Report - pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev/index2.html

Report Overview

Submitted URL
pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev/index2.html
IP
104.18.3.35
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-05 05:18:59
Access
public
Website Title
DHL
Final URL
pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev/index2.html
Tags
dhl logistics phishing
urlquery detections
Phishing - DHL

Detections

urlquery
8
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
code.jquery.com	634	2005-12-10	2012-05-21	2024-05-03	437 B	32 kB	151.101.66.137
pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev	unknown	2022-08-23	2023-12-21	2024-03-13	3.5 kB	83 kB	104.18.2.35

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-05-04	medium	pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev/index2.html	DHL Airways, Inc.

PhishTank

Scan Date	Severity	Indicator	Alert
2023-12-24	medium	pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev/index2.html	DHL

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	code.jquery.com/jquery-3.6.4.min.js	90 kB	2023-03-26	2024-05-18
Pretty URL code.jquery.com/jquery-3.6.4.min.js IP 151.101.66.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 04:59:07 Last Seen2024-05-18 17:48:42 Times Seen8736 Hash 641dd14370106e992d352166f5a07e99 eda46747c71d38a880bee44f9a439c3858bb8f99 a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af Loading...

	pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev/index2.html	0 B	2023-03-07	2024-05-18
Pretty URL pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev/index2.html IP 104.18.2.35 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-18 18:28:34 Times Seen37792858 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (8)

URL IP Response Size

pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev/index2.html

104.18.2.35

200 OK

4.4 kB

URL User Request GET HTTP/1.1
pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev/index2.html
IP
104.18.2.35:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0
ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
4.4 kB (4379 bytes)
Hash
eb9ed36a3b7234eb9c72d81f3e90ec6a
b817f66e1f9f6de96f8708efc30eddd3fde97aa1
2c135913e46fa3b3b8d07e0fe729068bf161eb94ba1cf0fea1437691b01981a6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
OpenPhish	phishing	DHL Airways, Inc.
PhishTank	phishing	DHL

HTTP Headers

GET /index2.html HTTP/1.1
Host: pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 05 May 2024 05:18:35 GMT
Content-Type: text/html
Content-Length: 4379
Connection: keep-alive
Accept-Ranges: bytes
ETag: "eb9ed36a3b7234eb9c72d81f3e90ec6a"
Last-Modified: Wed, 18 Oct 2023 22:51:12 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87ee45490a245691-OSL

code.jquery.com/jquery-3.6.4.min.js

151.101.66.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.6.4.min.js
IP
151.101.66.137:443
ASN
#54113 FASTLY

Requested by
https://pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev/index2.html
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
31 kB (31011 bytes)
Hash
641dd14370106e992d352166f5a07e99
eda46747c71d38a880bee44f9a439c3858bb8f99
a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af

HTTP Headers

GET /jquery-3.6.4.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15ec3"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sun, 05 May 2024 05:18:35 GMT
age: 20085708
x-served-by: cache-lga21953-LGA, cache-hel1410020-HEL
x-cache: HIT, HIT
x-cache-hits: 138, 38631
x-timer: S1714886316.738745,VS0,VE0
vary: Accept-Encoding
content-length: 31011
X-Firefox-Spdy: h2

pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev/7629827763/05.png

104.18.2.35

200 OK

7.3 kB

URL GET HTTP/1.1
pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev/7629827763/05.png
IP
104.18.2.35:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev/index2.html
Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0
ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT

File type
PNG image data, 448 x 101, 8-bit/color RGBA, non-interlaced
Size
7.3 kB (7303 bytes)
Hash
42d266ea95ec2155776b17db08bada6e
a2885ace20c5a55be720970c3f411e9d5fdaef3a
87a90aff7342aebb9bac98e99e9be3833731d16a97e07da7ca1f9b9434d915b8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /7629827763/05.png HTTP/1.1
Host: pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev/index2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 05 May 2024 05:18:36 GMT
Content-Type: image/png
Content-Length: 7303
Connection: keep-alive
Accept-Ranges: bytes
ETag: "42d266ea95ec2155776b17db08bada6e"
Last-Modified: Wed, 18 Oct 2023 22:03:03 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87ee4550cdde5691-OSL

pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev/7629827763/en.jpg

104.18.3.35

200 OK

1.5 kB

URL GET HTTP/1.1
pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev/7629827763/en.jpg
IP
104.18.3.35:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev/index2.html
Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0
ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 86x52, components 3
Size
1.5 kB (1454 bytes)
Hash
eef218ee0c269c1d574ca62469a3ccc4
58ae3efb00420e5101a1c1a441ee6fd082ed99f9
901c8abcc67fe53992c93d741a937ff8e3ab418d114fcd984efe3e341f6a7455

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /7629827763/en.jpg HTTP/1.1
Host: pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev/index2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 05 May 2024 05:18:36 GMT
Content-Type: image/jpeg
Content-Length: 1454
Connection: keep-alive
Accept-Ranges: bytes
ETag: "eef218ee0c269c1d574ca62469a3ccc4"
Last-Modified: Wed, 18 Oct 2023 22:03:04 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87ee4551284256c5-OSL

pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev/7629827763/3638384.jpg

104.18.3.35

200 OK

8.7 kB

URL GET HTTP/1.1
pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev/7629827763/3638384.jpg
IP
104.18.3.35:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev/index2.html
Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0
ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 285x177, components 3
Size
8.7 kB (8692 bytes)
Hash
0909fbc1f7fba01ae0da65a927ceee26
999a11986a8f87e1e58c7a8e627df7f3a7080f84
9bd85f7569e570b6a8a40701baef5177a78e1daf0d3429ccdd55630224670c2d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /7629827763/3638384.jpg HTTP/1.1
Host: pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev/index2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 05 May 2024 05:18:36 GMT
Content-Type: image/jpeg
Content-Length: 8692
Connection: keep-alive
Accept-Ranges: bytes
ETag: "0909fbc1f7fba01ae0da65a927ceee26"
Last-Modified: Wed, 18 Oct 2023 22:03:04 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87ee45515bac569f-OSL

pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev/7629827763/02.jpg

104.18.3.35

200 OK

21 kB

URL GET HTTP/1.1
pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev/7629827763/02.jpg
IP
104.18.3.35:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev/index2.html
Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0
ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1584x396, components 3
Size
21 kB (20648 bytes)
Hash
b4ffa4c4789b58a42af0cac9739d9fcc
c9b5596b90cce84a1f56d4e8a46d413b54b4e1f6
f06555d58c6fb19b7b6815ce631ea0958eeaec315dbc64b8dfb08e200c69eed5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /7629827763/02.jpg HTTP/1.1
Host: pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev/index2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 05 May 2024 05:18:36 GMT
Content-Type: image/jpeg
Content-Length: 20648
Connection: keep-alive
Accept-Ranges: bytes
ETag: "b4ffa4c4789b58a42af0cac9739d9fcc"
Last-Modified: Wed, 18 Oct 2023 22:03:02 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87ee45513a2b56ab-OSL

pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev/7629827763/1618379409484992.jpg

104.18.3.35

200 OK

4.0 kB

URL GET HTTP/1.1
pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev/7629827763/1618379409484992.jpg
IP
104.18.3.35:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev/index2.html
Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0
ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 66x76, components 3
Size
4.0 kB (3997 bytes)
Hash
fe2cdc10f0b14d041ce1d0c391291f2d
76ddb8774f67fe7838fc2678514800c9b5203a28
109483641b2f69473f1b978e4aec1ba11bb4f52c7ee92cb2c969f92b92925633

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /7629827763/1618379409484992.jpg HTTP/1.1
Host: pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev/index2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 05 May 2024 05:18:37 GMT
Content-Type: image/jpeg
Content-Length: 3997
Connection: keep-alive
Accept-Ranges: bytes
ETag: "fe2cdc10f0b14d041ce1d0c391291f2d"
Last-Modified: Wed, 18 Oct 2023 22:03:03 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87ee45563e2d569f-OSL

pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev/7629827763/xls.png

104.18.3.35

200 OK

34 kB

URL GET HTTP/1.1
pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev/7629827763/xls.png
IP
104.18.3.35:443
ASN
#13335 CLOUDFLARENET

Requested by
https://pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev/index2.html
Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0
ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT

File type
PNG image data, 1200 x 1200, 8-bit/color RGBA, non-interlaced
Size
34 kB (34223 bytes)
Hash
c52b62164b9b48ace77228cffaea7d18
d6c285df2d1b1ec6c1bd7b5fdd2f1575d1631bad
d8a1fae00d96feaa8351178773878b3f51cacd4a922200470d6e7cd9e832089a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /7629827763/xls.png HTTP/1.1
Host: pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-94160e4dc1de47c0874194dedd5d5b5d.r2.dev/index2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 05 May 2024 05:18:37 GMT
Content-Type: image/png
Content-Length: 34223
Connection: keep-alive
Accept-Ranges: bytes
ETag: "c52b62164b9b48ace77228cffaea7d18"
Last-Modified: Wed, 18 Oct 2023 22:03:07 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87ee455158e40b45-OSL

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (8)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1