{"report_id":"e9a3c777-e83f-4c3d-a78f-7f04cd396bf1","version":0,"status":"done","tags":[],"date":"2026-06-29T13:27:09Z","url":{"schema":"http","addr":"delvaie.com/wrong.php","fqdn":"delvaie.com","domain":"delvaie.com","tld":"com"},"ip":{"addr":"159.195.47.52","port":0,"asn":0,"as":"","country":"Denmark","country_code":"DK"},"final":{"url":{"schema":"https","addr":"delvaie.com/wrong.php","fqdn":"delvaie.com","domain":"delvaie.com","tld":"com"},"title":"Log in | WeTransfer","dom":{"size":1755,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"e3413b3c66eb922bf8a0b435033b2a9f","sha1":"a7d52f027d0b62a4f1aeba269f911f7c32d4715f","sha256":"ee70383adb7aee81c2d8a92374ff2d0af5bd58930b19f2f4e57206d17ecddc0e","sha512":"137c17613eb2db5693403cf098f85d989f724f62dd8cf542166cde4c77a75532dc7da1a31d5f88daf60feb78b5993819c68429d99da0d0e369175d35c419a873","ssdeep":"","tlshash":"3d31fe96ac93140b7501e6a03be1198d9286c207936dcc657be530fcefd9fc85c7228d","dom_hash":"domhashc30b48f723de1fe6053a07d8ae79424d","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"delvaie.com/wrong.php","fqdn":"delvaie.com","domain":"delvaie.com","tld":"com"},"ip":{"addr":"159.195.47.52","port":0,"asn":0,"as":"","country":"Denmark","country_code":"DK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-03T13:27:09Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-29","alert":"Phishing Block","trigger":"delvaie.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-29","alert":"Sinkholed","trigger":"delvaie.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"delvaie.com","ip":{"addr":"159.195.47.52","port":443,"asn":0,"as":"","country":"Denmark","country_code":"DK"},"domain_registered":"2025-04-28","domain_rank":4198373,"first_seen":"2026-06-29T13:27:09.270158Z","last_seen":"2026-06-29T13:27:09.270158Z","alert_count":4,"request_count":2,"received_data":117952,"sent_data":1057,"comment":"","tags":null,"fingerprints":[{"name":"PHP:8.4.12","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.2","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"prod-cdn.wetransfer.net","ip":{"addr":"54.240.174.82","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2009-02-02","domain_rank":760029,"first_seen":"2018-10-23T08:53:42Z","last_seen":"2026-05-12T01:49:59.127022Z","alert_count":0,"request_count":1,"received_data":42104,"sent_data":613,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"delvaie.com/wrong.php","fqdn":"delvaie.com","domain":"delvaie.com","tld":"com"},"ip":{"addr":"159.195.47.52","port":443,"asn":0,"as":"","country":"Denmark","country_code":"DK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-29T13:26:46.534Z","timestamp":1782739606534,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"delvaie.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Jun 2026 18:58:07 GMT","end":"Tue, 22 Sep 2026 18:58:06 GMT"},"fingerprint":{"sha1":"FD:34:59:93:46:F8:0D:DF:A5:E7:39:6F:40:83:04:47:B8:95:D2:37","sha256":"31:45:56:B5:E2:9E:36:56:91:5F:D3:C6:17:B6:4E:14:63:EF:D6:22:1A:CA:A3:BC:3B:B7:32:1C:79:22:99:98"}}},"request":{"raw":"GET /wrong.php HTTP/1.1\r\nHost: delvaie.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.2\r\nDate: Mon, 29 Jun 2026 13:26:46 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 846\r\nConnection: keep-alive\r\nX-Powered-By: PHP/8.4.12\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nSet-Cookie: PHPSESSID=1027c5be90969cb0a741ad4568ed428a; path=/\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:8.4.12","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx:1.28.2","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1849,"size_decoded":1256,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"744c1401856d15e4d4da19e934d6b0dd","sha1":"0d4c75564e181289dbafaac9c6fda9305c70667f","sha256":"2a2818aa909602771c1d5d86e52a30973fee96396fa3e2d1d7dda6abaaef83d4","sha512":"d7affd5ee556ccebf897bcaff94de16f6ee1dca830251b8f6ab22723fb87ce0125bf913b377acc116a001f358908adc8f8a541665cdd86ad4f93e0195440dc92","ssdeep":"","tlshash":"80311f20d8806c0a6031e67077d21989e293c20793050e657af831aaebb5b4c9827ed9","first_seen":"2026-06-29T13:27:12.880455Z","last_seen":"2026-06-30T22:26:27.562309Z","times_seen":6,"resource_available":true,"data":null}},"time_used":130,"timings":{"blocked":-1,"dns":5,"connect":32,"send":0,"wait":33,"receive":0,"ssl":60},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-29","alert":"Phishing Block","trigger":"delvaie.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-29","alert":"Sinkholed","trigger":"delvaie.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"delvaie.com/assets/img/bg.png","fqdn":"delvaie.com","domain":"delvaie.com","tld":"com"},"ip":{"addr":"159.195.47.52","port":443,"asn":0,"as":"","country":"Denmark","country_code":"DK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://delvaie.com/wrong.php","date":"2026-06-29T13:26:46.890Z","timestamp":1782739606890,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"delvaie.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Jun 2026 18:58:07 GMT","end":"Tue, 22 Sep 2026 18:58:06 GMT"},"fingerprint":{"sha1":"FD:34:59:93:46:F8:0D:DF:A5:E7:39:6F:40:83:04:47:B8:95:D2:37","sha256":"31:45:56:B5:E2:9E:36:56:91:5F:D3:C6:17:B6:4E:14:63:EF:D6:22:1A:CA:A3:BC:3B:B7:32:1C:79:22:99:98"}}},"request":{"raw":"GET /assets/img/bg.png HTTP/1.1\r\nHost: delvaie.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://delvaie.com/wrong.php\r\nCookie: PHPSESSID=1027c5be90969cb0a741ad4568ed428a\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.2\r\nDate: Mon, 29 Jun 2026 13:26:46 GMT\r\nContent-Type: image/png\r\nLast-Modified: Wed, 06 May 2020 10:21:34 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"5eb28fae-1c2f2\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.2","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":115442,"size_decoded":113304,"mime_type":"image/png","magic":"PNG image data, 1366 x 662, 8-bit/color RGBA, non-interlaced","md5":"14a377e88af2205387a8807c22c2c411","sha1":"ecc695dfc25970bd80c6dfe67c5acbdd389a8071","sha256":"763917645a54fe67339f7983a8b1ed46781ae603eca9c211c520bbadf3f2fd85","sha512":"157165c8da334cfbf350ab90a47cb1766597d70d35fdc5b3877c4b2c6a1d122712c0c4e1b2a60a570efd1259be9c8b8ae04270129bf74e9c3e79fde22ee16b6c","ssdeep":"3072:SjtpmJQHTin+b9KWmNkZJXgXFDgWz2XvmTZM:Spjx5pmNkHugmZM","tlshash":"79b312eed5abc2ae9e5fb815dddaa02fd4b2650606601bb9717000adc5336b73118ccf","first_seen":"2023-09-22T15:04:11Z","last_seen":"2026-06-30T22:26:27.562793Z","times_seen":25,"resource_available":false,"data":null}},"time_used":117,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":58,"receive":59,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-29","alert":"Sinkholed","trigger":"delvaie.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-29","alert":"Phishing Block","trigger":"delvaie.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"prod-cdn.wetransfer.net/assets/favicon-d12161435ace47c6883360e08466508593325f134c1852b1d0e6e75d5f76adda.ico","fqdn":"prod-cdn.wetransfer.net","domain":"wetransfer.net","tld":"net"},"ip":{"addr":"54.240.174.82","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://delvaie.com/wrong.php","date":"2026-06-29T13:26:47.170Z","timestamp":1782739607170,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wetransfer.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 01 May 2026 00:00:00 GMT","end":"Sat, 14 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B5:D5:76:1F:6A:4F:27:15:F8:6D:9E:D2:3C:56:45:13:62:9E:50:A6","sha256":"1A:2C:4F:C2:BF:5A:82:13:B7:98:4D:13:0D:18:45:C4:5D:3A:C6:48:8E:03:08:F0:C7:0C:99:5F:97:86:4B:CE"}}},"request":{"raw":"GET /assets/favicon-d12161435ace47c6883360e08466508593325f134c1852b1d0e6e75d5f76adda.ico HTTP/1.1\r\nHost: prod-cdn.wetransfer.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://delvaie.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: image/vnd.microsoft.icon\r\ncontent-length: 41566\r\nlast-modified: Tue, 28 Apr 2020 10:14:46 GMT\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Fri, 19 Sep 2025 00:40:12 GMT\r\ncache-control: public, max-age=31536000\r\netag: \"692e1c7339c359b6412f059c9c9a0474\"\r\nvary: accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: EAYZHyFNatpj1xuU4yo6V-GGfaN-KJU_pRR4VOAFxCa6if_4bCNHmw==\r\nage: 24497196\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":41566,"size_decoded":42104,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel","md5":"692e1c7339c359b6412f059c9c9a0474","sha1":"e7c1a53dca16b7664880e5b8a92524cf9a47fb62","sha256":"d12161435ace47c6883360e08466508593325f134c1852b1d0e6e75d5f76adda","sha512":"115b958093186bf5f98beced2bde91775121083b1e73f720372d793a23ebc7cf130cc4c6196f5f0d725a809fd63997666ae1de36cf070dcb6b6d2178c6796894","ssdeep":"96:pnvhextGn8hK7mxOBsOqHJt46FWJisw0msSieZQckSpyt:pnZHKzxOeOqf46FWuASjQcA","tlshash":"0f13459726c4ca1cc7916f33c0e245fad77adc96cd34ae0fa18cbe5a7471529285b14c","first_seen":"2023-05-01T18:12:38Z","last_seen":"2026-06-30T22:26:27.563345Z","times_seen":2729,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":-1,"dns":24,"connect":2,"send":0,"wait":4,"receive":2,"ssl":10},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}
