Report - www.osteopatie.eu/ca.html

Report Overview

Visited public
2023-10-25 23:19:52
Tags
dhl logistics phishing
URL
www.osteopatie.eu/ca.html
Finishing URL
gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/
IP / ASN
188.241.222.252
#5606 GTS Telecom SRL
Title
DHL - express
Phishing - DHL

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.osteopatie.eu	unknown	unknown	2019-06-07 23:33:41	2023-10-25 21:07:18	1.4 kB	14 kB	188.241.222.252
apply.wellsfargo.com	406277	1993-04-28	2012-06-25 15:43:39	2023-07-28 12:43:25	464 B	4.8 kB	95.101.10.186
gfw.ifs.mybluehost.me	unknown	2016-10-05	2023-08-31 07:04:22	2023-10-24 18:39:33	8.1 kB	2.3 MB	162.240.101.113
kit-free.fontawesome.com	22974	2012-10-18	2019-05-10 14:34:22	2023-10-25 20:30:36	1.4 kB	241 kB	104.21.91.139

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-10-25	medium	www.osteopatie.eu/ca.html	DHL Airways, Inc.
2023-10-25	medium	gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/	DHL Airways, Inc.

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (5)

	URL	From	Size	First Seen	Last Seen
	gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/js/fa.js	ScriptElement	5.8 kB	2023-03-07	2025-04-17
Pretty URL gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/js/fa.js IP 162.240.101.113 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:20 Last Seen2025-04-17 17:41 Times Seen34 Hash a8e6a3dde655976cfaa1ae45d67d78de 59d0646c28ea61558c1266ba00002a84b20868d9 717360f1759b6925a3e40ea293d825b50fc17e8bf7e849de44d70769664bf696 Loading...

	gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/js/jquery-3.3.1.min.js	ScriptElement	87 kB	2023-03-07	2025-05-08
Pretty URL gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/js/jquery-3.3.1.min.js IP 162.240.101.113 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-05-08 21:10 Times Seen1818 Hash 378087a64e1394fc51f300bb9c11878c 0c3192b500a4fd550e483cf77a49806a5872185b 4fe68fa216176e6d1f4580e924bafecc9f519984ecc06b1a840a08b0d88c95de Loading...

	gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/js/jquery.steps.js	ScriptElement	55 kB	2023-03-07	2025-05-07
Pretty URL gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/js/jquery.steps.js IP 162.240.101.113 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:20 Last Seen2025-05-07 03:14 Times Seen184 Hash f90f52a6cf425581cd6d4d9030206b7d c2108a6336dfa75271c155e026d86d4ed8149efb 1591281f92394d16d6cc50fd69c9ca67619cdff00f5447eecd9b6e2345c1afaa Loading...

	gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/js/jquery-ui.min.js	ScriptElement	254 kB	2023-03-07	2024-11-10
Pretty URL gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/js/jquery-ui.min.js IP 162.240.101.113 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:20 Last Seen2024-11-10 17:34 Times Seen33 Hash d9770b4828d7480cd1f665c2c9363dbe 8ae1bdecefab956f66abd6c18f7de753e22c4704 35f185a2aacd3c120d77143582a9fede64aa4568dcc65a3137ff3a5a711de6a4 Loading...

	gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/	ScriptElement	6.3 kB	2023-03-07	2024-08-21
Pretty URL gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/ IP 162.240.101.113 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:20 Last Seen2024-08-21 08:00 Times Seen15 Hash 66626b480cee6582749ef6889cc003a3 93a4dc0cb464023dccfd0230bd7725804fbc5e51 5f0aee4772099dffa6404875d4504ea7c1a126f4bd3cb4b42e39e37af8889726 Loading...

HTTP Transactions (26)

URL IP Response Size

www.osteopatie.eu/ca.html

188.241.222.252

406 B

URL
www.osteopatie.eu/ca.html
IP
188.241.222.252:0
ASN
#5606 GTS Telecom SRL

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
406 B (406 bytes)
Hash
27880a414140ed58a24f6be662578da4
2482f82f79f79fc48bbec3a710845995542b333a
8270d3265e6084cd009b924979a1a297c9347827e4b54d2c3b6afc834efabb20

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	DHL Airways, Inc.

HTTP Headers

GET /ca.html HTTP/1.1
Host: www.osteopatie.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Thu, 12 Oct 2023 16:11:01 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type, Authorization
content-security-policy: upgrade-insecure-requests;
cross-origin-embedder-policy: unsafe-none; report-to='default'
cross-origin-embedder-policy-report-only: unsafe-none; report-to='default'
cross-origin-opener-policy: unsafe-none
cross-origin-opener-policy-report-only: unsafe-none; report-to='default'
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(self), encrypted-media=(), fullscreen=*, geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=*, picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), xr-spatial-tracking=(), gamepad=(), serial=()
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000
x-content-security-policy: default-src 'self'; img-src *; media-src * data:;
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: none
content-length: 406
content-type: text/html
date: Wed, 25 Oct 2023 23:19:34 GMT
server: Apache
X-Firefox-Spdy: h2

apply.wellsfargo.com/img/shared/static/status_indicator_alone.gif

95.101.10.186

4.2 kB

URL
apply.wellsfargo.com/img/shared/static/status_indicator_alone.gif
IP
95.101.10.186:0
ASN
#20940 Akamai International B.V.

File type
GIF image data, version 89a, 257 x 23\012- data
Size
4.2 kB (4161 bytes)
Hash
9880481b4ce408bf56400d0359600991
8e57012e58adcbdc3e1b84c7abbf704f05b91d1b
7b668be16bb8d9c0f50dfaa1cdd6d74bf53b9b1791fa46a2094b4ea275f246c5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /img/shared/static/status_indicator_alone.gif HTTP/1.1
Host: apply.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.osteopatie.eu/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
ETag: W/"4161-1416527415000"
Last-Modified: Thu, 20 Nov 2014 23:50:15 GMT
Content-Type: image/gif
Content-Length: 4161
Date: Wed, 25 Oct 2023 23:19:35 GMT
Connection: keep-alive
Set-Cookie: ISD_OSM_COOKIE=HIj78SdXRvJdQtL/a20X+9SL5rExSz8rP2KVlaHgixuQtU+F71UaVtEcjCl6wMF3ECVDA6JRwqUbhloAAAAB; path=/; HttpOnly; Secure; SameSite=None
DCID=WFbDp4+a0nAFLk%2fWaWW4zqS93KrXH%2fOCXcRlB5zoJqoNQdDvoKS+ZlLnvrDgiKkH; Domain=apply.wellsfargo.com; Path=/; Expires=Wed, 25 Oct 2023 23:34:35 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

www.osteopatie.eu/favicon.ico

188.241.222.252

1 B

URL
www.osteopatie.eu/favicon.ico
IP
188.241.222.252:0
ASN
#5606 GTS Telecom SRL

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
eccbc87e4b5ce2fe28308fd9f2a7baf3
77de68daecd823babbb58edb1c8e14d7106e83bb
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.osteopatie.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.osteopatie.eu/ca.html
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
x-powered-by: PHP/8.2.11
strict-transport-security: max-age=63072000
link: <https://www.osteopatie.eu/wp-json/>; rel="https://api.w.org/"
x-redirect-by: WordPress
location: https://www.osteopatie.eu/wp-content/uploads/2023/09/cropped-cropped-cropped-2-removebg-preview-65x65.png
vary: Accept-Encoding
content-encoding: br
access-control-allow-methods: GET,POST, GET,POST
access-control-allow-headers: Content-Type, Authorization, Content-Type, Authorization
content-security-policy: upgrade-insecure-requests;, upgrade-insecure-requests;
cross-origin-embedder-policy: unsafe-none; report-to='default', unsafe-none; report-to='default'
cross-origin-embedder-policy-report-only: unsafe-none; report-to='default', unsafe-none; report-to='default'
cross-origin-opener-policy: unsafe-none, unsafe-none
cross-origin-opener-policy-report-only: unsafe-none; report-to='default', unsafe-none; report-to='default'
cross-origin-resource-policy: cross-origin, cross-origin
permissions-policy: accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(self), encrypted-media=(), fullscreen=*, geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=*, picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), xr-spatial-tracking=(), gamepad=(), serial=(), accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(self), encrypted-media=(), fullscreen=*, geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=*, picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), xr-spatial-tracking=(), gamepad=(), serial=()
referrer-policy: strict-origin-when-cross-origin, strict-origin-when-cross-origin
x-content-security-policy: default-src 'self'; img-src *; media-src * data:;, default-src 'self'; img-src *; media-src * data:;
x-content-type-options: nosniff, nosniff
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-xss-protection: 1; mode=block, 1; mode=block
x-permitted-cross-domain-policies: none, none
content-length: 1
content-type: text/html; charset=UTF-8
date: Wed, 25 Oct 2023 23:19:35 GMT
server: Apache
X-Firefox-Spdy: h2

www.osteopatie.eu/wp-content/uploads/2023/09/cropped-cropped-cropped-2-removebg-preview-65x65.png

188.241.222.252

9.0 kB

URL
www.osteopatie.eu/wp-content/uploads/2023/09/cropped-cropped-cropped-2-removebg-preview-65x65.png
IP
188.241.222.252:0
ASN
#5606 GTS Telecom SRL

File type
PNG image data, 65 x 65, 8-bit/color RGBA, non-interlaced\012- data
Size
9.0 kB (8955 bytes)
Hash
425dca2b61fdd5c7d07639d8f5985d9e
73e43bd753d6ca0bb85fa54dbe4fcf532e8d60e6
2c50d075d2954799a86e834ce42a3ee285a70880b636f9c9b86ad0f726b26251

HTTP Headers

GET /wp-content/uploads/2023/09/cropped-cropped-cropped-2-removebg-preview-65x65.png HTTP/1.1
Host: www.osteopatie.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.osteopatie.eu/ca.html
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 26 Sep 2023 19:17:26 GMT
accept-ranges: bytes
content-length: 8955
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type, Authorization
content-security-policy: upgrade-insecure-requests;
cross-origin-embedder-policy: unsafe-none; report-to='default'
cross-origin-embedder-policy-report-only: unsafe-none; report-to='default'
cross-origin-opener-policy: unsafe-none
cross-origin-opener-policy-report-only: unsafe-none; report-to='default'
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(self), encrypted-media=(), fullscreen=*, geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=*, picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), xr-spatial-tracking=(), gamepad=(), serial=()
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000
x-content-security-policy: default-src 'self'; img-src *; media-src * data:;
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: none
content-type: image/png
date: Wed, 25 Oct 2023 23:19:36 GMT
server: Apache
X-Firefox-Spdy: h2

gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/

162.240.101.113

17 kB

URL User Request GET
gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/
IP
162.240.101.113:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (312)
Size
17 kB (16579 bytes)
Hash
a95d9762cb48079cb73242ebcaf7ce0d
fbdd8fbdb19ed35ae814e341c40b73b2c399a52d
17b4acf473d1579dd06d5f318d0117c9a2d1fbe717b5bd7f787927bdced440ea

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
OpenPhish	phishing	DHL Airways, Inc.

HTTP Headers

GET /info/web/omda/dhl/dhl/ HTTP/1.1
Host: gfw.ifs.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 25 Oct 2023 23:19:40 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/js/fa.js

162.240.101.113

200 OK

5.8 kB

URL GET HTTP/1.1
gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/js/fa.js
IP
162.240.101.113:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/

File type
ASCII text, with very long lines (5479)
Size
5.8 kB (5782 bytes)
Hash
a8e6a3dde655976cfaa1ae45d67d78de
59d0646c28ea61558c1266ba00002a84b20868d9
717360f1759b6925a3e40ea293d825b50fc17e8bf7e849de44d70769664bf696

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /info/web/omda/dhl/dhl/js/fa.js HTTP/1.1
Host: gfw.ifs.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 25 Oct 2023 23:19:41 GMT
Server: Apache
Last-Modified: Wed, 06 May 2020 05:11:16 GMT
Accept-Ranges: bytes
Content-Length: 5782
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/css/jquery-ui.min.css

162.240.101.113

200 OK

31 kB

URL GET HTTP/1.1
gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/css/jquery-ui.min.css
IP
162.240.101.113:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/

File type
ASCII text, with very long lines (29135)
Size
31 kB (30747 bytes)
Hash
526efc5bda13509abc232b60d6393c67
8905310c0b9451a6ef49bad9621cde475cc2a903
98502b6bc12503590f03e514c77e86d9114a6606e05d2e1f8e190f225eb340d1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /info/web/omda/dhl/dhl/css/jquery-ui.min.css HTTP/1.1
Host: gfw.ifs.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 25 Oct 2023 23:19:41 GMT
Server: Apache
Last-Modified: Wed, 06 May 2020 05:11:16 GMT
Accept-Ranges: bytes
Content-Length: 30747
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/css/style.css

162.240.101.113

200 OK

15 kB

URL GET HTTP/1.1
gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/css/style.css
IP
162.240.101.113:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/

File type
ASCII text, with CRLF line terminators
Size
15 kB (14861 bytes)
Hash
3492a87d991471040bec24a1aec718ba
0b67ff8a67ef89910e516d6742fae1ea2fab9084
ccaf195656c10a4631a39de1e3234a764190582d046dace30d7df7de4b81df3c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /info/web/omda/dhl/dhl/css/style.css HTTP/1.1
Host: gfw.ifs.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 25 Oct 2023 23:19:41 GMT
Server: Apache
Last-Modified: Wed, 06 May 2020 05:11:16 GMT
Accept-Ranges: bytes
Content-Length: 14861
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/css/roboto-font.css

162.240.101.113

200 OK

1.9 kB

URL GET HTTP/1.1
gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/css/roboto-font.css
IP
162.240.101.113:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/

File type
ASCII text
Size
1.9 kB (1935 bytes)
Hash
d9d474d2a989e2e7b1862a60b47c150f
79478c0c569ff3a56aefd281933caeb11fef5cde
8d8f587e17bdb515a6c8127a1c2523a2ddf211e134121c96dee4142c5ac39a10

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /info/web/omda/dhl/dhl/css/roboto-font.css HTTP/1.1
Host: gfw.ifs.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 25 Oct 2023 23:19:41 GMT
Server: Apache
Last-Modified: Wed, 06 May 2020 05:11:16 GMT
Accept-Ranges: bytes
Content-Length: 1935
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/js/jquery-3.3.1.min.js

162.240.101.113

200 OK

87 kB

URL GET HTTP/1.1
gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/js/jquery-3.3.1.min.js
IP
162.240.101.113:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/

File type
ASCII text, with very long lines (65450), with CRLF line terminators
Size
87 kB (86929 bytes)
Hash
378087a64e1394fc51f300bb9c11878c
0c3192b500a4fd550e483cf77a49806a5872185b
4fe68fa216176e6d1f4580e924bafecc9f519984ecc06b1a840a08b0d88c95de

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /info/web/omda/dhl/dhl/js/jquery-3.3.1.min.js HTTP/1.1
Host: gfw.ifs.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 25 Oct 2023 23:19:41 GMT
Server: Apache
Last-Modified: Wed, 06 May 2020 05:11:16 GMT
Accept-Ranges: bytes
Content-Length: 86929
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/js/jquery.steps.js

162.240.101.113

200 OK

55 kB

URL GET HTTP/1.1
gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/js/jquery.steps.js
IP
162.240.101.113:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/

File type
ASCII text, with CRLF line terminators
Size
55 kB (55379 bytes)
Hash
f90f52a6cf425581cd6d4d9030206b7d
c2108a6336dfa75271c155e026d86d4ed8149efb
1591281f92394d16d6cc50fd69c9ca67619cdff00f5447eecd9b6e2345c1afaa

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /info/web/omda/dhl/dhl/js/jquery.steps.js HTTP/1.1
Host: gfw.ifs.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 25 Oct 2023 23:19:41 GMT
Server: Apache
Last-Modified: Wed, 06 May 2020 05:11:16 GMT
Accept-Ranges: bytes
Content-Length: 55379
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/js/jquery-ui.min.js

162.240.101.113

200 OK

254 kB

URL GET HTTP/1.1
gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/js/jquery-ui.min.js
IP
162.240.101.113:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/

File type
ASCII text, with very long lines (33326)
Size
254 kB (253668 bytes)
Hash
d9770b4828d7480cd1f665c2c9363dbe
8ae1bdecefab956f66abd6c18f7de753e22c4704
35f185a2aacd3c120d77143582a9fede64aa4568dcc65a3137ff3a5a711de6a4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /info/web/omda/dhl/dhl/js/jquery-ui.min.js HTTP/1.1
Host: gfw.ifs.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 25 Oct 2023 23:19:41 GMT
Server: Apache
Last-Modified: Wed, 06 May 2020 05:11:16 GMT
Accept-Ranges: bytes
Content-Length: 253668
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/fonts/material-design-iconic-font/css/material-design-iconic-font.min.css

162.240.101.113

200 OK

71 kB

URL GET HTTP/1.1
gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/fonts/material-design-iconic-font/css/material-design-iconic-font.min.css
IP
162.240.101.113:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/

File type
ASCII text, with very long lines (65536), with no line terminators
Size
71 kB (70815 bytes)
Hash
e9365fe85b7e4db79a87015e52c3db6c
2e2b5eb6e08f0f3d11fe0ada97c962a23ba6a0d9
dec3e9f0190a504ed0c8f4a5e957c107206ba106cac4a1bbb6cbac6369a16d56

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /info/web/omda/dhl/dhl/fonts/material-design-iconic-font/css/material-design-iconic-font.min.css HTTP/1.1
Host: gfw.ifs.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 25 Oct 2023 23:19:41 GMT
Server: Apache
Last-Modified: Wed, 06 May 2020 05:11:16 GMT
Accept-Ranges: bytes
Content-Length: 70815
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/images/img.svg

162.240.101.113

200 OK

1.6 kB

URL GET HTTP/1.1
gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/images/img.svg
IP
162.240.101.113:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.6 kB (1603 bytes)
Hash
3fecc9db35d5d2a9e6e71ab4b02d22e5
628ba2f505b480097445aaf08649a08242bd6847
362bcaa42090e36611031bec6bdaa0600375ef847092cca195c58d3bae9b4419

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /info/web/omda/dhl/dhl/images/img.svg HTTP/1.1
Host: gfw.ifs.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 25 Oct 2023 23:19:41 GMT
Server: Apache
Last-Modified: Wed, 06 May 2020 05:11:16 GMT
Accept-Ranges: bytes
Content-Length: 1603
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml

gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/images/wizard_v3_icon_1.png

162.240.101.113

200 OK

4.6 kB

URL GET HTTP/1.1
gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/images/wizard_v3_icon_1.png
IP
162.240.101.113:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/

File type
PNG image data, 150 x 35, 8-bit/color RGBA, non-interlaced\012- data
Size
4.6 kB (4633 bytes)
Hash
9be5e19e6f7538afce632d82b855dd24
12dec760d83e8db9c2073d46512c1b76b7a4edc2
5abaa5a71c4481349f88fb44e395b25d99a953329d0d5fbb11880312f4752fec

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /info/web/omda/dhl/dhl/images/wizard_v3_icon_1.png HTTP/1.1
Host: gfw.ifs.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 25 Oct 2023 23:19:41 GMT
Server: Apache
Last-Modified: Wed, 06 May 2020 05:11:16 GMT
Accept-Ranges: bytes
Content-Length: 4633
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/images/wizard_v4_icon.png

162.240.101.113

200 OK

1.1 kB

URL GET HTTP/1.1
gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/images/wizard_v4_icon.png
IP
162.240.101.113:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/

File type
PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced\012- data
Size
1.1 kB (1131 bytes)
Hash
d3aab532241c4ae850bf45efa0047073
cfb509e3a77c0f8ab1a8083b7cd9754ac8b1a06e
4927e407f1f4b81dbc5d6269117fafdda60011698398015591dd10f33b779ffc

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /info/web/omda/dhl/dhl/images/wizard_v4_icon.png HTTP/1.1
Host: gfw.ifs.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/css/style.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 25 Oct 2023 23:19:41 GMT
Server: Apache
Last-Modified: Wed, 06 May 2020 05:11:16 GMT
Accept-Ranges: bytes
Content-Length: 1131
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/fonts/material-design-iconic-font/fonts/Material-Design-Iconic-Font.woff2?v=2.2.0

162.240.101.113

200 OK

38 kB

URL GET HTTP/1.1
gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/fonts/material-design-iconic-font/fonts/Material-Design-Iconic-Font.woff2?v=2.2.0
IP
162.240.101.113:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/

File type
Web Open Font Format (Version 2), TrueType, length 38384, version 1.0\012- data
Size
38 kB (38384 bytes)
Hash
a4d31128b633bc0b1cc1f18a34fb3851
6ee4c79372c3fd679706306ede47e4b03cf53d60
e8eea96e29a7c0a72612ab85ca3229979666467a28349642c2176e7189a1a39c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /info/web/omda/dhl/dhl/fonts/material-design-iconic-font/fonts/Material-Design-Iconic-Font.woff2?v=2.2.0 HTTP/1.1
Host: gfw.ifs.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/fonts/material-design-iconic-font/css/material-design-iconic-font.min.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 25 Oct 2023 23:19:41 GMT
Server: Apache
Last-Modified: Wed, 06 May 2020 05:11:16 GMT
Accept-Ranges: bytes
Content-Length: 38384
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/woff2

gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/fonts/Roboto/Roboto-Medium.ttf

162.240.101.113

200 OK

172 kB

URL GET HTTP/1.1
gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/fonts/Roboto/Roboto-Medium.ttf
IP
162.240.101.113:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/

File type
TrueType Font data, 18 tables, 1st "GDEF", 28 names, Macintosh, Copyright 2011 Google Inc. All Rights Reserved.Roboto MediumRegularVersion 2.137; 2017Roboto-Med\012- data
Size
172 kB (172064 bytes)
Hash
d08840599e05db7345652d3d417574a9
5f16f4d6dbb4a4f12d8ae96488ac209bb49762a5
f205cc511821ea56078a105557fcea6253129404d411c997e1866fbd006abb68

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /info/web/omda/dhl/dhl/fonts/Roboto/Roboto-Medium.ttf HTTP/1.1
Host: gfw.ifs.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/css/roboto-font.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 25 Oct 2023 23:19:41 GMT
Server: Apache
Last-Modified: Wed, 06 May 2020 05:11:16 GMT
Accept-Ranges: bytes
Content-Length: 172064
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/ttf

gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/fonts/Roboto/Roboto-Regular.ttf

162.240.101.113

200 OK

172 kB

URL GET HTTP/1.1
gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/fonts/Roboto/Roboto-Regular.ttf
IP
162.240.101.113:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/

File type
TrueType Font data, 18 tables, 1st "GDEF", 26 names, Macintosh, Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-RegularRob\012- data
Size
172 kB (171676 bytes)
Hash
3e1af3ef546b9e6ecef9f3ba197bf7d2
dd1b1db13ff1f72138c134c62f38fef83749f36a
79e851404657dac2106b3d22ad256d47824a9a5765458edb72c9102a45816d95

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /info/web/omda/dhl/dhl/fonts/Roboto/Roboto-Regular.ttf HTTP/1.1
Host: gfw.ifs.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/css/roboto-font.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 25 Oct 2023 23:19:41 GMT
Server: Apache
Last-Modified: Wed, 06 May 2020 05:11:16 GMT
Accept-Ranges: bytes
Content-Length: 171676
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/ttf

gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/fonts/Roboto/Roboto-Bold.ttf

162.240.101.113

200 OK

171 kB

URL GET HTTP/1.1
gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/fonts/Roboto/Roboto-Bold.ttf
IP
162.240.101.113:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/

File type
TrueType Font data, 18 tables, 1st "GDEF", 26 names, Macintosh, Copyright 2011 Google Inc. All Rights Reserved.RobotoBoldRoboto BoldVersion 2.137; 2017Roboto-Bo\012- data
Size
171 kB (170760 bytes)
Hash
ee7b96fa85d8fdb8c126409326ac2d2b
0ce37ced9c5fcac9bdc452a432c1258870ba4677
7d0b991ee3e0be7af01ad7ea8cd2beea6c00a25e679a0226b6737f079aafff86

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /info/web/omda/dhl/dhl/fonts/Roboto/Roboto-Bold.ttf HTTP/1.1
Host: gfw.ifs.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/css/roboto-font.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 25 Oct 2023 23:19:41 GMT
Server: Apache
Last-Modified: Wed, 06 May 2020 05:11:16 GMT
Accept-Ranges: bytes
Content-Length: 170760
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/ttf

gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/images/bg.jpg

162.240.101.113

200 OK

1.1 MB

URL GET HTTP/1.1
gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/images/bg.jpg
IP
162.240.101.113:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=9, description=Frankfurt/ Main, 31 October 2002 Deutsche Post World Net launches STAR - Group-wide value enhancement programme ## Frankfurt/, orientation=upper-left, xresolution=354, yresolution=362, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2008:06:26 16:37:43, copyright=Deutsche Post World Net], baseline, precision 8, 2880x2045, components 4\012- data
Size
1.1 MB (1052344 bytes)
Hash
5c2ac9314ae3c0259449424163081404
c879027f32270cfe72949d12f73f09de8ae87a5f
81295e3657ad03f98dafc8b01981859656dcf33a052bfe61183ad7072821acd8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /info/web/omda/dhl/dhl/images/bg.jpg HTTP/1.1
Host: gfw.ifs.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 25 Oct 2023 23:19:41 GMT
Server: Apache
Last-Modified: Wed, 06 May 2020 05:11:16 GMT
Accept-Ranges: bytes
Content-Length: 1052344
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/jpeg

kit-free.fontawesome.com/releases/latest/css/free-v4-shims.min.css

104.21.91.139

200 OK

176 kB

URL GET HTTP/2
kit-free.fontawesome.com/releases/latest/css/free-v4-shims.min.css
IP
104.21.91.139:443
ASN
#13335 CLOUDFLARENET

Requested by
http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/
Certificate
IssuerLet's Encrypt
Subjectkit-free.fontawesome.com
FingerprintA0:5C:CE:0F:B2:16:6D:7D:D7:2F:CC:92:4A:29:C9:D6:D2:AA:4D:BA
ValiditySat, 02 Sep 2023 06:15:13 GMT - Fri, 01 Dec 2023 06:15:12 GMT

File type
ASCII text, with very long lines (26500)
Size
176 kB (175660 bytes)
Hash
76f34b71fc9fb641507ff6a822cc07f5
73ed2f8f21cd40fb496e61306acbb5849d4dbff4
6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8

HTTP Headers

GET /releases/latest/css/free-v4-shims.min.css HTTP/1.1
Host: kit-free.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://gfw.ifs.mybluehost.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 25 Oct 2023 23:19:41 GMT
content-type: text/css
x-amz-id-2: w9B2VVv99cNJA2QhzpGs602nzGohspzuxu/Pup8Ig5WhvlduPYE2WtIfCcGNNyenCRfg75VdWJA=
x-amz-request-id: 9DPW153XYM03D7BX
last-modified: Wed, 04 Aug 2021 21:22:51 GMT
etag: W/"76f34b71fc9fb641507ff6a822cc07f5"
cache-control: max-age=1800
cf-cache-status: HIT
age: 1064
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CLdE6C88oLC0t0blN8pc0rw0M8%2B1Lulr%2B%2B0LL%2FcQ0%2F2cIWGweFWJOIpdQ9VMTdNFlE0HTOjF4E8IAQhxiJUDOgcrF5q7fAxIiQC%2B3Xxt1ZtVYIsx2XqGOhZfrqyn7iFqTS4oIYJQ2zO%2FjQo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81be2f95b86a568e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/images/favicon.ico

162.240.101.113

200 OK

1.2 kB

URL GET HTTP/1.1
gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/images/favicon.ico
IP
162.240.101.113:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
1.2 kB (1150 bytes)
Hash
d8106bf3a1d00ab43b01e6e3c92500eb
202b5e8654ab1b28351378293bca3b9d844cc29b
9ada5709e264c31b04a05bd85448a9bd5e91925e8d83df5cef0762ec97cc283e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /info/web/omda/dhl/dhl/images/favicon.ico HTTP/1.1
Host: gfw.ifs.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 25 Oct 2023 23:19:42 GMT
Server: Apache
Last-Modified: Wed, 06 May 2020 05:11:16 GMT
Accept-Ranges: bytes
Content-Length: 1150
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/x-icon

gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/fonts/Roboto/Roboto-Black.ttf

162.240.101.113

200 OK

172 kB

URL GET HTTP/1.1
gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/fonts/Roboto/Roboto-Black.ttf
IP
162.240.101.113:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/

File type
TrueType Font data, 18 tables, 1st "GDEF", 28 names, Macintosh, Copyright 2011 Google Inc. All Rights Reserved.Roboto BlackRegularVersion 2.137; 2017Roboto-Blac\012- data
Size
172 kB (171480 bytes)
Hash
ec4c9962ba54eb91787aa93d361c10a8
c572416b9587c40d49ea60c7128f7f17b9317ad8
3872e9b39760a1b59ac1e192633dbb3b58e595b4d423930ac7ded525e9ae25e0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /info/web/omda/dhl/dhl/fonts/Roboto/Roboto-Black.ttf HTTP/1.1
Host: gfw.ifs.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/css/roboto-font.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 25 Oct 2023 23:19:41 GMT
Server: Apache
Last-Modified: Wed, 06 May 2020 05:11:16 GMT
Accept-Ranges: bytes
Content-Length: 171480
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/ttf

kit-free.fontawesome.com/releases/latest/css/free-v4-font-face.min.css

104.21.91.139

200 OK

3.0 kB

URL GET HTTP/3
kit-free.fontawesome.com/releases/latest/css/free-v4-font-face.min.css
IP
104.21.91.139:443
ASN
#13335 CLOUDFLARENET

Requested by
http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/
Certificate
IssuerLet's Encrypt
Subjectkit-free.fontawesome.com
FingerprintA0:5C:CE:0F:B2:16:6D:7D:D7:2F:CC:92:4A:29:C9:D6:D2:AA:4D:BA
ValiditySat, 02 Sep 2023 06:15:13 GMT - Fri, 01 Dec 2023 06:15:12 GMT

File type
ASCII text, with very long lines (3007), with no line terminators
Size
3.0 kB (2956 bytes)
Hash
164aeedbf1c90c5467de5320f9f2d89e
63fdf9f59785c7b84dc82523cc76d81773e9c60b
676748e7bec72f0310e785f353d6b9e33305b577b57a08c57f98d1ce9e77ed25

HTTP Headers

GET /releases/latest/css/free-v4-font-face.min.css HTTP/1.1
Host: kit-free.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://gfw.ifs.mybluehost.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 25 Oct 2023 23:19:41 GMT
content-type: text/css
x-amz-id-2: DIlQTfEeEQmYXomh5e2uJvcjb1Dz0QR05djtSYcqb3+uWxFP2JPbNze0nk+QktzP04wIlEcUKk0=
x-amz-request-id: 1JT1ED578Z028JDJ
last-modified: Wed, 04 Aug 2021 21:22:51 GMT
etag: W/"f2e0b2680d9b0bcb6e0039c4424e5a59"
cache-control: max-age=1800
cf-cache-status: HIT
age: 1064
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w7eu3AxmAc6h7PpHwYqEQ97gfaGjlE9zB4jDiKMhTbp84fhNUYGETFQZ3YiMq25LiFrtGFw%2BPK9ozMFt8flhjT%2BKyjb2pEbHhHA%2B8Q9VJpSnY6T06z4NvSgjTBg6a9gLlzBpQ1%2BtJCWCENw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81be2f968d82b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

kit-free.fontawesome.com/releases/latest/css/free.min.css

104.21.91.139

200 OK

60 kB

URL GET HTTP/3
kit-free.fontawesome.com/releases/latest/css/free.min.css
IP
104.21.91.139:443
ASN
#13335 CLOUDFLARENET

Requested by
http://gfw.ifs.mybluehost.me/info/web/omda/dhl/dhl/
Certificate
IssuerLet's Encrypt
Subjectkit-free.fontawesome.com
FingerprintA0:5C:CE:0F:B2:16:6D:7D:D7:2F:CC:92:4A:29:C9:D6:D2:AA:4D:BA
ValiditySat, 02 Sep 2023 06:15:13 GMT - Fri, 01 Dec 2023 06:15:12 GMT

File type
ASCII text, with very long lines (60130)
Size
60 kB (60312 bytes)
Hash
a12ec7ebe75a4d59a5dd6b79e2ba2e16
28f5dcc595ee6d4163481ef64170180502c8629b
fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda

HTTP Headers

GET /releases/latest/css/free.min.css HTTP/1.1
Host: kit-free.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://gfw.ifs.mybluehost.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 25 Oct 2023 23:19:41 GMT
content-type: text/css
x-amz-id-2: nl+7k5oyt+Rf4rIOq9kmQK2MlrYYcJWsDIgI4SWVhIvetwA8BzImJuqi20Mvq/cHLJdRDf1bjIg=
x-amz-request-id: F2K9DDWSW12EBF8G
last-modified: Wed, 04 Aug 2021 21:22:50 GMT
etag: W/"a12ec7ebe75a4d59a5dd6b79e2ba2e16"
cache-control: max-age=1800
cf-cache-status: HIT
age: 1090
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lRYGHT7cyPVt3czk0X5%2By8FfSf7AIrusNFgAe63lqI%2F%2BgFg3kaGZimZR1i6zijr7CKVgN%2FD0RKuDMDKeTdpxlDFzdZzpK7FuX0yw9P%2FMnwc5oCD0co%2FeUcHKdDmyKRREnumjcXWc8oqhvVs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81be2f968d81b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (26)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers