Report - saluhallensvinesund.se/DHLEx/dhl_top/source/content/login2.php?email=,N/A,https://openphish.com/feed.txt,18-Aug-24,Low,Medium

Report Overview

Visited public
2024-08-18 12:02:44
Tags
URL
saluhallensvinesund.se/DHLEx/dhl_top/source/content/login2.php?email=,N/A,https://openphish.com/feed.txt,18-Aug-24,Low,Medium
Finishing URL
saluhallensvinesund.se/DHLEx/dhl_top/source/content/login2.php?email=,N/A,https://openphish.com/feed.txt,18-Aug-24,Low,Medium
IP / ASN
172.93.120.138
#393960 HOST4GEEKS-LLC
Title
saluhallensvinesund.se/DHLEx/dhl_top/source/content/login2.php?email=,N/A,https://openphish.com/feed.txt,18-Aug-24,Low,Medium

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Sent	Received	IP
r11.o.lencr.org	unknown	1.6 kB	4.4 kB	23.36.76.226
r10.o.lencr.org	unknown	981 B	2.7 kB	23.36.76.226
saluhallensvinesund.se	unknown	2.0 kB	65 kB	172.93.120.138

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-08-18	medium	saluhallensvinesund.se	Sinkholed
2024-08-18	medium	saluhallensvinesund.se	Sinkholed
2024-08-18	medium	saluhallensvinesund.se	Sinkholed
2024-08-18	medium	saluhallensvinesund.se	Sinkholed

ThreatFox

No alerts detected

JavaScript (8)

	URL	From	Size	First Seen	Last Seen
	saluhallensvinesund.se/DHLEx/dhl_top/source/content/login2.php?email=,N/A,https://openphish.com/feed.txt,18-Aug-24,Low,Medium	ScriptElement	3.6 kB	2023-03-07	2024-08-21
Pretty URL saluhallensvinesund.se/DHLEx/dhl_top/source/content/login2.php?email=,N/A,https://openphish.com/feed.txt,18-Aug-24,Low,Medium IP 172.93.120.138 ASN #393960 HOST4GEEKS-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:05 Last Seen2024-08-21 06:46 Times Seen82 Hash e5da1f2764301ac1edd3453e7d43d9f0 726dcc8165caffecf708e40821ed03d0937ad762 1b46a674fd06b30d4300cef321d5757d6314dce2aae1a0ad8d60fbeb7f92d3e8 Loading...

	saluhallensvinesund.se/DHLEx/dhl_top/source/content/login2.php?email=,N/A,https://openphish.com/feed.txt,18-Aug-24,Low,Medium	ScriptElement	2.0 kB	2024-08-19	2024-08-19
Pretty URL saluhallensvinesund.se/DHLEx/dhl_top/source/content/login2.php?email=,N/A,https://openphish.com/feed.txt,18-Aug-24,Low,Medium IP 172.93.120.138 ASN #393960 HOST4GEEKS-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 12:51 Last Seen2024-08-19 12:51 Times Seen2 Hash 86e501c8a02b49fd2228429716069a80 2b1b1ae2ed0909b5a9f99f2edd8060c47de39d80 4ffe0a50a9c7bb60a5d075a07a7eb5e4bd9726294438852837119574e9cd0c43 Loading...

	saluhallensvinesund.se/DHLEx/dhl_top/source/content/login2.php?email=,N/A,https://openphish.com/feed.txt,18-Aug-24,Low,Medium	ScriptElement	3.9 kB	2023-03-07	2024-08-21
Pretty URL saluhallensvinesund.se/DHLEx/dhl_top/source/content/login2.php?email=,N/A,https://openphish.com/feed.txt,18-Aug-24,Low,Medium IP 172.93.120.138 ASN #393960 HOST4GEEKS-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:05 Last Seen2024-08-21 06:46 Times Seen82 Hash a3cf7dd06b7a0406f4c82c4408b1a903 6f51185dc1d894eae3d5d121f3e3a83379435305 62f1f19a04b6d24a245b21e497ac0c730da78a8dcfee6a7a869458e9f1be422f Loading...

	saluhallensvinesund.se/DHLEx/dhl_top/source/content/login2.php?email=,N/A,https://openphish.com/feed.txt,18-Aug-24,Low,Medium	ScriptElement	564 B	2023-03-07	2024-08-21
Pretty URL saluhallensvinesund.se/DHLEx/dhl_top/source/content/login2.php?email=,N/A,https://openphish.com/feed.txt,18-Aug-24,Low,Medium IP 172.93.120.138 ASN #393960 HOST4GEEKS-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:05 Last Seen2024-08-21 06:46 Times Seen83 Hash 4069f8c979f654519aebbd30247f15e3 6337a08f4f6854b041446eedb2ad7d830d1d181f e205ee9b9397f40605b28973f21620853b5a502c7e251c8e653ce4c923f3464e Loading...

		Size	First Seen	Last Seen
	#1 Write - fe8b855eac1b191743135377e5248a97	663 B	2024-08-19 12:51	2024-08-19 12:51
Pretty Observations First Seen2024-08-19 12:51 Last Seen2024-08-19 12:51 Times Seen2 Hash fe8b855eac1b191743135377e5248a97 0e69bba0cde19b7ec1afa9f59214f8b8ba3a1957 cef0b93359d24abb460753cf1fcb75e592e9a78a48f66098c0b597a1eeb8f596 Loading...

	#2 Write - 1530d5d1c773b3d7fadcb57ce5fb0dc0	1.3 kB	2023-03-07 12:05	2024-08-21 06:46
Pretty Observations First Seen2023-03-07 12:05 Last Seen2024-08-21 06:46 Times Seen82 Hash 1530d5d1c773b3d7fadcb57ce5fb0dc0 af56bc837d87abf4b7b8dbd416230ee5994a2983 86c7fd6a41e8f532dd6452d4d3e5c4943548df7c7c64e62cfd1ed0c4548fbfda Loading...

	#3 Write - 1f8938192c99716b0bb4d8ed79936b78	174 B	2023-03-07 12:05	2024-08-21 06:46
Pretty Observations First Seen2023-03-07 12:05 Last Seen2024-08-21 06:46 Times Seen83 Hash 1f8938192c99716b0bb4d8ed79936b78 642c0bf831f022d73a57dc236495c742ffb2ec96 3d6b10960aac86b66534f6cf13f13fa2de708e5ed8d7531a8dd5e52fb32e2e97 Loading...

	#4 Write - e835232339500c39f2176849cacfcb22	1.2 kB	2023-03-07 12:05	2024-08-21 06:46
Pretty Observations First Seen2023-03-07 12:05 Last Seen2024-08-21 06:46 Times Seen82 Hash e835232339500c39f2176849cacfcb22 9c86468bc420cc4d428904166c843ce3e0eb9e1a 35a077b714fba1f1aeceed4f72192e47dda6df12ee145dacfcaa2e2ceda90851 Loading...

HTTP Transactions (12)

URL IP Response Size

r11.o.lencr.org/

23.36.76.226

504 B

URL
r11.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
219f59137337a0ee601729cab5ec83f6
85f2e3496820405559fd526b44b9a915e0009a4f
f9701bf0083b06f4a573774d1a4dd491236216bc08f1006a94ce79144df70a21

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F9701BF0083B06F4A573774D1A4DD491236216BC08F1006A94CE79144DF70A21"
Last-Modified: Sat, 17 Aug 2024 00:55:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16324
Expires: Sun, 18 Aug 2024 16:34:22 GMT
Date: Sun, 18 Aug 2024 12:02:18 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
2df91286f49e58e16a376311a3bd4a11
f91a1585d976cf80ae4702b607130dc84e095e81
b6aa8b353b34cd929b75a9baf0f9953435f07d0118004f1e0bf72e5e15498fe4

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B6AA8B353B34CD929B75A9BAF0F9953435F07D0118004F1E0BF72E5E15498FE4"
Last-Modified: Fri, 16 Aug 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3475
Expires: Sun, 18 Aug 2024 13:00:13 GMT
Date: Sun, 18 Aug 2024 12:02:18 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
69a9603269726ce602d708bf57058c4c
8689e9ea81ea9636e7b08c3ed42650553a0c4e3b
1a2339d740b715f3df1900d80114c8376ead57205961a6f896edf37b3ee3a897

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1A2339D740B715F3DF1900D80114C8376EAD57205961A6F896EDF37B3EE3A897"
Last-Modified: Sat, 17 Aug 2024 09:59:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3531
Expires: Sun, 18 Aug 2024 13:01:09 GMT
Date: Sun, 18 Aug 2024 12:02:18 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
75f615f839dbf8cd2f4a3d58e44455f2
362b7a7d5cbe41d8a42cecec4ee755af0e07ddaf
2c4833330979b96ed12b3480367f00be397e9f9ccb35a088e7c79e92eb26cae4

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "2C4833330979B96ED12B3480367F00BE397E9F9CCB35A088E7C79E92EB26CAE4"
Last-Modified: Fri, 16 Aug 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19490
Expires: Sun, 18 Aug 2024 17:27:09 GMT
Date: Sun, 18 Aug 2024 12:02:19 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
7944981bcac427aa8d0aa016ec63764d
48bf925b10dc02afa8f597af8d26f5bf5efc0b7e
26bde594c33cd3386f4e65e3eaf0fc048fca46ed4a185f5c2aa70e8deeaffb0a

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "26BDE594C33CD3386F4E65E3EAF0FC048FCA46ED4A185F5C2AA70E8DEEAFFB0A"
Last-Modified: Sat, 17 Aug 2024 21:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16557
Expires: Sun, 18 Aug 2024 16:38:17 GMT
Date: Sun, 18 Aug 2024 12:02:20 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
7944981bcac427aa8d0aa016ec63764d
48bf925b10dc02afa8f597af8d26f5bf5efc0b7e
26bde594c33cd3386f4e65e3eaf0fc048fca46ed4a185f5c2aa70e8deeaffb0a

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "26BDE594C33CD3386F4E65E3EAF0FC048FCA46ED4A185F5C2AA70E8DEEAFFB0A"
Last-Modified: Sat, 17 Aug 2024 21:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16557
Expires: Sun, 18 Aug 2024 16:38:17 GMT
Date: Sun, 18 Aug 2024 12:02:20 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
7944981bcac427aa8d0aa016ec63764d
48bf925b10dc02afa8f597af8d26f5bf5efc0b7e
26bde594c33cd3386f4e65e3eaf0fc048fca46ed4a185f5c2aa70e8deeaffb0a

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "26BDE594C33CD3386F4E65E3EAF0FC048FCA46ED4A185F5C2AA70E8DEEAFFB0A"
Last-Modified: Sat, 17 Aug 2024 21:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16557
Expires: Sun, 18 Aug 2024 16:38:17 GMT
Date: Sun, 18 Aug 2024 12:02:20 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
7944981bcac427aa8d0aa016ec63764d
48bf925b10dc02afa8f597af8d26f5bf5efc0b7e
26bde594c33cd3386f4e65e3eaf0fc048fca46ed4a185f5c2aa70e8deeaffb0a

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "26BDE594C33CD3386F4E65E3EAF0FC048FCA46ED4A185F5C2AA70E8DEEAFFB0A"
Last-Modified: Sat, 17 Aug 2024 21:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16557
Expires: Sun, 18 Aug 2024 16:38:17 GMT
Date: Sun, 18 Aug 2024 12:02:20 GMT
Connection: keep-alive

saluhallensvinesund.se/DHLEx/dhl_top/source/content/login2.php?email=,N/A,https://openphish.com/feed.txt,18-Aug-24,Low,Medium

172.93.120.138

200 OK

10 kB

URL User Request GET HTTP/1.1
saluhallensvinesund.se/DHLEx/dhl_top/source/content/login2.php?email=,N/A,https://openphish.com/feed.txt,18-Aug-24,Low,Medium
IP
172.93.120.138:443
ASN
#393960 HOST4GEEKS-LLC

Certificate
IssuerLet's Encrypt
Subjectsaluhallensvinesund.se
FingerprintFC:EA:F9:2E:9A:2B:D5:96:6E:83:9E:0D:AD:89:1F:69:08:2D:97:60
ValiditySun, 04 Aug 2024 15:18:14 GMT - Sat, 02 Nov 2024 15:18:13 GMT

File type
HTML document, ASCII text, with very long lines (3848), with CRLF line terminators
Size
10 kB (10442 bytes)
Hash
e68b9792d60269a859a05660bd819139
a8da63ba569c791bab54fbf5fcc7287bb3a7090b
aa48e547decc73305c90d25e3151358967ed70571c9dc0659acfc58ca19554e4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /DHLEx/dhl_top/source/content/login2.php?email=,N/A,https://openphish.com/feed.txt,18-Aug-24,Low,Medium HTTP/1.1
Host: saluhallensvinesund.se
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 18 Aug 2024 12:02:25 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

saluhallensvinesund.se/

172.93.120.138

50 kB

URL
saluhallensvinesund.se/
IP
172.93.120.138:0
ASN
#393960 HOST4GEEKS-LLC

Certificate
IssuerLet's Encrypt
Subjectsaluhallensvinesund.se
FingerprintFC:EA:F9:2E:9A:2B:D5:96:6E:83:9E:0D:AD:89:1F:69:08:2D:97:60
ValiditySun, 04 Aug 2024 15:18:14 GMT - Sat, 02 Nov 2024 15:18:13 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (515), with CRLF line terminators
Size
50 kB (49773 bytes)
Hash
fae8fdc1bc4b6db438fc864951f542c8
c5e14769e6b36cb0d0e9a301f3b2da0458568be7
38e8d3e08499b222ce98130d9e8baafcb0dc361193d8aa4e1137f2059a00cb8a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: saluhallensvinesund.se
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 18 Aug 2024 12:02:22 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

saluhallensvinesund.se/DHLEx/dhl_top/source/content/photos/logo.jpg

172.93.120.138

200 OK

3.9 kB

URL GET HTTP/1.1
saluhallensvinesund.se/DHLEx/dhl_top/source/content/photos/logo.jpg
IP
172.93.120.138:443
ASN
#393960 HOST4GEEKS-LLC

Requested by
https://saluhallensvinesund.se/DHLEx/dhl_top/source/content/login2.php?email=,N/A,https://openphish.com/feed.txt,18-Aug-24,Low,Medium
Certificate
IssuerLet's Encrypt
Subjectsaluhallensvinesund.se
FingerprintFC:EA:F9:2E:9A:2B:D5:96:6E:83:9E:0D:AD:89:1F:69:08:2D:97:60
ValiditySun, 04 Aug 2024 15:18:14 GMT - Sat, 02 Nov 2024 15:18:13 GMT

File type
PNG image data, 425 x 125, 8-bit colormap, non-interlaced
Size
3.9 kB (3902 bytes)
Hash
d8b38bb6321bd45ff42ed6931a870bb5
483fa5870b17eae93e8251dd50e694da5b0297a0
26933abb67839e269d8fc9d49b5ff722a1f48646776a8bdfb25e572d10996b41

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /DHLEx/dhl_top/source/content/photos/logo.jpg HTTP/1.1
Host: saluhallensvinesund.se
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://saluhallensvinesund.se/DHLEx/dhl_top/source/content/login2.php?email=,N/A,https://openphish.com/feed.txt,18-Aug-24,Low,Medium
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 18 Aug 2024 12:02:26 GMT
Server: Apache
Last-Modified: Fri, 17 Jan 2020 05:21:40 GMT
Accept-Ranges: bytes
Content-Length: 3902
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/jpeg

saluhallensvinesund.se/favicon.ico

172.93.120.138

404 Not Found

315 B

URL GET HTTP/1.1
saluhallensvinesund.se/favicon.ico
IP
172.93.120.138:443
ASN
#393960 HOST4GEEKS-LLC

Requested by
https://saluhallensvinesund.se/DHLEx/dhl_top/source/content/login2.php?email=,N/A,https://openphish.com/feed.txt,18-Aug-24,Low,Medium
Certificate
IssuerLet's Encrypt
Subjectsaluhallensvinesund.se
FingerprintFC:EA:F9:2E:9A:2B:D5:96:6E:83:9E:0D:AD:89:1F:69:08:2D:97:60
ValiditySun, 04 Aug 2024 15:18:14 GMT - Sat, 02 Nov 2024 15:18:13 GMT

File type
HTML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: saluhallensvinesund.se
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://saluhallensvinesund.se/DHLEx/dhl_top/source/content/login2.php?email=,N/A,https://openphish.com/feed.txt,18-Aug-24,Low,Medium
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Sun, 18 Aug 2024 12:02:26 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (12)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP