Report - blog.playshifu.com/wp-content/app/tracking/cc.php

Report Overview

Visited public
2023-12-05 03:57:57
Tags
dhl logistics phishing
URL
blog.playshifu.com/wp-content/app/tracking/cc.php
Finishing URL
blog.playshifu.com/wp-content/app/tracking/cc.php
IP / ASN
65.2.181.228
#16509 AMAZON-02
Title
Verification | DHL
Phishing - DHL

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
blog.playshifu.com	unknown	2016-05-07	2019-07-13 02:07:50	2023-10-24 12:01:03	8.5 kB	146 kB	65.2.181.228
cdn.lr-in.com	13237	2021-07-19	2021-07-19 16:36:56	2023-12-03 03:53:51	420 B	847 kB	104.21.234.144
dispatching-centre.lasamericascargo.com	unknown	2000-05-05	2022-04-06 21:56:33	2023-12-04 18:18:59	1.4 kB	0 B	0.0.0.0

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-10-24	medium	blog.playshifu.com/wp-content/app/tracking/cc.php	DHL Airways, Inc.

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	cdn.lr-in.com/logger-1.min.js	ScriptElement	846 kB	2023-12-05	2023-12-05
Pretty URL cdn.lr-in.com/logger-1.min.js IP 104.21.234.144 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-05 00:19 Last Seen2023-12-05 17:11 Times Seen15 Hash be415574a856fccce77a0105716c4682 6971ee2bf3d96c8965e9361339447325542b7f3c bcdc0d636aea1e1f941d9761c2b14f56c305a8423b7a344d9f183e83e180c386 Loading...

	blog.playshifu.com/wp-content/app/tracking/cc.php	ScriptElement	165 B	2023-03-07	2025-05-07
Pretty URL blog.playshifu.com/wp-content/app/tracking/cc.php IP 65.2.181.228 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:34 Last Seen2025-05-07 22:16 Times Seen590 Hash 430ecc2f3cf84cff47c449d145e6d4b0 9ea2d341b5ebc9668ad944047c439953d5928826 c27ea770946ea916def48e311fae08371c423fdd8486a2b7b7e0ca874613bb41 Loading...

	blog.playshifu.com/wp-content/app/tracking/cc.php	ScriptElement	221 B	2023-03-07	2025-05-07
Pretty URL blog.playshifu.com/wp-content/app/tracking/cc.php IP 65.2.181.228 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:34 Last Seen2025-05-07 22:16 Times Seen588 Hash a870e9d213023e1900b0c6fb46bdfa1f e82c3b3e3277d2db60522af0fc2eb9a1a3f342fa 5818cb1b843c3187db11715b9a3c015591aa4e106a89559689b8016a784a9bca Loading...

	blog.playshifu.com/wp-content/app/tracking/cc.php	ScriptElement	437 B	2023-03-07	2025-05-07
Pretty URL blog.playshifu.com/wp-content/app/tracking/cc.php IP 65.2.181.228 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:34 Last Seen2025-05-07 22:16 Times Seen588 Hash 81280e6be9081837195e24a7268f9138 35546d7f9c581846d7a215968de50e2aa70d778f 27da46f0dbe279737be8e490e90b3858972852d6a504ef1974c3e588996ab731 Loading...

HTTP Transactions (19)

URL IP Response Size

blog.playshifu.com/wp-content/app/tracking/cc.php

65.2.181.228

200 OK

11 kB

URL User Request GET HTTP/1.1
blog.playshifu.com/wp-content/app/tracking/cc.php
IP
65.2.181.228:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjectblog.playshifu.com
FingerprintE7:02:71:75:3F:F3:60:09:B1:CA:19:B0:4E:08:F5:4D:6F:E2:C9:8D
ValiditySat, 25 Nov 2023 05:23:56 GMT - Fri, 23 Feb 2024 05:23:55 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- assembler source text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (570), with CRLF line terminators
Size
11 kB (10661 bytes)
Hash
0c7ce5303c50ae97e638a0ab362bdc6a
cc5815014e1e65e9cdb4206866679a708b26b0b4
3ba9eabbf2e435e30704520a0eae9359f93e8158b7e4d378717a062b870608a5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
OpenPhish	phishing	DHL Airways, Inc.

HTTP Headers

GET /wp-content/app/tracking/cc.php HTTP/1.1
Host: blog.playshifu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 05 Dec 2023 03:57:39 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=nbh5f1udt3ae3anicc1oo54epf; path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10661
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

blog.playshifu.com/wp-content/app/tracking/assets/app.css

65.2.181.228

200 OK

57 kB

URL GET HTTP/1.1
blog.playshifu.com/wp-content/app/tracking/assets/app.css
IP
65.2.181.228:443
ASN
#16509 AMAZON-02

Requested by
https://blog.playshifu.com/wp-content/app/tracking/cc.php
Certificate
IssuerLet's Encrypt
Subjectblog.playshifu.com
FingerprintE7:02:71:75:3F:F3:60:09:B1:CA:19:B0:4E:08:F5:4D:6F:E2:C9:8D
ValiditySat, 25 Nov 2023 05:23:56 GMT - Fri, 23 Feb 2024 05:23:55 GMT

File type
ASCII text
Size
57 kB (56795 bytes)
Hash
b33e59c592eb453d12f6a53179d8ef19
5d1863f728b58d4456e1b1d824d98fe56810e69e
a0b9419777f544b665051cae80f11bf8ff9f925072a9f062a3d82c383e6cdfde

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /wp-content/app/tracking/assets/app.css HTTP/1.1
Host: blog.playshifu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blog.playshifu.com/wp-content/app/tracking/cc.php
Cookie: PHPSESSID=nbh5f1udt3ae3anicc1oo54epf
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 05 Dec 2023 03:57:40 GMT
Server: Apache
Last-Modified: Fri, 01 Sep 2023 02:38:12 GMT
ETag: "65545-604430d41cd00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 56795
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

blog.playshifu.com/wp-content/app/tracking/assets/logo.png

65.2.181.228

200 OK

2.0 kB

URL GET HTTP/1.1
blog.playshifu.com/wp-content/app/tracking/assets/logo.png
IP
65.2.181.228:443
ASN
#16509 AMAZON-02

Requested by
https://blog.playshifu.com/wp-content/app/tracking/cc.php
Certificate
IssuerLet's Encrypt
Subjectblog.playshifu.com
FingerprintE7:02:71:75:3F:F3:60:09:B1:CA:19:B0:4E:08:F5:4D:6F:E2:C9:8D
ValiditySat, 25 Nov 2023 05:23:56 GMT - Fri, 23 Feb 2024 05:23:55 GMT

File type
PNG image data, 214 x 20, 8-bit/color RGBA, non-interlaced\012- data
Size
2.0 kB (1998 bytes)
Hash
5d14ab93691604e826e1319d53599eb9
78724360e9d25da584445b851e37bca05abe6b85
3f0c62b5ccdcdbf3b3ae3885f1e6959e2d937eba9b29dea9a6bdb98788041756

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /wp-content/app/tracking/assets/logo.png HTTP/1.1
Host: blog.playshifu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blog.playshifu.com/wp-content/app/tracking/cc.php
Cookie: PHPSESSID=nbh5f1udt3ae3anicc1oo54epf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 05 Dec 2023 03:57:40 GMT
Server: Apache
Last-Modified: Fri, 01 Sep 2023 02:38:12 GMT
ETag: "7ce-604430d41cd00"
Accept-Ranges: bytes
Content-Length: 1998
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

blog.playshifu.com/wp-content/app/tracking/assets/col.png

65.2.181.228

200 OK

682 B

URL GET HTTP/1.1
blog.playshifu.com/wp-content/app/tracking/assets/col.png
IP
65.2.181.228:443
ASN
#16509 AMAZON-02

Requested by
https://blog.playshifu.com/wp-content/app/tracking/cc.php
Certificate
IssuerLet's Encrypt
Subjectblog.playshifu.com
FingerprintE7:02:71:75:3F:F3:60:09:B1:CA:19:B0:4E:08:F5:4D:6F:E2:C9:8D
ValiditySat, 25 Nov 2023 05:23:56 GMT - Fri, 23 Feb 2024 05:23:55 GMT

File type
PNG image data, 39 x 28, 8-bit/color RGBA, non-interlaced\012- data
Size
682 B (682 bytes)
Hash
f9f5c8ccd73adc2df4d9e3acb9e24f85
ae26c7c6a83b6446179383c3b109fbad8b92c034
381941fc8b5df86879d6e2fcf3392d281b796c33f430f045405a0e6af0e474b9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /wp-content/app/tracking/assets/col.png HTTP/1.1
Host: blog.playshifu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blog.playshifu.com/wp-content/app/tracking/cc.php
Cookie: PHPSESSID=nbh5f1udt3ae3anicc1oo54epf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 05 Dec 2023 03:57:40 GMT
Server: Apache
Last-Modified: Fri, 01 Sep 2023 02:38:12 GMT
ETag: "2aa-604430d41cd00"
Accept-Ranges: bytes
Content-Length: 682
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png

blog.playshifu.com/wp-content/app/tracking/assets/pak.png

65.2.181.228

200 OK

380 B

URL GET HTTP/1.1
blog.playshifu.com/wp-content/app/tracking/assets/pak.png
IP
65.2.181.228:443
ASN
#16509 AMAZON-02

Requested by
https://blog.playshifu.com/wp-content/app/tracking/cc.php
Certificate
IssuerLet's Encrypt
Subjectblog.playshifu.com
FingerprintE7:02:71:75:3F:F3:60:09:B1:CA:19:B0:4E:08:F5:4D:6F:E2:C9:8D
ValiditySat, 25 Nov 2023 05:23:56 GMT - Fri, 23 Feb 2024 05:23:55 GMT

File type
PNG image data, 32 x 27, 8-bit/color RGBA, non-interlaced\012- data
Size
380 B (380 bytes)
Hash
5c71f27c78f2fa4c03011a7c22b82496
686900b9ead294ff018699e3fa65c023e5b41de0
eb6ca62c1e5d64c52be3ffa63c298dcda2483c04c4b17d1bfe605d134e52f91b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /wp-content/app/tracking/assets/pak.png HTTP/1.1
Host: blog.playshifu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blog.playshifu.com/wp-content/app/tracking/cc.php
Cookie: PHPSESSID=nbh5f1udt3ae3anicc1oo54epf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 05 Dec 2023 03:57:40 GMT
Server: Apache
Last-Modified: Fri, 01 Sep 2023 02:38:12 GMT
ETag: "17c-604430d41cd00"
Accept-Ranges: bytes
Content-Length: 380
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png

blog.playshifu.com/wp-content/app/tracking/assets/clan.png

65.2.181.228

200 OK

475 B

URL GET HTTP/1.1
blog.playshifu.com/wp-content/app/tracking/assets/clan.png
IP
65.2.181.228:443
ASN
#16509 AMAZON-02

Requested by
https://blog.playshifu.com/wp-content/app/tracking/cc.php
Certificate
IssuerLet's Encrypt
Subjectblog.playshifu.com
FingerprintE7:02:71:75:3F:F3:60:09:B1:CA:19:B0:4E:08:F5:4D:6F:E2:C9:8D
ValiditySat, 25 Nov 2023 05:23:56 GMT - Fri, 23 Feb 2024 05:23:55 GMT

File type
PNG image data, 27 x 29, 8-bit/color RGBA, non-interlaced\012- data
Size
475 B (475 bytes)
Hash
e00004714ce72691e26f9b61c9810780
51385af6cb9a9d372c3151e67d331ddc1b92b3c4
b8b7e6c193f0b11bece8c12b305cbf15130bc99b32ae92426eb747a3da3264d6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /wp-content/app/tracking/assets/clan.png HTTP/1.1
Host: blog.playshifu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blog.playshifu.com/wp-content/app/tracking/cc.php
Cookie: PHPSESSID=nbh5f1udt3ae3anicc1oo54epf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 05 Dec 2023 03:57:40 GMT
Server: Apache
Last-Modified: Fri, 01 Sep 2023 02:38:12 GMT
ETag: "1db-604430d41cd00"
Accept-Ranges: bytes
Content-Length: 475
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png

blog.playshifu.com/js/app.js

65.2.181.228

404 Not Found

7.6 kB

URL GET HTTP/1.1
blog.playshifu.com/js/app.js
IP
65.2.181.228:443
ASN
#16509 AMAZON-02

Requested by
https://blog.playshifu.com/wp-content/app/tracking/cc.php
Certificate
IssuerLet's Encrypt
Subjectblog.playshifu.com
FingerprintE7:02:71:75:3F:F3:60:09:B1:CA:19:B0:4E:08:F5:4D:6F:E2:C9:8D
ValiditySat, 25 Nov 2023 05:23:56 GMT - Fri, 23 Feb 2024 05:23:55 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (854)
Size
7.6 kB (7565 bytes)
Hash
404d9b49cfac05f64b9dfeb11e546a42
5b3d7e55ac41d9900fe4ccffb497db102dc2edf6
50965d8872e211b4dce04af135ec7f294b9713f932bd67ddea3e9a03970bb929

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /js/app.js HTTP/1.1
Host: blog.playshifu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blog.playshifu.com/wp-content/app/tracking/cc.php
Cookie: PHPSESSID=nbh5f1udt3ae3anicc1oo54epf
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Tue, 05 Dec 2023 03:57:40 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

blog.playshifu.com/js/session-recorder.js

65.2.181.228

404 Not Found

7.6 kB

URL GET HTTP/1.1
blog.playshifu.com/js/session-recorder.js
IP
65.2.181.228:443
ASN
#16509 AMAZON-02

Requested by
https://blog.playshifu.com/wp-content/app/tracking/cc.php
Certificate
IssuerLet's Encrypt
Subjectblog.playshifu.com
FingerprintE7:02:71:75:3F:F3:60:09:B1:CA:19:B0:4E:08:F5:4D:6F:E2:C9:8D
ValiditySat, 25 Nov 2023 05:23:56 GMT - Fri, 23 Feb 2024 05:23:55 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (854)
Size
7.6 kB (7565 bytes)
Hash
404d9b49cfac05f64b9dfeb11e546a42
5b3d7e55ac41d9900fe4ccffb497db102dc2edf6
50965d8872e211b4dce04af135ec7f294b9713f932bd67ddea3e9a03970bb929

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /js/session-recorder.js HTTP/1.1
Host: blog.playshifu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blog.playshifu.com/wp-content/app/tracking/cc.php
Cookie: PHPSESSID=nbh5f1udt3ae3anicc1oo54epf
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Tue, 05 Dec 2023 03:57:40 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

blog.playshifu.com/wp-content/app/tracking/assets/alert.png

65.2.181.228

200 OK

469 B

URL GET HTTP/1.1
blog.playshifu.com/wp-content/app/tracking/assets/alert.png
IP
65.2.181.228:443
ASN
#16509 AMAZON-02

Requested by
https://blog.playshifu.com/wp-content/app/tracking/cc.php
Certificate
IssuerLet's Encrypt
Subjectblog.playshifu.com
FingerprintE7:02:71:75:3F:F3:60:09:B1:CA:19:B0:4E:08:F5:4D:6F:E2:C9:8D
ValiditySat, 25 Nov 2023 05:23:56 GMT - Fri, 23 Feb 2024 05:23:55 GMT

File type
PNG image data, 20 x 18, 8-bit/color RGBA, non-interlaced\012- data
Size
469 B (469 bytes)
Hash
16291265180a2dbcd246ada0b44ea35a
63eb909a37d9730a40955bebf35542cfc1a5ede9
b36e63b78f7ab077c9f74269deec4010ae803b687b27ca13e6aa58712520bb84

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /wp-content/app/tracking/assets/alert.png HTTP/1.1
Host: blog.playshifu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blog.playshifu.com/wp-content/app/tracking/cc.php
Cookie: PHPSESSID=nbh5f1udt3ae3anicc1oo54epf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 05 Dec 2023 03:57:40 GMT
Server: Apache
Last-Modified: Fri, 01 Sep 2023 02:38:12 GMT
ETag: "1d5-604430d41cd00"
Accept-Ranges: bytes
Content-Length: 469
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

blog.playshifu.com/fonts/vendor/@fontsource/roboto/files/roboto-latin-400-normal.woff2?4673b4537a84c7f7a130799aa6af329b

65.2.181.228

404 Not Found

7.6 kB

URL GET HTTP/1.1
blog.playshifu.com/fonts/vendor/@fontsource/roboto/files/roboto-latin-400-normal.woff2?4673b4537a84c7f7a130799aa6af329b
IP
65.2.181.228:443
ASN
#16509 AMAZON-02

Requested by
https://blog.playshifu.com/wp-content/app/tracking/cc.php
Certificate
IssuerLet's Encrypt
Subjectblog.playshifu.com
FingerprintE7:02:71:75:3F:F3:60:09:B1:CA:19:B0:4E:08:F5:4D:6F:E2:C9:8D
ValiditySat, 25 Nov 2023 05:23:56 GMT - Fri, 23 Feb 2024 05:23:55 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (854)
Size
7.6 kB (7565 bytes)
Hash
404d9b49cfac05f64b9dfeb11e546a42
5b3d7e55ac41d9900fe4ccffb497db102dc2edf6
50965d8872e211b4dce04af135ec7f294b9713f932bd67ddea3e9a03970bb929

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /fonts/vendor/@fontsource/roboto/files/roboto-latin-400-normal.woff2?4673b4537a84c7f7a130799aa6af329b HTTP/1.1
Host: blog.playshifu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://blog.playshifu.com/wp-content/app/tracking/assets/app.css
Cookie: PHPSESSID=nbh5f1udt3ae3anicc1oo54epf
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Tue, 05 Dec 2023 03:57:40 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

blog.playshifu.com/fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.woff2?1551f4f60c37af51121f106501f69b80

65.2.181.228

404 Not Found

7.6 kB

URL GET HTTP/1.1
blog.playshifu.com/fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.woff2?1551f4f60c37af51121f106501f69b80
IP
65.2.181.228:443
ASN
#16509 AMAZON-02

Requested by
https://blog.playshifu.com/wp-content/app/tracking/cc.php
Certificate
IssuerLet's Encrypt
Subjectblog.playshifu.com
FingerprintE7:02:71:75:3F:F3:60:09:B1:CA:19:B0:4E:08:F5:4D:6F:E2:C9:8D
ValiditySat, 25 Nov 2023 05:23:56 GMT - Fri, 23 Feb 2024 05:23:55 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (854)
Size
7.6 kB (7565 bytes)
Hash
404d9b49cfac05f64b9dfeb11e546a42
5b3d7e55ac41d9900fe4ccffb497db102dc2edf6
50965d8872e211b4dce04af135ec7f294b9713f932bd67ddea3e9a03970bb929

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.woff2?1551f4f60c37af51121f106501f69b80 HTTP/1.1
Host: blog.playshifu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://blog.playshifu.com/wp-content/app/tracking/assets/app.css
Cookie: PHPSESSID=nbh5f1udt3ae3anicc1oo54epf
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Tue, 05 Dec 2023 03:57:40 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

blog.playshifu.com/wp-content/app/tracking/assets/foo.png

65.2.181.228

200 OK

18 kB

URL GET HTTP/1.1
blog.playshifu.com/wp-content/app/tracking/assets/foo.png
IP
65.2.181.228:443
ASN
#16509 AMAZON-02

Requested by
https://blog.playshifu.com/wp-content/app/tracking/cc.php
Certificate
IssuerLet's Encrypt
Subjectblog.playshifu.com
FingerprintE7:02:71:75:3F:F3:60:09:B1:CA:19:B0:4E:08:F5:4D:6F:E2:C9:8D
ValiditySat, 25 Nov 2023 05:23:56 GMT - Fri, 23 Feb 2024 05:23:55 GMT

File type
PNG image data, 187 x 18, 8-bit/color RGBA, non-interlaced\012- data
Size
18 kB (17648 bytes)
Hash
f748283f1bdef35cbe2d225eccbe3895
c03c1864ca13cc124d7faf7d4bb11515fd40d814
cae9d5adf2b0220c74a93b644c26d53e27c3a87f9b5d3fe57d06442e808074a2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /wp-content/app/tracking/assets/foo.png HTTP/1.1
Host: blog.playshifu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blog.playshifu.com/wp-content/app/tracking/cc.php
Cookie: PHPSESSID=nbh5f1udt3ae3anicc1oo54epf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 05 Dec 2023 03:57:40 GMT
Server: Apache
Last-Modified: Fri, 01 Sep 2023 02:38:12 GMT
ETag: "44f0-604430d41cd00"
Accept-Ranges: bytes
Content-Length: 17648
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

blog.playshifu.com/fonts/vendor/@fontsource/roboto/files/roboto-all-400-normal.woff?376ea5d93f71583052f65de4e0c6a92c

65.2.181.228

404 Not Found

7.6 kB

URL GET HTTP/1.1
blog.playshifu.com/fonts/vendor/@fontsource/roboto/files/roboto-all-400-normal.woff?376ea5d93f71583052f65de4e0c6a92c
IP
65.2.181.228:443
ASN
#16509 AMAZON-02

Requested by
https://blog.playshifu.com/wp-content/app/tracking/cc.php
Certificate
IssuerLet's Encrypt
Subjectblog.playshifu.com
FingerprintE7:02:71:75:3F:F3:60:09:B1:CA:19:B0:4E:08:F5:4D:6F:E2:C9:8D
ValiditySat, 25 Nov 2023 05:23:56 GMT - Fri, 23 Feb 2024 05:23:55 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (854)
Size
7.6 kB (7565 bytes)
Hash
404d9b49cfac05f64b9dfeb11e546a42
5b3d7e55ac41d9900fe4ccffb497db102dc2edf6
50965d8872e211b4dce04af135ec7f294b9713f932bd67ddea3e9a03970bb929

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /fonts/vendor/@fontsource/roboto/files/roboto-all-400-normal.woff?376ea5d93f71583052f65de4e0c6a92c HTTP/1.1
Host: blog.playshifu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://blog.playshifu.com/wp-content/app/tracking/assets/app.css
Cookie: PHPSESSID=nbh5f1udt3ae3anicc1oo54epf
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Tue, 05 Dec 2023 03:57:41 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

blog.playshifu.com/fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.woff?eeccf4f66002c6f2ba24d3d22f2434c2

65.2.181.228

404 Not Found

7.6 kB

URL GET HTTP/1.1
blog.playshifu.com/fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.woff?eeccf4f66002c6f2ba24d3d22f2434c2
IP
65.2.181.228:443
ASN
#16509 AMAZON-02

Requested by
https://blog.playshifu.com/wp-content/app/tracking/cc.php
Certificate
IssuerLet's Encrypt
Subjectblog.playshifu.com
FingerprintE7:02:71:75:3F:F3:60:09:B1:CA:19:B0:4E:08:F5:4D:6F:E2:C9:8D
ValiditySat, 25 Nov 2023 05:23:56 GMT - Fri, 23 Feb 2024 05:23:55 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (854)
Size
7.6 kB (7565 bytes)
Hash
404d9b49cfac05f64b9dfeb11e546a42
5b3d7e55ac41d9900fe4ccffb497db102dc2edf6
50965d8872e211b4dce04af135ec7f294b9713f932bd67ddea3e9a03970bb929

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.woff?eeccf4f66002c6f2ba24d3d22f2434c2 HTTP/1.1
Host: blog.playshifu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://blog.playshifu.com/wp-content/app/tracking/assets/app.css
Cookie: PHPSESSID=nbh5f1udt3ae3anicc1oo54epf
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Tue, 05 Dec 2023 03:57:41 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

blog.playshifu.com/fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.ttf?be9ee23c0c6390141475d519c2c5fb8f

65.2.181.228

404 Not Found

7.6 kB

URL GET HTTP/1.1
blog.playshifu.com/fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.ttf?be9ee23c0c6390141475d519c2c5fb8f
IP
65.2.181.228:443
ASN
#16509 AMAZON-02

Requested by
https://blog.playshifu.com/wp-content/app/tracking/cc.php
Certificate
IssuerLet's Encrypt
Subjectblog.playshifu.com
FingerprintE7:02:71:75:3F:F3:60:09:B1:CA:19:B0:4E:08:F5:4D:6F:E2:C9:8D
ValiditySat, 25 Nov 2023 05:23:56 GMT - Fri, 23 Feb 2024 05:23:55 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (854)
Size
7.6 kB (7565 bytes)
Hash
404d9b49cfac05f64b9dfeb11e546a42
5b3d7e55ac41d9900fe4ccffb497db102dc2edf6
50965d8872e211b4dce04af135ec7f294b9713f932bd67ddea3e9a03970bb929

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.ttf?be9ee23c0c6390141475d519c2c5fb8f HTTP/1.1
Host: blog.playshifu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blog.playshifu.com/wp-content/app/tracking/assets/app.css
Cookie: PHPSESSID=nbh5f1udt3ae3anicc1oo54epf
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Tue, 05 Dec 2023 03:57:41 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

cdn.lr-in.com/logger-1.min.js

104.21.234.144

200 OK

846 kB

URL GET HTTP/2
cdn.lr-in.com/logger-1.min.js
IP
104.21.234.144:443
ASN
#13335 CLOUDFLARENET

Requested by
https://blog.playshifu.com/wp-content/app/tracking/cc.php
Certificate
IssuerLet's Encrypt
Subjectlr-in.com
Fingerprint06:C7:A4:83:83:3B:72:D9:6B:66:09:15:2F:3A:52:FD:1F:E4:05:24
ValiditySun, 12 Nov 2023 13:20:34 GMT - Sat, 10 Feb 2024 13:20:33 GMT

File type

Size
846 kB (846393 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /logger-1.min.js HTTP/1.1
Host: cdn.lr-in.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blog.playshifu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 03:57:40 GMT
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400
cross-origin-resource-policy: cross-origin
etag: W/"005d938d68d6486d3a3995d83dafb80b6f92d96ce6ccec75169b0f59a5359bdb"
last-modified: Mon, 04 Dec 2023 21:49:30 GMT
strict-transport-security: max-age=31556926
x-served-by: cache-hel1410034-HEL
x-cache: HIT
x-cache-hits: 1
x-timer: S1701726748.461860,VS0,VE39
vary: x-fh-requested-host, accept-encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 55
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9cwtEdPHHEMIUZd%2BO3eN7%2B2Y71PYTrdwgBdD4ItUoWcGKdVcHWH9NLAK4ZmQ2y3Cn9W5c4Z94IQiszhoIRl%2BEGS0exfAMdoL7FiI161iInUPm88Wlk60x6ksmBPEWK4c"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83095dc71b99d93f-HEL
content-encoding: br
X-Firefox-Spdy: h2

dispatching-centre.lasamericascargo.com/js/intlTelInput.js

0.0.0.0

0 B

URL GET
dispatching-centre.lasamericascargo.com/js/intlTelInput.js
IP
0.0.0.0:0
ASN
#0

Requested by
https://blog.playshifu.com/wp-content/app/tracking/cc.php

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /js/intlTelInput.js HTTP/1.1
Host: dispatching-centre.lasamericascargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blog.playshifu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

dispatching-centre.lasamericascargo.com/images/favicon.gif

0.0.0.0

0 B

URL GET
dispatching-centre.lasamericascargo.com/images/favicon.gif
IP
0.0.0.0:0
ASN
#0

Requested by
https://blog.playshifu.com/wp-content/app/tracking/cc.php

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /images/favicon.gif HTTP/1.1
Host: dispatching-centre.lasamericascargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blog.playshifu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

dispatching-centre.lasamericascargo.com/js/card.js

0.0.0.0

0 B

URL GET
dispatching-centre.lasamericascargo.com/js/card.js
IP
0.0.0.0:0
ASN
#0

Requested by
https://blog.playshifu.com/wp-content/app/tracking/cc.php

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /js/card.js HTTP/1.1
Host: dispatching-centre.lasamericascargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blog.playshifu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (19)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections