Report - maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html

Report Overview

Submitted URL
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
IP
162.159.138.9
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-04 17:30:58
Access
public
Website Title
DHL - Confirm your Payment.
Final URL
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Tags
dhl logistics phishing
urlquery detections
Phishing - DHL

Detections

urlquery
37
Network Intrusion Detection
0
Threat Detection Systems
54

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
maavhkpo.elementor.cloud	unknown	unknown	No data	No data	14 kB	956 kB	162.159.137.9
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-04	4.4 kB	152 kB	216.58.207.227
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2024-05-04	433 B	6.4 kB	142.250.74.42
static.cloudflareinsights.com	1294	2019-08-30	2019-09-24	2024-05-03	514 B	20 kB	104.16.80.73
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-04	969 B	19 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-05-04	medium	maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html	DHL Airways, Inc.

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-04	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-04	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-04	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-04	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-04	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-04	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-04	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-04	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-04	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-04	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-04	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-04	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-04	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-04	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-04	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-04	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-04	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-04	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-04	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-04	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-04	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-04	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-04	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-04	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-04	medium	maavhkpo.elementor.cloud	Sinkholed
2024-05-04	medium	maavhkpo.elementor.cloud	Sinkholed

ThreatFox

No alerts detected

JavaScript (14)

	URL	Size	First Seen	Last Seen
	maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html	627 B	2023-03-07	2024-05-08
Pretty URL maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html IP 162.159.137.9 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 13:20:14 Last Seen2024-05-08 18:30:29 Times Seen60 Hash b201513c0278ec41ea7c5ef6a9e8d49b 01f1e02e4a0c5af5508af3ffc0123e4e5fb70b88 d9a6b10b1adfe406ab10beb680272365118f84d0db848ece0cc31a281f279402 Loading...

	maavhkpo.elementor.cloud/cdn-cgi/challenge-platform/scripts/jsd/main.js	7.9 kB	2024-05-04	2024-05-04
Pretty URL maavhkpo.elementor.cloud/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 162.159.137.9 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 19:31:05 Last Seen2024-05-04 19:31:05 Times Seen2 Hash de3049ea51a091a6808804b385b8f619 79dea874ee6a1c0483614802829c640f4a9f5715 d238707b85612cebb805bb4bc2fe5af474f805248bff1caa45e5a060e0d4d282 Loading...

	maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/uikit_custom.min.js	102 kB	2023-03-07	2024-05-08
Pretty URL maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/uikit_custom.min.js IP 162.159.137.9 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:02:36 Last Seen2024-05-08 18:30:30 Times Seen67 Hash 660d070837ba7b53c5dcec99f7f94b9b b6fae86591af6f1260f49f52b45256a824096351 bc865ff931d1d97a468a025905eed3bde7282bd45450abfb759da9ac3ae9546f Loading...

	maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/altair_admin_common.min.js	23 kB	2023-03-07	2024-05-08
Pretty URL maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/altair_admin_common.min.js IP 162.159.137.9 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:20:14 Last Seen2024-05-08 18:30:30 Times Seen179 Hash 834d2ecce9a8cc7dba36d273de52b28a a605a1843810a676f6018c8a0072de08b05b7ef5 523eb9b6af99c2488af8dcd1a5cd648902c24b4981195b0d0b9f3cdaa2fd3b7f Loading...

	maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/login_page.min.js	845 B	2023-03-07	2024-05-08
Pretty URL maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/login_page.min.js IP 162.159.137.9 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:22:53 Last Seen2024-05-08 18:30:29 Times Seen153 Hash 8f26c1984eb6fc31f58d073788de4157 ed87fa78deed844a0837f9694be0ae253f90c818 558619a267691a460b410d2f703296b87a44e2fe994b3483740c6e74c8ee8d1b Loading...

	static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387	19 kB	2024-04-24	2024-05-18
Pretty URL static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387 IP 104.16.80.73 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 00:56:41 Last Seen2024-05-18 11:17:46 Times Seen2424 Hash 4c980ee97cb5c001b4d19e2895fa5603 2c6fe998aa7486c4becd74cf253bdd82666a64c3 d2e817d2c44b9cf45f0e45cfa351abba3203af38f5aa1c8576a2db69ebd15192 Loading...

	maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/common.min.js	261 kB	2023-03-07	2024-05-08
Pretty URL maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/common.min.js IP 162.159.137.9 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:02:36 Last Seen2024-05-08 18:30:29 Times Seen49 Hash 836a446f4b1173eeffc3f441dc3a145a 6ae3d53166f94dd1114522267a47e1287d1b67f5 1e359301246090b9c8e8a9b451d81eb83e04d04d2f98140cb216d3c3acd84cde Loading...

	maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html	76 B	2023-03-07	2024-05-08
Pretty URL maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html IP 162.159.137.9 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 14:22:53 Last Seen2024-05-08 18:30:29 Times Seen57 Hash 55b6e3a81dc265a6e8287b7a683d1a91 cbeb4f0a89ea5ca00c938230bbe65b636c2fe56d 0324c0205dc1fe44ebeb36a1fe9dfa8d6e13930d617a6141d6fa7f99d6e3ffdc Loading...

	unknown	247 B	2024-05-04	2024-05-04
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 19:31:05 Last Seen2024-05-04 19:31:05 Times Seen1 Hash e6599e3e39fde5243708b96d704234ef f0c6d05735cd02a123e1b832cd9a68480aa7780e d8dea3ada75bf95153dc14608a2470de4860e6f91b8f37be9393ad9d22c3451f Loading...

	maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/components_notifications.min.js	1.1 kB	2023-03-07	2024-05-08
Pretty URL maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/components_notifications.min.js IP 162.159.137.9 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:20:14 Last Seen2024-05-08 18:30:29 Times Seen157 Hash b627c2a2eb3ed44bdaa291d0fc898316 03e1542cffbd078f0a21ad83ad589ce1679009cc d136e8ae0ac9b54bac28578861fac37ad93bd89b14d253e7d9f4a51609858537 Loading...

	maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html	1.1 kB	2024-05-04	2024-05-04
Pretty URL maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html IP 162.159.137.9 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-04 19:31:05 Last Seen2024-05-04 19:31:05 Times Seen1 Hash 97fa408cc0f55125a7a4ff3c23b81f3f a696ef8b01a08390c9ba7d28f08dd6ad3e206dee 03c03f3c9d7c7fc5fdb201d9b22269e4dda6a4c9a533ba7164951eed2f8b67a5 Loading...

	maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/moment.min.js	34 kB	2023-03-07	2024-05-15
Pretty URL maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/moment.min.js IP 162.159.137.9 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:02:36 Last Seen2024-05-15 05:47:10 Times Seen89 Hash 9c58a34f02796276b7e7109af74070cd a895868d27f57e0c1ef4ddf4e50c1055ff66eb15 a076b936e9383ed6f90c614cfd4e9ce57f95481e19fe1d84450926954d268856 Loading...

	ajax.googleapis.com/ajax/libs/webfont/1/webfont.js	13 kB	2023-03-07	2024-05-18
Pretty URL ajax.googleapis.com/ajax/libs/webfont/1/webfont.js IP 142.250.74.42 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:17 Last Seen2024-05-18 12:00:33 Times Seen23260 Hash 7c96a5f11d9741541d5e3c42ff6380d7 d3fa2564c021cf730e58ffddb138cf6b57ed126e 81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee Loading...

	maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/cc.js	2.2 kB	2023-03-09	2024-05-08
Pretty URL maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/cc.js IP 162.159.137.9 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:24:14 Last Seen2024-05-08 18:30:29 Times Seen26 Hash 91b1658e4c13acdc8b9d1f54462faf5c 7685517809bd4c2694bd6b6bea9f5161ff8ab697 03eae2687c1ef52f34d7f6a20de1c2d5e5f91c5c21f0552331cdfe6d38394bce Loading...

HTTP Transactions (38)

URL IP Response Size

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/Raleway-Medium.ttf

162.159.137.9

200 OK

174 kB

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/Raleway-Medium.ttf
IP
162.159.137.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
TrueType Font data, 16 tables, 1st "GPOS", 17 names, Microsoft, language 0x409, Copyright (c) 2010 - 2013, Matt McInerney (matt@pixelspread.com), Pablo Impallari (impallari@gma
Size
174 kB (174028 bytes)
Hash
bb5ae98e4ce1a64042093dc235c305ed
0c8681407d5de2de363187e7911e790d34d808c1
67544b051079d750900856631013bb2c59da3b92ef45a8eeacb04ffa03ca48a8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/Raleway-Medium.ttf HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 17:30:32 GMT
content-type: application/octet-stream
content-length: 174028
cf-ray: 87ea381fcb820b3d-OSL
cf-cache-status: HIT
accept-ranges: bytes
cache-control: max-age=315360000
etag: "62e87fcd-2a7cc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 02 Aug 2022 01:37:17 GMT
vary: Accept-Encoding
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=f_dHIdQr7RoZyxbn.Cp2MA_Uc3_6cuMx.96AzJzDHvs-1714843832-1.0.1.1-GIwZg3hCci0UxlC3Z9Ene3vtg_14482HuRLgQzg8kUPlKpDIlutVaMmZiaEK8zX8l4QDH8bSX9v_XQQby2OB9g; path=/; expires=Sat, 04-May-24 18:00:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=Ph7YqoH0iV8giDHIiVTrmslC9ULBO_0u7rRebOZk9Is-1714843832343-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
alt-svc: h3=":443"; ma=86400

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/logo.png

162.159.137.9

200 OK

2.2 kB

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/logo.png
IP
162.159.137.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
RIFF (little-endian) data, Web/P image
Size
2.2 kB (2150 bytes)
Hash
148e7959884334e6a7dd6360822e97f7
dd6d15464e25c7f9cf35e6990fc8c4fc64c04665
868a512d1fb675ef291cadab0f743166effad787bcb96711c9185f636c8968c7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/logo.png HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 17:30:32 GMT
content-type: image/webp
content-length: 2150
cf-ray: 87ea381fcb8a0b3d-OSL
cf-cache-status: HIT
accept-ranges: bytes
cache-control: max-age=315360000
content-disposition: inline; filename="logo.webp"
etag: "62e87fca-296f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 02 Aug 2022 01:37:14 GMT
vary: Accept, Accept-Encoding
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=10607
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=82eQgd.BOQGGhtoQWfG58k_qnWzsYvgRtxogajZR7uI-1714843832-1.0.1.1-2Y72A_6PibHE6u66axc79iHVdTOYb1Rv4kC.gt1yR_iishdpgOmv7Pnjxgw4PagOAK89X2dOMbaobG_kkguniw; path=/; expires=Sat, 04-May-24 18:00:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=GqItog6TuPtq7aXO0WRhj0vEqu34N4g5YOcY.yXdpVw-1714843832353-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
alt-svc: h3=":443"; ma=86400

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/delivery-truck.png

162.159.137.9

200 OK

8.5 kB

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/delivery-truck.png
IP
162.159.137.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
RIFF (little-endian) data, Web/P image
Size
8.5 kB (8538 bytes)
Hash
21b784a98801eb5763583e620fec876a
92a7fdff783f33c44365f70e7490569eded961a9
cad50c12b6c3cc48d7a270867f8d212146591dee6ebfc479e39bcc4566903a95

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/delivery-truck.png HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 17:30:32 GMT
content-type: image/webp
content-length: 8538
cf-ray: 87ea381fcb8e0b3d-OSL
cf-cache-status: HIT
accept-ranges: bytes
cache-control: max-age=315360000
content-disposition: inline; filename="delivery-truck.webp"
etag: "62e87fc1-58a2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 02 Aug 2022 01:37:05 GMT
vary: Accept, Accept-Encoding
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=22690
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=.Hs85h5lyTfcvOBhl20h2w9EtW9Yn64EFSdQBoPF6CA-1714843832-1.0.1.1-d1Lo.wyrIrfydgvQ7sg9p8TA3Jtwx4qMQbirUhiZAqGPUmHmJL6hmgtjUgWIu2c_C.r94g8EOe10Q_zoA7rt7g; path=/; expires=Sat, 04-May-24 18:00:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=aocQcBXUssZUPnzy7Kkh0GE3HcEgW96Y7E0rM2Yp7gM-1714843832354-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
alt-svc: h3=":443"; ma=86400

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/css(1)

162.159.137.9

200 OK

16 kB

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/css(1)
IP
162.159.137.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
ASCII text
Size
16 kB (16267 bytes)
Hash
f24a16efed7b4d060aa639a86bf9aaa0
095befbf49a23e215bf21d27646797470e5a8dc4
59695618c346e1e4a719d56f145686a2273c4248271fe58322b59dcbc5ac7e91

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/css(1) HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 17:30:32 GMT
content-type: application/octet-stream
content-length: 16267
cf-ray: 87ea381fcb880b3d-OSL
cf-cache-status: DYNAMIC
accept-ranges: bytes
etag: "62e87fc1-3f8b"
last-modified: Tue, 02 Aug 2022 01:37:05 GMT
ec-cdn-status: dynamic
ec-cdn-status-reason: not supported
ec-source: static
vary: Accept-Encoding
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=SpfoT0QM3hPVhRxPXrKeZZ4CFUYW9cGmscURAA._Qp4-1714843832-1.0.1.1-eLYWthb8WiOk5.Tuw3F.z84ofyJOREGuC_aS1noGmfAXjJR1slrrf6opJ2zh8K6hXlGgjO4Lj71Lqq2YesMmBw; path=/; expires=Sat, 04-May-24 18:00:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=bpw5Pst_V.xgG7A4zw7DU1lSDlHZ8zrSJ7fDv9ZtpTQ-1714843832399-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
alt-svc: h3=":443"; ma=86400

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/DHL2.jpg

162.159.137.9

200 OK

112 kB

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/DHL2.jpg
IP
162.159.137.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
JPEG image data, progressive, precision 8, 1596x1015, components 3
Size
112 kB (111679 bytes)
Hash
6275aedbfdf293c6484bd5666e80308f
301873f19c0723152004411e5f62fbc2a79415df
e23885c4e00866e945b70f7d10f69ed49c7aa345774e3530d855d860d7420419

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/DHL2.jpg HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 17:30:32 GMT
content-type: image/jpeg
content-length: 111679
cf-ray: 87ea3822bf630b3d-OSL
cf-cache-status: HIT
accept-ranges: bytes
cache-control: max-age=315360000
etag: "62e87fc3-1dc54"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 02 Aug 2022 01:37:07 GMT
vary: Accept-Encoding
cf-bgj: imgq:100,h2pri
cf-polished: origSize=121940
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=n2.XqueRKrj5RqJD17CnviDv2OkFfr9Ie4uQee.jkPc-1714843832-1.0.1.1-dmON9oQA9QLJd_Lh4FUsQy1UfUFxD7_vwcJ.40yfIlUlp11oESH0DnL7ULKYbk15qDbOUyZmieLudCNvALo8rQ; path=/; expires=Sat, 04-May-24 18:00:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=vG3TpQ9Ymu0W2NY3.DEwIXYvkPZqQ2bGW8hNf9a.igA-1714843832811-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/raleway/v34/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvoorCIPrE.woff2

216.58.207.227

200 OK

22 kB

URL GET HTTP/2
fonts.gstatic.com/s/raleway/v34/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvoorCIPrE.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 22076, version 1.0
Size
22 kB (22076 bytes)
Hash
6945abf9da6b789c96b2015ef4868409
bfca3e7cfe2140b03557ce2bf0d26eb3ee488611
9f0210608086c584f54e8716f5900cfe6863365f68309509e46aba09e1c4f4f5

HTTP Headers

GET /s/raleway/v34/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvoorCIPrE.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://maavhkpo.elementor.cloud
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22076
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 15:13:10 GMT
expires: Fri, 02 May 2025 15:13:10 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 01 May 2024 20:31:54 GMT
content-type: font/woff2
age: 181042
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

maavhkpo.elementor.cloud/cdn-cgi/challenge-platform/scripts/jsd/main.js

162.159.137.9

302 Found

0 B

URL GET HTTP/3
maavhkpo.elementor.cloud/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
162.159.137.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Sat, 04 May 2024 17:30:32 GMT
content-length: 0
cache-control: max-age=300, public
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js
set-cookie: __cf_bm=rZsKqjUnfflbT56UEpQvrrxMQG_WH5gzV9o1esQhEJQ-1714843832-1.0.1.1-b82WpiZ_GwxP1FAyWmboPn50NrvwMHySWf9lLZOtzNiYLS1CCmW0TOnnsj1flPwUJATSsM5hIvoR5BDF1GgMKQ; path=/; expires=Sat, 04-May-24 18:00:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
x-powered-by: Elementor Cloud
server: cloudflare
cf-ray: 87ea3823d9040b3d-OSL
alt-svc: h3=":443"; ma=86400

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/dhl.gif

162.159.137.9

200 OK

668 B

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/dhl.gif
IP
162.159.137.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
RIFF (little-endian) data, Web/P image
Size
668 B (668 bytes)
Hash
ecf736e1c8097731a599315d08170c97
f320e221ee99df0a6136f12c089160b683f0a0ac
8069e4836476472d221442ba47c27308f2a51334bf8ed860197d0ef73e12639e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/dhl.gif HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 17:30:32 GMT
content-type: image/webp
content-length: 668
cf-ray: 87ea3823c8f90b3d-OSL
cf-cache-status: HIT
accept-ranges: bytes
cache-control: max-age=315360000
content-disposition: inline; filename="dhl.webp"
etag: "62e87fc1-52f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 02 Aug 2022 01:37:05 GMT
vary: Accept, Accept-Encoding
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=gif, origSize=1327
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=.sAJ0cDO5jucK2L70f_8gimbCK_77uRfw_GpyuNNebM-1714843832-1.0.1.1-S6y9FdWdc2A.FbRrjAyy7R3BjIp_OswTzm8J2JmPLkefn.JtZ0MNwnHY1_ZPtmxk0oGgBzClwulhtmc9QQiLKQ; path=/; expires=Sat, 04-May-24 18:00:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=eznamwlrKk2K3WQ9xN7Mlyd08ZucFpQe2iossB0jDDo-1714843832979-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
alt-svc: h3=":443"; ma=86400

ajax.googleapis.com/ajax/libs/webfont/1/webfont.js

142.250.74.42

200 OK

5.4 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/webfont/1/webfont.js
IP
142.250.74.42:443
ASN
#15169 GOOGLE

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
JavaScript source, ASCII text, with very long lines (2134)
Size
5.4 kB (5437 bytes)
Hash
7c96a5f11d9741541d5e3c42ff6380d7
d3fa2564c021cf730e58ffddb138cf6b57ed126e
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

HTTP Headers

GET /ajax/libs/webfont/1/webfont.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 5437
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:37:20 GMT
expires: Fri, 02 May 2025 02:37:20 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 226393
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

maavhkpo.elementor.cloud/cdn-cgi/challenge-platform/h/b/jsd/r/87ea381d8e5b568a

162.159.137.9

200 OK

0 B

URL POST HTTP/3
maavhkpo.elementor.cloud/cdn-cgi/challenge-platform/h/b/jsd/r/87ea381d8e5b568a
IP
162.159.137.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/jsd/r/87ea381d8e5b568a HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12238
Origin: https://maavhkpo.elementor.cloud
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 17:30:33 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
set-cookie: cf_clearance=DxmKp07Sw8RhSE07p.6Y5g7r5bGL2jB79i4F997qv9o-1714843833-1.0.1.1-Ckv1ANS24gBkYBTLCrb4QthoqwzTqxY9pBNrjUGdPll3rdW4hN1p.O42Z3SImJRVQ68UCsarpU0KQbj2K8hBYw; path=/; expires=Sun, 04-May-25 17:30:33 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
__cf_bm=FVzToWNsfDX.XZ7tYx9DQv9fM8OwaipIvysdTsZRJwg-1714843833-1.0.1.1-NNlu0q41ax3Gy166wDGbjXE6GXEM_U0zVM0_wRGPf.hXWa4roBou0oxRigoGjlX2galwZYVcOyN9ydiOg_L5hQ; path=/; expires=Sat, 04-May-24 18:00:33 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
x-powered-by: Elementor Cloud
server: cloudflare
cf-ray: 87ea38251a910b3d-OSL
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2

216.58.207.227

200 OK

22 kB

URL GET HTTP/2
fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 21528, version 1.0
Size
22 kB (21528 bytes)
Hash
6113a25a586aeb6d0d3af5b5b652b973
25619eeae1fe17389310e4d392c427b7711dba44
539bdb4bd9bb71c694451bbf2d5d7c0b2849e3584f0b50be3588a07605d3337f

HTTP Headers

GET /s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://maavhkpo.elementor.cloud
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21528
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 16:31:38 GMT
expires: Sat, 03 May 2025 16:31:38 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 23:21:57 GMT
content-type: font/woff2
age: 89935
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2

216.58.207.227

200 OK

22 kB

URL GET HTTP/2
fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 21528, version 1.0
Size
22 kB (21528 bytes)
Hash
6113a25a586aeb6d0d3af5b5b652b973
25619eeae1fe17389310e4d392c427b7711dba44
539bdb4bd9bb71c694451bbf2d5d7c0b2849e3584f0b50be3588a07605d3337f

HTTP Headers

GET /s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://maavhkpo.elementor.cloud
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21528
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 16:31:38 GMT
expires: Sat, 03 May 2025 16:31:38 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 23:21:57 GMT
content-type: font/woff2
age: 89935
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/uikit.almost-flat.min(1).css

162.159.137.9

200 OK

34 kB

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/uikit.almost-flat.min(1).css
IP
162.159.137.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
34 kB (34272 bytes)
Hash
a6b066a5cb340c5a56afee6b33458a95
9c8fa908ab972c5424de3c77687f41b5f6d7b4a5
d5ea466ccfa1e38f1ec26057d28eb1bbf1de7db4f9cecd7c559ca90333440383

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/uikit.almost-flat.min(1).css HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 17:30:32 GMT
content-type: text/css
cf-ray: 87ea381fcb800b3d-OSL
cf-cache-status: HIT
cache-control: max-age=315360000
etag: W/"62e87fd0-180db"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 02 Aug 2022 01:37:20 GMT
vary: Accept-Encoding
cf-bgj: minify
cf-polished: origSize=98523
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=pJxfrq7s1McifXqUZY4i0yfTM82GbEZS0oyjRRkmmbA-1714843832-1.0.1.1-sVJatJihd83V_x5RDRYNhWwSTMpDsOGy5VUtfgitTeOMH9.lou12V6Q1FMlE580_tPFckgeXLETCQb0_SCJz3A; path=/; expires=Sat, 04-May-24 18:00:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=e5bakKf8L.fNVUB8BdXjMyAzAqD_Qp_MMYsTy3womlk-1714843832333-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15740, version 1.0
Size
16 kB (15740 bytes)
Hash
b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://maavhkpo.elementor.cloud
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:32:46 GMT
expires: Fri, 02 May 2025 02:32:46 GMT
cache-control: public, max-age=31536000
age: 226667
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15920, version 1.0
Size
16 kB (15920 bytes)
Hash
3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://maavhkpo.elementor.cloud
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:03:54 GMT
expires: Fri, 02 May 2025 02:03:54 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
age: 228399
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/webfont.js

162.159.137.9

404 Not Found

18 kB

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/webfont.js
IP
162.159.137.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
18 kB (17469 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/webfont.js HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Sat, 04 May 2024 17:30:32 GMT
content-type: text/html
cf-ray: 87ea381fcb930b3d-OSL
cf-cache-status: EXPIRED
vary: Accept-Encoding
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=5oakhWMbB_IrIaZnrSU_PvgPnRUzKt5oJQ92hmX.hqg-1714843832-1.0.1.1-TpYMBBxoqn3MdneoA7nGhMylMOwdeAfeuuTo67JiXGIPES7e9EgFvUFmGaleJwd1vht5UOhaTYnbfQamnZRX8g; path=/; expires=Sat, 04-May-24 18:00:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=afr0zMpqypnTllEzyoGliiWdzDG5wS7pKvfJEGlXfuk-1714843832482-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/3
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://maavhkpo.elementor.cloud
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:55:00 GMT
expires: Fri, 02 May 2025 01:55:00 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 228933
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

maavhkpo.elementor.cloud/cdn-cgi/rum?

162.159.137.9

204 No Content

0 B

URL POST HTTP/3
maavhkpo.elementor.cloud/cdn-cgi/rum?
IP
162.159.137.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1152
Origin: https://maavhkpo.elementor.cloud
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Sat, 04 May 2024 17:30:33 GMT
access-control-allow-origin: https://maavhkpo.elementor.cloud
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 87ea3825cb5b0b3d-OSL
x-frame-options: DENY
x-content-type-options: nosniff

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/uikit_custom.min.js

162.159.137.9

200 OK

29 kB

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/uikit_custom.min.js
IP
162.159.137.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
JavaScript source, ASCII text, with very long lines (32010), with CRLF line terminators
Size
29 kB (29188 bytes)
Hash
660d070837ba7b53c5dcec99f7f94b9b
b6fae86591af6f1260f49f52b45256a824096351
bc865ff931d1d97a468a025905eed3bde7282bd45450abfb759da9ac3ae9546f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/uikit_custom.min.js HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 17:30:32 GMT
content-type: application/javascript
cf-ray: 87ea381fdb9c0b3d-OSL
cf-cache-status: HIT
cache-control: max-age=315360000
etag: W/"62e87fd2-18d79"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 02 Aug 2022 01:37:22 GMT
vary: Accept-Encoding
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=gbeZsI98Q2jJ_WxZXcD4ZC9KwR79VpImei9s465OVPM-1714843832-1.0.1.1-6zt01HPueYz4HQMiQBplDc7tPIC.s8.XMFQScNHTxdFkVhI2bnPcYpmiL3KEobWdloBCz1F1FrmzgeW6Ao3e6w; path=/; expires=Sat, 04-May-24 18:00:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=WVA6nGLmp6eDY5myBI1E6q8Yz3Rebf784HgUaEPnenE-1714843832358-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/cc.js

162.159.137.9

200 OK

1.2 kB

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/cc.js
IP
162.159.137.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
ASCII text
Size
1.2 kB (1215 bytes)
Hash
91b1658e4c13acdc8b9d1f54462faf5c
7685517809bd4c2694bd6b6bea9f5161ff8ab697
03eae2687c1ef52f34d7f6a20de1c2d5e5f91c5c21f0552331cdfe6d38394bce

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/cc.js HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 17:30:32 GMT
content-type: application/javascript
cf-ray: 87ea381fbb7b0b3d-OSL
cf-cache-status: HIT
cache-control: max-age=315360000
etag: W/"62e87fbe-f0d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 02 Aug 2022 01:37:02 GMT
vary: Accept-Encoding
cf-bgj: minify
cf-polished: origSize=3853
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=67QhD2_aYx8CI84XezWQODLFZ_GwcluVNTtGcS__UjU-1714843832-1.0.1.1-nlOJV2bxGCMeXMkBliYiWzkfOeYQj6OoU7C_r.A2.Hipb0cq8LIUeVg9h94qymnHgmWitV6hmW6WgtGg.oucJg; path=/; expires=Sat, 04-May-24 18:00:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=PING5xf_AbPtWWWF5yjO05sqavXOsHe5FZBIX7L06uw-1714843832339-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400

maavhkpo.elementor.cloud/cdn-cgi/rum?

162.159.137.9

204 No Content

0 B

URL POST HTTP/3
maavhkpo.elementor.cloud/cdn-cgi/rum?
IP
162.159.137.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 651
Origin: https://maavhkpo.elementor.cloud
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/3 204 No Content
date: Sat, 04 May 2024 17:30:55 GMT
access-control-allow-origin: https://maavhkpo.elementor.cloud
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 87ea38b2fc540b3d-OSL
x-frame-options: DENY
x-content-type-options: nosniff

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/common.min.js

162.159.137.9

200 OK

261 kB

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/common.min.js
IP
162.159.137.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type

Size
261 kB (260968 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/common.min.js HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 17:30:32 GMT
content-type: application/javascript
cf-ray: 87ea381fcb980b3d-OSL
cf-cache-status: HIT
cache-control: max-age=315360000
etag: W/"62e87fbf-3fb68"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 02 Aug 2022 01:37:03 GMT
vary: Accept-Encoding
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=1I6ywO1pH1_WROU41bi0dyhIhegKCKAj5ch9JpiRLgM-1714843832-1.0.1.1-hc8jpuWalhBRVEvjLclyQHCBaMGSz5tuifZWL0ITRgEo3qmVNpaNVKmye7DW7wv7y_rdYqkDraebCY_3Ea7GtQ; path=/; expires=Sat, 04-May-24 18:00:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=g0CE6zjzHNGJKUnMUNslogPfR9IZZJU3enH4HOYNXbA-1714843832345-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400

static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387

104.16.80.73

200 OK

19 kB

URL GET HTTP/2
static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387
IP
104.16.80.73:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Certificate
IssuerGoogle Trust Services LLC
Subjectcloudflareinsights.com
Fingerprint73:92:5A:16:97:55:FC:A5:32:7C:F3:9D:0C:84:EF:F3:2F:AA:B5:00
ValiditySun, 10 Mar 2024 02:33:42 GMT - Sat, 08 Jun 2024 02:33:41 GMT

File type
JavaScript source, ASCII text, with very long lines (19189), with no line terminators
Size
19 kB (19189 bytes)
Hash
4c980ee97cb5c001b4d19e2895fa5603
2c6fe998aa7486c4becd74cf253bdd82666a64c3
d2e817d2c44b9cf45f0e45cfa351abba3203af38f5aa1c8576a2db69ebd15192

HTTP Headers

GET /beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://maavhkpo.elementor.cloud
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 17:30:32 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.4.1"
last-modified: Tue, 23 Apr 2024 12:12:17 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ea381ffec50b45-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/moment.min.js

162.159.137.9

200 OK

34 kB

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/moment.min.js
IP
162.159.137.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
JavaScript source, ASCII text, with very long lines (32005), with CRLF line terminators
Size
34 kB (34442 bytes)
Hash
9c58a34f02796276b7e7109af74070cd
a895868d27f57e0c1ef4ddf4e50c1055ff66eb15
a076b936e9383ed6f90c614cfd4e9ce57f95481e19fe1d84450926954d268856

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/moment.min.js HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 17:30:32 GMT
content-type: application/javascript
cf-ray: 87ea381fcb950b3d-OSL
cf-cache-status: HIT
cache-control: max-age=315360000
etag: W/"62e87fcb-868a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 02 Aug 2022 01:37:15 GMT
vary: Accept-Encoding
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=hCzGw2sybhcSd25xLQlOf6FpVHLIgakyPKGrSRvtK_o-1714843832-1.0.1.1-vD_AV5TTC7bk5Jj6hMdP.bkrlkEehE1Ez3RWs_UKElC3zzaz_aQsFZeoTRCfKgQbB4LE9KazpuoqJHuBdn6RGQ; path=/; expires=Sat, 04-May-24 18:00:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=FHwdTeReNRoES2iKiCTIbYDdNWF7G2nL7FxIZC9vdbk-1714843832364-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/files/fonts/Delivery_W_Rg.woff

162.159.137.9

404 Not Found

146 B

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/files/fonts/Delivery_W_Rg.woff
IP
162.159.137.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
HTML document, ASCII text, with no line terminators
Size
146 B (146 bytes)
Hash
40b3fc14254227ec5012d996bf90c4e1
b0dd06eb5a779151151101337889ff09953f8ac0
740816c1b61e4a8443c26d30d3eecfea04815fca8cd605a142f9d8a35f86ceca

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/files/fonts/Delivery_W_Rg.woff HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/uikit.almost-flat.min.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Sat, 04 May 2024 17:30:32 GMT
content-type: text/html
cf-ray: 87ea3823e91e0b3d-OSL
cf-cache-status: HIT
age: 0
vary: Accept-Encoding
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=V6x.ItiWk17qm4OcDfXW_HFogeH3uYf_jv5I8rcFtUA-1714843832-1.0.1.1-zAS8dTGDsZfQTvjgt3XXbyXFa35eqrjtsz0KUQv4zC0iRBNCIqq32CU5TQsJP_M5shC0DuaBPH7TOy4seE_0gg; path=/; expires=Sat, 04-May-24 18:00:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=_yiCz.97fuSvN4Fckz0VFYjAycHrmiJLNgJtZJFCBls-1714843832975-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/altair_admin_common.min.js

162.159.137.9

200 OK

23 kB

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/altair_admin_common.min.js
IP
162.159.137.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
JavaScript source, ASCII text, with very long lines (23095), with no line terminators
Size
23 kB (23095 bytes)
Hash
834d2ecce9a8cc7dba36d273de52b28a
a605a1843810a676f6018c8a0072de08b05b7ef5
523eb9b6af99c2488af8dcd1a5cd648902c24b4981195b0d0b9f3cdaa2fd3b7f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/altair_admin_common.min.js HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 17:30:32 GMT
content-type: application/javascript
cf-ray: 87ea381fdba20b3d-OSL
cf-cache-status: HIT
cache-control: max-age=315360000
etag: W/"62e87fbc-5a37"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 02 Aug 2022 01:37:00 GMT
vary: Accept-Encoding
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=_iOGX63oj5SmtQTvDKRiJBeWIIWroi0zh72bwSy3KMs-1714843832-1.0.1.1-Zi_QxjRJm45JrHNwyVy.Jr3JIZY.bOxIrRovuB5LBqHK.ZuZnLx1cbbBvosOz5sMaBrjpbBi3V9TbdaqIzEzfw; path=/; expires=Sat, 04-May-24 18:00:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=bEfGtYHJYypxtN.CRDp9z8tRBCU_vPJSyzzhKGfhqvI-1714843832361-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2

216.58.207.227

200 OK

17 kB

URL GET HTTP/3
fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 17368, version 1.0
Size
17 kB (17368 bytes)
Hash
abe083d96b58eb02ada8b7c30d7b09f2
61447d66d13a8c8f4335696777a85c438c46f749
db0424fb67fb52e7e538490240cc7fb9c05aa076333a4968f3dee30b825dabf9

HTTP Headers

GET /s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://maavhkpo.elementor.cloud
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17368
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:56:12 GMT
expires: Fri, 02 May 2025 01:56:12 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 228861
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/login_page.min.css

162.159.137.9

200 OK

78 kB

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/login_page.min.css
IP
162.159.137.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
ASCII text, with very long lines (64986), with CRLF line terminators
Size
78 kB (77912 bytes)
Hash
ec69e730972214d8bb0fe2a89600ce06
194d53b7d335621ac70cf31a95315acce389053a
72120a1c75da07babdbacd3c005cb6a04149efd51c68383ae5c26a925afc189a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/login_page.min.css HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 17:30:32 GMT
content-type: text/css
cf-ray: 87ea381fcb810b3d-OSL
cf-cache-status: HIT
cache-control: max-age=315360000
etag: W/"62e87fc6-13058"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 02 Aug 2022 01:37:10 GMT
vary: Accept-Encoding
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=1fRrN4oixTArQwu3uvldDybVc0OR8xZTFSWmmIbYo7s-1714843832-1.0.1.1-H6u4w6o.zC3IphKPd.UTFdB7cB7aT65q8lAd5pfZiobqvIBWzJL.YUwQIYOcLzFCIyYjIMbxgodxrUhACR74IA; path=/; expires=Sat, 04-May-24 18:00:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=vAxoDTkc9344Q0SnGrV9LcbUhixYqlJo7uSC6PrT7hU-1714843832335-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/login_page.min.js

162.159.137.9

200 OK

845 B

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/login_page.min.js
IP
162.159.137.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
JavaScript source, ASCII text, with very long lines (871), with no line terminators
Size
845 B (845 bytes)
Hash
bd1f900aa4ef58f6c1f98598ab7c73ae
d4b77f910a29f31938ef1b188727d21a9185f9af
8577e30436b417f38dea776cf0de84339b8c16f601227222ae17afe5965f13a5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/login_page.min.js HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 17:30:32 GMT
content-type: application/javascript
cf-ray: 87ea381fdbaa0b3d-OSL
cf-cache-status: HIT
cache-control: max-age=315360000
etag: W/"62e87fc7-34d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 02 Aug 2022 01:37:11 GMT
vary: Accept-Encoding
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=UTJb3AQOx65kI_edz26q4_jUhEuX.8G9v84itCRJ61M-1714843832-1.0.1.1-WaoKfe7V1BPX.v0jpCQIDBeRO7FfpmraMXu4Dg3SfDD72LaeIORb8_Bqx9yOcO1SbsyQ2_t6d0L8Uo.EPa2aLw; path=/; expires=Sat, 04-May-24 18:00:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=pOSE7kTVNdqxvXd6X2Bj5nqtf0kw9O5hTZM2Lyv6MFI-1714843832351-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/files/fonts/Delivery_W_Rg.woff

162.159.137.9

404 Not Found

146 B

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/files/fonts/Delivery_W_Rg.woff
IP
162.159.137.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
HTML document, ASCII text, with no line terminators
Size
146 B (146 bytes)
Hash
40b3fc14254227ec5012d996bf90c4e1
b0dd06eb5a779151151101337889ff09953f8ac0
740816c1b61e4a8443c26d30d3eecfea04815fca8cd605a142f9d8a35f86ceca

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/files/fonts/Delivery_W_Rg.woff HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/login_page.min.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Sat, 04 May 2024 17:30:32 GMT
content-type: text/html
cf-ray: 87ea3822bf6c0b3d-OSL
cf-cache-status: EXPIRED
vary: Accept-Encoding
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=8NIfwxWJgNTR823rAPSGj8mgjvOQDfbprlGhLCaJqkM-1714843832-1.0.1.1-ki6txKEgiUkwqDkNqIja61R2SumrbadbhPWdysyF.B6rZVVLP5XuVyIaTjXzfOM_EbRK4BHx1iKCZH4pVhL6mQ; path=/; expires=Sat, 04-May-24 18:00:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=180ot0v7gxOfCsw67x2prPiddCOrYIx.O4I6eZ9CstM-1714843832856-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400

maavhkpo.elementor.cloud/cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js

162.159.137.9

200 OK

7.9 kB

URL GET HTTP/3
maavhkpo.elementor.cloud/cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js
IP
162.159.137.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
JavaScript source, ASCII text, with very long lines (7880), with no line terminators
Size
7.9 kB (7880 bytes)
Hash
de3049ea51a091a6808804b385b8f619
79dea874ee6a1c0483614802829c640f4a9f5715
d238707b85612cebb805bb4bc2fe5af474f805248bff1caa45e5a060e0d4d282

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/ce7818f50e39/main.js HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 17:30:32 GMT
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
cache-control: max-age=14400, public
content-encoding: br
vary: accept-encoding
set-cookie: __cf_bm=OXf8fXm9LlVfgbD.zkQGcLzAajZGPXl5NOxGQB_bICs-1714843832-1.0.1.1-w2fO.MLNzzu2EApI0J6zc5tG2TFQcSdWCmicmng9FYBIvT3YRphttUoaOgMBjZoaIPd4xV7ib1G8nnIKxEf5GQ; path=/; expires=Sat, 04-May-24 18:00:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
x-powered-by: Elementor Cloud
server: cloudflare
cf-ray: 87ea382409400b3d-OSL
alt-svc: h3=":443"; ma=86400

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/uikit.almost-flat.min.css

162.159.137.9

200 OK

99 kB

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/uikit.almost-flat.min.css
IP
162.159.137.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
ASCII text, with very long lines (64954), with CRLF line terminators
Size
99 kB (98968 bytes)
Hash
210251cccee53e864a29e22fb6bd2348
2d34ea62055808d9e1e6ecfcc99f8b542ef2270b
e3ba7ab57a9c17c5dfaaa6f225c880dd6807fae54ecc3699209c553aaaa5c3cb

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/uikit.almost-flat.min.css HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 17:30:32 GMT
content-type: text/css
cf-ray: 87ea381fcb7f0b3d-OSL
cf-cache-status: HIT
cache-control: max-age=315360000
etag: W/"62e87fd1-18298"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 02 Aug 2022 01:37:21 GMT
vary: Accept-Encoding
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=zx3TSqVQlvbPbtRAHSGwIu2lR0YRHHUMPWC142lp5as-1714843832-1.0.1.1-B9NAXsFlSD6K0flUKKUW2I9b3UVqwGCwgyBlrZfyrqsGj8lHOuJr58FW8xKOpkOER32PD4YE39NlLNACMaF4.Q; path=/; expires=Sat, 04-May-24 18:00:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=RZxnrISJDFoaQpQ_kwlxwnQ5VY2ZtGGEg.3ytGErSwc-1714843832348-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/components_notifications.min.js

162.159.137.9

200 OK

1.1 kB

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/components_notifications.min.js
IP
162.159.137.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
JavaScript source, ASCII text, with very long lines (1195), with no line terminators
Size
1.1 kB (1137 bytes)
Hash
2a52c0ae880623240f10d004733ae5eb
ed606b8d74a40be0276815f4c91ef966718a16d4
58c2306123793a08d28ec7c3ce38b87fe28de1aaf981b1b8d45a5239cb5d37b6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/components_notifications.min.js HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 17:30:32 GMT
content-type: application/javascript
cf-ray: 87ea381fdba60b3d-OSL
cf-cache-status: HIT
cache-control: max-age=315360000
etag: W/"62e87fbf-471"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 02 Aug 2022 01:37:03 GMT
vary: Accept-Encoding
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=x2V6fS5lc8Olv5gFV1LLaOnb4A5SOGpC0IyIpPeQwLc-1714843832-1.0.1.1-wHEqENteUKdczA.783F.eOHHEA6Z32dMG.XVzLA.zarE.WOWbTfR7maGTPjhv9yIJJL8pOGmXzogFgGfnWLBKQ; path=/; expires=Sat, 04-May-24 18:00:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=KXDtTFcGiUOebHla.1K3G_R0dVcRohgFOvtUbPDdrTI-1714843832350-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css2?family=Raleway:wght@500&display=swap

142.250.74.106

200 OK

1.9 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Raleway:wght@500&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (1914), with no line terminators
Size
1.9 kB (1869 bytes)
Hash
d62ec62736f98df00b8968c0eb336e36
92a9c10089b30600bc74ea111da520ee7cf80f57
1341400e5cb701df8b59b8210aa84bd8f1b82f4ba21a2d83dff84271d210098e

HTTP Headers

GET /css2?family=Raleway:wght@500&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 May 2024 17:30:32 GMT
date: Sat, 04 May 2024 17:30:32 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Source+Code+Pro:400,700%7CRoboto:400,300,500,700,400italic&subset=latin,latin

142.250.74.106

200 OK

16 kB

URL GET HTTP/3
fonts.googleapis.com/css?family=Source+Code+Pro:400,700%7CRoboto:400,300,500,700,400italic&subset=latin,latin
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text
Size
16 kB (15631 bytes)
Hash
7c3d917910272ad4e7308a436970c945
e7696b7a5754c95ea3ccbb37a31a95d3dbfbc6fd
88b66baa76378b37c01ef37a976ff510154916c54746a31d3a2b9cac8ba1b969

HTTP Headers

GET /css?family=Source+Code+Pro:400,700%7CRoboto:400,300,500,700,400italic&subset=latin,latin HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 May 2024 17:30:33 GMT
date: Sat, 04 May 2024 17:30:33 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://maavhkpo.elementor.cloud
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 04 May 2024 09:28:37 GMT
expires: Sun, 04 May 2025 09:28:37 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 28916
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html

162.159.137.9

200 OK

12 kB

URL User Request GET HTTP/2
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
IP
162.159.137.9:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
HTML document, ASCII text, with very long lines (1494), with CRLF, LF line terminators
Size
12 kB (12133 bytes)
Hash
2b7fea1091d62e521bd2e5ce861aaf97
38928cc27263fab3a7535dba82db08bc0cc32ece
d3174e75a8c9b0886095960c00f46d6e8ddf938efcc11dfbe50b0e488bff982d

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	DHL Airways, Inc.
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 17:30:32 GMT
content-type: text/html
cf-ray: 87ea381d8e5b568a-OSL
cf-cache-status: DYNAMIC
last-modified: Thu, 04 Apr 2024 01:57:29 GMT
ec-cdn-status: dynamic
ec-cdn-status-reason: static resource
ec-source: static
vary: Accept-Encoding
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=j.z2jYZ2x4xjbGHG8s_OGYFj6f.5Fb_h95XCAAJP2p4-1714843832-1.0.1.1-gunvXfCY.._CaZ_P45pqmsO897AkMGynF9yYhgU8UbgwUAn9ZJyOKWjdye0lFlTiTDw9dGutENIwCK8P1vP4Zw; path=/; expires=Sat, 04-May-24 18:00:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=AsHjxvL450GtYq9kLfHlwuan5lUnN0EZRRRNuH1Dsl4-1714843832009-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/css

162.159.137.9

404 Not Found

21 kB

URL GET HTTP/3
maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/css
IP
162.159.137.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Certificate
IssuerLet's Encrypt
Subjectelementor.cloud
Fingerprint9B:9B:B2:54:E4:0D:B0:69:09:06:09:11:55:70:D3:D7:03:AA:9F:6C
ValidityTue, 12 Mar 2024 10:13:46 GMT - Mon, 10 Jun 2024 10:13:45 GMT

File type
HTML document, ASCII text, with very long lines (9462)
Size
21 kB (20725 bytes)
Hash
c68492088e5ae4fcfcc311f13a36e22e
a28a921ce2363ae08bbcc58a0bbae34b12de6586
7703b69cc16d666bb0cdf1809a6364c1f10707b640c77b39dbcab07395079e2b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ENA98765CIZ3435/ENGHUY645/BOBM0002X1/css HTTP/1.1
Host: maavhkpo.elementor.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://maavhkpo.elementor.cloud/ENA98765CIZ3435/ENGHUY645/BOBM0002X1/info2.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Sat, 04 May 2024 17:30:32 GMT
content-type: text/html; charset=UTF-8
cf-ray: 87ea381fbb7d0b3d-OSL
cf-cache-status: DYNAMIC
cache-control: no-cache, must-revalidate, max-age=0
expires: Wed, 11 Jan 1984 05:00:00 GMT
link: <https://maavhkpo.elementor.cloud/wp-json/>; rel="https://api.w.org/"
ec-cdn-cache-control: public, max-age=604800
ec-cdn-status: dynamic
ec-cdn-status-reason: status not ok
ec-cdn-supported: 1
ec-coldstart: worker
ec-source: dynamic
vary: Accept-Encoding
x-powered-by: Elementor Cloud
set-cookie: __cf_bm=NsTbdvGj1aoAT1RNFWwHBhg2PjkYmFWg47RJCmZBeas-1714843832-1.0.1.1-xaNHCnAvyPdBr19P65FDZ7U3uS8qQQZGJ.pLsUOkZmo1JZR9DlpZkPaf8QcLdk_mo4Gtr_ulzD3Y7mUVYlyHvA; path=/; expires=Sat, 04-May-24 18:00:32 GMT; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
_cfuvid=i0m5vdnlTGSbHjDgfcVwzwlLtOLiBQJl5Xk2VBz5BIg-1714843832710-0.0.1.1-604800000; path=/; domain=.elementor.cloud; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML