl-parcel.20-240-220-64.cprapid.com	Sinkholed
2024-05-10	medium	dhl-parcel.20-240-220-64.cprapid.com	Sinkholed
2024-05-10	medium	dhl-parcel.20-240-220-64.cprapid.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	unpkg.com/alpinejs@3.x.x/dist/cdn.min.js	126 B	2023-04-12	2024-05-20
Pretty URL unpkg.com/alpinejs@3.x.x/dist/cdn.min.js IP 0.0.0.0 ASN #0 Introduced by AsyncFunction Embedded in HTML false Observations First Seen2023-04-12 21:12:17 Last Seen2024-05-20 14:53:42 Times Seen496 Hash ee793f046235eac36f0e73d9a01213d5 e5a9641edd175da21bbe273be6433751b89ca186 e415237bc7214a50b044f08500615b9f7a02d92c588e93988224a8f05b8af864 Loading...

	dhl-parcel.20-240-220-64.cprapid.com/files/engine.js	16 kB	2024-05-10	2024-05-16
Pretty URL dhl-parcel.20-240-220-64.cprapid.com/files/engine.js IP 20.240.220.64 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 17:26:49 Last Seen2024-05-16 09:01:42 Times Seen4 Hash 1725e9260afd41819d150220eff332fb d8276ad5444118e5099fc758b451aee5aa61797b 8e25f17acdde06dbc2c1f63f7a579b3578902c7f018c2fd3c93f632af16ecd30 Loading...

	cdn.tailwindcss.com/	366 kB	2024-03-28	2024-05-20
Pretty URL cdn.tailwindcss.com/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-28 05:53:51 Last Seen2024-05-20 20:02:58 Times Seen517 Hash 4bdcdace639cc6c0f08a15c295482172 6fa7ad6e87d8b19bff7e2bd0becf87d87d57be31 d2c35bf03246b0634bb22cbdc74962c8368e5e13b656e7f3cc10029da79d2e5c Loading...

	dhl-parcel.20-240-220-64.cprapid.com/	3.2 kB	2024-05-10	2024-05-16
Pretty URL dhl-parcel.20-240-220-64.cprapid.com/ IP 20.240.220.64 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 17:26:49 Last Seen2024-05-16 09:01:42 Times Seen2 Hash 3ad4ecf4bd4441425c788ed9c400fc39 a6d4e2e44fd311f64a6cac2fda142a9e8e345871 3fd7e3f61304183e429438cc581cbe3a54425b566f1268bce5bdd5781cefb88d Loading...

	dhl-parcel.20-240-220-64.cprapid.com/	233 B	2024-03-03	2024-05-16
Pretty URL dhl-parcel.20-240-220-64.cprapid.com/ IP 20.240.220.64 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-03 07:10:26 Last Seen2024-05-16 09:01:42 Times Seen4 Hash 8ee641b51fd7fefa23e8e06bfaf44df6 364d07b16c229a240762b2c78f3d0152a3c7cc8d 21f11dda8d304bf62718e76e85c5a53797c4929221df05313610b4225008da56 Loading...

	unpkg.com/@alpinejs/mask@3.x.x/dist/cdn.min.js	2.2 kB	2024-05-10	2024-05-16
Pretty URL unpkg.com/@alpinejs/mask@3.x.x/dist/cdn.min.js IP 104.17.248.203 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 17:26:49 Last Seen2024-05-16 09:01:42 Times Seen3 Hash e36ee2e1dd7afa02202b11f93856f577 92edcba0853efd66c33a6fd4fd4d7dc368e5d1f1 2f7002451d78511fa76aaea453e83b29e339b93a533c238fd0de4f3be367c24f Loading...

	unpkg.com/alpinejs@3.x.x/dist/cdn.min.js	44 kB	2024-04-26	2024-05-19
Pretty URL unpkg.com/alpinejs@3.x.x/dist/cdn.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 05:58:56 Last Seen2024-05-19 10:18:45 Times Seen40 Hash 48edb119e6ee7a0e4de109f8445a94a2 6195f8ec0a2449a1beaa41990f803b7e58a6961b fb9b146b7fbd1bbf251fb3ef464f2e7c5d33a4a83aeb0fcf21e92ca6a9558c4b Loading...

HTTP Transactions (18)

URL IP Response Size

21ovpo.ttu.cc/

47.251.24.196

301 Moved Permanently

0 B

URL User Request GET HTTP/1.1
21ovpo.ttu.cc/
IP
47.251.24.196:80
ASN
#45102 Alibaba US Technology Co., Ltd.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	DHL Airways, Inc.

HTTP Headers

GET / HTTP/1.1
Host: 21ovpo.ttu.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Fri, 10 May 2024 15:26:17 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.33 mod_perl/2.0.11 Perl/v5.16.3
X-Powered-By: PHP/7.0.33
Location: https://dhl-parcel.20-240-220-64.cprapid.com
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

dhl-parcel.20-240-220-64.cprapid.com/

20.240.220.64

117 kB

URL
dhl-parcel.20-240-220-64.cprapid.com/
IP
20.240.220.64:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document, Unicode text, UTF-8 text, with very long lines (10129), with CRLF line terminators
Size
117 kB (117024 bytes)
Hash
7714e7b0de5d7a6d3dc0df04cf1b3554
f80ae6e3e4290edc272e67b3974d4c535e9ede7a
09a6a519ac84b1f3b157bcea0601c09bfbc28e317022d7d25fbfeb21ecc83802

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	DHL Airways, Inc.
PhishTank	phishing	DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: dhl-parcel.20-240-220-64.cprapid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 15:26:18 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=8cca5d01bf09644842431eb9ca48e5d4; path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

dhl-parcel.20-240-220-64.cprapid.com/files/engine.js

20.240.220.64

16 kB

URL
dhl-parcel.20-240-220-64.cprapid.com/files/engine.js
IP
20.240.220.64:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JavaScript source, ASCII text
Size
16 kB (16512 bytes)
Hash
1725e9260afd41819d150220eff332fb
d8276ad5444118e5099fc758b451aee5aa61797b
8e25f17acdde06dbc2c1f63f7a579b3578902c7f018c2fd3c93f632af16ecd30

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	DHL Airways, Inc.
PhishTank	phishing	DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /files/engine.js HTTP/1.1
Host: dhl-parcel.20-240-220-64.cprapid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhl-parcel.20-240-220-64.cprapid.com/
Cookie: PHPSESSID=8cca5d01bf09644842431eb9ca48e5d4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 15:26:18 GMT
Server: Apache
Last-Modified: Wed, 08 May 2024 11:30:20 GMT
Accept-Ranges: bytes
Content-Length: 16512
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/javascript

unpkg.com/@alpinejs/mask@3.13.10/dist/cdn.min.js

104.17.248.203

1.8 kB

URL
unpkg.com/@alpinejs/mask@3.13.10/dist/cdn.min.js
IP
104.17.248.203:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (2167)
Size
1.8 kB (1782 bytes)
Hash
e36ee2e1dd7afa02202b11f93856f577
92edcba0853efd66c33a6fd4fd4d7dc368e5d1f1
2f7002451d78511fa76aaea453e83b29e339b93a533c238fd0de4f3be367c24f

HTTP Headers

GET /@alpinejs/mask@3.13.10/dist/cdn.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dhl-parcel.20-240-220-64.cprapid.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 15:26:18 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: "878-ku3LoIU+/WbDOm/U/U19w2jl0fE"
via: 1.1 fly.io
fly-request-id: 01HWR0Q480XWR52YGVNAF5P12G-arn
cf-cache-status: HIT
age: 856762
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 881af2669b335696-OSL
X-Firefox-Spdy: h2

unpkg.com/@alpinejs/mask@3.x.x/dist/cdn.min.js

104.17.248.203

568 B

URL
unpkg.com/@alpinejs/mask@3.x.x/dist/cdn.min.js
IP
104.17.248.203:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
568 B (568 bytes)
Hash
8f6b7f3c32b11b34fbccad962af01b05
a8df8411715ddb9edf950cecc993567240fee5ac
eb62b8fac31051be97ed0dab015fd50ec4f77da9ddd6060c0243a1c7ab800f76

HTTP Headers

GET /@alpinejs/mask@3.x.x/dist/cdn.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhl-parcel.20-240-220-64.cprapid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 10 May 2024 15:26:18 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /@alpinejs/mask@3.13.10/dist/cdn.min.js
vary: Accept, Accept-Encoding
content-encoding: br
via: 1.1 fly.io
fly-request-id: 01HXHHM3BFNK8VAK8JA2H6Q7KZ-arn
cf-cache-status: HIT
age: 176
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 881af2666af35696-OSL
X-Firefox-Spdy: h2

dhl-parcel.20-240-220-64.cprapid.com/gate.php

20.240.220.64

200 OK

48 B

URL POST HTTP/1.1
dhl-parcel.20-240-220-64.cprapid.com/gate.php
IP
20.240.220.64:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://dhl-parcel.20-240-220-64.cprapid.com/
Certificate
IssuerLet's Encrypt
Subjectcpanel.dhl-parcel.20-240-220-64.cprapid.com
Fingerprint3C:A5:F1:CC:F8:32:4F:0B:C9:C1:27:59:90:4C:8E:48:95:A7:05:93
ValidityWed, 08 May 2024 14:29:38 GMT - Tue, 06 Aug 2024 14:29:37 GMT

File type
JSON text data
Size
48 B (48 bytes)
Hash
0a40dbe0ebedec6df5187223293035f9
7628c3d60fbc763002e4a8090c90267d169d4e22
d45e227c3b794ace485cf3271f57f0ce2ac1687bf964613320b7cf1918bb7a61

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	DHL Airways, Inc.
PhishTank	phishing	DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /gate.php HTTP/1.1
Host: dhl-parcel.20-240-220-64.cprapid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dhl-parcel.20-240-220-64.cprapid.com/
content-type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 11
Origin: https://dhl-parcel.20-240-220-64.cprapid.com
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=8cca5d01bf09644842431eb9ca48e5d4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 15:26:19 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json

dhl-parcel.20-240-220-64.cprapid.com/img/favicon.ico

20.240.220.64

7.4 kB

URL
dhl-parcel.20-240-220-64.cprapid.com/img/favicon.ico
IP
20.240.220.64:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
MS Windows icon resource - 3 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel
Size
7.4 kB (7406 bytes)
Hash
bbba65f5c0e656750df8c649749447c8
107d1dc536e768776a10d20b362e253ec684832a
c4caa8b38ca6962dfeaa34445597ba59d691d60633f4dda63630f27738c06497

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	DHL Airways, Inc.
PhishTank	phishing	DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/favicon.ico HTTP/1.1
Host: dhl-parcel.20-240-220-64.cprapid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dhl-parcel.20-240-220-64.cprapid.com/
Cookie: PHPSESSID=8cca5d01bf09644842431eb9ca48e5d4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 15:26:19 GMT
Server: Apache
Last-Modified: Wed, 08 May 2024 11:30:20 GMT
Accept-Ranges: bytes
Content-Length: 7406
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/x-icon

unpkg.com/alpinejs@3.13.10/dist/cdn.min.js

104.17.248.203

20 kB

URL
unpkg.com/alpinejs@3.13.10/dist/cdn.min.js
IP
104.17.248.203:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (39233)
Size
20 kB (19909 bytes)
Hash
48edb119e6ee7a0e4de109f8445a94a2
6195f8ec0a2449a1beaa41990f803b7e58a6961b
fb9b146b7fbd1bbf251fb3ef464f2e7c5d33a4a83aeb0fcf21e92ca6a9558c4b

HTTP Headers

GET /alpinejs@3.13.10/dist/cdn.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dhl-parcel.20-240-220-64.cprapid.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 15:26:18 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: "adec-YZX47AokSaG+qkGZD4A7flimlhs"
via: 1.1 fly.io
fly-request-id: 01HWQWR6KD3RYVR31TMWK0JV9W-arn
cf-cache-status: HIT
age: 860922
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 881af2669b345696-OSL
X-Firefox-Spdy: h2

dhl-parcel.20-240-220-64.cprapid.com/gate.php

20.240.220.64

200 OK

48 B

URL POST HTTP/1.1
dhl-parcel.20-240-220-64.cprapid.com/gate.php
IP
20.240.220.64:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://dhl-parcel.20-240-220-64.cprapid.com/
Certificate
IssuerLet's Encrypt
Subjectcpanel.dhl-parcel.20-240-220-64.cprapid.com
Fingerprint3C:A5:F1:CC:F8:32:4F:0B:C9:C1:27:59:90:4C:8E:48:95:A7:05:93
ValidityWed, 08 May 2024 14:29:38 GMT - Tue, 06 Aug 2024 14:29:37 GMT

File type
JSON text data
Size
48 B (48 bytes)
Hash
0a40dbe0ebedec6df5187223293035f9
7628c3d60fbc763002e4a8090c90267d169d4e22
d45e227c3b794ace485cf3271f57f0ce2ac1687bf964613320b7cf1918bb7a61

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	DHL Airways, Inc.
PhishTank	phishing	DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /gate.php HTTP/1.1
Host: dhl-parcel.20-240-220-64.cprapid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dhl-parcel.20-240-220-64.cprapid.com/
content-type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 11
Origin: https://dhl-parcel.20-240-220-64.cprapid.com
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=8cca5d01bf09644842431eb9ca48e5d4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 15:26:23 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json

dhl-parcel.20-240-220-64.cprapid.com/gate.php

20.240.220.64

200 OK

48 B

URL POST HTTP/1.1
dhl-parcel.20-240-220-64.cprapid.com/gate.php
IP
20.240.220.64:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://dhl-parcel.20-240-220-64.cprapid.com/
Certificate
IssuerLet's Encrypt
Subjectcpanel.dhl-parcel.20-240-220-64.cprapid.com
Fingerprint3C:A5:F1:CC:F8:32:4F:0B:C9:C1:27:59:90:4C:8E:48:95:A7:05:93
ValidityWed, 08 May 2024 14:29:38 GMT - Tue, 06 Aug 2024 14:29:37 GMT

File type
JSON text data
Size
48 B (48 bytes)
Hash
0a40dbe0ebedec6df5187223293035f9
7628c3d60fbc763002e4a8090c90267d169d4e22
d45e227c3b794ace485cf3271f57f0ce2ac1687bf964613320b7cf1918bb7a61

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	DHL Airways, Inc.
PhishTank	phishing	DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /gate.php HTTP/1.1
Host: dhl-parcel.20-240-220-64.cprapid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dhl-parcel.20-240-220-64.cprapid.com/
content-type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 11
Origin: https://dhl-parcel.20-240-220-64.cprapid.com
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=8cca5d01bf09644842431eb9ca48e5d4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 15:26:25 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json

cdn.tailwindcss.com/3.4.3

172.67.41.16

200 OK

119 kB

URL GET HTTP/2
cdn.tailwindcss.com/3.4.3
IP
172.67.41.16:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dhl-parcel.20-240-220-64.cprapid.com/
Certificate
IssuerCloudflare, Inc.
Subjecttailwindcss.com
Fingerprint5F:87:FB:92:D4:93:DA:09:E3:5B:EF:92:CE:2F:47:18:3A:8A:C7:49
ValidityTue, 07 Nov 2023 00:00:00 GMT - Tue, 05 Nov 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (52292)
Size
119 kB (119001 bytes)
Hash
4bdcdace639cc6c0f08a15c295482172
6fa7ad6e87d8b19bff7e2bd0becf87d87d57be31
d2c35bf03246b0634bb22cbdc74962c8368e5e13b656e7f3cc10029da79d2e5c

HTTP Headers

GET /3.4.3 HTTP/1.1
Host: cdn.tailwindcss.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dhl-parcel.20-240-220-64.cprapid.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 15:26:18 GMT
content-type: text/javascript
cache-control: max-age=31536000
content-encoding: br
strict-transport-security: max-age=63072000
x-vercel-cache: MISS
x-vercel-id: cle1::iad1::rn74h-1711569125689-ef02b3caf33b
last-modified: Wed, 27 Mar 2024 19:52:06 GMT
cf-cache-status: HIT
age: 846866
vary: Accept-Encoding
server: cloudflare
cf-ray: 881af266aee556c6-OSL
X-Firefox-Spdy: h2

dhl-parcel.20-240-220-64.cprapid.com/gate.php

20.240.220.64

200 OK

48 B

URL POST HTTP/1.1
dhl-parcel.20-240-220-64.cprapid.com/gate.php
IP
20.240.220.64:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://dhl-parcel.20-240-220-64.cprapid.com/
Certificate
IssuerLet's Encrypt
Subjectcpanel.dhl-parcel.20-240-220-64.cprapid.com
Fingerprint3C:A5:F1:CC:F8:32:4F:0B:C9:C1:27:59:90:4C:8E:48:95:A7:05:93
ValidityWed, 08 May 2024 14:29:38 GMT - Tue, 06 Aug 2024 14:29:37 GMT

File type
JSON text data
Size
48 B (48 bytes)
Hash
0a40dbe0ebedec6df5187223293035f9
7628c3d60fbc763002e4a8090c90267d169d4e22
d45e227c3b794ace485cf3271f57f0ce2ac1687bf964613320b7cf1918bb7a61

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	DHL Airways, Inc.
PhishTank	phishing	DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /gate.php HTTP/1.1
Host: dhl-parcel.20-240-220-64.cprapid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dhl-parcel.20-240-220-64.cprapid.com/
content-type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 11
Origin: https://dhl-parcel.20-240-220-64.cprapid.com
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=8cca5d01bf09644842431eb9ca48e5d4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 15:26:27 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json

dhl-parcel.20-240-220-64.cprapid.com/gate.php

20.240.220.64

200 OK

48 B

URL POST HTTP/1.1
dhl-parcel.20-240-220-64.cprapid.com/gate.php
IP
20.240.220.64:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://dhl-parcel.20-240-220-64.cprapid.com/
Certificate
IssuerLet's Encrypt
Subjectcpanel.dhl-parcel.20-240-220-64.cprapid.com
Fingerprint3C:A5:F1:CC:F8:32:4F:0B:C9:C1:27:59:90:4C:8E:48:95:A7:05:93
ValidityWed, 08 May 2024 14:29:38 GMT - Tue, 06 Aug 2024 14:29:37 GMT

File type
JSON text data
Size
48 B (48 bytes)
Hash
0a40dbe0ebedec6df5187223293035f9
7628c3d60fbc763002e4a8090c90267d169d4e22
d45e227c3b794ace485cf3271f57f0ce2ac1687bf964613320b7cf1918bb7a61

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	DHL Airways, Inc.
PhishTank	phishing	DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /gate.php HTTP/1.1
Host: dhl-parcel.20-240-220-64.cprapid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dhl-parcel.20-240-220-64.cprapid.com/
content-type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 11
Origin: https://dhl-parcel.20-240-220-64.cprapid.com
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=8cca5d01bf09644842431eb9ca48e5d4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 15:26:29 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json

dhl-parcel.20-240-220-64.cprapid.com/gate.php

20.240.220.64

200 OK

48 B

URL POST HTTP/1.1
dhl-parcel.20-240-220-64.cprapid.com/gate.php
IP
20.240.220.64:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://dhl-parcel.20-240-220-64.cprapid.com/
Certificate
IssuerLet's Encrypt
Subjectcpanel.dhl-parcel.20-240-220-64.cprapid.com
Fingerprint3C:A5:F1:CC:F8:32:4F:0B:C9:C1:27:59:90:4C:8E:48:95:A7:05:93
ValidityWed, 08 May 2024 14:29:38 GMT - Tue, 06 Aug 2024 14:29:37 GMT

File type
JSON text data
Size
48 B (48 bytes)
Hash
0a40dbe0ebedec6df5187223293035f9
7628c3d60fbc763002e4a8090c90267d169d4e22
d45e227c3b794ace485cf3271f57f0ce2ac1687bf964613320b7cf1918bb7a61

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	DHL Airways, Inc.
PhishTank	phishing	DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /gate.php HTTP/1.1
Host: dhl-parcel.20-240-220-64.cprapid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dhl-parcel.20-240-220-64.cprapid.com/
content-type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 11
Origin: https://dhl-parcel.20-240-220-64.cprapid.com
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=8cca5d01bf09644842431eb9ca48e5d4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 15:26:31 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json

dhl-parcel.20-240-220-64.cprapid.com/gate.php

20.240.220.64

200 OK

48 B

URL POST HTTP/1.1
dhl-parcel.20-240-220-64.cprapid.com/gate.php
IP
20.240.220.64:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://dhl-parcel.20-240-220-64.cprapid.com/
Certificate
IssuerLet's Encrypt
Subjectcpanel.dhl-parcel.20-240-220-64.cprapid.com
Fingerprint3C:A5:F1:CC:F8:32:4F:0B:C9:C1:27:59:90:4C:8E:48:95:A7:05:93
ValidityWed, 08 May 2024 14:29:38 GMT - Tue, 06 Aug 2024 14:29:37 GMT

File type
JSON text data
Size
48 B (48 bytes)
Hash
0a40dbe0ebedec6df5187223293035f9
7628c3d60fbc763002e4a8090c90267d169d4e22
d45e227c3b794ace485cf3271f57f0ce2ac1687bf964613320b7cf1918bb7a61

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	DHL Airways, Inc.
PhishTank	phishing	DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /gate.php HTTP/1.1
Host: dhl-parcel.20-240-220-64.cprapid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dhl-parcel.20-240-220-64.cprapid.com/
content-type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 11
Origin: https://dhl-parcel.20-240-220-64.cprapid.com
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=8cca5d01bf09644842431eb9ca48e5d4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 15:26:33 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json

dhl-parcel.20-240-220-64.cprapid.com/gate.php

20.240.220.64

200 OK

48 B

URL POST HTTP/1.1
dhl-parcel.20-240-220-64.cprapid.com/gate.php
IP
20.240.220.64:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://dhl-parcel.20-240-220-64.cprapid.com/
Certificate
IssuerLet's Encrypt
Subjectcpanel.dhl-parcel.20-240-220-64.cprapid.com
Fingerprint3C:A5:F1:CC:F8:32:4F:0B:C9:C1:27:59:90:4C:8E:48:95:A7:05:93
ValidityWed, 08 May 2024 14:29:38 GMT - Tue, 06 Aug 2024 14:29:37 GMT

File type
JSON text data
Size
48 B (48 bytes)
Hash
0a40dbe0ebedec6df5187223293035f9
7628c3d60fbc763002e4a8090c90267d169d4e22
d45e227c3b794ace485cf3271f57f0ce2ac1687bf964613320b7cf1918bb7a61

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	DHL Airways, Inc.
PhishTank	phishing	DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /gate.php HTTP/1.1
Host: dhl-parcel.20-240-220-64.cprapid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dhl-parcel.20-240-220-64.cprapid.com/
content-type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 11
Origin: https://dhl-parcel.20-240-220-64.cprapid.com
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=8cca5d01bf09644842431eb9ca48e5d4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 15:26:35 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json

dhl-parcel.20-240-220-64.cprapid.com/gate.php

20.240.220.64

200 OK

48 B

URL POST HTTP/1.1
dhl-parcel.20-240-220-64.cprapid.com/gate.php
IP
20.240.220.64:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://dhl-parcel.20-240-220-64.cprapid.com/
Certificate
IssuerLet's Encrypt
Subjectcpanel.dhl-parcel.20-240-220-64.cprapid.com
Fingerprint3C:A5:F1:CC:F8:32:4F:0B:C9:C1:27:59:90:4C:8E:48:95:A7:05:93
ValidityWed, 08 May 2024 14:29:38 GMT - Tue, 06 Aug 2024 14:29:37 GMT

File type
JSON text data
Size
48 B (48 bytes)
Hash
0a40dbe0ebedec6df5187223293035f9
7628c3d60fbc763002e4a8090c90267d169d4e22
d45e227c3b794ace485cf3271f57f0ce2ac1687bf964613320b7cf1918bb7a61

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	DHL Airways, Inc.
PhishTank	phishing	DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /gate.php HTTP/1.1
Host: dhl-parcel.20-240-220-64.cprapid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dhl-parcel.20-240-220-64.cprapid.com/
content-type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 11
Origin: https://dhl-parcel.20-240-220-64.cprapid.com
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=8cca5d01bf09644842431eb9ca48e5d4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 15:26:37 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json

dhl-parcel.20-240-220-64.cprapid.com/gate.php

20.240.220.64

200 OK

48 B

URL POST HTTP/1.1
dhl-parcel.20-240-220-64.cprapid.com/gate.php
IP
20.240.220.64:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://dhl-parcel.20-240-220-64.cprapid.com/
Certificate
IssuerLet's Encrypt
Subjectcpanel.dhl-parcel.20-240-220-64.cprapid.com
Fingerprint3C:A5:F1:CC:F8:32:4F:0B:C9:C1:27:59:90:4C:8E:48:95:A7:05:93
ValidityWed, 08 May 2024 14:29:38 GMT - Tue, 06 Aug 2024 14:29:37 GMT

File type
JSON text data
Size
48 B (48 bytes)
Hash
0a40dbe0ebedec6df5187223293035f9
7628c3d60fbc763002e4a8090c90267d169d4e22
d45e227c3b794ace485cf3271f57f0ce2ac1687bf964613320b7cf1918bb7a61

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	DHL Airways, Inc.
PhishTank	phishing	DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /gate.php HTTP/1.1
Host: dhl-parcel.20-240-220-64.cprapid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dhl-parcel.20-240-220-64.cprapid.com/
content-type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 11
Origin: https://dhl-parcel.20-240-220-64.cprapid.com
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=8cca5d01bf09644842431eb9ca48e5d4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 15:26:39 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (18)

URL User Request GET HTTP/1.1

IP

ASN

File type