Report - package.dittugarments.com/public/RSm0FueqGgKG6kNX81tMzJLbO1P7fVmq

Report Overview

Visited public
2023-11-28 11:50:40
Tags
dhl logistics phishing suspicious
URL
package.dittugarments.com/public/RSm0FueqGgKG6kNX81tMzJLbO1P7fVmq
Finishing URL
package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
IP / ASN
167.114.30.172
#16276 OVH SAS
Title
Delivery
Phishing - DHL
Suspicious - Suspicious Javascript code

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2023-11-28 05:09:10	1.4 kB	2.2 kB	151.101.193.229
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2023-11-28 05:09:25	2.3 kB	720 kB	104.17.24.14
cdn.s-pass.org	unknown	2011-10-25	2022-06-08 13:11:38	2023-11-27 19:24:55	559 B	5.9 kB	104.26.10.170
ws-mt1.pusher.com	8253	1997-06-03	2018-09-20 13:30:02	2023-11-28 07:11:23	2.5 kB	1.1 kB	3.220.91.178
sockjs-mt1.pusher.com	21675	1997-06-03	2015-11-25 16:29:46	2023-11-27 18:10:26	1.3 kB	894 B	34.201.239.212
dispatching-centre.lasamericascargo.com	unknown	2000-05-05	2022-04-06 21:56:33	2023-11-27 08:02:40	473 B	0 B	0.0.0.0
package.dittugarments.com	unknown	2022-10-20	2023-11-21 10:22:39	2023-11-28 09:07:59	29 kB	3.3 MB	167.114.30.172
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2023-11-28 05:10:06	878 B	69 kB	151.101.66.137
cdn.lr-in.com	13237	2021-07-19	2021-07-19 16:36:56	2023-11-28 08:57:39	427 B	847 kB	104.21.234.145
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-11-28 07:52:06	489 B	9.7 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-28 11:50:28	medium	Client IP	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-11-23	medium	package.dittugarments.com/public/RSm0FueqGgKG6kNX81tMzJLbO1P7fVmq	DHL Airways, Inc.
2023-11-21	medium	package.dittugarments.com/public	DHL Airways, Inc.

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (13)

	URL	From	Size	First Seen	Last Seen
	package.dittugarments.com/public/dinzab/app.js	ScriptElement	920 kB	2023-03-08	2024-11-26
Pretty URL package.dittugarments.com/public/dinzab/app.js IP 167.114.30.172 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22 Last Seen2024-11-26 00:24 Times Seen3375 Hash 508afd6ff9ab52ce8f480d35568038d1 b5d9891100e0dce59cee59b75a098a1ae64c779b 8af18273c1833477cf810c4e3a76f483b6a6064571d25ea7742d8708378c8f09 Loading...

	package.dittugarments.com/public/dinzab/card.js	ScriptElement	59 kB	2023-03-07	2024-11-26
Pretty URL package.dittugarments.com/public/dinzab/card.js IP 167.114.30.172 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:24 Last Seen2024-11-26 00:24 Times Seen3420 Hash 30e93a747ba8285615cfbc3643dc1a62 3a55f9d6ac708f519d351ea0b69083457778ec9d 18c4b9b4c27233b541a47300a4ee98239e1f8dec4bbcd9fabb6bdad12ca82025 Loading...

	package.dittugarments.com/public/dinzab/intlTelInput.js	ScriptElement	89 kB	2023-03-08	2025-04-19
Pretty URL package.dittugarments.com/public/dinzab/intlTelInput.js IP 167.114.30.172 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22 Last Seen2025-04-19 03:06 Times Seen3650 Hash 9146aa46d1f409004183b86f202c4607 717a6d53527fe31ec1c4eef9022b06e5d4d6f6a5 b188900aaff98a87fc69519ab04437aa735708b4b92f2adcab6937d2a1d42e37 Loading...

	code.jquery.com/jquery-1.12.4.min.js	ScriptElement	97 kB	2023-03-07	2025-05-11
Pretty URL code.jquery.com/jquery-1.12.4.min.js IP 151.101.66.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 17:40 Times Seen29048 Hash 4f252523d4af0b478c810c2547a63e19 5a9dcfbef655a2668e78baebeaa8dc6f41d8dabb 668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404 Loading...

	cdnjs.cloudflare.com/ajax/libs/imask/3.4.0/imask.min.js	ScriptElement	46 kB	2023-03-07	2025-05-11
Pretty URL cdnjs.cloudflare.com/ajax/libs/imask/3.4.0/imask.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07 Last Seen2025-05-11 15:03 Times Seen3790 Hash 79c82646b886e08184f7b9fff25e64ff 804b4b0f8f3443ff05833e33fb5b76780ffafe25 8b76b3502583edddf22df0b9c6ee640053a2cdfeaa113ceff3ea9b61d1f6410d Loading...

	cdn.lr-in.com/logger-1.min.js	ScriptElement	846 kB	2023-11-28	2024-08-20
Pretty URL cdn.lr-in.com/logger-1.min.js IP 104.21.234.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-28 00:11 Last Seen2024-08-20 17:40 Times Seen168 Hash a461bcdb357c97b284f77637bbed3305 0b04b12bc7e5e0e87bf5c99808fae1cce8c1df55 c3e314716bf4c60fa9ceffc83f7437117390542adcf29b895d6603a8147f0205 Loading...

	cdnjs.cloudflare.com/ajax/libs/font-awesome/5.8.1/js/all.min.js	ScriptElement	1.1 MB	2023-03-07	2025-05-11
Pretty URL cdnjs.cloudflare.com/ajax/libs/font-awesome/5.8.1/js/all.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:50 Last Seen2025-05-11 17:58 Times Seen3419 Hash 61008443488f4e7f60d5a5055483187e b56375acc5e062f79280440459d0d7b0f10a290b 1d3f596f76f53d53ef7cb1ffeffd6f791b54bd639b42e4f23e7f2d7b36f91c48 Loading...

	package.dittugarments.com/public/dinzab/data.js	ScriptElement	12 kB	2023-03-08	2024-11-26
Pretty URL package.dittugarments.com/public/dinzab/data.js IP 167.114.30.172 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22 Last Seen2024-11-26 00:24 Times Seen3385 Hash a2b78e86240966cda00a463614e4f3dd a2606f30f77bb9f235746059db16b0ee8b585c31 55e47db856701715f613de8674bd0c67604cc304514b791bed402866d18c8557 Loading...

	package.dittugarments.com/public/dinzab/countrySelect.js	ScriptElement	37 kB	2023-03-08	2024-11-26
Pretty URL package.dittugarments.com/public/dinzab/countrySelect.js IP 167.114.30.172 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22 Last Seen2024-11-26 00:24 Times Seen3400 Hash ee3d5d4880b5dac09d9ca3c23cdd28da f95728f89723a079442d67ed6aa38abf8ecab4fd 657baddf2724ae4570fa40c00dddefa3379b5709ac06ceb536f6177a1bfc394f Loading...

	package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD	ScriptElement	248 B	2023-03-13	2024-11-26
Pretty URL package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD IP 167.114.30.172 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-13 17:37 Last Seen2024-11-26 00:24 Times Seen1294 Hash 4650ef73be9884bdea100c5f58eb3ce0 0604200a9b4548990be2b6bddd564b755f41853d ea625b24a834457af4291263a5886ef3b7967ddd661aa1b111aefe454a948ab8 Loading...

	package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD	ScriptElement	86 B	2024-08-20	2024-08-20
Pretty URL package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD IP 167.114.30.172 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 17:36 Last Seen2024-08-20 17:36 Times Seen1 Hash 67deaf36aca93589e005dc234c3b005e 95652cecab7aa0cb1d0e3930a7bbbc60197ad54f 098b760f3449e4317e18632459bf5e9667b4def193754f03b8e21aaaf444f90d Loading...

	package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD	ScriptElement	1.8 kB	2023-11-21	2024-08-20
Pretty URL package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD IP 167.114.30.172 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-21 18:36 Last Seen2024-08-20 18:26 Times Seen931 Hash 1cfd41806ce319f7e19ad8f976e039a0 5fe5871ed4c3dc818cc911fec6a8afd06fbc7931 7c6a0f51b17d5006f90db0c90713cb6a3ce661ee5ebe319b003fcdebf05a9b1b Loading...

	package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD	ScriptElement	866 B	2023-03-13	2024-08-21
Pretty URL package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD IP 167.114.30.172 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-13 17:37 Last Seen2024-08-21 03:49 Times Seen1266 Hash e1784cbe55975edfe3edc273d04e6427 8e4aeb9d5897da9a00f6c3d1b3020f0838bcdead 3af742559ea4b2e491eb2f5bbd4dea73e6f5e0676470eb72dfd1aa13abd134f8 Loading...

HTTP Transactions (44)

URL IP Response Size

package.dittugarments.com/public/RSm0FueqGgKG6kNX81tMzJLbO1P7fVmq

167.114.30.172

406 B

URL
package.dittugarments.com/public/RSm0FueqGgKG6kNX81tMzJLbO1P7fVmq
IP
167.114.30.172:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
406 B (406 bytes)
Hash
59f665f4e8b0de50ce9f4d3b3986738e
09472b45ea37760858f630988f50d69b1583f445
704abe42375f89894e44312a52e5172cdf8e94e26a4a3c6382de1844af07e366

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	DHL Airways, Inc.

HTTP Headers

GET /public/RSm0FueqGgKG6kNX81tMzJLbO1P7fVmq HTTP/1.1
Host: package.dittugarments.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Tue, 28 Nov 2023 11:50:19 GMT
Server: Apache
Cache-Control: no-cache, private
Set-Cookie: XSRF-TOKEN=eyJpdiI6Ilc5MjBnSW1RRkovWFo2cHN2TTB3Y3c9PSIsInZhbHVlIjoiUEh1ZytKK1V4eGcxVFd2VmRmRFhaRkpNRTRXZ0pBVlhhRndURVJ2c0xwK3FGK0gyWlJqTXJjaFBNTXdqanlOdDY5RGNUT3QySnNoMHQ1VitMcWYyZ3cvbW91TTFlNTNrOFhXbHk4NTNTNGszRE0zNWFHZWxIeVhLREp2MGRUQ08iLCJtYWMiOiJlZDdkZmM3YjM5OTY4NDk0NjY4ZDE1YWM2OTNjMDM0MDVjMzEzZDgyMWNjZWQ4YzJkYzU0YzMyZDY5MGIwNzIyIiwidGFnIjoiIn0%3D; expires=Tue, 28-Nov-2023 13:50:19 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6IjRud09HRGtRRU1tYjkrZ1RDQ3JvL0E9PSIsInZhbHVlIjoiV25ybDY3ZFlJRml3akNqWmFKTW5jeHFhQ2JFUFl6R25paW9pQjRRSUNnL3o2eVJHblQ3S1BHcHcwQVpQcFNJYmhMM081Q3h0b0JGZlVYY3dJRGxHTWpYd1hoNVk2UmVFc0tHcEsyUnFDZmRrOWxzUGttUlBXUkk4VHpIZzBjOHAiLCJtYWMiOiIyNjVkZGZhMmRmNDhhYWZiZTNlZGNhM2VkMTM0ZmI2NDYwNmVkN2UxN2Q3Y2JjZGUzN2Q4Y2RkYjMyMGYyYzM5IiwidGFnIjoiIn0%3D; expires=Tue, 28-Nov-2023 13:50:19 GMT; Max-Age=7200; path=/; httponly; samesite=lax
Location: https://package.dittugarments.com/public
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

package.dittugarments.com/public

167.114.30.172

249 B

URL
package.dittugarments.com/public
IP
167.114.30.172:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
249 B (249 bytes)
Hash
a8e11bccdd02a57c9f088693a6595edb
2e29945d816bf9d4d8f244a8e60f671410098d1d
3fd5f6483304c2d479276375ef9ad5d751348bfdb8e188f304b7c79c53388c43

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	DHL Airways, Inc.

HTTP Headers

GET /public HTTP/1.1
Host: package.dittugarments.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ilc5MjBnSW1RRkovWFo2cHN2TTB3Y3c9PSIsInZhbHVlIjoiUEh1ZytKK1V4eGcxVFd2VmRmRFhaRkpNRTRXZ0pBVlhhRndURVJ2c0xwK3FGK0gyWlJqTXJjaFBNTXdqanlOdDY5RGNUT3QySnNoMHQ1VitMcWYyZ3cvbW91TTFlNTNrOFhXbHk4NTNTNGszRE0zNWFHZWxIeVhLREp2MGRUQ08iLCJtYWMiOiJlZDdkZmM3YjM5OTY4NDk0NjY4ZDE1YWM2OTNjMDM0MDVjMzEzZDgyMWNjZWQ4YzJkYzU0YzMyZDY5MGIwNzIyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRud09HRGtRRU1tYjkrZ1RDQ3JvL0E9PSIsInZhbHVlIjoiV25ybDY3ZFlJRml3akNqWmFKTW5jeHFhQ2JFUFl6R25paW9pQjRRSUNnL3o2eVJHblQ3S1BHcHcwQVpQcFNJYmhMM081Q3h0b0JGZlVYY3dJRGxHTWpYd1hoNVk2UmVFc0tHcEsyUnFDZmRrOWxzUGttUlBXUkk4VHpIZzBjOHAiLCJtYWMiOiIyNjVkZGZhMmRmNDhhYWZiZTNlZGNhM2VkMTM0ZmI2NDYwNmVkN2UxN2Q3Y2JjZGUzN2Q4Y2RkYjMyMGYyYzM5IiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Tue, 28 Nov 2023 11:50:19 GMT
Server: Apache
Location: https://package.dittugarments.com/public/
Content-Length: 249
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

package.dittugarments.com/public/

167.114.30.172

544 B

URL
package.dittugarments.com/public/
IP
167.114.30.172:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text
Size
544 B (544 bytes)
Hash
318a039bb975612de6f98410c77ff6a6
0ef0ac64fb5acb935780eb45c3757037e6d71c0e
0c80b0f5da6e834974e1f3c1d4d58466651ff8b1920265bd040b6b49ea34ba74

HTTP Headers

GET /public/ HTTP/1.1
Host: package.dittugarments.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ilc5MjBnSW1RRkovWFo2cHN2TTB3Y3c9PSIsInZhbHVlIjoiUEh1ZytKK1V4eGcxVFd2VmRmRFhaRkpNRTRXZ0pBVlhhRndURVJ2c0xwK3FGK0gyWlJqTXJjaFBNTXdqanlOdDY5RGNUT3QySnNoMHQ1VitMcWYyZ3cvbW91TTFlNTNrOFhXbHk4NTNTNGszRE0zNWFHZWxIeVhLREp2MGRUQ08iLCJtYWMiOiJlZDdkZmM3YjM5OTY4NDk0NjY4ZDE1YWM2OTNjMDM0MDVjMzEzZDgyMWNjZWQ4YzJkYzU0YzMyZDY5MGIwNzIyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRud09HRGtRRU1tYjkrZ1RDQ3JvL0E9PSIsInZhbHVlIjoiV25ybDY3ZFlJRml3akNqWmFKTW5jeHFhQ2JFUFl6R25paW9pQjRRSUNnL3o2eVJHblQ3S1BHcHcwQVpQcFNJYmhMM081Q3h0b0JGZlVYY3dJRGxHTWpYd1hoNVk2UmVFc0tHcEsyUnFDZmRrOWxzUGttUlBXUkk4VHpIZzBjOHAiLCJtYWMiOiIyNjVkZGZhMmRmNDhhYWZiZTNlZGNhM2VkMTM0ZmI2NDYwNmVkN2UxN2Q3Y2JjZGUzN2Q4Y2RkYjMyMGYyYzM5IiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 28 Nov 2023 11:50:21 GMT
Server: Apache
Cache-Control: no-cache, private
Set-Cookie: XSRF-TOKEN=eyJpdiI6InNuOTQ3UUZNUmVXdFlaZG9hd3FJcGc9PSIsInZhbHVlIjoidXpBN2kzWkYwYklYbzNUSERQSk5sS3ZYblFpamJpVHIzM0phYkJjaWlybGV5VU1tK3NlWTVqSVdDY2ZzakVZWE5oaS9FQVFKeFpwa21DNWJ0emN2Z0pqakVjcXF3NWtRQUx0Yk5PckxtSDFLcHZ4V2UycU9FK0ZwZXJKRmdVK2IiLCJtYWMiOiIyZjFlYzU0OGZkZjdhMTE0MGFiY2ZhOTBkNTlmMDI3M2NkZDM3NzYwYzljM2E4MTk0MzZlZDlmMGY1MjEyMzc4IiwidGFnIjoiIn0%3D; expires=Tue, 28-Nov-2023 13:50:21 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6IkZhK3ZUbXhsaUE1TmNtaFI5TU5FWUE9PSIsInZhbHVlIjoiODdHYTMrSTRPTkwvWjNhckU4bVcxSFR6cXEvZHlqN3lFbTRHSVNTSUVRdkdJZ2xGem8ybmJTSjRvLy9vU0VJOGdmVUJ0cjRCUklWTm1NUXhka3JsQVFaemtLU0tNV1pIc0tVdWEvK3Nzb1p6S0JiY2lMK0pvK3J2V3dIVmR1aTAiLCJtYWMiOiJlYTEyYTg2ZDhjYjEzZGFhZWZhNDhkNjNhMzU3YmQwODNhYjhlNGM4MGQ4ODU5YzNkMTk3ZWFkMWQ1OTM1ZjhlIiwidGFnIjoiIn0%3D; expires=Tue, 28-Nov-2023 13:50:21 GMT; Max-Age=7200; path=/; httponly; samesite=lax
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

cdn.jsdelivr.net/gh/killbot-org/Killbot-JS@latest/dist/main.min.js

151.101.193.229

404 Not Found

55 B

URL GET HTTP/3
cdn.jsdelivr.net/gh/killbot-org/Killbot-JS@latest/dist/main.min.js
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with no line terminators
Size
55 B (55 bytes)
Hash
2ccf42e1d8ce91dc28fc42053a58924f
66ec924f0d32dfb06bf0dda1133bd4b884b2d83d
51311bb7fe0896738e7bb28de627f8ad47495c61d8840e5921460123484560a5

HTTP Headers

GET /gh/killbot-org/Killbot-JS@latest/dist/main.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://package.dittugarments.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=600, s-maxage=600
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/plain; charset=utf-8
etag: W/"38-ZuySTw0y37Br8N2hEzvUuISy2D0"
content-encoding: br
accept-ranges: bytes
date: Tue, 28 Nov 2023 11:50:21 GMT
age: 459
x-served-by: cache-fra-etou8220062-FRA, cache-bma1642-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 55
X-Firefox-Spdy: h2

package.dittugarments.com/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD/

167.114.30.172

301 Moved Permanently

281 B

URL User Request GET HTTP/1.1
package.dittugarments.com/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD/
IP
167.114.30.172:443
ASN
#16276 OVH SAS

Certificate
IssuerLet's Encrypt
Subjectwww.parcel.dittugarments.com
Fingerprint47:76:07:51:B1:1D:92:BF:78:40:6A:2E:8E:28:9C:87:F7:89:13:56
ValidityMon, 20 Nov 2023 20:23:20 GMT - Sun, 18 Feb 2024 20:23:19 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
281 B (281 bytes)
Hash
9add3bebceaeec366f0b87e95dc51b18
62ac76533f2ca883296464049371db9fd741c23d
5e9e707ff24165fc46b95eb80bf4b59df81107abfe3716d7dd4934b0acf8753a

HTTP Headers

GET /4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD/ HTTP/1.1
Host: package.dittugarments.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://package.dittugarments.com/public/
Cookie: XSRF-TOKEN=eyJpdiI6InNuOTQ3UUZNUmVXdFlaZG9hd3FJcGc9PSIsInZhbHVlIjoidXpBN2kzWkYwYklYbzNUSERQSk5sS3ZYblFpamJpVHIzM0phYkJjaWlybGV5VU1tK3NlWTVqSVdDY2ZzakVZWE5oaS9FQVFKeFpwa21DNWJ0emN2Z0pqakVjcXF3NWtRQUx0Yk5PckxtSDFLcHZ4V2UycU9FK0ZwZXJKRmdVK2IiLCJtYWMiOiIyZjFlYzU0OGZkZjdhMTE0MGFiY2ZhOTBkNTlmMDI3M2NkZDM3NzYwYzljM2E4MTk0MzZlZDlmMGY1MjEyMzc4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkZhK3ZUbXhsaUE1TmNtaFI5TU5FWUE9PSIsInZhbHVlIjoiODdHYTMrSTRPTkwvWjNhckU4bVcxSFR6cXEvZHlqN3lFbTRHSVNTSUVRdkdJZ2xGem8ybmJTSjRvLy9vU0VJOGdmVUJ0cjRCUklWTm1NUXhka3JsQVFaemtLU0tNV1pIc0tVdWEvK3Nzb1p6S0JiY2lMK0pvK3J2V3dIVmR1aTAiLCJtYWMiOiJlYTEyYTg2ZDhjYjEzZGFhZWZhNDhkNjNhMzU3YmQwODNhYjhlNGM4MGQ4ODU5YzNkMTk3ZWFkMWQ1OTM1ZjhlIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Tue, 28 Nov 2023 11:50:21 GMT
Server: Apache
Location: https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Content-Length: 281
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

cdn.jsdelivr.net/gh/killbot-org/Killbot-JS@latest/dist/main.min.js

151.101.193.229

404 Not Found

55 B

URL GET HTTP/3
cdn.jsdelivr.net/gh/killbot-org/Killbot-JS@latest/dist/main.min.js
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with no line terminators
Size
55 B (55 bytes)
Hash
2ccf42e1d8ce91dc28fc42053a58924f
66ec924f0d32dfb06bf0dda1133bd4b884b2d83d
51311bb7fe0896738e7bb28de627f8ad47495c61d8840e5921460123484560a5

HTTP Headers

GET /gh/killbot-org/Killbot-JS@latest/dist/main.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://package.dittugarments.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
content-length: 55
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=600, s-maxage=600
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/plain; charset=utf-8
etag: W/"38-ZuySTw0y37Br8N2hEzvUuISy2D0"
content-encoding: br
accept-ranges: bytes
date: Tue, 28 Nov 2023 11:50:23 GMT
age: 462
x-served-by: cache-fra-etou8220062-FRA, cache-bma1679-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.css

104.17.24.14

200 OK

17 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.css
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65317)
Size
17 kB (17041 bytes)
Hash
6386fb409d4a2abc96eee7be8f6d4cc4
09102cfc60efb430a25ee97cee9a6a35df6dfc59
0df5a33710e433de1f5415b1d47e4130ca7466aee5b81955f1045c4844bbb3ed

HTTP Headers

GET /ajax/libs/font-awesome/6.1.1/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://package.dittugarments.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 28 Nov 2023 11:50:24 GMT
content-type: text/css; charset=utf-8
content-length: 17041
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "623a082a-4291"
last-modified: Tue, 22 Mar 2022 17:32:26 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 387019
expires: Sun, 17 Nov 2024 11:50:24 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YRSmhDpObkuiAP4QUKhzOwumJ8uFJ6%2FgdsbEuSnN0PVLYQNdJ00GwP6xNTA4%2FR4Axp9oaP%2BI1n%2BjYl0HBUiMCR1kv9m0AEn%2BRVYgnktV4ngMKd3%2BFLoiFRMcC%2FcUDcnMTDC%2FHmj%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 82d264a02978b523-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD

167.114.30.172

200 OK

22 kB

URL User Request GET HTTP/1.1
package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
IP
167.114.30.172:443
ASN
#16276 OVH SAS

Certificate
IssuerLet's Encrypt
Subjectwww.parcel.dittugarments.com
Fingerprint47:76:07:51:B1:1D:92:BF:78:40:6A:2E:8E:28:9C:87:F7:89:13:56
ValidityMon, 20 Nov 2023 20:23:20 GMT - Sun, 18 Feb 2024 20:23:19 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
22 kB (22341 bytes)
Hash
aaf8c23a92e634ff8b6fca0dcfa3aed7
7e41ef6f89aa4768da15593ca07ef8514e03384b
d2baee634a8e6f02455157a6678e4c4734699745681d9c279bd042c1df630691

HTTP Headers

GET /public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD HTTP/1.1
Host: package.dittugarments.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://package.dittugarments.com/public/
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6InNuOTQ3UUZNUmVXdFlaZG9hd3FJcGc9PSIsInZhbHVlIjoidXpBN2kzWkYwYklYbzNUSERQSk5sS3ZYblFpamJpVHIzM0phYkJjaWlybGV5VU1tK3NlWTVqSVdDY2ZzakVZWE5oaS9FQVFKeFpwa21DNWJ0emN2Z0pqakVjcXF3NWtRQUx0Yk5PckxtSDFLcHZ4V2UycU9FK0ZwZXJKRmdVK2IiLCJtYWMiOiIyZjFlYzU0OGZkZjdhMTE0MGFiY2ZhOTBkNTlmMDI3M2NkZDM3NzYwYzljM2E4MTk0MzZlZDlmMGY1MjEyMzc4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkZhK3ZUbXhsaUE1TmNtaFI5TU5FWUE9PSIsInZhbHVlIjoiODdHYTMrSTRPTkwvWjNhckU4bVcxSFR6cXEvZHlqN3lFbTRHSVNTSUVRdkdJZ2xGem8ybmJTSjRvLy9vU0VJOGdmVUJ0cjRCUklWTm1NUXhka3JsQVFaemtLU0tNV1pIc0tVdWEvK3Nzb1p6S0JiY2lMK0pvK3J2V3dIVmR1aTAiLCJtYWMiOiJlYTEyYTg2ZDhjYjEzZGFhZWZhNDhkNjNhMzU3YmQwODNhYjhlNGM4MGQ4ODU5YzNkMTk3ZWFkMWQ1OTM1ZjhlIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 28 Nov 2023 11:50:23 GMT
Server: Apache
Cache-Control: no-cache, private
Set-Cookie: XSRF-TOKEN=eyJpdiI6IldrZjNHa0RUTk1FNWM1ZWU4Mk5Uc2c9PSIsInZhbHVlIjoiWjVSaFAvMzhhdndYK05KclpnbTlJUFRoUzhFTHE1L2djMGhzNDlmWTVVTU1RaWJKOVBrdEtlR0lVbFQ2MUpmMHphNHFnMG4xeDFwMzI1ck1iYWlLMHhYZVNQVnN1M3hmSW9veGlZMTF3VlZyTnFudERvNE1MNUZpVjNkRWZpbkciLCJtYWMiOiJmMWM1ZmJjZjQxMzJkY2JlOWY3ZmI0ZDNhNjM5NjY1MzE0NTI5NjA4MjZiNmQ0ZTk1ZDc2MjJhZDljMDU5MzMzIiwidGFnIjoiIn0%3D; expires=Tue, 28-Nov-2023 13:50:23 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6IjJIQ29Vakt5RmJxeWpkcGZwUXRDYUE9PSIsInZhbHVlIjoiQkEzS3Uwd0hmSGNjY3R6TEE2MDJVeTA3RmtpWGpnSXdpZStqaDFUcDJTc1pPeGxlWGF3a2poby9kSHZzTGpiaUJ5UjdRV3cwQlYxUy9HOG92ZFZVUk1wUHpJS3FxR3VRQVBZeDg3Rm02dytOLzhWMnhLenBRTVdGQjgvdStDYTMiLCJtYWMiOiI5MTgwMjIyM2E0MTc0NTIyODlmMGQwOTNlOTg4N2IwOGE0MjczNTNkMTBjYWY0ODZlMzBhZTI3NDQzNjk5ZDVmIiwidGFnIjoiIn0%3D; expires=Tue, 28-Nov-2023 13:50:23 GMT; Max-Age=7200; path=/; httponly; samesite=lax
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

cdn.s-pass.org/SPASSDATA/media/cache/portail_vignette_xl/SPASSDATA/attachments/2022_02/17/114223-serencontrer-messages-solid.png

104.26.10.170

200 OK

5.0 kB

URL GET HTTP/2
cdn.s-pass.org/SPASSDATA/media/cache/portail_vignette_xl/SPASSDATA/attachments/2022_02/17/114223-serencontrer-messages-solid.png
IP
104.26.10.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Certificate
IssuerCloudflare, Inc.
Subjects-pass.org
Fingerprint66:7C:47:A7:D2:1D:EF:BF:C1:BB:CD:FD:25:D2:A3:44:EF:B6:EE:C9
ValidityThu, 07 Sep 2023 00:00:00 GMT - Fri, 06 Sep 2024 23:59:59 GMT

File type
PNG image data, 640 x 512, 8-bit colormap, non-interlaced\012- data
Size
5.0 kB (4984 bytes)
Hash
faa2a37bbdf6a4d7eb92f4df1396e1bc
b63e5a7323f771d2294a58b3251bb6036ae33fce
cff8856b01d09b6e68b3d6b75172ea259363b4268be55229a963e86edc77e627

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /SPASSDATA/media/cache/portail_vignette_xl/SPASSDATA/attachments/2022_02/17/114223-serencontrer-messages-solid.png HTTP/1.1
Host: cdn.s-pass.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://package.dittugarments.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 28 Nov 2023 11:50:24 GMT
content-type: image/png
content-length: 4984
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1313415
etag: "620e522e-140a87"
last-modified: Thu, 17 Feb 2022 13:48:30 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-xss-protection: 1; mode=block
cache-control: max-age=2678400
cf-cache-status: HIT
age: 520431
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a2OV8C1r%2BMp2pKclgh0l78SRX0RDd1lPnMJUf%2BQgJj%2Fwue%2FQZw6ljXfsRkkcd9Gd5iez0aFsyKxA3TuBZgSluDrmNDlDsybm2MYt%2F41XI%2FXzu6PAT9kCXSai6zmtV%2FSb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 82d264a0bc670b45-OSL
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/imask/3.4.0/imask.min.js

104.17.24.14

200 OK

11 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/imask/3.4.0/imask.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (45552)
Size
11 kB (10899 bytes)
Hash
79c82646b886e08184f7b9fff25e64ff
804b4b0f8f3443ff05833e33fb5b76780ffafe25
8b76b3502583edddf22df0b9c6ee640053a2cdfeaa113ceff3ea9b61d1f6410d

HTTP Headers

GET /ajax/libs/imask/3.4.0/imask.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://package.dittugarments.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 28 Nov 2023 11:50:24 GMT
content-type: application/javascript; charset=utf-8
content-length: 10899
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e9f-b217"
last-modified: Mon, 04 May 2020 16:11:11 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 459891
expires: Sun, 17 Nov 2024 11:50:24 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EfMsrvYoc0iBtZhIPAJQJhsjt0HKFeoCm2sxBoJ7xRAjCegdctu1RzdJfpVUK2ngdH2GmKQVSz8BCAO%2B%2B0RcTf1RUtzh4vIUsgeoMBandgyyP5JbXFG8TQXYGui9KZegvR6ELOwE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 82d264a0bdd15697-OSL
alt-svc: h3=":443"; ma=86400

cdnjs.cloudflare.com/ajax/libs/font-awesome/5.8.1/js/all.min.js

104.17.24.14

200 OK

338 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.8.1/js/all.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65351)
Size
338 kB (338270 bytes)
Hash
61008443488f4e7f60d5a5055483187e
b56375acc5e062f79280440459d0d7b0f10a290b
1d3f596f76f53d53ef7cb1ffeffd6f791b54bd639b42e4f23e7f2d7b36f91c48

HTTP Headers

GET /ajax/libs/font-awesome/5.8.1/js/all.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://package.dittugarments.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 28 Nov 2023 11:50:24 GMT
content-type: application/javascript; charset=utf-8
content-length: 338270
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e60-1125c9"
last-modified: Mon, 04 May 2020 16:10:08 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1792945
expires: Sun, 17 Nov 2024 11:50:24 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PLDm%2FckJYdNrrTiT5kTLgfXSXye1o4hIelyiyhVgBB7ukxN79eBCKGPA99yVIJfcut4zJzwJD9ppsGMJcBjQhFbqPnbM9WM1v9V3Jh7H5cMuiWTyBDK%2Fv5vtwJRQwSIizTyPRkET"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 82d264a0cdfe5697-OSL
alt-svc: h3=":443"; ma=86400

package.dittugarments.com/public/dinzab/newcc.css

167.114.30.172

200 OK

5.2 kB

URL GET HTTP/1.1
package.dittugarments.com/public/dinzab/newcc.css
IP
167.114.30.172:443
ASN
#16276 OVH SAS

Requested by
https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Certificate
IssuerLet's Encrypt
Subjectwww.parcel.dittugarments.com
Fingerprint47:76:07:51:B1:1D:92:BF:78:40:6A:2E:8E:28:9C:87:F7:89:13:56
ValidityMon, 20 Nov 2023 20:23:20 GMT - Sun, 18 Feb 2024 20:23:19 GMT

File type
ASCII text
Size
5.2 kB (5211 bytes)
Hash
a8802c7108e75bd512824b11af10a5e7
0af53e81447c67be4d787fea0f6ef8c82008e4ea
6c37a32274d58b55fc113546582236826b279eb6d667ecbf86e73823713da4f9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /public/dinzab/newcc.css HTTP/1.1
Host: package.dittugarments.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Cookie: XSRF-TOKEN=eyJpdiI6IldrZjNHa0RUTk1FNWM1ZWU4Mk5Uc2c9PSIsInZhbHVlIjoiWjVSaFAvMzhhdndYK05KclpnbTlJUFRoUzhFTHE1L2djMGhzNDlmWTVVTU1RaWJKOVBrdEtlR0lVbFQ2MUpmMHphNHFnMG4xeDFwMzI1ck1iYWlLMHhYZVNQVnN1M3hmSW9veGlZMTF3VlZyTnFudERvNE1MNUZpVjNkRWZpbkciLCJtYWMiOiJmMWM1ZmJjZjQxMzJkY2JlOWY3ZmI0ZDNhNjM5NjY1MzE0NTI5NjA4MjZiNmQ0ZTk1ZDc2MjJhZDljMDU5MzMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjJIQ29Vakt5RmJxeWpkcGZwUXRDYUE9PSIsInZhbHVlIjoiQkEzS3Uwd0hmSGNjY3R6TEE2MDJVeTA3RmtpWGpnSXdpZStqaDFUcDJTc1pPeGxlWGF3a2poby9kSHZzTGpiaUJ5UjdRV3cwQlYxUy9HOG92ZFZVUk1wUHpJS3FxR3VRQVBZeDg3Rm02dytOLzhWMnhLenBRTVdGQjgvdStDYTMiLCJtYWMiOiI5MTgwMjIyM2E0MTc0NTIyODlmMGQwOTNlOTg4N2IwOGE0MjczNTNkMTBjYWY0ODZlMzBhZTI3NDQzNjk5ZDVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 28 Nov 2023 11:50:24 GMT
Server: Apache
Last-Modified: Thu, 02 Jun 2022 12:41:52 GMT
Accept-Ranges: bytes
Content-Length: 5211
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/css

code.jquery.com/jquery-1.12.4.min.js

151.101.66.137

200 OK

34 kB

URL GET HTTP/2
code.jquery.com/jquery-1.12.4.min.js
IP
151.101.66.137:443
ASN
#54113 FASTLY

Requested by
https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (32077)
Size
34 kB (33738 bytes)
Hash
4f252523d4af0b478c810c2547a63e19
5a9dcfbef655a2668e78baebeaa8dc6f41d8dabb
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

HTTP Headers

GET /jquery-1.12.4.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://package.dittugarments.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-17b8b"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 28 Nov 2023 11:50:24 GMT
age: 6371618
x-served-by: cache-lga21956-LGA, cache-bma1652-BMA
x-cache: HIT, HIT
x-cache-hits: 232, 338311
x-timer: S1701172224.180920,VS0,VE0
vary: Accept-Encoding
content-length: 33738
X-Firefox-Spdy: h2

package.dittugarments.com/public/dinzab/data.js

167.114.30.172

200 OK

12 kB

URL GET HTTP/1.1
package.dittugarments.com/public/dinzab/data.js
IP
167.114.30.172:443
ASN
#16276 OVH SAS

Requested by
https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Certificate
IssuerLet's Encrypt
Subjectwww.parcel.dittugarments.com
Fingerprint47:76:07:51:B1:1D:92:BF:78:40:6A:2E:8E:28:9C:87:F7:89:13:56
ValidityMon, 20 Nov 2023 20:23:20 GMT - Sun, 18 Feb 2024 20:23:19 GMT

File type
Unicode text, UTF-8 text, with very long lines (9881)
Size
12 kB (12100 bytes)
Hash
a2b78e86240966cda00a463614e4f3dd
a2606f30f77bb9f235746059db16b0ee8b585c31
55e47db856701715f613de8674bd0c67604cc304514b791bed402866d18c8557

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /public/dinzab/data.js HTTP/1.1
Host: package.dittugarments.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Cookie: XSRF-TOKEN=eyJpdiI6IldrZjNHa0RUTk1FNWM1ZWU4Mk5Uc2c9PSIsInZhbHVlIjoiWjVSaFAvMzhhdndYK05KclpnbTlJUFRoUzhFTHE1L2djMGhzNDlmWTVVTU1RaWJKOVBrdEtlR0lVbFQ2MUpmMHphNHFnMG4xeDFwMzI1ck1iYWlLMHhYZVNQVnN1M3hmSW9veGlZMTF3VlZyTnFudERvNE1MNUZpVjNkRWZpbkciLCJtYWMiOiJmMWM1ZmJjZjQxMzJkY2JlOWY3ZmI0ZDNhNjM5NjY1MzE0NTI5NjA4MjZiNmQ0ZTk1ZDc2MjJhZDljMDU5MzMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjJIQ29Vakt5RmJxeWpkcGZwUXRDYUE9PSIsInZhbHVlIjoiQkEzS3Uwd0hmSGNjY3R6TEE2MDJVeTA3RmtpWGpnSXdpZStqaDFUcDJTc1pPeGxlWGF3a2poby9kSHZzTGpiaUJ5UjdRV3cwQlYxUy9HOG92ZFZVUk1wUHpJS3FxR3VRQVBZeDg3Rm02dytOLzhWMnhLenBRTVdGQjgvdStDYTMiLCJtYWMiOiI5MTgwMjIyM2E0MTc0NTIyODlmMGQwOTNlOTg4N2IwOGE0MjczNTNkMTBjYWY0ODZlMzBhZTI3NDQzNjk5ZDVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 28 Nov 2023 11:50:24 GMT
Server: Apache
Last-Modified: Tue, 31 May 2022 07:05:50 GMT
Accept-Ranges: bytes
Content-Length: 12100
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript

package.dittugarments.com/public/dinzab/mine.js

167.114.30.172

200 OK

1.6 kB

URL GET HTTP/1.1
package.dittugarments.com/public/dinzab/mine.js
IP
167.114.30.172:443
ASN
#16276 OVH SAS

Requested by
https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Certificate
IssuerLet's Encrypt
Subjectwww.parcel.dittugarments.com
Fingerprint47:76:07:51:B1:1D:92:BF:78:40:6A:2E:8E:28:9C:87:F7:89:13:56
ValidityMon, 20 Nov 2023 20:23:20 GMT - Sun, 18 Feb 2024 20:23:19 GMT

File type
Unicode text, UTF-8 text
Size
1.6 kB (1604 bytes)
Hash
f11ee1ccf373dd137b7ad18e4ee2f69e
26baf7db3e340be99ece82b37d294b80c373fd12
71b8a934f8936288d42fe9fd426ff18cbc1fe54070617fd62420025da56b662e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /public/dinzab/mine.js HTTP/1.1
Host: package.dittugarments.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Cookie: XSRF-TOKEN=eyJpdiI6IldrZjNHa0RUTk1FNWM1ZWU4Mk5Uc2c9PSIsInZhbHVlIjoiWjVSaFAvMzhhdndYK05KclpnbTlJUFRoUzhFTHE1L2djMGhzNDlmWTVVTU1RaWJKOVBrdEtlR0lVbFQ2MUpmMHphNHFnMG4xeDFwMzI1ck1iYWlLMHhYZVNQVnN1M3hmSW9veGlZMTF3VlZyTnFudERvNE1MNUZpVjNkRWZpbkciLCJtYWMiOiJmMWM1ZmJjZjQxMzJkY2JlOWY3ZmI0ZDNhNjM5NjY1MzE0NTI5NjA4MjZiNmQ0ZTk1ZDc2MjJhZDljMDU5MzMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjJIQ29Vakt5RmJxeWpkcGZwUXRDYUE9PSIsInZhbHVlIjoiQkEzS3Uwd0hmSGNjY3R6TEE2MDJVeTA3RmtpWGpnSXdpZStqaDFUcDJTc1pPeGxlWGF3a2poby9kSHZzTGpiaUJ5UjdRV3cwQlYxUy9HOG92ZFZVUk1wUHpJS3FxR3VRQVBZeDg3Rm02dytOLzhWMnhLenBRTVdGQjgvdStDYTMiLCJtYWMiOiI5MTgwMjIyM2E0MTc0NTIyODlmMGQwOTNlOTg4N2IwOGE0MjczNTNkMTBjYWY0ODZlMzBhZTI3NDQzNjk5ZDVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 28 Nov 2023 11:50:24 GMT
Server: Apache
Last-Modified: Mon, 17 Oct 2022 08:48:22 GMT
Accept-Ranges: bytes
Content-Length: 1604
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript

package.dittugarments.com/public/dinzab/font-awesome.min.css

167.114.30.172

200 OK

31 kB

URL GET HTTP/1.1
package.dittugarments.com/public/dinzab/font-awesome.min.css
IP
167.114.30.172:443
ASN
#16276 OVH SAS

Requested by
https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Certificate
IssuerLet's Encrypt
Subjectwww.parcel.dittugarments.com
Fingerprint47:76:07:51:B1:1D:92:BF:78:40:6A:2E:8E:28:9C:87:F7:89:13:56
ValidityMon, 20 Nov 2023 20:23:20 GMT - Sun, 18 Feb 2024 20:23:19 GMT

File type
ASCII text, with very long lines (30837)
Size
31 kB (31000 bytes)
Hash
269550530cc127b6aa5a35925a7de6ce
512c7d79033e3028a9be61b540cf1a6870c896f8
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /public/dinzab/font-awesome.min.css HTTP/1.1
Host: package.dittugarments.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Cookie: XSRF-TOKEN=eyJpdiI6IldrZjNHa0RUTk1FNWM1ZWU4Mk5Uc2c9PSIsInZhbHVlIjoiWjVSaFAvMzhhdndYK05KclpnbTlJUFRoUzhFTHE1L2djMGhzNDlmWTVVTU1RaWJKOVBrdEtlR0lVbFQ2MUpmMHphNHFnMG4xeDFwMzI1ck1iYWlLMHhYZVNQVnN1M3hmSW9veGlZMTF3VlZyTnFudERvNE1MNUZpVjNkRWZpbkciLCJtYWMiOiJmMWM1ZmJjZjQxMzJkY2JlOWY3ZmI0ZDNhNjM5NjY1MzE0NTI5NjA4MjZiNmQ0ZTk1ZDc2MjJhZDljMDU5MzMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjJIQ29Vakt5RmJxeWpkcGZwUXRDYUE9PSIsInZhbHVlIjoiQkEzS3Uwd0hmSGNjY3R6TEE2MDJVeTA3RmtpWGpnSXdpZStqaDFUcDJTc1pPeGxlWGF3a2poby9kSHZzTGpiaUJ5UjdRV3cwQlYxUy9HOG92ZFZVUk1wUHpJS3FxR3VRQVBZeDg3Rm02dytOLzhWMnhLenBRTVdGQjgvdStDYTMiLCJtYWMiOiI5MTgwMjIyM2E0MTc0NTIyODlmMGQwOTNlOTg4N2IwOGE0MjczNTNkMTBjYWY0ODZlMzBhZTI3NDQzNjk5ZDVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 28 Nov 2023 11:50:24 GMT
Server: Apache
Last-Modified: Tue, 31 May 2022 07:05:50 GMT
Accept-Ranges: bytes
Content-Length: 31000
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

package.dittugarments.com/public/dinzab/intlTelInput.css

167.114.30.172

200 OK

25 kB

URL GET HTTP/1.1
package.dittugarments.com/public/dinzab/intlTelInput.css
IP
167.114.30.172:443
ASN
#16276 OVH SAS

Requested by
https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Certificate
IssuerLet's Encrypt
Subjectwww.parcel.dittugarments.com
Fingerprint47:76:07:51:B1:1D:92:BF:78:40:6A:2E:8E:28:9C:87:F7:89:13:56
ValidityMon, 20 Nov 2023 20:23:20 GMT - Sun, 18 Feb 2024 20:23:19 GMT

File type
ASCII text
Size
25 kB (24631 bytes)
Hash
bd1fe63547e380ddfdd79c4cea97cc1e
d5546e0d88b001b6ceb1a06fbf6a47e31214e9de
51198a6581f3fdd8b035268f775b1a6f519ee61b3e2a22da4a6fe2b2647b145b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /public/dinzab/intlTelInput.css HTTP/1.1
Host: package.dittugarments.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Cookie: XSRF-TOKEN=eyJpdiI6IldrZjNHa0RUTk1FNWM1ZWU4Mk5Uc2c9PSIsInZhbHVlIjoiWjVSaFAvMzhhdndYK05KclpnbTlJUFRoUzhFTHE1L2djMGhzNDlmWTVVTU1RaWJKOVBrdEtlR0lVbFQ2MUpmMHphNHFnMG4xeDFwMzI1ck1iYWlLMHhYZVNQVnN1M3hmSW9veGlZMTF3VlZyTnFudERvNE1MNUZpVjNkRWZpbkciLCJtYWMiOiJmMWM1ZmJjZjQxMzJkY2JlOWY3ZmI0ZDNhNjM5NjY1MzE0NTI5NjA4MjZiNmQ0ZTk1ZDc2MjJhZDljMDU5MzMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjJIQ29Vakt5RmJxeWpkcGZwUXRDYUE9PSIsInZhbHVlIjoiQkEzS3Uwd0hmSGNjY3R6TEE2MDJVeTA3RmtpWGpnSXdpZStqaDFUcDJTc1pPeGxlWGF3a2poby9kSHZzTGpiaUJ5UjdRV3cwQlYxUy9HOG92ZFZVUk1wUHpJS3FxR3VRQVBZeDg3Rm02dytOLzhWMnhLenBRTVdGQjgvdStDYTMiLCJtYWMiOiI5MTgwMjIyM2E0MTc0NTIyODlmMGQwOTNlOTg4N2IwOGE0MjczNTNkMTBjYWY0ODZlMzBhZTI3NDQzNjk5ZDVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 28 Nov 2023 11:50:24 GMT
Server: Apache
Last-Modified: Tue, 31 May 2022 07:05:50 GMT
Accept-Ranges: bytes
Content-Length: 24631
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

package.dittugarments.com/public/dinzab/countrySelect.js

167.114.30.172

200 OK

37 kB

URL GET HTTP/1.1
package.dittugarments.com/public/dinzab/countrySelect.js
IP
167.114.30.172:443
ASN
#16276 OVH SAS

Requested by
https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Certificate
IssuerLet's Encrypt
Subjectwww.parcel.dittugarments.com
Fingerprint47:76:07:51:B1:1D:92:BF:78:40:6A:2E:8E:28:9C:87:F7:89:13:56
ValidityMon, 20 Nov 2023 20:23:20 GMT - Sun, 18 Feb 2024 20:23:19 GMT

File type
Unicode text, UTF-8 text, with very long lines (347)
Size
37 kB (36634 bytes)
Hash
ee3d5d4880b5dac09d9ca3c23cdd28da
f95728f89723a079442d67ed6aa38abf8ecab4fd
657baddf2724ae4570fa40c00dddefa3379b5709ac06ceb536f6177a1bfc394f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /public/dinzab/countrySelect.js HTTP/1.1
Host: package.dittugarments.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Cookie: XSRF-TOKEN=eyJpdiI6IldrZjNHa0RUTk1FNWM1ZWU4Mk5Uc2c9PSIsInZhbHVlIjoiWjVSaFAvMzhhdndYK05KclpnbTlJUFRoUzhFTHE1L2djMGhzNDlmWTVVTU1RaWJKOVBrdEtlR0lVbFQ2MUpmMHphNHFnMG4xeDFwMzI1ck1iYWlLMHhYZVNQVnN1M3hmSW9veGlZMTF3VlZyTnFudERvNE1MNUZpVjNkRWZpbkciLCJtYWMiOiJmMWM1ZmJjZjQxMzJkY2JlOWY3ZmI0ZDNhNjM5NjY1MzE0NTI5NjA4MjZiNmQ0ZTk1ZDc2MjJhZDljMDU5MzMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjJIQ29Vakt5RmJxeWpkcGZwUXRDYUE9PSIsInZhbHVlIjoiQkEzS3Uwd0hmSGNjY3R6TEE2MDJVeTA3RmtpWGpnSXdpZStqaDFUcDJTc1pPeGxlWGF3a2poby9kSHZzTGpiaUJ5UjdRV3cwQlYxUy9HOG92ZFZVUk1wUHpJS3FxR3VRQVBZeDg3Rm02dytOLzhWMnhLenBRTVdGQjgvdStDYTMiLCJtYWMiOiI5MTgwMjIyM2E0MTc0NTIyODlmMGQwOTNlOTg4N2IwOGE0MjczNTNkMTBjYWY0ODZlMzBhZTI3NDQzNjk5ZDVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 28 Nov 2023 11:50:24 GMT
Server: Apache
Last-Modified: Tue, 31 May 2022 07:05:50 GMT
Accept-Ranges: bytes
Content-Length: 36634
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

package.dittugarments.com/public/dinzab/card.js

167.114.30.172

200 OK

59 kB

URL GET HTTP/1.1
package.dittugarments.com/public/dinzab/card.js
IP
167.114.30.172:443
ASN
#16276 OVH SAS

Requested by
https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Certificate
IssuerLet's Encrypt
Subjectwww.parcel.dittugarments.com
Fingerprint47:76:07:51:B1:1D:92:BF:78:40:6A:2E:8E:28:9C:87:F7:89:13:56
ValidityMon, 20 Nov 2023 20:23:20 GMT - Sun, 18 Feb 2024 20:23:19 GMT

File type
Unicode text, UTF-8 text, with very long lines (51786)
Size
59 kB (58666 bytes)
Hash
30e93a747ba8285615cfbc3643dc1a62
3a55f9d6ac708f519d351ea0b69083457778ec9d
18c4b9b4c27233b541a47300a4ee98239e1f8dec4bbcd9fabb6bdad12ca82025

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /public/dinzab/card.js HTTP/1.1
Host: package.dittugarments.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Cookie: XSRF-TOKEN=eyJpdiI6IldrZjNHa0RUTk1FNWM1ZWU4Mk5Uc2c9PSIsInZhbHVlIjoiWjVSaFAvMzhhdndYK05KclpnbTlJUFRoUzhFTHE1L2djMGhzNDlmWTVVTU1RaWJKOVBrdEtlR0lVbFQ2MUpmMHphNHFnMG4xeDFwMzI1ck1iYWlLMHhYZVNQVnN1M3hmSW9veGlZMTF3VlZyTnFudERvNE1MNUZpVjNkRWZpbkciLCJtYWMiOiJmMWM1ZmJjZjQxMzJkY2JlOWY3ZmI0ZDNhNjM5NjY1MzE0NTI5NjA4MjZiNmQ0ZTk1ZDc2MjJhZDljMDU5MzMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjJIQ29Vakt5RmJxeWpkcGZwUXRDYUE9PSIsInZhbHVlIjoiQkEzS3Uwd0hmSGNjY3R6TEE2MDJVeTA3RmtpWGpnSXdpZStqaDFUcDJTc1pPeGxlWGF3a2poby9kSHZzTGpiaUJ5UjdRV3cwQlYxUy9HOG92ZFZVUk1wUHpJS3FxR3VRQVBZeDg3Rm02dytOLzhWMnhLenBRTVdGQjgvdStDYTMiLCJtYWMiOiI5MTgwMjIyM2E0MTc0NTIyODlmMGQwOTNlOTg4N2IwOGE0MjczNTNkMTBjYWY0ODZlMzBhZTI3NDQzNjk5ZDVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 28 Nov 2023 11:50:24 GMT
Server: Apache
Last-Modified: Tue, 31 May 2022 07:05:50 GMT
Accept-Ranges: bytes
Content-Length: 58666
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

package.dittugarments.com/public/dinzab/intlTelInput.js

167.114.30.172

200 OK

89 kB

URL GET HTTP/1.1
package.dittugarments.com/public/dinzab/intlTelInput.js
IP
167.114.30.172:443
ASN
#16276 OVH SAS

Requested by
https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Certificate
IssuerLet's Encrypt
Subjectwww.parcel.dittugarments.com
Fingerprint47:76:07:51:B1:1D:92:BF:78:40:6A:2E:8E:28:9C:87:F7:89:13:56
ValidityMon, 20 Nov 2023 20:23:20 GMT - Sun, 18 Feb 2024 20:23:19 GMT

File type
Unicode text, UTF-8 text, with very long lines (9885)
Size
89 kB (89336 bytes)
Hash
9146aa46d1f409004183b86f202c4607
717a6d53527fe31ec1c4eef9022b06e5d4d6f6a5
b188900aaff98a87fc69519ab04437aa735708b4b92f2adcab6937d2a1d42e37

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /public/dinzab/intlTelInput.js HTTP/1.1
Host: package.dittugarments.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Cookie: XSRF-TOKEN=eyJpdiI6IldrZjNHa0RUTk1FNWM1ZWU4Mk5Uc2c9PSIsInZhbHVlIjoiWjVSaFAvMzhhdndYK05KclpnbTlJUFRoUzhFTHE1L2djMGhzNDlmWTVVTU1RaWJKOVBrdEtlR0lVbFQ2MUpmMHphNHFnMG4xeDFwMzI1ck1iYWlLMHhYZVNQVnN1M3hmSW9veGlZMTF3VlZyTnFudERvNE1MNUZpVjNkRWZpbkciLCJtYWMiOiJmMWM1ZmJjZjQxMzJkY2JlOWY3ZmI0ZDNhNjM5NjY1MzE0NTI5NjA4MjZiNmQ0ZTk1ZDc2MjJhZDljMDU5MzMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjJIQ29Vakt5RmJxeWpkcGZwUXRDYUE9PSIsInZhbHVlIjoiQkEzS3Uwd0hmSGNjY3R6TEE2MDJVeTA3RmtpWGpnSXdpZStqaDFUcDJTc1pPeGxlWGF3a2poby9kSHZzTGpiaUJ5UjdRV3cwQlYxUy9HOG92ZFZVUk1wUHpJS3FxR3VRQVBZeDg3Rm02dytOLzhWMnhLenBRTVdGQjgvdStDYTMiLCJtYWMiOiI5MTgwMjIyM2E0MTc0NTIyODlmMGQwOTNlOTg4N2IwOGE0MjczNTNkMTBjYWY0ODZlMzBhZTI3NDQzNjk5ZDVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 28 Nov 2023 11:50:24 GMT
Server: Apache
Last-Modified: Tue, 31 May 2022 07:05:50 GMT
Accept-Ranges: bytes
Content-Length: 89336
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: application/javascript

package.dittugarments.com/public/dinzab/app.css

167.114.30.172

200 OK

914 kB

URL GET HTTP/1.1
package.dittugarments.com/public/dinzab/app.css
IP
167.114.30.172:443
ASN
#16276 OVH SAS

Requested by
https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Certificate
IssuerLet's Encrypt
Subjectwww.parcel.dittugarments.com
Fingerprint47:76:07:51:B1:1D:92:BF:78:40:6A:2E:8E:28:9C:87:F7:89:13:56
ValidityMon, 20 Nov 2023 20:23:20 GMT - Sun, 18 Feb 2024 20:23:19 GMT

File type
assembler source, ASCII text
Size
914 kB (913520 bytes)
Hash
74d0401d2b753a90be1d872aaa6e94b4
386f08a79bdc853e8a81585efcfc35ca90a49687
0762226aa4722b7c5349c825388089b0e3f8cdde6dd5dbb5f002d4fb014f568f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /public/dinzab/app.css HTTP/1.1
Host: package.dittugarments.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Cookie: XSRF-TOKEN=eyJpdiI6IldrZjNHa0RUTk1FNWM1ZWU4Mk5Uc2c9PSIsInZhbHVlIjoiWjVSaFAvMzhhdndYK05KclpnbTlJUFRoUzhFTHE1L2djMGhzNDlmWTVVTU1RaWJKOVBrdEtlR0lVbFQ2MUpmMHphNHFnMG4xeDFwMzI1ck1iYWlLMHhYZVNQVnN1M3hmSW9veGlZMTF3VlZyTnFudERvNE1MNUZpVjNkRWZpbkciLCJtYWMiOiJmMWM1ZmJjZjQxMzJkY2JlOWY3ZmI0ZDNhNjM5NjY1MzE0NTI5NjA4MjZiNmQ0ZTk1ZDc2MjJhZDljMDU5MzMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjJIQ29Vakt5RmJxeWpkcGZwUXRDYUE9PSIsInZhbHVlIjoiQkEzS3Uwd0hmSGNjY3R6TEE2MDJVeTA3RmtpWGpnSXdpZStqaDFUcDJTc1pPeGxlWGF3a2poby9kSHZzTGpiaUJ5UjdRV3cwQlYxUy9HOG92ZFZVUk1wUHpJS3FxR3VRQVBZeDg3Rm02dytOLzhWMnhLenBRTVdGQjgvdStDYTMiLCJtYWMiOiI5MTgwMjIyM2E0MTc0NTIyODlmMGQwOTNlOTg4N2IwOGE0MjczNTNkMTBjYWY0ODZlMzBhZTI3NDQzNjk5ZDVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 28 Nov 2023 11:50:24 GMT
Server: Apache
Last-Modified: Thu, 02 Jun 2022 17:04:20 GMT
Accept-Ranges: bytes
Content-Length: 913520
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

cdn.jsdelivr.net/gh/killbot-org/Killbot-JS@latest/dist/main.min.js

151.101.193.229

404 Not Found

55 B

URL GET HTTP/3
cdn.jsdelivr.net/gh/killbot-org/Killbot-JS@latest/dist/main.min.js
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with no line terminators
Size
55 B (55 bytes)
Hash
2ccf42e1d8ce91dc28fc42053a58924f
66ec924f0d32dfb06bf0dda1133bd4b884b2d83d
51311bb7fe0896738e7bb28de627f8ad47495c61d8840e5921460123484560a5

HTTP Headers

GET /gh/killbot-org/Killbot-JS@latest/dist/main.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://package.dittugarments.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
content-length: 55
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=600, s-maxage=600
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/plain; charset=utf-8
etag: W/"38-ZuySTw0y37Br8N2hEzvUuISy2D0"
content-encoding: br
accept-ranges: bytes
date: Tue, 28 Nov 2023 11:50:25 GMT
age: 463
x-served-by: cache-fra-etou8220062-FRA, cache-bma1679-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

package.dittugarments.com/public/dinzab/logo.png

167.114.30.172

200 OK

2.0 kB

URL GET HTTP/1.1
package.dittugarments.com/public/dinzab/logo.png
IP
167.114.30.172:443
ASN
#16276 OVH SAS

Requested by
https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Certificate
IssuerLet's Encrypt
Subjectwww.parcel.dittugarments.com
Fingerprint47:76:07:51:B1:1D:92:BF:78:40:6A:2E:8E:28:9C:87:F7:89:13:56
ValidityMon, 20 Nov 2023 20:23:20 GMT - Sun, 18 Feb 2024 20:23:19 GMT

File type
PNG image data, 214 x 20, 8-bit/color RGBA, non-interlaced\012- data
Size
2.0 kB (1998 bytes)
Hash
5d14ab93691604e826e1319d53599eb9
78724360e9d25da584445b851e37bca05abe6b85
3f0c62b5ccdcdbf3b3ae3885f1e6959e2d937eba9b29dea9a6bdb98788041756

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /public/dinzab/logo.png HTTP/1.1
Host: package.dittugarments.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Cookie: XSRF-TOKEN=eyJpdiI6IldrZjNHa0RUTk1FNWM1ZWU4Mk5Uc2c9PSIsInZhbHVlIjoiWjVSaFAvMzhhdndYK05KclpnbTlJUFRoUzhFTHE1L2djMGhzNDlmWTVVTU1RaWJKOVBrdEtlR0lVbFQ2MUpmMHphNHFnMG4xeDFwMzI1ck1iYWlLMHhYZVNQVnN1M3hmSW9veGlZMTF3VlZyTnFudERvNE1MNUZpVjNkRWZpbkciLCJtYWMiOiJmMWM1ZmJjZjQxMzJkY2JlOWY3ZmI0ZDNhNjM5NjY1MzE0NTI5NjA4MjZiNmQ0ZTk1ZDc2MjJhZDljMDU5MzMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjJIQ29Vakt5RmJxeWpkcGZwUXRDYUE9PSIsInZhbHVlIjoiQkEzS3Uwd0hmSGNjY3R6TEE2MDJVeTA3RmtpWGpnSXdpZStqaDFUcDJTc1pPeGxlWGF3a2poby9kSHZzTGpiaUJ5UjdRV3cwQlYxUy9HOG92ZFZVUk1wUHpJS3FxR3VRQVBZeDg3Rm02dytOLzhWMnhLenBRTVdGQjgvdStDYTMiLCJtYWMiOiI5MTgwMjIyM2E0MTc0NTIyODlmMGQwOTNlOTg4N2IwOGE0MjczNTNkMTBjYWY0ODZlMzBhZTI3NDQzNjk5ZDVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 28 Nov 2023 11:50:25 GMT
Server: Apache
Last-Modified: Tue, 31 May 2022 07:05:50 GMT
Accept-Ranges: bytes
Content-Length: 1998
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: image/png

package.dittugarments.com/public/dinzab/app.js

167.114.30.172

200 OK

920 kB

URL GET HTTP/1.1
package.dittugarments.com/public/dinzab/app.js
IP
167.114.30.172:443
ASN
#16276 OVH SAS

Requested by
https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Certificate
IssuerLet's Encrypt
Subjectwww.parcel.dittugarments.com
Fingerprint47:76:07:51:B1:1D:92:BF:78:40:6A:2E:8E:28:9C:87:F7:89:13:56
ValidityMon, 20 Nov 2023 20:23:20 GMT - Sun, 18 Feb 2024 20:23:19 GMT

File type
Unicode text, UTF-8 text, with very long lines (7706), with CRLF line terminators
Size
920 kB (920095 bytes)
Hash
508afd6ff9ab52ce8f480d35568038d1
b5d9891100e0dce59cee59b75a098a1ae64c779b
8af18273c1833477cf810c4e3a76f483b6a6064571d25ea7742d8708378c8f09

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /public/dinzab/app.js HTTP/1.1
Host: package.dittugarments.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Cookie: XSRF-TOKEN=eyJpdiI6IldrZjNHa0RUTk1FNWM1ZWU4Mk5Uc2c9PSIsInZhbHVlIjoiWjVSaFAvMzhhdndYK05KclpnbTlJUFRoUzhFTHE1L2djMGhzNDlmWTVVTU1RaWJKOVBrdEtlR0lVbFQ2MUpmMHphNHFnMG4xeDFwMzI1ck1iYWlLMHhYZVNQVnN1M3hmSW9veGlZMTF3VlZyTnFudERvNE1MNUZpVjNkRWZpbkciLCJtYWMiOiJmMWM1ZmJjZjQxMzJkY2JlOWY3ZmI0ZDNhNjM5NjY1MzE0NTI5NjA4MjZiNmQ0ZTk1ZDc2MjJhZDljMDU5MzMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjJIQ29Vakt5RmJxeWpkcGZwUXRDYUE9PSIsInZhbHVlIjoiQkEzS3Uwd0hmSGNjY3R6TEE2MDJVeTA3RmtpWGpnSXdpZStqaDFUcDJTc1pPeGxlWGF3a2poby9kSHZzTGpiaUJ5UjdRV3cwQlYxUy9HOG92ZFZVUk1wUHpJS3FxR3VRQVBZeDg3Rm02dytOLzhWMnhLenBRTVdGQjgvdStDYTMiLCJtYWMiOiI5MTgwMjIyM2E0MTc0NTIyODlmMGQwOTNlOTg4N2IwOGE0MjczNTNkMTBjYWY0ODZlMzBhZTI3NDQzNjk5ZDVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 28 Nov 2023 11:50:24 GMT
Server: Apache
Last-Modified: Tue, 31 May 2022 07:05:50 GMT
Accept-Ranges: bytes
Content-Length: 920095
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

code.jquery.com/jquery-1.12.4.min.js

151.101.66.137

200 OK

34 kB

URL GET HTTP/2
code.jquery.com/jquery-1.12.4.min.js
IP
151.101.66.137:443
ASN
#54113 FASTLY

Requested by
https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (32077)
Size
34 kB (33738 bytes)
Hash
4f252523d4af0b478c810c2547a63e19
5a9dcfbef655a2668e78baebeaa8dc6f41d8dabb
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

HTTP Headers

GET /jquery-1.12.4.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://package.dittugarments.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-17b8b"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 28 Nov 2023 11:50:26 GMT
age: 6371620
x-served-by: cache-lga21956-LGA, cache-bma1652-BMA
x-cache: HIT, HIT
x-cache-hits: 232, 338312
x-timer: S1701172227.628101,VS0,VE0
vary: Accept-Encoding
content-length: 33738
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/imask/3.4.0/imask.min.js

104.17.24.14

200 OK

11 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/imask/3.4.0/imask.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (45552)
Size
11 kB (10899 bytes)
Hash
79c82646b886e08184f7b9fff25e64ff
804b4b0f8f3443ff05833e33fb5b76780ffafe25
8b76b3502583edddf22df0b9c6ee640053a2cdfeaa113ceff3ea9b61d1f6410d

HTTP Headers

GET /ajax/libs/imask/3.4.0/imask.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://package.dittugarments.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 28 Nov 2023 11:50:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 10899
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e9f-b217"
last-modified: Mon, 04 May 2020 16:11:11 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 459893
expires: Sun, 17 Nov 2024 11:50:26 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E8YGvu8mBjzd9akkMaF8ROn4p%2FDYZoO%2FSDDV2IYj6gaAbJtiUadqQIr6yNTUWB7w0UwhjCypmC7%2F%2FaLCMlSVfj2%2Fpvt3J5y%2FyoYdWuUHtlj3uFdqqv4pE0gMenMAm7h3rxZk47zu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 82d264b0a9725697-OSL
alt-svc: h3=":443"; ma=86400

package.dittugarments.com/public/dinzab/app.js

167.114.30.172

200 OK

920 kB

URL GET HTTP/1.1
package.dittugarments.com/public/dinzab/app.js
IP
167.114.30.172:443
ASN
#16276 OVH SAS

Requested by
https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Certificate
IssuerLet's Encrypt
Subjectwww.parcel.dittugarments.com
Fingerprint47:76:07:51:B1:1D:92:BF:78:40:6A:2E:8E:28:9C:87:F7:89:13:56
ValidityMon, 20 Nov 2023 20:23:20 GMT - Sun, 18 Feb 2024 20:23:19 GMT

File type
Unicode text, UTF-8 text, with very long lines (7706), with CRLF line terminators
Size
920 kB (920095 bytes)
Hash
508afd6ff9ab52ce8f480d35568038d1
b5d9891100e0dce59cee59b75a098a1ae64c779b
8af18273c1833477cf810c4e3a76f483b6a6064571d25ea7742d8708378c8f09

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /public/dinzab/app.js HTTP/1.1
Host: package.dittugarments.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Cookie: XSRF-TOKEN=eyJpdiI6IldrZjNHa0RUTk1FNWM1ZWU4Mk5Uc2c9PSIsInZhbHVlIjoiWjVSaFAvMzhhdndYK05KclpnbTlJUFRoUzhFTHE1L2djMGhzNDlmWTVVTU1RaWJKOVBrdEtlR0lVbFQ2MUpmMHphNHFnMG4xeDFwMzI1ck1iYWlLMHhYZVNQVnN1M3hmSW9veGlZMTF3VlZyTnFudERvNE1MNUZpVjNkRWZpbkciLCJtYWMiOiJmMWM1ZmJjZjQxMzJkY2JlOWY3ZmI0ZDNhNjM5NjY1MzE0NTI5NjA4MjZiNmQ0ZTk1ZDc2MjJhZDljMDU5MzMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjJIQ29Vakt5RmJxeWpkcGZwUXRDYUE9PSIsInZhbHVlIjoiQkEzS3Uwd0hmSGNjY3R6TEE2MDJVeTA3RmtpWGpnSXdpZStqaDFUcDJTc1pPeGxlWGF3a2poby9kSHZzTGpiaUJ5UjdRV3cwQlYxUy9HOG92ZFZVUk1wUHpJS3FxR3VRQVBZeDg3Rm02dytOLzhWMnhLenBRTVdGQjgvdStDYTMiLCJtYWMiOiI5MTgwMjIyM2E0MTc0NTIyODlmMGQwOTNlOTg4N2IwOGE0MjczNTNkMTBjYWY0ODZlMzBhZTI3NDQzNjk5ZDVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 28 Nov 2023 11:50:26 GMT
Server: Apache
Last-Modified: Tue, 31 May 2022 07:05:50 GMT
Accept-Ranges: bytes
Content-Length: 920095
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

package.dittugarments.com/public/dinzab/data.js

167.114.30.172

200 OK

12 kB

URL GET HTTP/1.1
package.dittugarments.com/public/dinzab/data.js
IP
167.114.30.172:443
ASN
#16276 OVH SAS

Requested by
https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Certificate
IssuerLet's Encrypt
Subjectwww.parcel.dittugarments.com
Fingerprint47:76:07:51:B1:1D:92:BF:78:40:6A:2E:8E:28:9C:87:F7:89:13:56
ValidityMon, 20 Nov 2023 20:23:20 GMT - Sun, 18 Feb 2024 20:23:19 GMT

File type
Unicode text, UTF-8 text, with very long lines (9881)
Size
12 kB (12100 bytes)
Hash
a2b78e86240966cda00a463614e4f3dd
a2606f30f77bb9f235746059db16b0ee8b585c31
55e47db856701715f613de8674bd0c67604cc304514b791bed402866d18c8557

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /public/dinzab/data.js HTTP/1.1
Host: package.dittugarments.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Cookie: XSRF-TOKEN=eyJpdiI6IldrZjNHa0RUTk1FNWM1ZWU4Mk5Uc2c9PSIsInZhbHVlIjoiWjVSaFAvMzhhdndYK05KclpnbTlJUFRoUzhFTHE1L2djMGhzNDlmWTVVTU1RaWJKOVBrdEtlR0lVbFQ2MUpmMHphNHFnMG4xeDFwMzI1ck1iYWlLMHhYZVNQVnN1M3hmSW9veGlZMTF3VlZyTnFudERvNE1MNUZpVjNkRWZpbkciLCJtYWMiOiJmMWM1ZmJjZjQxMzJkY2JlOWY3ZmI0ZDNhNjM5NjY1MzE0NTI5NjA4MjZiNmQ0ZTk1ZDc2MjJhZDljMDU5MzMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjJIQ29Vakt5RmJxeWpkcGZwUXRDYUE9PSIsInZhbHVlIjoiQkEzS3Uwd0hmSGNjY3R6TEE2MDJVeTA3RmtpWGpnSXdpZStqaDFUcDJTc1pPeGxlWGF3a2poby9kSHZzTGpiaUJ5UjdRV3cwQlYxUy9HOG92ZFZVUk1wUHpJS3FxR3VRQVBZeDg3Rm02dytOLzhWMnhLenBRTVdGQjgvdStDYTMiLCJtYWMiOiI5MTgwMjIyM2E0MTc0NTIyODlmMGQwOTNlOTg4N2IwOGE0MjczNTNkMTBjYWY0ODZlMzBhZTI3NDQzNjk5ZDVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 28 Nov 2023 11:50:28 GMT
Server: Apache
Last-Modified: Tue, 31 May 2022 07:05:50 GMT
Accept-Ranges: bytes
Content-Length: 12100
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

package.dittugarments.com/public/dinzab/card.js

167.114.30.172

200 OK

59 kB

URL GET HTTP/1.1
package.dittugarments.com/public/dinzab/card.js
IP
167.114.30.172:443
ASN
#16276 OVH SAS

Requested by
https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Certificate
IssuerLet's Encrypt
Subjectwww.parcel.dittugarments.com
Fingerprint47:76:07:51:B1:1D:92:BF:78:40:6A:2E:8E:28:9C:87:F7:89:13:56
ValidityMon, 20 Nov 2023 20:23:20 GMT - Sun, 18 Feb 2024 20:23:19 GMT

File type
Unicode text, UTF-8 text, with very long lines (51786)
Size
59 kB (58666 bytes)
Hash
30e93a747ba8285615cfbc3643dc1a62
3a55f9d6ac708f519d351ea0b69083457778ec9d
18c4b9b4c27233b541a47300a4ee98239e1f8dec4bbcd9fabb6bdad12ca82025

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /public/dinzab/card.js HTTP/1.1
Host: package.dittugarments.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Cookie: XSRF-TOKEN=eyJpdiI6IldrZjNHa0RUTk1FNWM1ZWU4Mk5Uc2c9PSIsInZhbHVlIjoiWjVSaFAvMzhhdndYK05KclpnbTlJUFRoUzhFTHE1L2djMGhzNDlmWTVVTU1RaWJKOVBrdEtlR0lVbFQ2MUpmMHphNHFnMG4xeDFwMzI1ck1iYWlLMHhYZVNQVnN1M3hmSW9veGlZMTF3VlZyTnFudERvNE1MNUZpVjNkRWZpbkciLCJtYWMiOiJmMWM1ZmJjZjQxMzJkY2JlOWY3ZmI0ZDNhNjM5NjY1MzE0NTI5NjA4MjZiNmQ0ZTk1ZDc2MjJhZDljMDU5MzMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjJIQ29Vakt5RmJxeWpkcGZwUXRDYUE9PSIsInZhbHVlIjoiQkEzS3Uwd0hmSGNjY3R6TEE2MDJVeTA3RmtpWGpnSXdpZStqaDFUcDJTc1pPeGxlWGF3a2poby9kSHZzTGpiaUJ5UjdRV3cwQlYxUy9HOG92ZFZVUk1wUHpJS3FxR3VRQVBZeDg3Rm02dytOLzhWMnhLenBRTVdGQjgvdStDYTMiLCJtYWMiOiI5MTgwMjIyM2E0MTc0NTIyODlmMGQwOTNlOTg4N2IwOGE0MjczNTNkMTBjYWY0ODZlMzBhZTI3NDQzNjk5ZDVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 28 Nov 2023 11:50:28 GMT
Server: Apache
Last-Modified: Tue, 31 May 2022 07:05:50 GMT
Accept-Ranges: bytes
Content-Length: 58666
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript

package.dittugarments.com/public/dinzab/mine.js

167.114.30.172

200 OK

1.6 kB

URL GET HTTP/1.1
package.dittugarments.com/public/dinzab/mine.js
IP
167.114.30.172:443
ASN
#16276 OVH SAS

Requested by
https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Certificate
IssuerLet's Encrypt
Subjectwww.parcel.dittugarments.com
Fingerprint47:76:07:51:B1:1D:92:BF:78:40:6A:2E:8E:28:9C:87:F7:89:13:56
ValidityMon, 20 Nov 2023 20:23:20 GMT - Sun, 18 Feb 2024 20:23:19 GMT

File type
Unicode text, UTF-8 text
Size
1.6 kB (1604 bytes)
Hash
f11ee1ccf373dd137b7ad18e4ee2f69e
26baf7db3e340be99ece82b37d294b80c373fd12
71b8a934f8936288d42fe9fd426ff18cbc1fe54070617fd62420025da56b662e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /public/dinzab/mine.js HTTP/1.1
Host: package.dittugarments.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Cookie: XSRF-TOKEN=eyJpdiI6IldrZjNHa0RUTk1FNWM1ZWU4Mk5Uc2c9PSIsInZhbHVlIjoiWjVSaFAvMzhhdndYK05KclpnbTlJUFRoUzhFTHE1L2djMGhzNDlmWTVVTU1RaWJKOVBrdEtlR0lVbFQ2MUpmMHphNHFnMG4xeDFwMzI1ck1iYWlLMHhYZVNQVnN1M3hmSW9veGlZMTF3VlZyTnFudERvNE1MNUZpVjNkRWZpbkciLCJtYWMiOiJmMWM1ZmJjZjQxMzJkY2JlOWY3ZmI0ZDNhNjM5NjY1MzE0NTI5NjA4MjZiNmQ0ZTk1ZDc2MjJhZDljMDU5MzMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjJIQ29Vakt5RmJxeWpkcGZwUXRDYUE9PSIsInZhbHVlIjoiQkEzS3Uwd0hmSGNjY3R6TEE2MDJVeTA3RmtpWGpnSXdpZStqaDFUcDJTc1pPeGxlWGF3a2poby9kSHZzTGpiaUJ5UjdRV3cwQlYxUy9HOG92ZFZVUk1wUHpJS3FxR3VRQVBZeDg3Rm02dytOLzhWMnhLenBRTVdGQjgvdStDYTMiLCJtYWMiOiI5MTgwMjIyM2E0MTc0NTIyODlmMGQwOTNlOTg4N2IwOGE0MjczNTNkMTBjYWY0ODZlMzBhZTI3NDQzNjk5ZDVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 28 Nov 2023 11:50:28 GMT
Server: Apache
Last-Modified: Mon, 17 Oct 2022 08:48:22 GMT
Accept-Ranges: bytes
Content-Length: 1604
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript

cdnjs.cloudflare.com/ajax/libs/font-awesome/5.8.1/js/all.min.js

104.17.24.14

200 OK

338 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.8.1/js/all.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65351)
Size
338 kB (338270 bytes)
Hash
61008443488f4e7f60d5a5055483187e
b56375acc5e062f79280440459d0d7b0f10a290b
1d3f596f76f53d53ef7cb1ffeffd6f791b54bd639b42e4f23e7f2d7b36f91c48

HTTP Headers

GET /ajax/libs/font-awesome/5.8.1/js/all.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://package.dittugarments.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 28 Nov 2023 11:50:28 GMT
content-type: application/javascript; charset=utf-8
content-length: 338270
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e60-1125c9"
last-modified: Mon, 04 May 2020 16:10:08 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1792949
expires: Sun, 17 Nov 2024 11:50:28 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nTWTjhmuF0E8OVgEL3P%2F1suC8ERKo0GEfBzcpxYk%2BKGc5vmlZ%2FSCAd5e6Qt4vd4DlM10h6EKTb7X5qmQiRJ1uwWlHxn5AcoAbPSLD1zsWhFvfr2aV3vI6L0ufoJzSWtjfehCJSFI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 82d264be68435697-OSL
alt-svc: h3=":443"; ma=86400

package.dittugarments.com/public/dinzab/intlTelInput.js

167.114.30.172

200 OK

89 kB

URL GET HTTP/1.1
package.dittugarments.com/public/dinzab/intlTelInput.js
IP
167.114.30.172:443
ASN
#16276 OVH SAS

Requested by
https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Certificate
IssuerLet's Encrypt
Subjectwww.parcel.dittugarments.com
Fingerprint47:76:07:51:B1:1D:92:BF:78:40:6A:2E:8E:28:9C:87:F7:89:13:56
ValidityMon, 20 Nov 2023 20:23:20 GMT - Sun, 18 Feb 2024 20:23:19 GMT

File type
Unicode text, UTF-8 text, with very long lines (9885)
Size
89 kB (89336 bytes)
Hash
9146aa46d1f409004183b86f202c4607
717a6d53527fe31ec1c4eef9022b06e5d4d6f6a5
b188900aaff98a87fc69519ab04437aa735708b4b92f2adcab6937d2a1d42e37

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /public/dinzab/intlTelInput.js HTTP/1.1
Host: package.dittugarments.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Cookie: XSRF-TOKEN=eyJpdiI6IldrZjNHa0RUTk1FNWM1ZWU4Mk5Uc2c9PSIsInZhbHVlIjoiWjVSaFAvMzhhdndYK05KclpnbTlJUFRoUzhFTHE1L2djMGhzNDlmWTVVTU1RaWJKOVBrdEtlR0lVbFQ2MUpmMHphNHFnMG4xeDFwMzI1ck1iYWlLMHhYZVNQVnN1M3hmSW9veGlZMTF3VlZyTnFudERvNE1MNUZpVjNkRWZpbkciLCJtYWMiOiJmMWM1ZmJjZjQxMzJkY2JlOWY3ZmI0ZDNhNjM5NjY1MzE0NTI5NjA4MjZiNmQ0ZTk1ZDc2MjJhZDljMDU5MzMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjJIQ29Vakt5RmJxeWpkcGZwUXRDYUE9PSIsInZhbHVlIjoiQkEzS3Uwd0hmSGNjY3R6TEE2MDJVeTA3RmtpWGpnSXdpZStqaDFUcDJTc1pPeGxlWGF3a2poby9kSHZzTGpiaUJ5UjdRV3cwQlYxUy9HOG92ZFZVUk1wUHpJS3FxR3VRQVBZeDg3Rm02dytOLzhWMnhLenBRTVdGQjgvdStDYTMiLCJtYWMiOiI5MTgwMjIyM2E0MTc0NTIyODlmMGQwOTNlOTg4N2IwOGE0MjczNTNkMTBjYWY0ODZlMzBhZTI3NDQzNjk5ZDVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 28 Nov 2023 11:50:29 GMT
Server: Apache
Last-Modified: Tue, 31 May 2022 07:05:50 GMT
Accept-Ranges: bytes
Content-Length: 89336
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript

package.dittugarments.com/public/dinzab/countrySelect.js

167.114.30.172

200 OK

37 kB

URL GET HTTP/1.1
package.dittugarments.com/public/dinzab/countrySelect.js
IP
167.114.30.172:443
ASN
#16276 OVH SAS

Requested by
https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Certificate
IssuerLet's Encrypt
Subjectwww.parcel.dittugarments.com
Fingerprint47:76:07:51:B1:1D:92:BF:78:40:6A:2E:8E:28:9C:87:F7:89:13:56
ValidityMon, 20 Nov 2023 20:23:20 GMT - Sun, 18 Feb 2024 20:23:19 GMT

File type
Unicode text, UTF-8 text, with very long lines (347)
Size
37 kB (36634 bytes)
Hash
ee3d5d4880b5dac09d9ca3c23cdd28da
f95728f89723a079442d67ed6aa38abf8ecab4fd
657baddf2724ae4570fa40c00dddefa3379b5709ac06ceb536f6177a1bfc394f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /public/dinzab/countrySelect.js HTTP/1.1
Host: package.dittugarments.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Cookie: XSRF-TOKEN=eyJpdiI6IldrZjNHa0RUTk1FNWM1ZWU4Mk5Uc2c9PSIsInZhbHVlIjoiWjVSaFAvMzhhdndYK05KclpnbTlJUFRoUzhFTHE1L2djMGhzNDlmWTVVTU1RaWJKOVBrdEtlR0lVbFQ2MUpmMHphNHFnMG4xeDFwMzI1ck1iYWlLMHhYZVNQVnN1M3hmSW9veGlZMTF3VlZyTnFudERvNE1MNUZpVjNkRWZpbkciLCJtYWMiOiJmMWM1ZmJjZjQxMzJkY2JlOWY3ZmI0ZDNhNjM5NjY1MzE0NTI5NjA4MjZiNmQ0ZTk1ZDc2MjJhZDljMDU5MzMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjJIQ29Vakt5RmJxeWpkcGZwUXRDYUE9PSIsInZhbHVlIjoiQkEzS3Uwd0hmSGNjY3R6TEE2MDJVeTA3RmtpWGpnSXdpZStqaDFUcDJTc1pPeGxlWGF3a2poby9kSHZzTGpiaUJ5UjdRV3cwQlYxUy9HOG92ZFZVUk1wUHpJS3FxR3VRQVBZeDg3Rm02dytOLzhWMnhLenBRTVdGQjgvdStDYTMiLCJtYWMiOiI5MTgwMjIyM2E0MTc0NTIyODlmMGQwOTNlOTg4N2IwOGE0MjczNTNkMTBjYWY0ODZlMzBhZTI3NDQzNjk5ZDVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 28 Nov 2023 11:50:29 GMT
Server: Apache
Last-Modified: Tue, 31 May 2022 07:05:50 GMT
Accept-Ranges: bytes
Content-Length: 36634
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript

package.dittugarments.com/public/dinzab/flagscountry.png

167.114.30.172

200 OK

66 kB

URL GET HTTP/1.1
package.dittugarments.com/public/dinzab/flagscountry.png
IP
167.114.30.172:443
ASN
#16276 OVH SAS

Requested by
https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Certificate
IssuerLet's Encrypt
Subjectwww.parcel.dittugarments.com
Fingerprint47:76:07:51:B1:1D:92:BF:78:40:6A:2E:8E:28:9C:87:F7:89:13:56
ValidityMon, 20 Nov 2023 20:23:20 GMT - Sun, 18 Feb 2024 20:23:19 GMT

File type
PNG image data, 5630 x 15, 8-bit/color RGBA, non-interlaced\012- data
Size
66 kB (65960 bytes)
Hash
ae33acae404631e997ef8d91dae08ccd
19fae9a6aa4bb419eba378b0d0573906dc1be38a
38025784bedeb5e4cae496b131c85cabbd95ae0b1c0a3c9d9cb474d7262db04b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /public/dinzab/flagscountry.png HTTP/1.1
Host: package.dittugarments.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Cookie: XSRF-TOKEN=eyJpdiI6IldrZjNHa0RUTk1FNWM1ZWU4Mk5Uc2c9PSIsInZhbHVlIjoiWjVSaFAvMzhhdndYK05KclpnbTlJUFRoUzhFTHE1L2djMGhzNDlmWTVVTU1RaWJKOVBrdEtlR0lVbFQ2MUpmMHphNHFnMG4xeDFwMzI1ck1iYWlLMHhYZVNQVnN1M3hmSW9veGlZMTF3VlZyTnFudERvNE1MNUZpVjNkRWZpbkciLCJtYWMiOiJmMWM1ZmJjZjQxMzJkY2JlOWY3ZmI0ZDNhNjM5NjY1MzE0NTI5NjA4MjZiNmQ0ZTk1ZDc2MjJhZDljMDU5MzMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjJIQ29Vakt5RmJxeWpkcGZwUXRDYUE9PSIsInZhbHVlIjoiQkEzS3Uwd0hmSGNjY3R6TEE2MDJVeTA3RmtpWGpnSXdpZStqaDFUcDJTc1pPeGxlWGF3a2poby9kSHZzTGpiaUJ5UjdRV3cwQlYxUy9HOG92ZFZVUk1wUHpJS3FxR3VRQVBZeDg3Rm02dytOLzhWMnhLenBRTVdGQjgvdStDYTMiLCJtYWMiOiI5MTgwMjIyM2E0MTc0NTIyODlmMGQwOTNlOTg4N2IwOGE0MjczNTNkMTBjYWY0ODZlMzBhZTI3NDQzNjk5ZDVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 28 Nov 2023 11:50:29 GMT
Server: Apache
Last-Modified: Wed, 22 Sep 2021 16:06:48 GMT
Accept-Ranges: bytes
Content-Length: 65960
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/png

package.dittugarments.com/public/dinzab/favicon.gif

167.114.30.172

200 OK

2.2 kB

URL GET HTTP/1.1
package.dittugarments.com/public/dinzab/favicon.gif
IP
167.114.30.172:443
ASN
#16276 OVH SAS

Requested by
https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Certificate
IssuerLet's Encrypt
Subjectwww.parcel.dittugarments.com
Fingerprint47:76:07:51:B1:1D:92:BF:78:40:6A:2E:8E:28:9C:87:F7:89:13:56
ValidityMon, 20 Nov 2023 20:23:20 GMT - Sun, 18 Feb 2024 20:23:19 GMT

File type
MS Windows icon resource - 1 icon, 32x32, 8 bits/pixel\012- data
Size
2.2 kB (2238 bytes)
Hash
a6f1af8e79a11829ba9a66474b06bb97
d99e3ec7747c865033a8dfad43c9f49634404bc1
b0dbd00f3650fa6b931e678a9d8f79a405d23c7adf111ab91b1a01a0e7109807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /public/dinzab/favicon.gif HTTP/1.1
Host: package.dittugarments.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Cookie: XSRF-TOKEN=eyJpdiI6IldrZjNHa0RUTk1FNWM1ZWU4Mk5Uc2c9PSIsInZhbHVlIjoiWjVSaFAvMzhhdndYK05KclpnbTlJUFRoUzhFTHE1L2djMGhzNDlmWTVVTU1RaWJKOVBrdEtlR0lVbFQ2MUpmMHphNHFnMG4xeDFwMzI1ck1iYWlLMHhYZVNQVnN1M3hmSW9veGlZMTF3VlZyTnFudERvNE1MNUZpVjNkRWZpbkciLCJtYWMiOiJmMWM1ZmJjZjQxMzJkY2JlOWY3ZmI0ZDNhNjM5NjY1MzE0NTI5NjA4MjZiNmQ0ZTk1ZDc2MjJhZDljMDU5MzMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjJIQ29Vakt5RmJxeWpkcGZwUXRDYUE9PSIsInZhbHVlIjoiQkEzS3Uwd0hmSGNjY3R6TEE2MDJVeTA3RmtpWGpnSXdpZStqaDFUcDJTc1pPeGxlWGF3a2poby9kSHZzTGpiaUJ5UjdRV3cwQlYxUy9HOG92ZFZVUk1wUHpJS3FxR3VRQVBZeDg3Rm02dytOLzhWMnhLenBRTVdGQjgvdStDYTMiLCJtYWMiOiI5MTgwMjIyM2E0MTc0NTIyODlmMGQwOTNlOTg4N2IwOGE0MjczNTNkMTBjYWY0ODZlMzBhZTI3NDQzNjk5ZDVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 28 Nov 2023 11:50:29 GMT
Server: Apache
Last-Modified: Tue, 31 May 2022 07:05:50 GMT
Accept-Ranges: bytes
Content-Length: 2238
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: image/gif

ws-mt1.pusher.com/app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false

3.220.91.178

0 B

URL
ws-mt1.pusher.com/app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false
IP
3.220.91.178:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false HTTP/1.1
Host: ws-mt1.pusher.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://package.dittugarments.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: bsHrJV6yLnDn/PIzkdIq1A==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Tue, 28 Nov 2023 11:50:30 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: k+g47DRV2FveSiYxpue1qqO/zzg=
Sec-WebSocket-Extensions: permessage-deflate; client_no_context_takeover; server_no_context_takeover

ws-mt1.pusher.com/app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false

34.231.138.208

0 B

URL
ws-mt1.pusher.com/app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false
IP
34.231.138.208:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false HTTP/1.1
Host: ws-mt1.pusher.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://package.dittugarments.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: okNkiraB2UUoBesvtlE4Yg==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Tue, 28 Nov 2023 11:50:30 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ZTSYJN5xVeRPEwmQdBtIouvx7jk=
Sec-WebSocket-Extensions: permessage-deflate; client_no_context_takeover; server_no_context_takeover

sockjs-mt1.pusher.com/pusher/app/bc5ba70500b3342fb1aa/250/hgidkk8o/xhr_streaming?protocol=7&client=js&version=7.0.3&t=1701172235425&n=1

34.201.239.212

204 No Content

0 B

URL OPTIONS HTTP/2
sockjs-mt1.pusher.com/pusher/app/bc5ba70500b3342fb1aa/250/hgidkk8o/xhr_streaming?protocol=7&client=js&version=7.0.3&t=1701172235425&n=1
IP
34.201.239.212:443
ASN
#14618 AMAZON-AES

Requested by
https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Certificate
IssuerLet's Encrypt
Subjectsockjs-mt1.pusher.com
Fingerprint0D:D2:31:02:FF:57:E9:AF:23:47:25:1D:B7:1C:66:F3:1A:4E:DA:5C
ValiditySun, 12 Nov 2023 01:30:52 GMT - Sat, 10 Feb 2024 01:30:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /pusher/app/bc5ba70500b3342fb1aa/250/hgidkk8o/xhr_streaming?protocol=7&client=js&version=7.0.3&t=1701172235425&n=1 HTTP/1.1
Host: sockjs-mt1.pusher.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://package.dittugarments.com/
Origin: https://package.dittugarments.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
access-control-allow-origin: https://package.dittugarments.com
vary: Origin
access-control-allow-headers: content-type
access-control-allow-credentials: true
cache-control: public, max-age=31536000
expires: Wed, 27 Nov 2024 11:50:31 GMT
access-control-allow-methods: OPTIONS, POST
access-control-max-age: 31536000
date: Tue, 28 Nov 2023 11:50:31 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

sockjs-mt1.pusher.com/pusher/app/bc5ba70500b3342fb1aa/9/2ced1ceb/xhr_streaming?protocol=7&client=js&version=7.0.3&t=1701172235430&n=1

34.201.239.212

0 B

URL POST
sockjs-mt1.pusher.com/pusher/app/bc5ba70500b3342fb1aa/9/2ced1ceb/xhr_streaming?protocol=7&client=js&version=7.0.3&t=1701172235430&n=1
IP
34.201.239.212:0
ASN
#14618 AMAZON-AES

Requested by
https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Certificate
IssuerLet's Encrypt
Subjectsockjs-mt1.pusher.com
Fingerprint0D:D2:31:02:FF:57:E9:AF:23:47:25:1D:B7:1C:66:F3:1A:4E:DA:5C
ValiditySun, 12 Nov 2023 01:30:52 GMT - Sat, 10 Feb 2024 01:30:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /pusher/app/bc5ba70500b3342fb1aa/9/2ced1ceb/xhr_streaming?protocol=7&client=js&version=7.0.3&t=1701172235430&n=1 HTTP/1.1
Host: sockjs-mt1.pusher.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://package.dittugarments.com/
Origin: https://package.dittugarments.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
access-control-allow-origin: https://package.dittugarments.com
vary: Origin
access-control-allow-headers: content-type
access-control-allow-credentials: true
cache-control: public, max-age=31536000
expires: Wed, 27 Nov 2024 11:50:31 GMT
access-control-allow-methods: OPTIONS, POST
access-control-max-age: 31536000
date: Tue, 28 Nov 2023 11:50:31 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

dispatching-centre.lasamericascargo.com/images/foo.png

0.0.0.0

0 B

URL GET
dispatching-centre.lasamericascargo.com/images/foo.png
IP
0.0.0.0:0
ASN
#0

Requested by
https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /images/foo.png HTTP/1.1
Host: dispatching-centre.lasamericascargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://package.dittugarments.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

cdn.lr-in.com/logger-1.min.js

104.21.234.145

200 OK

846 kB

URL GET HTTP/2
cdn.lr-in.com/logger-1.min.js
IP
104.21.234.145:443
ASN
#13335 CLOUDFLARENET

Requested by
https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Certificate
IssuerLet's Encrypt
Subjectlr-in.com
Fingerprint06:C7:A4:83:83:3B:72:D9:6B:66:09:15:2F:3A:52:FD:1F:E4:05:24
ValiditySun, 12 Nov 2023 13:20:34 GMT - Sat, 10 Feb 2024 13:20:33 GMT

File type

Size
846 kB (846383 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /logger-1.min.js HTTP/1.1
Host: cdn.lr-in.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://package.dittugarments.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 28 Nov 2023 11:50:24 GMT
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400
cross-origin-resource-policy: cross-origin
etag: W/"144e31d412eb3631137b19d8a243c4f17078d26bec60aeb31b99d8e42a152fe5"
last-modified: Mon, 27 Nov 2023 22:59:09 GMT
strict-transport-security: max-age=31556926
x-served-by: cache-bma1631-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1701126119.971843,VS0,VE1
vary: x-fh-requested-host, accept-encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 237
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ATuwZk%2B5Q%2BgByd8G3k7euU1VKmR0S%2BkhLKoFICgUFK7nuWqWu3%2B2DVj2FMLuhnPUNTT3g8faYM%2BtM3E9dDa2ZpzO5wsN3%2FULd5KBG72ZEx7K0M4Ewqy1Y0oSI85SOcwe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82d264a06c30b505-OSL
content-encoding: br
X-Firefox-Spdy: h2

ws-mt1.pusher.com/app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false

3.220.91.178

101 Switching Protocols

0 B

URL GET HTTP/1.1
ws-mt1.pusher.com/app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false
IP
3.220.91.178:443
ASN
#14618 AMAZON-AES

Requested by
https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Certificate
IssuerAmazon
Subjectpusher.com
Fingerprint7F:21:03:8F:D0:81:ED:06:33:D6:8D:83:17:DA:79:19:72:2E:BF:39
ValiditySun, 25 Jun 2023 00:00:00 GMT - Wed, 24 Jul 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false HTTP/1.1
Host: ws-mt1.pusher.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://package.dittugarments.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: bsHrJV6yLnDn/PIzkdIq1A==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Tue, 28 Nov 2023 11:50:30 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: k+g47DRV2FveSiYxpue1qqO/zzg=
Sec-WebSocket-Extensions: permessage-deflate; client_no_context_takeover; server_no_context_takeover

ws-mt1.pusher.com/app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false

34.231.138.208

101 Switching Protocols

0 B

URL GET HTTP/1.1
ws-mt1.pusher.com/app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false
IP
34.231.138.208:443
ASN
#14618 AMAZON-AES

Requested by
https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Certificate
IssuerAmazon
Subjectpusher.com
Fingerprint7F:21:03:8F:D0:81:ED:06:33:D6:8D:83:17:DA:79:19:72:2E:BF:39
ValiditySun, 25 Jun 2023 00:00:00 GMT - Wed, 24 Jul 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /app/bc5ba70500b3342fb1aa?protocol=7&client=js&version=7.0.3&flash=false HTTP/1.1
Host: ws-mt1.pusher.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://package.dittugarments.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: okNkiraB2UUoBesvtlE4Yg==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Tue, 28 Nov 2023 11:50:30 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ZTSYJN5xVeRPEwmQdBtIouvx7jk=
Sec-WebSocket-Extensions: permessage-deflate; client_no_context_takeover; server_no_context_takeover

fonts.googleapis.com/css?family=Raleway|Rock+Salt|Source+Code+Pro:300,400,600

142.250.74.106

200 OK

9.0 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Raleway|Rock+Salt|Source+Code+Pro:300,400,600
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://package.dittugarments.com/public/4xJRefg9Lq8VQDl0lhmgKJOFKVdhsnaD
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (9264), with no line terminators
Size
9.0 kB (9048 bytes)
Hash
3a28ee17cf6392c31edb349ab60d2a22
615c29fd9e9d5b5363092aa2fa2894183114d32d
3a3e7ac57b9005210c74a4643889c4fa39d4a384599f9dd7fc16053db74a2070

HTTP Headers

GET /css?family=Raleway|Rock+Salt|Source+Code+Pro:300,400,600 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://package.dittugarments.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 28 Nov 2023 11:50:24 GMT
date: Tue, 28 Nov 2023 11:50:24 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (13)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by