138.68.112.220200 OK 5.8 kB URL User Request GET HTTP/1.1 IP 138.68.112.220:80
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (6590)
Hash 92a1eccb81e607991b8f84b3ce3e716d
0a11b4ff803d0130860b4d5c72200a59aafe1052
9a7a6adb5b16ff6e4b6b885dc671c04699b3fb324edf6feb24eed733bfb65cfd
Analyzer Verdict Alert openphish Generic/Spear Phishing
NIDS Severity Alert suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
suricata low ETPRO INFO JavaScript Array Index Obfuscation Technique Inbound
GET / HTTP/1.1
Host: dry-van.surge.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Surge
Surge-Cache: HIT
Surge-Stamp: 14431::1682463756698-ed0114cab7116a1c79aa74aa2ecab8fd
Age: 152963
Date: Thu, 27 Apr 2023 17:35:57 GMT
Cache-Control: public, max-age=0, must-revalidate
ETag: "8086d5a6f4b53dae6d00d12a2d2a15f9ca429ccbfaeb2e93c18d497607e877e8"
Content-Type: text/html; charset=UTF-8
Accept-Ranges: bytes
Response-Time: 6ms
Vary: Accept-Encoding
Content-Encoding: gzip
Connection: close
Transfer-Encoding: chunked
code.jquery.com/jquery-2.2.4.min.js
69.16.175.10200 OK 30 kB URL GET HTTP/2 code.jquery.com/jquery-2.2.4.min.js
IP 69.16.175.10:443
Certificate IssuerSectigo Limited
Subject*.jquery.com
Fingerprint64:50:4C:BB:DF:F3:1D:70:CC:5D:9E:B7:BE:80:91:84:03:C1:D1:83
ValidityWed, 03 Aug 2022 00:00:00 GMT - Fri, 14 Jul 2023 23:59:59 GMT
File type ASCII text, with very long lines (32065)
Hash 82885772205f23cd59e25a221521b059
96ed36f45544295f28df1ab251e7e38faceeff0e
8e85465daae15b31a1837a4112cf920c1eeec7a5c189595651b3a53cb9b97215
GET /jquery-2.2.4.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://dry-van.surge.sh/
Origin: http://dry-van.surge.sh
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 27 Apr 2023 17:35:58 GMT
content-encoding: gzip
content-length: 29811
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-14e4a"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1682616958.dop218.sk1.t,1682616958.cds002.sk1.hn,1682616958.cds214.sk1.c
X-Firefox-Spdy: h2
ik.imagekit.io/escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif
54.230.111.31200 OK 50 kB URL GET HTTP/2 ik.imagekit.io/escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif
IP 54.230.111.31:443
Certificate IssuerAmazon
Subject*.imagekit.io
Fingerprint62:93:E0:7F:B7:9F:A0:1F:1C:3C:D4:BB:48:74:B3:97:72:56:4E:48
ValidityWed, 22 Feb 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT
File type GIF image data, version 89a, 200 x 200\012- data
Hash eb89117f70bfcaad4b1490afe0f98ba4
fb2c0d49ee3d77d37c2955c0a9415f1fc4ae36e0
5273bfc1cb927d24da663c10c9b4ac457f9c0486b8061b5ef896bc19b110a1b0
GET /escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif HTTP/1.1
Host: ik.imagekit.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://dry-van.surge.sh/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/gif
content-length: 50139
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-headers: *
timing-allow-origin: *
x-server: ImageKit.io
x-request-id: dba77fc3-8a1d-4ded-960f-dd95ec0906b7
cache-control: public, s-maxage=15552000, max-age=15552000, must-revalidate
etag: "eb89117f70bfcaad4b1490afe0f98ba4"
last-modified: Sun, 09 Apr 2023 11:22:50 GMT
date: Thu, 13 Apr 2023 14:09:22 GMT
via: 1.1 bf5c0a6262f04cc4b9a69ef8d737ea96.cloudfront.net (CloudFront), 1.1 3bff78035f818b6a3185b0f5f4586410.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: cUjrHcNMaeGNmcQujFRUX2IX_hUV-712SDcuO8lX2ULy4LDxC2rYaQ==
age: 1221996
X-Firefox-Spdy: h2
ocsp.r2m01.amazontrust.com/
54.230.80.227 471 B URL ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash 5d210b9f21840d78a00fa1d9114d33bc
262bf0b78337c7d37aa5521e82c1737fdc8c62f6
ece43143759b7445eed3f6a9eebbff30eb59e7e3d3fc1b521413aa44a108985e
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 27 Apr 2023 17:35:58 GMT
Last-Modified: Thu, 27 Apr 2023 15:57:32 GMT
Server: ECAcc (bsa/EB2E)
X-Cache: Miss from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: zwh52gzWYDpmbuTvP_ujNePNpgmI5gn6nDAOArCXJCEATPinNGU2EA==
Age: 5906
hirschtec.eu/wp-content/uploads/2020/11/hirschtec.eu-wr-strategie-und-softwareauswahl-sharepoint-logo.svg
116.203.103.166200 OK 3.0 kB URL GET HTTP/1.1 hirschtec.eu/wp-content/uploads/2020/11/hirschtec.eu-wr-strategie-und-softwareauswahl-sharepoint-logo.svg
IP 116.203.103.166:443
ASN #24940 Hetzner Online GmbH
Certificate IssuerSectigo Limited
Subjecthirschtec.eu
Fingerprint39:8A:5A:E4:29:70:68:AA:CC:F1:C4:5A:12:EF:83:A3:27:02:AD:AE
ValidityMon, 13 Jun 2022 00:00:00 GMT - Fri, 14 Jul 2023 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash fd1ba09374bfbeb111b540d8df485992
ebca76f4297a0d377908bfc3038c08ed2d11042a
5c498dc5c7e9f0656f3e7f5aa9b0a96c155eba1a144a070b9e16d7e8ce07838e
GET /wp-content/uploads/2020/11/hirschtec.eu-wr-strategie-und-softwareauswahl-sharepoint-logo.svg HTTP/1.1
Host: hirschtec.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://dry-van.surge.sh/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 27 Apr 2023 17:35:58 GMT
Content-Type: image/svg+xml
Last-Modified: Mon, 02 Nov 2020 14:18:44 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5fa01544-18af"
Expires: Fri, 26 Apr 2024 17:35:58 GMT
Cache-Control: max-age=31536000, public, no-transform
Access-Control-Allow-Origin: *
Content-Encoding: gzip
iili.io/HXdgJLb.png
104.21.235.69200 OK 265 kB IP 104.21.235.69:443
Certificate IssuerLet's Encrypt
Subjectiili.io
FingerprintAF:B1:95:48:65:2D:A0:AF:02:1E:10:43:BA:97:16:50:FB:3F:0E:29
ValidityThu, 13 Apr 2023 23:50:59 GMT - Wed, 12 Jul 2023 23:50:58 GMT
File type PNG image data, 1688 x 339, 8-bit/color RGBA, non-interlaced\012- data
Size 265 kB (264726 bytes)
Hash b5987653a5933bae17d17a88360e6fe8
34b95c8444c080f5e05efec73b110f6c4209258e
52ab52233350376bfbcb8a4321d42aa582eee8bd9fdcb99c17a31f150c93b693
GET /HXdgJLb.png HTTP/1.1
Host: iili.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://dry-van.surge.sh/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 27 Apr 2023 17:35:58 GMT
content-type: image/png
content-length: 264726
last-modified: Wed, 08 Mar 2023 12:39:35 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
cf-cache-status: HIT
age: 43523
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=okqQRh4ApcwRMCf0qzfaNXszY6Dpuph7HzEa7zIw8qqbB3Yb1CzznaniNm8hf6KWsAywPnpyxRDGN8xuHrsd%2BXv9hlzhQKai8S7vguH2%2Bo7I4t63O9%2BEA4H3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7be8d3352f8f8865-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.sokawakata.com/med/SPOLUEALF_prd_1280x720.jpg
34.149.36.179200 OK 67 kB URL GET HTTP/2 www.sokawakata.com/med/SPOLUEALF_prd_1280x720.jpg
IP 34.149.36.179:443
Certificate IssuerLet's Encrypt
Subject*.sokawakata.com
Fingerprint72:FB:EE:08:18:9F:65:93:DC:4D:C4:9F:9D:A3:92:CF:4A:61:50:1B
ValidityThu, 13 Apr 2023 02:01:12 GMT - Wed, 12 Jul 2023 02:01:11 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 299x299, segment length 16, baseline, precision 8, 1280x720, components 3\012- data
Hash 08fba91bf50226ac2dd9f67decbf9611
5ac769d1315a516e1a186eb85675627ee989e99f
edf6dfac3bcf654509ae67f618bc73f054d2d16e7e352063192ec9564b134b39
GET /med/SPOLUEALF_prd_1280x720.jpg HTTP/1.1
Host: www.sokawakata.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://dry-van.surge.sh/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 27 Apr 2023 17:35:58 GMT
content-type: image/jpeg
content-length: 67224
last-modified: Thu, 24 Feb 2022 18:24:40 GMT
etag: "10698-5d8c7b2050faa"
x-httpd-modphp: 1
x-cdn-c: static
x-sg-cdn: 1
x-proxy-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
accept-ranges: bytes
X-Firefox-Spdy: h2
logincdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
192.229.221.185200 OK 673 B URL GET HTTP/2 logincdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
IP 192.229.221.185:443
Certificate IssuerMicrosoft Corporation
Subjectidentitycdn.msauth.net
FingerprintEE:40:2D:5A:6D:D7:45:A2:7B:73:AC:5A:A3:0A:9C:D7:D5:BB:5A:E4
ValidityTue, 23 Aug 2022 22:36:46 GMT - Fri, 18 Aug 2023 22:36:46 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1864), with no line terminators
Hash 0e176276362b94279a4492511bfcbd98
389fe6b51f62254bb98939896b8c89ebeffe2a02
9a2c174ae45cac057822844211156a5ed293e65c5f69e1d211a7206472c5c80c
GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1
Host: logincdn.msftauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://dry-van.surge.sh/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 21918306
cache-control: public, max-age=31536000
content-md5: DhdidjYrlCeaRJJRG/y9mA==
content-type: image/svg+xml
date: Thu, 27 Apr 2023 17:35:58 GMT
etag: 0x8D7B00724D9E930
last-modified: Wed, 12 Feb 2020 22:01:42 GMT
server: ECAcc (ska/F795)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 2d047dc9-f01e-0051-3bd6-b16302000000
x-ms-version: 2009-09-19
content-length: 673
X-Firefox-Spdy: h2
fac.corp.fortinet.com/customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/
208.91.114.103200 OK 1.1 kB URL GET HTTP/1.1 fac.corp.fortinet.com/customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/
IP 208.91.114.103:443
Certificate IssuerDigiCert Inc
Subjectfac.corp.fortinet.com
Fingerprint4A:B3:F0:6D:9C:CE:91:84:53:8A:54:6B:E8:3D:79:B9:BA:91:D7:BF
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
File type PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced\012- data
Hash e27fe5fe535635717b432c5324ffb11f
605f5da6062b05844c7a979ebfcdd6244ebcd88e
3a0ba58278b6c2cd541d34a718480c79bd75441e94499280553b192559815db4
GET /customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/ HTTP/1.1
Host: fac.corp.fortinet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://dry-van.surge.sh/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 27 Apr 2023 17:35:58 GMT
Content-Length: 1050
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Language: en
Cache-Control: public, max-age=31536000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png