{"report_id":"8f1f6e6f-b5d2-4a43-80be-6bd9ab998826","version":0,"status":"done","tags":["dhl","logistics","phishing"],"date":"2026-06-26T12:28:20Z","url":{"schema":"http","addr":"talksurrey.org.uk/bin/y746z.php","fqdn":"talksurrey.org.uk","domain":"talksurrey.org.uk","tld":"org.uk"},"ip":{"addr":"213.246.110.112","port":0,"asn":8622,"as":"Team Blue Internet Services Uk Limited","country":"United Kingdom","country_code":"GB"},"final":{"url":{"schema":"https","addr":"full.completesetup.top/1/DHL/track/track.php","fqdn":"full.completesetup.top","domain":"completesetup.top","tld":"top"},"title":"DHL","dom":{"size":3066,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"4ccfb7fb7f4d1ed324a79d8126ac113c","sha1":"3f52cc03d5703860bd74b9fda817c0dc8c566131","sha256":"0350fdbc03af484fc3cb5b2ec6982c8c9b552628fe5f668626550d4831dc9e1b","sha512":"5976e11ec7080da012a0f3f4c6dfac3404a903970632fe6fb4a797ebf3092110280c0e14425313e7ed0b2b8311b66fef50287815b1c8f1c0f0328b38161372fe","ssdeep":"","tlshash":"1751cc2595f240bb007280c6a9a75e1f2ed0aa37d2f7491472af8bd50feed96fc03614","dom_hash":"domhash756170dcc62d4224c3db81c5a55db4c6","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"talksurrey.org.uk/bin/y746z.php","fqdn":"talksurrey.org.uk","domain":"talksurrey.org.uk","tld":"org.uk"},"ip":{"addr":"213.246.110.112","port":0,"asn":8622,"as":"Team Blue Internet Services Uk Limited","country":"United Kingdom","country_code":"GB"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-31T12:28:20Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-26","alert":"Phishing Block","trigger":"full.completesetup.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-26","alert":"Sinkholed","trigger":"full.completesetup.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-26","alert":"Sinkholed","trigger":"full.completesetup.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]},"summary":[{"fqdn":"talksurrey.org.uk","ip":{"addr":"213.246.110.112","port":80,"asn":8622,"as":"Team Blue Internet Services Uk Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2004-09-01","domain_rank":0,"first_seen":"2026-06-26T12:24:59.938674Z","last_seen":"2026-06-26T12:24:59.938674Z","alert_count":0,"request_count":2,"received_data":352,"sent_data":914,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:8.0.30","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"ipwho.is","ip":{"addr":"104.20.44.133","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-01-29","domain_rank":18239,"first_seen":"2020-06-08T11:52:47Z","last_seen":"2026-06-22T07:27:01.730662Z","alert_count":0,"request_count":1,"received_data":1181,"sent_data":465,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"full.completesetup.top","ip":{"addr":"185.216.143.19","port":443,"asn":57717,"as":"FiberXpress BV","country":"The Netherlands","country_code":"NL"},"domain_registered":"2026-05-21","domain_rank":0,"first_seen":"2026-06-25T07:37:01.892126Z","last_seen":"2026-06-25T07:37:01.892126Z","alert_count":36,"request_count":9,"received_data":399423,"sent_data":5140,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery:3.7.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2026-06-21T22:41:40.060069Z","alert_count":0,"request_count":1,"received_data":88502,"sent_data":494,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"discord.com","ip":{"addr":"162.159.138.232","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2000-11-06","domain_rank":220,"first_seen":"2013-06-04T18:47:24Z","last_seen":"2026-06-20T12:43:44.860656Z","alert_count":0,"request_count":1,"received_data":2349,"sent_data":656,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"http","addr":"talksurrey.org.uk/bin/y746z.php","fqdn":"talksurrey.org.uk","domain":"talksurrey.org.uk","tld":"org.uk"},"ip":{"addr":"213.246.110.112","port":80,"asn":8622,"as":"Team Blue Internet Services Uk Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"609ab11c1fb4c358d3a03a8a7c0c35ae","sha1":"754afb05b55ab3ae11400bd48e1ee8fc6978ad01","sha256":"86ee5b7997af1457d7cb4ed602c68ddb521b25446c67ccd60c2e9771b6daba89","sha512":"070cb64a0c293427311906b09ffb58ad7bc9a9520ebd6aa538fd71f1764d634733da1092fe3a3cf07fbdd422afcf4f83d508adf0fe8cfd3b55410ebae229bc8a","ssdeep":"","tlshash":"529002e36d02a4961382014a815b740a495792995b44d08184b55814134871d47d9184","size":54,"data":"","first_seen":"2026-06-26T12:28:22.191778Z","last_seen":"2026-06-27T01:07:04.001701Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"full.completesetup.top/1/DHL/track/res/cdn/jq.js","fqdn":"full.completesetup.top","domain":"completesetup.top","tld":"top"},"ip":{"addr":"185.216.143.19","port":443,"asn":57717,"as":"FiberXpress BV","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"ccf212eddc3506318c557182e8297ac6","sha1":"83cbb4c131ec92ddb4b4ac004a692ab5de57e22b","sha256":"7f8c83527958acc94204177932f4af82490579bc49a8410feda8fba5e8947815","sha512":"87ebad74c1e2b547c989593bf3cfa0c5ed905c10d0a599b7251ab948a2be061fbb076c623ff4135bc50a9e562d07619910213f1fe037548942962a59eadb1763","ssdeep":"6144:VpkhNVlJ+TC1lFhTzeKpTcYmD2zK8U1Js3Px+WK+N7TFyygRWL/IaLgeNTIPfgy8:kjTcYmD4I4Px+WK+N7TFyjeTiPf7Aqqt","tlshash":"1284f8d8f78d212e433231aa982f11ceb77dd175550444aafd4d987c28a482d83bbf7a","size":386150,"data":"","first_seen":"2025-01-29T01:32:25.483201Z","last_seen":"2026-06-29T15:35:44.916418Z","times_seen":755,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"full.completesetup.top/1/DHL/track/res/jquery.js","fqdn":"full.completesetup.top","domain":"completesetup.top","tld":"top"},"ip":{"addr":"185.216.143.19","port":443,"asn":57717,"as":"FiberXpress BV","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"b2770eb096f4c95f164ea088fb23f631","sha1":"5edfa7ffd72319bad13ab6eca963c680189b1e86","sha256":"8794d44dec037635f7f47bc4072da8c2f00a4252565565811cf8c90ccf3535f4","sha512":"b49f709701f20cafce58428b83ed47778b318ae58f6d4444f858d241f6b0a73464f4ead2c0ae8d86c5f89d852b219968fffcf594edc0d3ec70ee93affa332b94","ssdeep":"","tlshash":"29f09ebf7548a503095badbd5419688d6be6c1239f8d8881d13d5efb8ea4e2a0702c88","size":514,"data":"","first_seen":"2026-03-24T02:02:20.02584Z","last_seen":"2026-06-27T01:07:03.994633Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2c872dbe60f4ba70fb85356113d8b35e","sha1":"ee48592d1fff952fcf06ce0b666ed4785493afdc","sha256":"fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a","sha512":"bf6089ed4698cb8270a8b0c8ad9508ff886a7a842278e98064d5c1790ca3a36d5d69d9f047ef196882554fc104da2c88eb5395f1ee8cf0f3f6ff8869408350fe","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKr:sHNwcv9VBQpLl88SMBQ47GKr","tlshash":"3983f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","size":87533,"data":"","first_seen":"2023-08-31T16:03:19Z","last_seen":"2026-06-29T16:11:57.295505Z","times_seen":174916,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"full.completesetup.top/1/DHL/track/track.php","fqdn":"full.completesetup.top","domain":"completesetup.top","tld":"top"},"ip":{"addr":"185.216.143.19","port":443,"asn":57717,"as":"FiberXpress BV","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"96be3b14beeecb14497cd4857359b07b","sha1":"152d858267269cb2e74ff2c7483df5cca86bde8b","sha256":"ca7b4968cd269724b457646e5743dd73fea37503632cc8b4e321cc344fe5e83b","sha512":"03b2eb24fb7edd7339cfa7fcbdab53109460648a678445b5c525ffc9ca72f1350fbff0c59ffa24965b049221b2ae35500baafc691e39d849c4bd13e2e7ae0e9b","ssdeep":"","tlshash":"b4e0ab6eb8e0010a133330202d0744197477352756fad80e344d4a941f1c735b002b5a","size":436,"data":"","first_seen":"2026-06-14T13:59:34.844898Z","last_seen":"2026-06-27T01:07:04.000031Z","times_seen":22,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":[{"level":"error","text":"IP fetch failed:can't access property \"symbol\", data.currency is undefined","filename":"https://full.completesetup.top/1/DHL/track/track.php","line_number":120,"column_number":29}]},"http":[{"url":{"schema":"https","addr":"full.completesetup.top/1/DHL/track/res/jquery.js","fqdn":"full.completesetup.top","domain":"completesetup.top","tld":"top"},"ip":{"addr":"185.216.143.19","port":443,"asn":57717,"as":"FiberXpress BV","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://full.completesetup.top/1/DHL/track/track.php","date":"2026-06-26T12:28:01.440Z","timestamp":1782476881440,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"full.completesetup.top","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Jun 2026 21:22:43 GMT","end":"Thu, 03 Sep 2026 21:22:42 GMT"},"fingerprint":{"sha1":"49:53:27:A8:60:A3:8E:DF:81:74:DE:F2:A4:0B:84:66:8A:07:CB:14","sha256":"A4:46:23:69:CE:51:01:5B:C3:79:71:1C:27:1B:F2:5C:5C:5F:24:83:F0:A8:AD:8B:1A:19:62:D6:FA:C2:3B:11"}}},"request":{"raw":"GET /1/DHL/track/res/jquery.js HTTP/1.1\r\nHost: full.completesetup.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://full.completesetup.top/1/DHL/track/track.php\r\nCookie: token=6691947931%3AAAEM5qA_kEUeiXLp2XzJBmwud_sCcTIm5No\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: text/javascript\r\nlast-modified: Tue, 03 Feb 2026 11:48:39 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 319\r\ndate: Fri, 26 Jun 2026 12:28:01 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":514,"size_decoded":575,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (470)","md5":"b2770eb096f4c95f164ea088fb23f631","sha1":"5edfa7ffd72319bad13ab6eca963c680189b1e86","sha256":"8794d44dec037635f7f47bc4072da8c2f00a4252565565811cf8c90ccf3535f4","sha512":"b49f709701f20cafce58428b83ed47778b318ae58f6d4444f858d241f6b0a73464f4ead2c0ae8d86c5f89d852b219968fffcf594edc0d3ec70ee93affa332b94","ssdeep":"","tlshash":"29f09ebf7548a503095badbd5419688d6be6c1239f8d8881d13d5efb8ea4e2a0702c88","first_seen":"2026-03-24T02:02:20.02584Z","last_seen":"2026-06-27T01:07:03.994633Z","times_seen":6,"resource_available":true,"data":null}},"time_used":88,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":88,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-26","alert":"Phishing Block","trigger":"full.completesetup.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-26","alert":"Sinkholed","trigger":"full.completesetup.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-26","alert":"Sinkholed","trigger":"full.completesetup.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://full.completesetup.top/1/DHL/track/track.php","date":"2026-06-26T12:28:01.443Z","timestamp":1782476881443,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 12 May 2026 03:46:57 GMT","end":"Mon, 10 Aug 2026 04:46:42 GMT"},"fingerprint":{"sha1":"95:12:1E:0A:F6:69:8B:FC:A0:08:DA:67:1A:A4:D1:9D:87:F5:E9:07","sha256":"F3:4A:39:63:C7:6A:CE:66:1A:B4:62:2C:E9:92:82:9A:81:78:1B:CC:3F:D5:2D:0A:6D:D6:89:D9:F6:66:7B:BC"}}},"request":{"raw":"GET /ajax/libs/jquery/3.7.1/jquery.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://full.completesetup.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Fri, 26 Jun 2026 12:28:01 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\nlast-modified: Tue, 29 Aug 2023 04:36:11 GMT\r\nvary: Accept-Encoding\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/r2\r\nx-cdnjs-cache: HIT\r\ncf-cache-status: HIT\r\nage: 7390\r\nexpires: Wed, 16 Jun 2027 12:28:01 GMT\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KIdK0o0VXoNXA3vraMd45%2Fr6DRhpQm8ZKl%2BRqbU21jdSU4VpiI9pmAZscx5u3fWKdSKfp%2Fn8Nq1qap1MXw4Tb9p3gqa%2FepyLcxPc2Yrp%2BKPH51%2FnEFL2uZQIc%2Bg9d092H5V1Ydb5\"}]}\r\ncf-ray: a11c359d2c8549c5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":87533,"size_decoded":28415,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"2c872dbe60f4ba70fb85356113d8b35e","sha1":"ee48592d1fff952fcf06ce0b666ed4785493afdc","sha256":"fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a","sha512":"bf6089ed4698cb8270a8b0c8ad9508ff886a7a842278e98064d5c1790ca3a36d5d69d9f047ef196882554fc104da2c88eb5395f1ee8cf0f3f6ff8869408350fe","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKr:sHNwcv9VBQpLl88SMBQ47GKr","tlshash":"3983f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","first_seen":"2023-08-31T16:03:19Z","last_seen":"2026-06-29T16:11:57.295505Z","times_seen":174916,"resource_available":true,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":2,"connect":1,"send":0,"wait":14,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"full.completesetup.top/1/DHL/track/index.php","fqdn":"full.completesetup.top","domain":"completesetup.top","tld":"top"},"ip":{"addr":"185.216.143.19","port":443,"asn":57717,"as":"FiberXpress BV","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-26T12:28:01.057Z","timestamp":1782476881057,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"full.completesetup.top","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Jun 2026 21:22:43 GMT","end":"Thu, 03 Sep 2026 21:22:42 GMT"},"fingerprint":{"sha1":"49:53:27:A8:60:A3:8E:DF:81:74:DE:F2:A4:0B:84:66:8A:07:CB:14","sha256":"A4:46:23:69:CE:51:01:5B:C3:79:71:1C:27:1B:F2:5C:5C:5F:24:83:F0:A8:AD:8B:1A:19:62:D6:FA:C2:3B:11"}}},"request":{"raw":"GET /1/DHL/track/index.php HTTP/1.1\r\nHost: full.completesetup.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://talksurrey.org.uk/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 \r\nlocation: track.php\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 0\r\ndate: Fri, 26 Jun 2026 12:28:01 GMT\r\nserver: LiteSpeed\r\ncache-control: no-cache, no-store, must-revalidate, max-age=0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-29T16:32:13.373409Z","times_seen":16830189,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-26","alert":"Phishing Block","trigger":"full.completesetup.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-26","alert":"Sinkholed","trigger":"full.completesetup.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-26","alert":"Sinkholed","trigger":"full.completesetup.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"full.completesetup.top/1/DHL/track/res/logo.png","fqdn":"full.completesetup.top","domain":"completesetup.top","tld":"top"},"ip":{"addr":"185.216.143.19","port":443,"asn":57717,"as":"FiberXpress BV","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://full.completesetup.top/1/DHL/track/track.php","date":"2026-06-26T12:28:01.445Z","timestamp":1782476881445,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"full.completesetup.top","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Jun 2026 21:22:43 GMT","end":"Thu, 03 Sep 2026 21:22:42 GMT"},"fingerprint":{"sha1":"49:53:27:A8:60:A3:8E:DF:81:74:DE:F2:A4:0B:84:66:8A:07:CB:14","sha256":"A4:46:23:69:CE:51:01:5B:C3:79:71:1C:27:1B:F2:5C:5C:5F:24:83:F0:A8:AD:8B:1A:19:62:D6:FA:C2:3B:11"}}},"request":{"raw":"GET /1/DHL/track/res/logo.png HTTP/1.1\r\nHost: full.completesetup.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://full.completesetup.top/1/DHL/track/track.php\r\nCookie: token=6691947931%3AAAEM5qA_kEUeiXLp2XzJBmwud_sCcTIm5No\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncache-control: public, max-age=604800\r\nexpires: Fri, 03 Jul 2026 12:28:01 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 03 Feb 2026 11:42:55 GMT\r\naccept-ranges: bytes\r\ncontent-length: 1998\r\ndate: Fri, 26 Jun 2026 12:28:01 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1998,"size_decoded":2283,"mime_type":"image/png","magic":"PNG image data, 214 x 20, 8-bit/color RGBA, non-interlaced","md5":"5d14ab93691604e826e1319d53599eb9","sha1":"78724360e9d25da584445b851e37bca05abe6b85","sha256":"3f0c62b5ccdcdbf3b3ae3885f1e6959e2d937eba9b29dea9a6bdb98788041756","sha512":"dc91304849c5d9b54124ce5a0fa47c9d0bffb35090479fafb4dcd7cff9b75d0467a3aa3d7837d1e1ef418f3f961dc9d31d65387c701646febb792f1ab2ededaa","ssdeep":"","tlshash":"64410ce64550006945b6e5453834e191ee79d4608f5f29b0562658b44d6c317b0ddbf1","first_seen":"2023-04-09T22:53:28Z","last_seen":"2026-06-27T01:07:03.997774Z","times_seen":9348,"resource_available":false,"data":null}},"time_used":82,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":82,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-26","alert":"Phishing Block","trigger":"full.completesetup.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-26","alert":"Sinkholed","trigger":"full.completesetup.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-26","alert":"Sinkholed","trigger":"full.completesetup.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"discord.com/api/webhooks/1443385775675932673/F_uLNHVswMuo59Bpnv24ZH3jZo2eZ13S0ueTlazOduUB45z-l8cTZhKP_kfwAb63U99C","fqdn":"discord.com","domain":"discord.com","tld":"com"},"ip":{"addr":"162.159.138.232","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://full.completesetup.top/1/DHL/track/track.php","date":"2026-06-26T12:28:01.584Z","timestamp":1782476881584,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"discord.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 02 May 2026 17:21:54 GMT","end":"Fri, 31 Jul 2026 18:21:43 GMT"},"fingerprint":{"sha1":"33:E9:40:5A:E9:54:CE:24:C3:C8:64:B0:1E:38:A7:80:CA:8B:75:E8","sha256":"7A:99:3B:08:1D:0F:A2:9C:6D:A5:95:32:CE:BE:5B:20:06:73:1A:D4:76:BD:57:95:FA:63:41:B6:70:16:B8:19"}}},"request":{"raw":"OPTIONS /api/webhooks/1443385775675932673/F_uLNHVswMuo59Bpnv24ZH3jZo2eZ13S0ueTlazOduUB45z-l8cTZhKP_kfwAb63U99C HTTP/1.1\r\nHost: discord.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://full.completesetup.top/\r\nOrigin: https://full.completesetup.top\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 \r\ndate: Fri, 26 Jun 2026 12:28:01 GMT\r\ncontent-type: text/html; charset=utf-8\r\nserver: cloudflare\r\nallow: DELETE, GET, PATCH, HEAD, POST, OPTIONS\r\naccess-control-allow-origin: https://full.completesetup.top\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: POST, GET, PUT, PATCH, DELETE\r\naccess-control-allow-headers: Content-Type, Authorization, X-Audit-Log-Reason, X-Track, X-Super-Properties, X-Context-Properties, X-Failed-Requests, X-Fingerprint, X-RPC-Proxy, X-Discord-Locale, X-Discord-Original-MD5, X-Discord-Timezone, X-Debug-Options, x-client-trace-id, If-None-Match, X-Captcha-Key, X-Captcha-Rqtoken, X-Captcha-Session-Id, X-Discord-Resource-Optimization-Level, x-science-test, X-Discord-MFA-Authorization, Range, X-RateLimit-Precision, X-Discord-Features, X-Installation-Id\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-discord-features: webhooks\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: DYNAMIC\r\nset-cookie: __dcfduid=790842b4715a11f1bbe4a9453793de81; Expires=Wed, 25-Jun-2031 12:28:01 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax\n__sdcfduid=790842b4715a11f1bbe4a9453793de81b3f22c418d7d4b8a4e924d98442126295e62a6ba4a33cc88637e2dcef148780c; Expires=Wed, 25-Jun-2031 12:28:01 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax\n_cfuvid=XG2VG.vl0py9Zi8qVz0_ftZ_S07OVawv1x_X10b3iEo-1782476881.598896-1.0.1.1-4lSbVvAGJDSM4VoBxWe4WzqSo8v8vTuS4iyW9HYDiVk; HttpOnly; SameSite=None; Secure; Path=/; Domain=discord.com\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=npUKuveSL8ulw%2BIaPdp%2F9YOFaR1%2F4rY3JlzKS7BiuG6kUgd532wEQULXTGxB16ITBKEoJd5p6FfIjwAtmUbmqDW3gCYFbYtVd4chVI1ofOfcU%2Bz4zcfI2J9Z8NLl\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreporting-endpoints: csp-sentry=\"https://o64374.ingest.sentry.io/api/5441894/security/?sentry_key=8fbbce30bf5244ec9429546beef21870\u0026sentry_environment=stable\"\r\ncontent-security-policy: frame-ancestors 'none'; default-src https://o64374.ingest.sentry.io; report-to csp-sentry; report-uri https://o64374.ingest.sentry.io/api/5441894/security/?sentry_key=8fbbce30bf5244ec9429546beef21870\u0026sentry_environment=stable\r\ncf-ray: a11c359df86123eb-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":2349,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-29T16:32:13.373409Z","times_seen":16830189,"resource_available":true,"data":null}},"time_used":159,"timings":{"blocked":0,"dns":3,"connect":1,"send":0,"wait":145,"receive":0,"ssl":9},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"talksurrey.org.uk/bin/y746z.php","fqdn":"talksurrey.org.uk","domain":"talksurrey.org.uk","tld":"org.uk"},"ip":{"addr":"213.246.110.112","port":80,"asn":8622,"as":"Team Blue Internet Services Uk Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-26T12:27:59.875Z","timestamp":1782476879875,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /bin/y746z.php HTTP/1.1\r\nHost: talksurrey.org.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 26 Jun 2026 12:27:59 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Content-Type-Options: nosniff\r\nX-Powered-By: PHP/8.0.30, PleskLin\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:8.0.30","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":73,"size_decoded":367,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with no line terminators","md5":"04802fef4073674c2ab336db39378956","sha1":"6d1f2fcda147a9f0be7edeb3ff1c5bccb7680ef5","sha256":"4995289c20f7917e6bbbd0a1f2f3eeed1a165c6788e22a1db7c2c6a0dfc9d74a","sha512":"6f65a2d6effd16585ab3ad3e85ed2876730d06fd66c8b64e10d734a89a7c1436da734838438632261adaa271a645f31a6728cb91aab7683f2f146c26e106027b","ssdeep":"","tlshash":"e6a002e37d03e4a61382024e857bf40e5a57a2999b44e08288f55815134879d4fd9588","first_seen":"2026-06-26T12:28:22.180725Z","last_seen":"2026-06-26T12:28:22.180725Z","times_seen":1,"resource_available":true,"data":null}},"time_used":53,"timings":{"blocked":-1,"dns":4,"connect":24,"send":0,"wait":25,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"full.completesetup.top/1/DHL/track/track.php","fqdn":"full.completesetup.top","domain":"completesetup.top","tld":"top"},"ip":{"addr":"185.216.143.19","port":443,"asn":57717,"as":"FiberXpress BV","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-26T12:28:01.094Z","timestamp":1782476881094,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"full.completesetup.top","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Jun 2026 21:22:43 GMT","end":"Thu, 03 Sep 2026 21:22:42 GMT"},"fingerprint":{"sha1":"49:53:27:A8:60:A3:8E:DF:81:74:DE:F2:A4:0B:84:66:8A:07:CB:14","sha256":"A4:46:23:69:CE:51:01:5B:C3:79:71:1C:27:1B:F2:5C:5C:5F:24:83:F0:A8:AD:8B:1A:19:62:D6:FA:C2:3B:11"}}},"request":{"raw":"GET /1/DHL/track/track.php HTTP/1.1\r\nHost: full.completesetup.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: http://talksurrey.org.uk/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nset-cookie: token=6691947931%3AAAEM5qA_kEUeiXLp2XzJBmwud_sCcTIm5No; path=/; SameSite=Lax; secure\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 1051\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Fri, 26 Jun 2026 12:28:01 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"jQuery:3.7.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":3068,"size_decoded":1347,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"9e357e1d0c67955c56242eae2a70e50e","sha1":"24b340988456de8eb6afa69da9143419cd886c97","sha256":"ca184284c338e5e6db4270460eb476dde768a9edd7ce38ccf2d0bf216a48b035","sha512":"fbe10307be348162e79883e729080e84b954234f1175e6e3a94f2d87b993677760d32180ec2f50ab4ceab7e4a89ef8136a87391e5cfb0ca4c08f731c90f3be81","ssdeep":"","tlshash":"f851db2555f240bb007280c6a9a71e1f2ed0aa37d2f7491472af8bd50feed96fc03214","first_seen":"2026-06-26T12:28:22.183383Z","last_seen":"2026-06-26T13:47:15.436065Z","times_seen":3,"resource_available":true,"data":null}},"time_used":82,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":82,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-26","alert":"Sinkholed","trigger":"full.completesetup.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-26","alert":"Sinkholed","trigger":"full.completesetup.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-26","alert":"Phishing Block","trigger":"full.completesetup.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"full.completesetup.top/1/DHL/track/res/app.css","fqdn":"full.completesetup.top","domain":"completesetup.top","tld":"top"},"ip":{"addr":"185.216.143.19","port":443,"asn":57717,"as":"FiberXpress BV","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://full.completesetup.top/1/DHL/track/track.php","date":"2026-06-26T12:28:01.436Z","timestamp":1782476881436,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"full.completesetup.top","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Jun 2026 21:22:43 GMT","end":"Thu, 03 Sep 2026 21:22:42 GMT"},"fingerprint":{"sha1":"49:53:27:A8:60:A3:8E:DF:81:74:DE:F2:A4:0B:84:66:8A:07:CB:14","sha256":"A4:46:23:69:CE:51:01:5B:C3:79:71:1C:27:1B:F2:5C:5C:5F:24:83:F0:A8:AD:8B:1A:19:62:D6:FA:C2:3B:11"}}},"request":{"raw":"GET /1/DHL/track/res/app.css HTTP/1.1\r\nHost: full.completesetup.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://full.completesetup.top/1/DHL/track/track.php\r\nCookie: token=6691947931%3AAAEM5qA_kEUeiXLp2XzJBmwud_sCcTIm5No\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncache-control: public, max-age=604800\r\nexpires: Fri, 03 Jul 2026 12:28:01 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 03 Feb 2026 11:42:55 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 684\r\ndate: Fri, 26 Jun 2026 12:28:01 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2470,"size_decoded":1012,"mime_type":"text/css","magic":"assembler source, ASCII text, with CRLF line terminators","md5":"5de1bb1ab743ba4ec1f945070c8cbd7c","sha1":"967fecf4b8d87da1d2d105c058e7c07b62f25ec7","sha256":"ec629dca7cdaa7428316c05b90c2177662d552febc12cc54e973286791211de3","sha512":"73fdf511adc5c394548533367438b0576d80547f379ee263d7d4adbfcf7d8d3fff806eb36b63d5ba951ac6c5b9effcf13f0c9779c6df82db0d67752a4d84f527","ssdeep":"","tlshash":"b8519a9dda522506a277dd04eba1028dfe88041b8f0b9276bfd8e258cff5179c650f8c","first_seen":"2025-10-12T20:40:35.026286Z","last_seen":"2026-06-27T01:07:03.992789Z","times_seen":80,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-26","alert":"Phishing Block","trigger":"full.completesetup.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-26","alert":"Sinkholed","trigger":"full.completesetup.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-26","alert":"Sinkholed","trigger":"full.completesetup.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"full.completesetup.top/1/DHL/track/res/footer.png","fqdn":"full.completesetup.top","domain":"completesetup.top","tld":"top"},"ip":{"addr":"185.216.143.19","port":443,"asn":57717,"as":"FiberXpress BV","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://full.completesetup.top/1/DHL/track/track.php","date":"2026-06-26T12:28:01.450Z","timestamp":1782476881450,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"full.completesetup.top","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Jun 2026 21:22:43 GMT","end":"Thu, 03 Sep 2026 21:22:42 GMT"},"fingerprint":{"sha1":"49:53:27:A8:60:A3:8E:DF:81:74:DE:F2:A4:0B:84:66:8A:07:CB:14","sha256":"A4:46:23:69:CE:51:01:5B:C3:79:71:1C:27:1B:F2:5C:5C:5F:24:83:F0:A8:AD:8B:1A:19:62:D6:FA:C2:3B:11"}}},"request":{"raw":"GET /1/DHL/track/res/footer.png HTTP/1.1\r\nHost: full.completesetup.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://full.completesetup.top/1/DHL/track/track.php\r\nCookie: token=6691947931%3AAAEM5qA_kEUeiXLp2XzJBmwud_sCcTIm5No\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncache-control: public, max-age=604800\r\nexpires: Fri, 03 Jul 2026 12:28:01 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 03 Feb 2026 11:42:55 GMT\r\naccept-ranges: bytes\r\ncontent-length: 1383\r\ndate: Fri, 26 Jun 2026 12:28:01 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1383,"size_decoded":1668,"mime_type":"image/png","magic":"PNG image data, 140 x 46, 8-bit/color RGBA, non-interlaced","md5":"c22ba8d3d06ee71537dada0d0504c6f1","sha1":"7a88c964053adedf2f3c56fc673ac2aff5d7c65c","sha256":"b486c940183db0ff063c75526b026073f749ac8e45bc5005397e5967f8d9391c","sha512":"dd220041789a725a04d100c672ce1c2c955f905925da01c8b039926a6822bf8761071cedd6da13bfb19a2f798bf8172d01be1fb29cb974512f9bbc9257cddb3b","ssdeep":"","tlshash":"7e210befe7f28d30c5150460cf12139ece920f82766f3a4be0958539b1d2a14df4b851","first_seen":"2023-11-29T05:19:16Z","last_seen":"2026-06-27T01:07:03.998715Z","times_seen":341,"resource_available":false,"data":null}},"time_used":77,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":77,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-26","alert":"Phishing Block","trigger":"full.completesetup.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-26","alert":"Sinkholed","trigger":"full.completesetup.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-26","alert":"Sinkholed","trigger":"full.completesetup.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"full.completesetup.top/1/DHL/","fqdn":"full.completesetup.top","domain":"completesetup.top","tld":"top"},"ip":{"addr":"185.216.143.19","port":443,"asn":57717,"as":"FiberXpress BV","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-26T12:28:00.041Z","timestamp":1782476880041,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"full.completesetup.top","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Jun 2026 21:22:43 GMT","end":"Thu, 03 Sep 2026 21:22:42 GMT"},"fingerprint":{"sha1":"49:53:27:A8:60:A3:8E:DF:81:74:DE:F2:A4:0B:84:66:8A:07:CB:14","sha256":"A4:46:23:69:CE:51:01:5B:C3:79:71:1C:27:1B:F2:5C:5C:5F:24:83:F0:A8:AD:8B:1A:19:62:D6:FA:C2:3B:11"}}},"request":{"raw":"GET /1/DHL/ HTTP/1.1\r\nHost: full.completesetup.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: http://talksurrey.org.uk/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 \r\nlocation: track/index.php\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 0\r\ndate: Fri, 26 Jun 2026 12:28:00 GMT\r\nserver: LiteSpeed\r\ncache-control: no-cache, no-store, must-revalidate, max-age=0\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-29T16:32:13.373409Z","times_seen":16830189,"resource_available":true,"data":null}},"time_used":1010,"timings":{"blocked":-1,"dns":370,"connect":22,"send":0,"wait":564,"receive":0,"ssl":54},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-26","alert":"Sinkholed","trigger":"full.completesetup.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-26","alert":"Sinkholed","trigger":"full.completesetup.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-26","alert":"Phishing Block","trigger":"full.completesetup.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"full.completesetup.top/1/DHL/track/res/cdn/jq.js","fqdn":"full.completesetup.top","domain":"completesetup.top","tld":"top"},"ip":{"addr":"185.216.143.19","port":443,"asn":57717,"as":"FiberXpress BV","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://full.completesetup.top/1/DHL/track/track.php","date":"2026-06-26T12:28:01.438Z","timestamp":1782476881438,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"full.completesetup.top","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Jun 2026 21:22:43 GMT","end":"Thu, 03 Sep 2026 21:22:42 GMT"},"fingerprint":{"sha1":"49:53:27:A8:60:A3:8E:DF:81:74:DE:F2:A4:0B:84:66:8A:07:CB:14","sha256":"A4:46:23:69:CE:51:01:5B:C3:79:71:1C:27:1B:F2:5C:5C:5F:24:83:F0:A8:AD:8B:1A:19:62:D6:FA:C2:3B:11"}}},"request":{"raw":"GET /1/DHL/track/res/cdn/jq.js HTTP/1.1\r\nHost: full.completesetup.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://full.completesetup.top/1/DHL/track/track.php\r\nCookie: token=6691947931%3AAAEM5qA_kEUeiXLp2XzJBmwud_sCcTIm5No\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: text/javascript\r\nlast-modified: Tue, 03 Feb 2026 11:42:55 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 115191\r\ndate: Fri, 26 Jun 2026 12:28:01 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":386150,"size_decoded":115450,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text","md5":"ccf212eddc3506318c557182e8297ac6","sha1":"83cbb4c131ec92ddb4b4ac004a692ab5de57e22b","sha256":"7f8c83527958acc94204177932f4af82490579bc49a8410feda8fba5e8947815","sha512":"87ebad74c1e2b547c989593bf3cfa0c5ed905c10d0a599b7251ab948a2be061fbb076c623ff4135bc50a9e562d07619910213f1fe037548942962a59eadb1763","ssdeep":"6144:VpkhNVlJ+TC1lFhTzeKpTcYmD2zK8U1Js3Px+WK+N7TFyygRWL/IaLgeNTIPfgy8:kjTcYmD4I4Px+WK+N7TFyjeTiPf7Aqqt","tlshash":"1284f8d8f78d212e433231aa982f11ceb77dd175550444aafd4d987c28a482d83bbf7a","first_seen":"2025-01-29T01:32:25.483201Z","last_seen":"2026-06-29T15:35:44.916418Z","times_seen":755,"resource_available":true,"data":null}},"time_used":89,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":46,"receive":43,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-26","alert":"Sinkholed","trigger":"full.completesetup.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-26","alert":"Sinkholed","trigger":"full.completesetup.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-26","alert":"Phishing Block","trigger":"full.completesetup.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"ipwho.is/","fqdn":"ipwho.is","domain":"ipwho.is","tld":"is"},"ip":{"addr":"104.20.44.133","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://full.completesetup.top/1/DHL/track/track.php","date":"2026-06-26T12:28:01.604Z","timestamp":1782476881604,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ipwho.is","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Jun 2026 12:07:03 GMT","end":"Fri, 04 Sep 2026 13:06:46 GMT"},"fingerprint":{"sha1":"77:EB:7C:CE:78:4C:26:90:A8:02:71:42:3E:74:A1:DB:8A:36:DD:FA","sha256":"75:C5:CE:FB:6A:02:03:43:3D:CC:04:28:F2:A6:3C:70:0E:CE:87:98:A5:3C:76:CB:C9:1F:1D:A4:1B:40:DC:99"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: ipwho.is\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://full.completesetup.top/\r\nOrigin: https://full.completesetup.top\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Fri, 26 Jun 2026 12:28:04 GMT\r\ncontent-type: application/json; charset=utf-8\r\naccess-control-allow-origin: *\r\ncf-cache-status: BYPASS\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: a11c35b1de0832fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":903,"size_decoded":729,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"4270bb0c67447803b8092431aef54dad","sha1":"cef831caebcbef1eeaff088de74a62471e6e23fd","sha256":"cb22e514231edfd6c389cdd442f4871018d5c84e70780ce477df9574b76b2841","sha512":"49fcbb9169778bc58c274f0c20fb2562e486cc8d4e659f7fd63b7eebf2883c15b9cbecb3193bc1fe8eca9e4d9c1f45526ed1787b596242b322ef2d87a31ab475","ssdeep":"","tlshash":"4c116664d5682dab04e9622d74ad49063264110b5e853d4dbf9c674d4fcc97f30f23de","first_seen":"2026-06-24T18:05:29.042487Z","last_seen":"2026-06-28T13:29:00.702908Z","times_seen":24,"resource_available":false,"data":null}},"time_used":3253,"timings":{"blocked":0,"dns":3,"connect":1,"send":0,"wait":79,"receive":0,"ssl":3170},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"full.completesetup.top/favicon.ico","fqdn":"full.completesetup.top","domain":"completesetup.top","tld":"top"},"ip":{"addr":"185.216.143.19","port":443,"asn":57717,"as":"FiberXpress BV","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://full.completesetup.top/1/DHL/track/track.php","date":"2026-06-26T12:28:01.801Z","timestamp":1782476881801,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"full.completesetup.top","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Jun 2026 21:22:43 GMT","end":"Thu, 03 Sep 2026 21:22:42 GMT"},"fingerprint":{"sha1":"49:53:27:A8:60:A3:8E:DF:81:74:DE:F2:A4:0B:84:66:8A:07:CB:14","sha256":"A4:46:23:69:CE:51:01:5B:C3:79:71:1C:27:1B:F2:5C:5C:5F:24:83:F0:A8:AD:8B:1A:19:62:D6:FA:C2:3B:11"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: full.completesetup.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://full.completesetup.top/1/DHL/track/track.php\r\nCookie: token=6691947931%3AAAEM5qA_kEUeiXLp2XzJBmwud_sCcTIm5No\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 \r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\npragma: no-cache\r\ncontent-type: text/html\r\ncontent-length: 1251\r\ndate: Fri, 26 Jun 2026 12:28:01 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1251,"size_decoded":1479,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF, LF line terminators","md5":"8150f458ed6fb9b1db4e5cfa57a1a281","sha1":"6e5726854d28687b560d7fdcb5c782c425c7dfb9","sha256":"4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896","sha512":"4cc6a112673aef8bb8bb8a385c26791b805d43bb707b509880e894f1c83bab4e16f13de187036c5f660c3bec1d286258396b7bde65c5d7945c5019665196818c","ssdeep":"","tlshash":"c021353ec1c1560ae0271164fbc1f7a86669825291970f703b9eb176f6cd0bb56a36c8","first_seen":"2024-02-08T16:48:55Z","last_seen":"2026-06-29T16:36:48.342411Z","times_seen":137202,"resource_available":true,"data":null}},"time_used":23,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-26","alert":"Phishing Block","trigger":"full.completesetup.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-26","alert":"Sinkholed","trigger":"full.completesetup.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-26","alert":"Sinkholed","trigger":"full.completesetup.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Associated with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"talksurrey.org.uk/bin/y746z.php","fqdn":"talksurrey.org.uk","domain":"talksurrey.org.uk","tld":"org.uk"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-26T12:27:53.207Z","timestamp":1782476873207,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /bin/y746z.php HTTP/1.1\r\nHost: talksurrey.org.uk\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-29T16:32:13.373409Z","times_seen":16830189,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}