Report - maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html

Report Overview

Submitted URL
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
IP
162.159.137.9
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-07 18:21:59
Access
public
Website Title
DHL - Confirm your Payment.
Final URL
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Tags
dhl logistics phishing
urlquery detections
Phishing - DHL

Detections

urlquery
19
Network Intrusion Detection
0
Threat Detection Systems
56

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-07	967 B	18 kB	142.250.74.106
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2024-05-07	447 B	6.4 kB	142.250.74.106
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-07	4.4 kB	152 kB	142.250.74.67
static.cloudflareinsights.com	1294	2019-08-30	2019-09-24	2024-05-06	514 B	20 kB	104.16.79.73
maavhkpo.elementor.cloud	unknown	unknown	No data	No data	14 kB	1.2 MB	162.159.138.9

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html	DHL Airways, Inc.

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-07	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-07	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-07	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-07	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-07	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-07	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-07	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-07	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-07	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-07	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-07	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-07	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-07	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-07	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-07	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-07	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-07	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-07	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-07	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-07	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-07	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-07	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-07	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-07	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-07	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-07	medium	maavhkpo.elementor.cloud	Sinkholed

ThreatFox

No alerts detected

JavaScript (14)

	URL	Size	First Seen	Last Seen
	maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/cc.js	2.2 kB	2023-03-09	2024-05-08
Pretty URL maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/cc.js IP 162.159.138.9 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:24:14 Last Seen2024-05-08 18:30:29 Times Seen26 Hash 91b1658e4c13acdc8b9d1f54462faf5c 7685517809bd4c2694bd6b6bea9f5161ff8ab697 03eae2687c1ef52f34d7f6a20de1c2d5e5f91c5c21f0552331cdfe6d38394bce Loading...

	maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html	627 B	2023-03-07	2024-05-08
Pretty URL maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html IP 162.159.138.9 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 13:20:14 Last Seen2024-05-08 18:30:29 Times Seen60 Hash b201513c0278ec41ea7c5ef6a9e8d49b 01f1e02e4a0c5af5508af3ffc0123e4e5fb70b88 d9a6b10b1adfe406ab10beb680272365118f84d0db848ece0cc31a281f279402 Loading...

	maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/login_page.min.js	845 B	2023-03-07	2024-05-08
Pretty URL maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/login_page.min.js IP 162.159.138.9 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:22:53 Last Seen2024-05-08 18:30:29 Times Seen153 Hash 8f26c1984eb6fc31f58d073788de4157 ed87fa78deed844a0837f9694be0ae253f90c818 558619a267691a460b410d2f703296b87a44e2fe994b3483740c6e74c8ee8d1b Loading...

	maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html	76 B	2023-03-07	2024-05-08
Pretty URL maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html IP 162.159.138.9 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 14:22:53 Last Seen2024-05-08 18:30:29 Times Seen57 Hash 55b6e3a81dc265a6e8287b7a683d1a91 cbeb4f0a89ea5ca00c938230bbe65b636c2fe56d 0324c0205dc1fe44ebeb36a1fe9dfa8d6e13930d617a6141d6fa7f99d6e3ffdc Loading...

	maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/altair_admin_common.min.js	23 kB	2023-03-07	2024-05-08
Pretty URL maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/altair_admin_common.min.js IP 162.159.138.9 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:20:14 Last Seen2024-05-08 18:30:30 Times Seen179 Hash 834d2ecce9a8cc7dba36d273de52b28a a605a1843810a676f6018c8a0072de08b05b7ef5 523eb9b6af99c2488af8dcd1a5cd648902c24b4981195b0d0b9f3cdaa2fd3b7f Loading...

	ajax.googleapis.com/ajax/libs/webfont/1/webfont.js	13 kB	2023-03-07	2024-05-19
Pretty URL ajax.googleapis.com/ajax/libs/webfont/1/webfont.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:17 Last Seen2024-05-19 14:03:19 Times Seen23288 Hash 7c96a5f11d9741541d5e3c42ff6380d7 d3fa2564c021cf730e58ffddb138cf6b57ed126e 81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee Loading...

	maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/moment.min.js	34 kB	2023-03-07	2024-05-15
Pretty URL maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/moment.min.js IP 162.159.138.9 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:02:36 Last Seen2024-05-15 05:47:10 Times Seen89 Hash 9c58a34f02796276b7e7109af74070cd a895868d27f57e0c1ef4ddf4e50c1055ff66eb15 a076b936e9383ed6f90c614cfd4e9ce57f95481e19fe1d84450926954d268856 Loading...

	maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/common.min.js	261 kB	2023-03-07	2024-05-08
Pretty URL maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/common.min.js IP 162.159.138.9 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:02:36 Last Seen2024-05-08 18:30:29 Times Seen49 Hash 836a446f4b1173eeffc3f441dc3a145a 6ae3d53166f94dd1114522267a47e1287d1b67f5 1e359301246090b9c8e8a9b451d81eb83e04d04d2f98140cb216d3c3acd84cde Loading...

	maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html	1.1 kB	2024-05-07	2024-05-07
Pretty URL maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html IP 162.159.138.9 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-07 20:22:06 Last Seen2024-05-07 20:22:06 Times Seen1 Hash 72a6376e5c265b5c7e48c54576abf9e9 0d0f6237fd1e1e611f8ccd4f5388bce4d309cc23 f855cc8537f8baf71d799762f302a0f5ca68c5ecc04ee66edfd224b0250a8482 Loading...

	unknown	247 B	2024-05-07	2024-05-07
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 20:22:06 Last Seen2024-05-07 20:22:06 Times Seen1 Hash 5c7c44760214c8d3ff755f52573475aa 3eec925c116a74e33550718fad08ac077f942fad b222a1d39443d6e2f1e995926984e1d7d565148f30c606946fe63a18479debb9 Loading...

	maavhkpo.elementor.cloud/cdn-cgi/challenge-platform/scripts/jsd/main.js	7.9 kB	2024-05-07	2024-05-07
Pretty URL maavhkpo.elementor.cloud/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 162.159.138.9 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 20:22:06 Last Seen2024-05-07 20:22:06 Times Seen2 Hash 9ab60498d794b214d59fc4bfa2d80e53 ff45c690bfb42d3c5f9e85e657c4197bfb12f15f 56fa19088107e267072ffefeb22d13188b0213424ff666245199a4913f32e91c Loading...

	maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/uikit_custom.min.js	102 kB	2023-03-07	2024-05-08
Pretty URL maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/uikit_custom.min.js IP 162.159.138.9 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:02:36 Last Seen2024-05-08 18:30:30 Times Seen67 Hash 660d070837ba7b53c5dcec99f7f94b9b b6fae86591af6f1260f49f52b45256a824096351 bc865ff931d1d97a468a025905eed3bde7282bd45450abfb759da9ac3ae9546f Loading...

	maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/components_notifications.min.js	1.1 kB	2023-03-07	2024-05-08
Pretty URL maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/components_notifications.min.js IP 162.159.138.9 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:20:14 Last Seen2024-05-08 18:30:29 Times Seen157 Hash b627c2a2eb3ed44bdaa291d0fc898316 03e1542cffbd078f0a21ad83ad589ce1679009cc d136e8ae0ac9b54bac28578861fac37ad93bd89b14d253e7d9f4a51609858537 Loading...

	static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387	19 kB	2024-04-24	2024-05-19
Pretty URL static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387 IP 104.16.79.73 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 00:56:41 Last Seen2024-05-19 14:38:29 Times Seen2519 Hash 4c980ee97cb5c001b4d19e2895fa5603 2c6fe998aa7486c4becd74cf253bdd82666a64c3 d2e817d2c44b9cf45f0e45cfa351abba3203af38f5aa1c8576a2db69ebd15192 Loading...

HTTP Transactions (39)

URL IP Response Size

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/logo.png

162.159.138.9

200 OK

2.2 kB

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/logo.png
IP
162.159.138.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
RIFF (little-endian) data, Web/P image
Size
2.2 kB (2150 bytes)
Hash
148e7959884334e6a7dd6360822e97f7
dd6d15464e25c7f9cf35e6990fc8c4fc64c04665
868a512d1fb675ef291cadab0f743166effad787bcb96711c9185f636c8968c7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/logo.png HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 18:21:32 GMT
content-type: image/webp
content-length: 2150
cf-ray: 88033af7f92b56c5-OSL
cf-cache-status: HIT
accept-ranges: bytes
cache-control: max-age=315360000
content-disposition: inline; filename="logo.webp"
etag: "62e87fca-296f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 02 Aug 2022 01:37:14 GMT
vary: Accept, Accept-Encoding
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=10607
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=ifziSpAykIKAEoHMFddm04BP9htWGyIh2e.l8GXAD2Q-1715106092-1.0.1.1-X9B6tNEnPTOBS7CWNxfUWx0qC5bd8UPHd4IZTon.XAS9VU.30xlf_uOeompiko1UlVZJ73oeDObtzOsfAXy28g; path=/; expires=Tue, 07-May-24 18:51:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=qH.Ym4P5qAmJgQ_56hfsfLhtImZ8ZJ1bOHMAyCXHjsw-1715106092867-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
alt-svc: h3=":443"; ma=86400

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/Raleway-Medium.ttf

162.159.138.9

200 OK

174 kB

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/Raleway-Medium.ttf
IP
162.159.138.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
TrueType Font data, 16 tables, 1st "GPOS", 17 names, Microsoft, language 0x409, Copyright (c) 2010 - 2013, Matt McInerney (matt@pixelspread.com), Pablo Impallari (impallari@gma
Size
174 kB (174028 bytes)
Hash
bb5ae98e4ce1a64042093dc235c305ed
0c8681407d5de2de363187e7911e790d34d808c1
67544b051079d750900856631013bb2c59da3b92ef45a8eeacb04ffa03ca48a8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/Raleway-Medium.ttf HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 18:21:32 GMT
content-type: application/octet-stream
content-length: 174028
cf-ray: 88033af7e91956c5-OSL
cf-cache-status: HIT
accept-ranges: bytes
cache-control: max-age=315360000
etag: "62e87fcd-2a7cc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 02 Aug 2022 01:37:17 GMT
vary: Accept-Encoding
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=84wF9OnglyVwCtpGd_s19AckNfXvXi6_GtKz.I4ddls-1715106092-1.0.1.1-cld_qoSispTnZ9V48hyGDkVTRvNlVDybmujeXEqYI5esSuLxW4S5eCS5NeBkWs3OoRk_bht_bPrqpsjNAyt7Og; path=/; expires=Tue, 07-May-24 18:51:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=IN4nATSPeXcwTk9Nj_E7Q8EfCaBvTtyNtXIHfqSq6z4-1715106092883-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
alt-svc: h3=":443"; ma=86400

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/logo-pay.png

162.159.138.9

200 OK

5.9 kB

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/logo-pay.png
IP
162.159.138.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
RIFF (little-endian) data, Web/P image
Size
5.9 kB (5892 bytes)
Hash
2f4cd16c263e5e1817620b548d687328
a97cadd693857aebdc666ca76133d6d07cb4fa01
271e91c18f186d95519315bb356186994ce2b967b9768db4e7624e0ad02bd19e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/logo-pay.png HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 18:21:32 GMT
content-type: image/webp
content-length: 5892
cf-ray: 88033af7f93556c5-OSL
cf-cache-status: HIT
accept-ranges: bytes
cache-control: max-age=315360000
content-disposition: inline; filename="logo-pay.webp"
etag: "62e87fc7-1fb7"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 02 Aug 2022 01:37:11 GMT
vary: Accept, Accept-Encoding
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=8119
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=0S4qOkwbJjKJ56glwBseu6Sccevq26M_T8G01ykaMEs-1715106092-1.0.1.1-J1rt.FdQmqXJinQwJxRa3bcfzXknb1glsocOACLxNUyazjrMOx0gWcofw52fKVnZNZ0EPQKqLUPhnArLgl0Gyw; path=/; expires=Tue, 07-May-24 18:51:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=3.AuskbenZaK_8mBvpvXSI8XiqnEZ1TQcJee1F5zNNs-1715106092880-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
alt-svc: h3=":443"; ma=86400

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/delivery-truck.png

162.159.138.9

200 OK

8.5 kB

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/delivery-truck.png
IP
162.159.138.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
RIFF (little-endian) data, Web/P image
Size
8.5 kB (8538 bytes)
Hash
21b784a98801eb5763583e620fec876a
92a7fdff783f33c44365f70e7490569eded961a9
cad50c12b6c3cc48d7a270867f8d212146591dee6ebfc479e39bcc4566903a95

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/delivery-truck.png HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 18:21:32 GMT
content-type: image/webp
content-length: 8538
cf-ray: 88033af7f92f56c5-OSL
cf-cache-status: HIT
accept-ranges: bytes
cache-control: max-age=315360000
content-disposition: inline; filename="delivery-truck.webp"
etag: "62e87fc1-58a2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 02 Aug 2022 01:37:05 GMT
vary: Accept, Accept-Encoding
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=22690
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=RxI5sOzjLcMMYBEV3qSyjcK8Y55J6Sd2YtRrjcDsEbQ-1715106092-1.0.1.1-lHqfH8TVWM1DTftb55TAnIeANOwSqnd0CTfNJYDXcyrQ5Uc85WytIgbmI4kmjcBCii_R_LUVaTdZal0AAI6FLg; path=/; expires=Tue, 07-May-24 18:51:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=Vhcu_2Oxyy8OfRNhn.ITSDLX1NqtilZGionmYMquaPI-1715106092912-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
alt-svc: h3=":443"; ma=86400

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/css(1)

162.159.138.9

200 OK

16 kB

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/css(1)
IP
162.159.138.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
ASCII text
Size
16 kB (16267 bytes)
Hash
f24a16efed7b4d060aa639a86bf9aaa0
095befbf49a23e215bf21d27646797470e5a8dc4
59695618c346e1e4a719d56f145686a2273c4248271fe58322b59dcbc5ac7e91

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/css(1) HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 18:21:32 GMT
content-type: application/octet-stream
content-length: 16267
cf-ray: 88033af7f92556c5-OSL
cf-cache-status: DYNAMIC
accept-ranges: bytes
etag: "62e87fc1-3f8b"
last-modified: Tue, 02 Aug 2022 01:37:05 GMT
ec-cdn-status: dynamic
ec-cdn-status-reason: not supported
ec-source: static
vary: Accept-Encoding
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=uUN1rOt3_srdw1xTAsq3ns8i6YPX1hs11Eq_3eqoXUY-1715106092-1.0.1.1-0Z4uha9xWQIzGkzaUamDr9u3XaRgysVY3hrQRPfSBJnh.Cezbiu5gx_6OIz6n9DKetQyItuu.hd8aRMlkGmRYQ; path=/; expires=Tue, 07-May-24 18:51:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=Kz0wnLlKMUt9YpaAzhnr0GW2q0h8cUcgShU1jnfVkwc-1715106092947-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css2?family=Raleway:wght@500&display=swap

142.250.74.106

200 OK

1.0 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Raleway:wght@500&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
gzip compressed data, max compression
Size
1.0 kB (1013 bytes)
Hash
d825b92ddf8a74f89dc697ce87abb8ba
1f4f22b9c7392b886d231c01158a08b05276519c
cf0cf1badd2956f432ac5a00c2e819304d61b8547b0e5e8372012fae34fc566b

HTTP Headers

GET /css2?family=Raleway:wght@500&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 07 May 2024 18:21:33 GMT
date: Tue, 07 May 2024 18:21:33 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/cc.js

162.159.138.9

200 OK

112 kB

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/cc.js
IP
162.159.138.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
ASCII text
Size
112 kB (112391 bytes)
Hash
91b1658e4c13acdc8b9d1f54462faf5c
7685517809bd4c2694bd6b6bea9f5161ff8ab697
03eae2687c1ef52f34d7f6a20de1c2d5e5f91c5c21f0552331cdfe6d38394bce

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/cc.js HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 18:21:32 GMT
content-type: application/javascript
cf-ray: 88033af7e90556c5-OSL
cf-cache-status: HIT
cache-control: max-age=315360000
etag: W/"62e87fbe-f0d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 02 Aug 2022 01:37:02 GMT
vary: Accept-Encoding
cf-bgj: minify
cf-polished: origSize=3853
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=6T.xXDkz1vrFXBEv70yU4959uaBQqEZKruGlpm8IA3g-1715106092-1.0.1.1-DtFXuJAPaQy24EJo_oGgWRpOhhettSFCFLqjZO9AGoVDoGyIVTR8Yht6iX9rOAGp8FTNvSxHAXGNsJivCqk6FQ; path=/; expires=Tue, 07-May-24 18:51:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=2GptKs7irTe2f6g31WJZojdhP1lebzdoHg8FwptHPQ0-1715106092887-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/moment.min.js

162.159.138.9

200 OK

14 kB

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/moment.min.js
IP
162.159.138.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
JavaScript source, ASCII text, with very long lines (32005), with CRLF line terminators
Size
14 kB (13663 bytes)
Hash
9c58a34f02796276b7e7109af74070cd
a895868d27f57e0c1ef4ddf4e50c1055ff66eb15
a076b936e9383ed6f90c614cfd4e9ce57f95481e19fe1d84450926954d268856

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/moment.min.js HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 18:21:32 GMT
content-type: application/javascript
cf-ray: 88033af8095756c5-OSL
cf-cache-status: HIT
cache-control: max-age=315360000
etag: W/"62e87fcb-868a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 02 Aug 2022 01:37:15 GMT
vary: Accept-Encoding
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=yDTAoGG4UhfngoPrGYkSj9VhJ.RD3iILMgHOmgqFQu8-1715106092-1.0.1.1-qU1IhU9nfMa9o.hGXPmWqoGQYx8yPd1Rj.euAjq8GSWtTWFB3BkQ.A31iV0crUCkUyrvzhqD2_bEesWDRR9oTQ; path=/; expires=Tue, 07-May-24 18:51:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=HBnVsSAQAYKtYQVD84mPhC8wLP6Hy4wI32MXVqUaAFs-1715106092882-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400

maavhkpo.elementor.cloud/cdn-cgi/challenge-platform/scripts/jsd/main.js

162.159.138.9

302 Found

0 B

URL GET HTTP/3
maavhkpo.elementor.cloud/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
162.159.138.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Tue, 07 May 2024 18:21:33 GMT
content-length: 0
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js
access-control-allow-origin: *
cache-control: max-age=300, public
set-cookie: __cf_bm=GZid_fxerCdkCuJJwtNnxqSq2M2MqSUCT30NDn6Oy.c-1715106093-1.0.1.1-1_vygOPbwfJgzhIPTlNcXI7CEbM1xi0qa8NCPpI_0fm4ID6U38D10aTACJPB7yABqeKtyalNXTyQVAcbpfF0CQ; path=/; expires=Tue, 07-May-24 18:51:33 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
x-powered-by: Elementor Cloud
server: cloudflare
cf-ray: 88033afd3c5956c5-OSL
alt-svc: h3=":443"; ma=86400

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/css

162.159.138.9

404 Not Found

28 kB

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/css
IP
162.159.138.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
HTML document, ASCII text, with very long lines (9462)
Size
28 kB (27454 bytes)
Hash
a560a957bd3dc075479ed1510f39f49a
3457ab32e44d85f741e82dda1df29243fec596a6
66c7f0291749d5df2b4877b1633b590c867f8c38c4b2f81e508d02d02ffe6e45

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/css HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Tue, 07 May 2024 18:21:33 GMT
content-type: text/html; charset=UTF-8
cf-ray: 88033af7e90756c5-OSL
cf-cache-status: DYNAMIC
cache-control: no-cache, must-revalidate, max-age=0
expires: Wed, 11 Jan 1984 05:00:00 GMT
link: <https://maavhkpo.elementor.cloud/wp-json/>; rel="https://api.w.org/"
ec-cdn-cache-control: public, max-age=604800
ec-cdn-status: dynamic
ec-cdn-status-reason: status not ok
ec-cdn-supported: 1
ec-coldstart: worker
ec-source: dynamic
vary: Accept-Encoding
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=qoRiGMgtw.1sPgQCJJuwWMdPFmaR0R9oRWt46ceu8RY-1715106093-1.0.1.1-jKIzpFKH_pxupS6Q6NawXpud7tmRjhP8lEW2OpT84hqT_1Y3G6c3IRpn8OInFAbXKz6qBuHQyoSHxojZ5PwhsA; path=/; expires=Tue, 07-May-24 18:51:33 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=VVLdbUORubUuxdnea88RQDanoBOxDG3P9wKTudkUmfs-1715106093395-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400

ajax.googleapis.com/ajax/libs/webfont/1/webfont.js

142.250.74.106

200 OK

5.4 kB

URL GET HTTP/3
ajax.googleapis.com/ajax/libs/webfont/1/webfont.js
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
JavaScript source, ASCII text, with very long lines (2134)
Size
5.4 kB (5437 bytes)
Hash
7c96a5f11d9741541d5e3c42ff6380d7
d3fa2564c021cf730e58ffddb138cf6b57ed126e
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

HTTP Headers

GET /ajax/libs/webfont/1/webfont.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 5437
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 05:06:40 GMT
expires: Sat, 03 May 2025 05:06:40 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 393293
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/login_page.min.js

162.159.138.9

200 OK

944 B

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/login_page.min.js
IP
162.159.138.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
JavaScript source, ASCII text, with very long lines (845), with no line terminators
Size
944 B (944 bytes)
Hash
8f26c1984eb6fc31f58d073788de4157
ed87fa78deed844a0837f9694be0ae253f90c818
558619a267691a460b410d2f703296b87a44e2fe994b3483740c6e74c8ee8d1b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/login_page.min.js HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 18:21:32 GMT
content-type: application/javascript
cf-ray: 88033af829a356c5-OSL
cf-cache-status: HIT
cache-control: max-age=315360000
etag: W/"62e87fc7-34d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 02 Aug 2022 01:37:11 GMT
vary: Accept-Encoding
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=L_pXCKb_545zefSI_XAeUGdDGLxVu0IKmBzD.voYZDY-1715106092-1.0.1.1-2iGAEt6ppcTQ6etXsPgja0Mohk_qXOVJ9KWAfEGB3CEOBLGGQEY5jp6bGP7EEgPvDNUY0tZRNW_sPtrRjxn1Ww; path=/; expires=Tue, 07-May-24 18:51:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=81ZBTKomtxC.IU4bevxwY3Og8oCEqgG2uZZm5t1MVdU-1715106092911-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/components_notifications.min.js

162.159.138.9

200 OK

459 B

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/components_notifications.min.js
IP
162.159.138.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
JavaScript source, ASCII text, with very long lines (1137), with no line terminators
Size
459 B (459 bytes)
Hash
b627c2a2eb3ed44bdaa291d0fc898316
03e1542cffbd078f0a21ad83ad589ce1679009cc
d136e8ae0ac9b54bac28578861fac37ad93bd89b14d253e7d9f4a51609858537

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/components_notifications.min.js HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 18:21:32 GMT
content-type: application/javascript
cf-ray: 88033af8198e56c5-OSL
cf-cache-status: HIT
cache-control: max-age=315360000
etag: W/"62e87fbf-471"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 02 Aug 2022 01:37:03 GMT
vary: Accept-Encoding
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=UC8OWi1UhaEiPaKvphV6C19xcBXWa1SAzzzsIXyAfvQ-1715106092-1.0.1.1-.iyY.j4kBOFj3Lm4tjIHcxBsxxO.5O773gVzReYqnjToVtaO84nwEncNH9Y0d2NVSZ20tN9eF6C_1eDifkG0EA; path=/; expires=Tue, 07-May-24 18:51:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=y9L7Y5woFudPiTLrRFxBI_2w6d.n6AChmEdWYJl4hCc-1715106092900-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2

142.250.74.67

200 OK

22 kB

URL GET HTTP/2
fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 21528, version 1.0
Size
22 kB (21528 bytes)
Hash
6113a25a586aeb6d0d3af5b5b652b973
25619eeae1fe17389310e4d392c427b7711dba44
539bdb4bd9bb71c694451bbf2d5d7c0b2849e3584f0b50be3588a07605d3337f

HTTP Headers

GET /s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://maavhkpo.elementor.cloud
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21528
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 16:31:38 GMT
expires: Sat, 03 May 2025 16:31:38 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 23:21:57 GMT
content-type: font/woff2
age: 352195
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

maavhkpo.elementor.cloud/cdn-cgi/rum?

162.159.138.9

204 No Content

0 B

URL POST HTTP/3
maavhkpo.elementor.cloud/cdn-cgi/rum?
IP
162.159.138.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1157
Origin: https://maavhkpo.elementor.cloud
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Tue, 07 May 2024 18:21:33 GMT
access-control-allow-origin: https://maavhkpo.elementor.cloud
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 88033aff284b56c5-OSL
x-frame-options: DENY
x-content-type-options: nosniff

fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2

142.250.74.67

200 OK

22 kB

URL GET HTTP/2
fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 21528, version 1.0
Size
22 kB (21528 bytes)
Hash
6113a25a586aeb6d0d3af5b5b652b973
25619eeae1fe17389310e4d392c427b7711dba44
539bdb4bd9bb71c694451bbf2d5d7c0b2849e3584f0b50be3588a07605d3337f

HTTP Headers

GET /s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://maavhkpo.elementor.cloud
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21528
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 16:31:38 GMT
expires: Sat, 03 May 2025 16:31:38 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 23:21:57 GMT
content-type: font/woff2
age: 352195
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.67

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://maavhkpo.elementor.cloud
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 04 May 2024 09:28:37 GMT
expires: Sun, 04 May 2025 09:28:37 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 291176
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

142.250.74.67

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15920, version 1.0
Size
16 kB (15920 bytes)
Hash
3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://maavhkpo.elementor.cloud
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:03:54 GMT
expires: Fri, 02 May 2025 02:03:54 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
age: 490659
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

142.250.74.67

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15740, version 1.0
Size
16 kB (15740 bytes)
Hash
b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://maavhkpo.elementor.cloud
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:32:46 GMT
expires: Fri, 02 May 2025 02:32:46 GMT
cache-control: public, max-age=31536000
age: 488927
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2

142.250.74.67

200 OK

17 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 17368, version 1.0
Size
17 kB (17368 bytes)
Hash
abe083d96b58eb02ada8b7c30d7b09f2
61447d66d13a8c8f4335696777a85c438c46f749
db0424fb67fb52e7e538490240cc7fb9c05aa076333a4968f3dee30b825dabf9

HTTP Headers

GET /s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://maavhkpo.elementor.cloud
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17368
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:56:12 GMT
expires: Fri, 02 May 2025 01:56:12 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 491121
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

142.250.74.67

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://maavhkpo.elementor.cloud
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:55:00 GMT
expires: Fri, 02 May 2025 01:55:00 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 491193
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/altair_admin_common.min.js

162.159.138.9

200 OK

6.7 kB

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/altair_admin_common.min.js
IP
162.159.138.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
JavaScript source, ASCII text, with very long lines (23095), with no line terminators
Size
6.7 kB (6683 bytes)
Hash
834d2ecce9a8cc7dba36d273de52b28a
a605a1843810a676f6018c8a0072de08b05b7ef5
523eb9b6af99c2488af8dcd1a5cd648902c24b4981195b0d0b9f3cdaa2fd3b7f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/altair_admin_common.min.js HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 18:21:32 GMT
content-type: application/javascript
cf-ray: 88033af8198856c5-OSL
cf-cache-status: HIT
cache-control: max-age=315360000
etag: W/"62e87fbc-5a37"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 02 Aug 2022 01:37:00 GMT
vary: Accept-Encoding
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=n7X.Y0YDWoFDXOlKxFJaoiKLUkqp7NBq1Zzetxua4C8-1715106092-1.0.1.1-4h3MhZSYD2ud3zcsYOxhMiNeLsvE9grLrSUJRfXSIK8PTK_mJLXlYiqQTPbh7nn6h5rKybl552SI_bIGSF.i3g; path=/; expires=Tue, 07-May-24 18:51:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=HJ2an696ON3yA4zqNt43QZMCZxqNY31Sz7xnHGdb35w-1715106092899-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400

maavhkpo.elementor.cloud/cdn-cgi/rum?

162.159.138.9

204 No Content

0 B

URL POST HTTP/3
maavhkpo.elementor.cloud/cdn-cgi/rum?
IP
162.159.138.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 660
Origin: https://maavhkpo.elementor.cloud
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/3 204 No Content
date: Tue, 07 May 2024 18:21:56 GMT
access-control-allow-origin: https://maavhkpo.elementor.cloud
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 88033b8c2c7756c5-OSL
x-frame-options: DENY
x-content-type-options: nosniff

maavhkpo.elementor.cloud/cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js

162.159.138.9

200 OK

7.9 kB

URL GET HTTP/3
maavhkpo.elementor.cloud/cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js
IP
162.159.138.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
JavaScript source, ASCII text, with very long lines (7874), with no line terminators
Size
7.9 kB (7874 bytes)
Hash
9ab60498d794b214d59fc4bfa2d80e53
ff45c690bfb42d3c5f9e85e657c4197bfb12f15f
56fa19088107e267072ffefeb22d13188b0213424ff666245199a4913f32e91c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 18:21:33 GMT
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
cache-control: max-age=14400, public
set-cookie: __cf_bm=xP5Q.wpuuwBwbW9H_vwX_0KshO0shZh_n7Tr_FW_lVY-1715106093-1.0.1.1-vhn8xs92P9.LbCjGkpxfGabOVCEBrvh.m.Kk9xcU9bbQ1Qf6xOKyBWep_.zxPbw7DP.XzHLp8rsJtsxpryYPJw; path=/; expires=Tue, 07-May-24 18:51:33 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
x-powered-by: Elementor Cloud
server: cloudflare
cf-ray: 88033afd9d1556c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/login_page.min.css

162.159.138.9

200 OK

78 kB

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/login_page.min.css
IP
162.159.138.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
ASCII text, with very long lines (64986), with CRLF line terminators
Size
78 kB (77912 bytes)
Hash
ec69e730972214d8bb0fe2a89600ce06
194d53b7d335621ac70cf31a95315acce389053a
72120a1c75da07babdbacd3c005cb6a04149efd51c68383ae5c26a925afc189a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/login_page.min.css HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 18:21:32 GMT
content-type: text/css
cf-ray: 88033af7e91556c5-OSL
cf-cache-status: HIT
cache-control: max-age=315360000
etag: W/"62e87fc6-13058"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 02 Aug 2022 01:37:10 GMT
vary: Accept-Encoding
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=.m25n3UiPKq..72pE5Xd.S9H38_mcO5_qL6fdaq_eaI-1715106092-1.0.1.1-JilW.jJ4saCjZYD7ZYpG.fBk6uZLPsdn5vLBiNmJhuoOSluql95wS3a5FdHws.WnLXFF6T1RyL02Cp9WgthD7w; path=/; expires=Tue, 07-May-24 18:51:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=xnmf3Bqlh8gj51tbuBdS1uW_eFLOcvEq3OEaKBjy77Q-1715106092885-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/uikit_custom.min.js

162.159.138.9

200 OK

102 kB

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/uikit_custom.min.js
IP
162.159.138.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
JavaScript source, ASCII text, with very long lines (32010), with CRLF line terminators
Size
102 kB (101753 bytes)
Hash
660d070837ba7b53c5dcec99f7f94b9b
b6fae86591af6f1260f49f52b45256a824096351
bc865ff931d1d97a468a025905eed3bde7282bd45450abfb759da9ac3ae9546f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/uikit_custom.min.js HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 18:21:32 GMT
content-type: application/javascript
cf-ray: 88033af8097056c5-OSL
cf-cache-status: HIT
cache-control: max-age=315360000
etag: W/"62e87fd2-18d79"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 02 Aug 2022 01:37:22 GMT
vary: Accept-Encoding
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=UCMg7zQ16HrkcJ0gU1rNYz5vWls4piuOnb.B_vs90Tc-1715106092-1.0.1.1-O7V3a_CugiqYlp7ZuEvpR0lDKekPoyUMR8d7O_NiqwrDVV803tHtAiFpZ1GL9fYONFfJlXe_OreDc72kwUaSuQ; path=/; expires=Tue, 07-May-24 18:51:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=cbCA0mOGbQL0zhWbgIWJzCZqFFBUd98AQheCN83Speo-1715106092923-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/files/fonts/Delivery_W_Rg.woff

162.159.138.9

404 Not Found

146 B

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/files/fonts/Delivery_W_Rg.woff
IP
162.159.138.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
HTML document, ASCII text, with no line terminators
Size
146 B (146 bytes)
Hash
40b3fc14254227ec5012d996bf90c4e1
b0dd06eb5a779151151101337889ff09953f8ac0
740816c1b61e4a8443c26d30d3eecfea04815fca8cd605a142f9d8a35f86ceca

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/files/fonts/Delivery_W_Rg.woff HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/login_page.min.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Tue, 07 May 2024 18:21:33 GMT
content-type: text/html
cf-ray: 88033afbf9ad56c5-OSL
cf-cache-status: EXPIRED
vary: Accept-Encoding
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=l34f7zZrbJb2cgmCckrabIrAvgptafCYK8U_p1vlbMw-1715106093-1.0.1.1-pilMgEWwQ5WLbwlFIFeRn2UBORylOTRpdZmsaNuWqPOy1PEFHiR7AbK.DY7LASNl1A__6jmaGoNs4_v1WY0adg; path=/; expires=Tue, 07-May-24 18:51:33 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=7vcGvfUwJh49jar3pWKGjndjFnTPH_yMCaAKFsDOrBU-1715106093547-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400

maavhkpo.elementor.cloud/cdn-cgi/challenge-platform/h/b/jsd/r/88033af4fbedb4ff

162.159.138.9

200 OK

0 B

URL POST HTTP/3
maavhkpo.elementor.cloud/cdn-cgi/challenge-platform/h/b/jsd/r/88033af4fbedb4ff
IP
162.159.138.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/jsd/r/88033af4fbedb4ff HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12241
Origin: https://maavhkpo.elementor.cloud
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 18:21:33 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
set-cookie: cf_clearance=qMDYlylTYoYM0Qo.TTtomMSK7csDixO7Yo8I.LBFhU8-1715106093-1.0.1.1-1i4I8VCsb0qqf.UpGwM1KjzKWA5kWKT.aQiBriTgWSFHXS00CUAym9Efi0PWMS27zUsTHJDA7N1nprblKlhJ2w; path=/; expires=Wed, 07-May-25 18:21:33 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
__cf_bm=49luXTwhWUpUMf_Go1DtCJgAP672e8Z5Vfm8zy619FA-1715106093-1.0.1.1-1zJyqkS23IPRv0FF7hBE1FFLZJm5rTn1ytPaVFtyInCfBnOOLtXXuC8LIDlKhusQCb_L28YaDqu6MCzLTCNtqw; path=/; expires=Tue, 07-May-24 18:51:33 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
x-powered-by: Elementor Cloud
server: cloudflare
cf-ray: 88033afebf3756c5-OSL
alt-svc: h3=":443"; ma=86400

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/common.min.js

162.159.138.9

200 OK

261 kB

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/common.min.js
IP
162.159.138.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type

Size
261 kB (260968 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/common.min.js HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 18:21:32 GMT
content-type: application/javascript
cf-ray: 88033af8096656c5-OSL
cf-cache-status: HIT
cache-control: max-age=315360000
etag: W/"62e87fbf-3fb68"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 02 Aug 2022 01:37:03 GMT
vary: Accept-Encoding
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=iXUL032V1PP0whfAXnL_h5sSaBLQR5NF5isNfMCzOb4-1715106092-1.0.1.1-X0LS.HJNwBmkI_pY.itJO1xs4W7BzaLEOOSEhNnTNpRUITKBGDsHP2.Q9ectda2bnp.36YG8sRLwldtZT2qsAw; path=/; expires=Tue, 07-May-24 18:51:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=rJeqmRqWKNa60FGu17ykepfuS243omxD_yyF.2QeQFM-1715106092888-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/uikit.almost-flat.min.css

162.159.138.9

200 OK

99 kB

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/uikit.almost-flat.min.css
IP
162.159.138.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
ASCII text, with very long lines (64954), with CRLF line terminators
Size
99 kB (98968 bytes)
Hash
210251cccee53e864a29e22fb6bd2348
2d34ea62055808d9e1e6ecfcc99f8b542ef2270b
e3ba7ab57a9c17c5dfaaa6f225c880dd6807fae54ecc3699209c553aaaa5c3cb

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/uikit.almost-flat.min.css HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 18:21:32 GMT
content-type: text/css
cf-ray: 88033af7e90956c5-OSL
cf-cache-status: HIT
cache-control: max-age=315360000
etag: W/"62e87fd1-18298"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 02 Aug 2022 01:37:21 GMT
vary: Accept-Encoding
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=xapmJOQ_rrcQfDU5RnMHH3gPiMWaT7XbFCo_g68iFI0-1715106092-1.0.1.1-Dhx9KN9CpsuiA8kwWvsA6yKBbj02Ai2fILPyEpvhUh.0XpajBKhZslsVXSB5z53_x4.IB7kaB0GPwAF3e.3eCA; path=/; expires=Tue, 07-May-24 18:51:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=FWAanijb2w77KS2nc1fJNptTWXZIOQDTE0Nzhv6fN.0-1715106092893-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/raleway/v34/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvoorCIPrE.woff2

142.250.74.67

200 OK

22 kB

URL GET HTTP/2
fonts.gstatic.com/s/raleway/v34/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvoorCIPrE.woff2
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 22076, version 1.0
Size
22 kB (22076 bytes)
Hash
6945abf9da6b789c96b2015ef4868409
bfca3e7cfe2140b03557ce2bf0d26eb3ee488611
9f0210608086c584f54e8716f5900cfe6863365f68309509e46aba09e1c4f4f5

HTTP Headers

GET /s/raleway/v34/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvoorCIPrE.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://maavhkpo.elementor.cloud
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22076
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 15:13:10 GMT
expires: Fri, 02 May 2025 15:13:10 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 01 May 2024 20:31:54 GMT
content-type: font/woff2
age: 443303
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Source+Code+Pro:400,700%7CRoboto:400,300,500,700,400italic&subset=latin,latin

142.250.74.106

200 OK

16 kB

URL GET HTTP/3
fonts.googleapis.com/css?family=Source+Code+Pro:400,700%7CRoboto:400,300,500,700,400italic&subset=latin,latin
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text
Size
16 kB (15631 bytes)
Hash
7c3d917910272ad4e7308a436970c945
e7696b7a5754c95ea3ccbb37a31a95d3dbfbc6fd
88b66baa76378b37c01ef37a976ff510154916c54746a31d3a2b9cac8ba1b969

HTTP Headers

GET /css?family=Source+Code+Pro:400,700%7CRoboto:400,300,500,700,400italic&subset=latin,latin HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 07 May 2024 18:21:33 GMT
date: Tue, 07 May 2024 18:21:33 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html

162.159.138.9

200 OK

11 kB

URL User Request GET HTTP/2
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
IP
162.159.138.9:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
Generic INItialization configuration []
Size
11 kB (10924 bytes)
Hash
cc6bfc55c15a2aad48b3485830ffacf2
27c2b1bb93bca258d6fe036581b55687ae13f0fc
0e4b2eb5db07d48c9def6b0f4ee9d3eee33b67099aab7e15faab28445316a1c8

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	DHL Airways, Inc.
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 18:21:32 GMT
content-type: text/html
cf-ray: 88033af4fbedb4ff-OSL
cf-cache-status: DYNAMIC
last-modified: Thu, 04 Apr 2024 01:58:01 GMT
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
vary: Accept-Encoding
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=o_sMFRu7CvP4N7eDtgPoQZ5AqrQleY.raM_p9S6qT90-1715106092-1.0.1.1-6qxewPWW9ScGpZfnwsr0P6J1FVhdVdo5xBlWOTvBUrUlYs1nfu0iirvG_pGAFLFV6VBVi23jVmDgBiamyAWwvQ; path=/; expires=Tue, 07-May-24 18:51:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=6x1ul3TZty0OAmp7_OaBxpwCRj.ZuBlqi8E_ClESe04-1715106092452-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/files/fonts/Delivery_W_Rg.woff

162.159.138.9

404 Not Found

146 B

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/files/fonts/Delivery_W_Rg.woff
IP
162.159.138.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
HTML document, ASCII text, with no line terminators
Size
146 B (146 bytes)
Hash
40b3fc14254227ec5012d996bf90c4e1
b0dd06eb5a779151151101337889ff09953f8ac0
740816c1b61e4a8443c26d30d3eecfea04815fca8cd605a142f9d8a35f86ceca

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/files/fonts/Delivery_W_Rg.woff HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/uikit.almost-flat.min.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Tue, 07 May 2024 18:21:33 GMT
content-type: text/html
cf-ray: 88033afd9d1156c5-OSL
cf-cache-status: HIT
age: 0
vary: Accept-Encoding
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=TS8qqLYJ5WAu8n3UgNzQeMgVSG_Dy65Xn.4_5xjhaAo-1715106093-1.0.1.1-rO4B2jxTJ9LkcZITVVJOrFz3aPT.mBKX3NFhjrSBgDJpqa_x5LBYFEC78SgsLwUWYyGwdawpOVpVTxikS6NM4A; path=/; expires=Tue, 07-May-24 18:51:33 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=thNCdBn8AM_bAuBAu.OTwxJB5lJUxAt9.LkG_6jLxIk-1715106093735-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/dhl.gif

162.159.138.9

200 OK

668 B

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/dhl.gif
IP
162.159.138.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
RIFF (little-endian) data, Web/P image
Size
668 B (668 bytes)
Hash
ecf736e1c8097731a599315d08170c97
f320e221ee99df0a6136f12c089160b683f0a0ac
8069e4836476472d221442ba47c27308f2a51334bf8ed860197d0ef73e12639e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/dhl.gif HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 18:21:33 GMT
content-type: image/webp
content-length: 668
cf-ray: 88033afe0dcb56c5-OSL
cf-cache-status: HIT
accept-ranges: bytes
cache-control: max-age=315360000
content-disposition: inline; filename="dhl.webp"
etag: "62e87fc1-52f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 02 Aug 2022 01:37:05 GMT
vary: Accept, Accept-Encoding
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=gif, origSize=1327
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=mESPR5xuVD5.DwH0JLYH38sJV051hwAjW5n3bfM7MDs-1715106093-1.0.1.1-djznRwPENcpJPVAyFvWiwfyeYVFkX8vxXKcuWGt3k2cAYWLg8LKbJdQvZVsySxJ6gksVOgjeSqrODvpNV3LDiw; path=/; expires=Tue, 07-May-24 18:51:33 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=x7w50qe3ycLSQ1psIlu.evNVFoD5vdvR5a3u.h66m.w-1715106093841-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
alt-svc: h3=":443"; ma=86400

static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387

104.16.79.73

200 OK

19 kB

URL GET HTTP/2
static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387
IP
104.16.79.73:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerGoogle Trust Services LLC
Subjectcloudflareinsights.com
Fingerprint73:92:5A:16:97:55:FC:A5:32:7C:F3:9D:0C:84:EF:F3:2F:AA:B5:00
ValiditySun, 10 Mar 2024 02:33:42 GMT - Sat, 08 Jun 2024 02:33:41 GMT

File type
JavaScript source, ASCII text, with very long lines (19189), with no line terminators
Size
19 kB (19189 bytes)
Hash
4c980ee97cb5c001b4d19e2895fa5603
2c6fe998aa7486c4becd74cf253bdd82666a64c3
d2e817d2c44b9cf45f0e45cfa351abba3203af38f5aa1c8576a2db69ebd15192

HTTP Headers

GET /beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://maavhkpo.elementor.cloud
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 18:21:32 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.4.1"
last-modified: Mon, 06 May 2024 19:01:13 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 88033af84f84b509-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/uikit.almost-flat.min(1).css

162.159.138.9

200 OK

98 kB

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/uikit.almost-flat.min(1).css
IP
162.159.138.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
98 kB (98426 bytes)
Hash
a6b066a5cb340c5a56afee6b33458a95
9c8fa908ab972c5424de3c77687f41b5f6d7b4a5
d5ea466ccfa1e38f1ec26057d28eb1bbf1de7db4f9cecd7c559ca90333440383

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/uikit.almost-flat.min(1).css HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 18:21:32 GMT
content-type: text/css
cf-ray: 88033af7e90d56c5-OSL
cf-cache-status: HIT
cache-control: max-age=315360000
etag: W/"62e87fd0-180db"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 02 Aug 2022 01:37:20 GMT
vary: Accept-Encoding
cf-bgj: minify
cf-polished: origSize=98523
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=jJ8v038ucUX4b3KbbZeUNHivev7omjJR3g4Kupv56PY-1715106092-1.0.1.1-G75LFiXhxSBv6GOK9VXZCaOOrw5tG5FF6Vqzs9VrJXerW5wpJXUc7ZDgYfa1FSEkZByPdNCjId2d5xAU1b.DTg; path=/; expires=Tue, 07-May-24 18:51:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=yMnwCp6jlDW7.dbNTZl497JRdfmVOzjyIpiWS.2fKcs-1715106092878-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/webfont.js

162.159.138.9

404 Not Found

146 B

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/webfont.js
IP
162.159.138.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
HTML document, ASCII text, with no line terminators
Size
146 B (146 bytes)
Hash
40b3fc14254227ec5012d996bf90c4e1
b0dd06eb5a779151151101337889ff09953f8ac0
740816c1b61e4a8443c26d30d3eecfea04815fca8cd605a142f9d8a35f86ceca

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/webfont.js HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Tue, 07 May 2024 18:21:32 GMT
content-type: text/html
cf-ray: 88033af7f93e56c5-OSL
cf-cache-status: EXPIRED
vary: Accept-Encoding
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=4JO9Vbun1O2LQG1lQAZLLvIHL6TQ_jRWu7a5TLAmUt8-1715106092-1.0.1.1-4_n4mEnMVvgBxzu7m123kkQPdPca6f85Ej2mSSBGZ4VRbRqDCOm.AQQ.8GTAkONWAb0V02sSCJ8DY6yx9_JAsQ; path=/; expires=Tue, 07-May-24 18:51:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=7pj5MvHUc_0iRVey7MRsmrDRXxR3ll7A2idUL1dQTRM-1715106092922-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/DHL2.jpg

162.159.138.9

200 OK

112 kB

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/DHL2.jpg
IP
162.159.138.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
JPEG image data, progressive, precision 8, 1596x1015, components 3
Size
112 kB (111679 bytes)
Hash
6275aedbfdf293c6484bd5666e80308f
301873f19c0723152004411e5f62fbc2a79415df
e23885c4e00866e945b70f7d10f69ed49c7aa345774e3530d855d860d7420419

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/DHL2.jpg HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/payment.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 18:21:33 GMT
content-type: image/jpeg
content-length: 111679
cf-ray: 88033afbe98256c5-OSL
cf-cache-status: HIT
accept-ranges: bytes
cache-control: max-age=315360000
etag: "62e87fc3-1dc54"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 02 Aug 2022 01:37:07 GMT
vary: Accept-Encoding
cf-bgj: imgq:100,h2pri
cf-polished: origSize=121940
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=8OTJTMEDaa51zo8yOUscPWFS2QnG6eqdunx8s_y1lNk-1715106093-1.0.1.1-jHI1FfAm7Xg6DdPzxm078VwEfRqeEYdsQ1QsW.z3.WsTC3hcjGgPbTI1ymmneu4FR2KNuBkM8_OW44NTPOFntA; path=/; expires=Tue, 07-May-24 18:51:33 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=95QySS0CAc3G0FSyLv2GsylYaSydoXz._M8vZTHieA0-1715106093496-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML