Report - srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php

Report Overview

Submitted URL
srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php
IP
31.28.24.131
ASN
#12616 Citytelecom LLC
Submitted
2024-04-26 08:41:27
Access
public
Website Title
Verification | DHL
Final URL
srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php
Tags
dhl logistics phishing
urlquery detections
Phishing - DHL

Detections

urlquery
17
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
srv212170.hoster-test.ru	unknown	unknown	No data	No data	8.1 kB	522 kB	31.28.24.131
cdn.lr-in.com	13237	2021-07-19	2021-07-19	2024-04-22	411 B	172 kB	104.21.234.145
dispatching-centre.lasamericascargo.com	unknown	2000-05-05	2022-04-06	2024-04-17	1.3 kB	0 B	0.0.0.0

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	Size	First Seen	Last Seen
	srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php	165 B	2023-03-07	2024-05-06
Pretty URL srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php IP 31.28.24.131 ASN #12616 Citytelecom LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:34:15 Last Seen2024-05-06 06:27:45 Times Seen465 Hash 430ecc2f3cf84cff47c449d145e6d4b0 9ea2d341b5ebc9668ad944047c439953d5928826 c27ea770946ea916def48e311fae08371c423fdd8486a2b7b7e0ca874613bb41 Loading...

	srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php	221 B	2023-03-07	2024-05-06
Pretty URL srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php IP 31.28.24.131 ASN #12616 Citytelecom LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:34:15 Last Seen2024-05-06 06:27:45 Times Seen456 Hash a870e9d213023e1900b0c6fb46bdfa1f e82c3b3e3277d2db60522af0fc2eb9a1a3f342fa 5818cb1b843c3187db11715b9a3c015591aa4e106a89559689b8016a784a9bca Loading...

	srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php	437 B	2023-03-07	2024-05-06
Pretty URL srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php IP 31.28.24.131 ASN #12616 Citytelecom LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:34:15 Last Seen2024-05-06 06:27:45 Times Seen458 Hash 81280e6be9081837195e24a7268f9138 35546d7f9c581846d7a215968de50e2aa70d778f 27da46f0dbe279737be8e490e90b3858972852d6a504ef1974c3e588996ab731 Loading...

	cdn.lr-in.com/logger-1.min.js	863 kB	2024-04-26	2024-04-26
Pretty URL cdn.lr-in.com/logger-1.min.js IP 104.21.234.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 10:41:34 Last Seen2024-04-26 10:41:34 Times Seen2 Hash fbda286876c88a19aa1c23015660d9e5 ab4470fc435a0fdbc0f97e6bb052c1034fb5ae28 5243b468bbc1846bb725247f855fbf722956696ff7e4b4764f5e47ba875c359f Loading...

HTTP Transactions (20)

URL IP Response Size

srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php

31.28.24.131

200 OK

77 kB

URL User Request GET HTTP/1.1
srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php
IP
31.28.24.131:80
ASN
#12616 Citytelecom LLC

File type
HTML document, Unicode text, UTF-8 text, with very long lines (570), with CRLF line terminators
Size
77 kB (76856 bytes)
Hash
9942f655f7942b49281b217c3b91b999
1f161b71b058039cc14af67f30ec7a28d88888be
e567660c73972f54aa835b8f99d3a0e27fd31c3ab0ca461339c97325626087a7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php HTTP/1.1
Host: srv212170.hoster-test.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 08:41:01 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/8.1.11
Set-Cookie: PHPSESSID=hgi1vjsa6q9uu25unqiagj5nnq; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Transfer-Encoding: chunked
Connection: keep-alive

srv212170.hoster-test.ru/js/app.js

31.28.24.131

404 Not Found

297 B

URL GET HTTP/1.1
srv212170.hoster-test.ru/js/app.js
IP
31.28.24.131:80
ASN
#12616 Citytelecom LLC

Requested by
http://srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php

File type
HTML document, ASCII text
Size
297 B (297 bytes)
Hash
d3abde0ea32a2ad6bbc46c50a6a472cb
e2ab8239c5c558c82ee2cb3190cf982af15eae02
0a4379fc5df349ffadb9ba1437d2dd7ed32ab142f7a35d32ec881cdff97703df

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /js/app.js HTTP/1.1
Host: srv212170.hoster-test.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php
Cookie: PHPSESSID=hgi1vjsa6q9uu25unqiagj5nnq
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Fri, 26 Apr 2024 08:41:02 GMT
Server: Apache/2.2.15 (CentOS)
Content-Length: 297
Content-Type: text/html; charset=iso-8859-1
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive

srv212170.hoster-test.ru/js/session-recorder.js

31.28.24.131

404 Not Found

310 B

URL GET HTTP/1.1
srv212170.hoster-test.ru/js/session-recorder.js
IP
31.28.24.131:80
ASN
#12616 Citytelecom LLC

Requested by
http://srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php

File type
HTML document, ASCII text
Size
310 B (310 bytes)
Hash
0206600411bc18c72c67b30f30267e03
17f68bb1215324726fc16ac8781f09ede4395ca7
96549224fc1f2f965f710bc82cd1d4560baf7d54e1958309e8d7bf5ad2403c52

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /js/session-recorder.js HTTP/1.1
Host: srv212170.hoster-test.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php
Cookie: PHPSESSID=hgi1vjsa6q9uu25unqiagj5nnq
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Fri, 26 Apr 2024 08:41:02 GMT
Server: Apache/2.2.15 (CentOS)
Content-Length: 310
Content-Type: text/html; charset=iso-8859-1
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive

srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/assets/app.css

31.28.24.131

200 OK

415 kB

URL GET HTTP/1.1
srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/assets/app.css
IP
31.28.24.131:80
ASN
#12616 Citytelecom LLC

Requested by
http://srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php

File type
ASCII text
Size
415 kB (415045 bytes)
Hash
b33e59c592eb453d12f6a53179d8ef19
5d1863f728b58d4456e1b1d824d98fe56810e69e
a0b9419777f544b665051cae80f11bf8ff9f925072a9f062a3d82c383e6cdfde

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/assets/app.css HTTP/1.1
Host: srv212170.hoster-test.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php
Cookie: PHPSESSID=hgi1vjsa6q9uu25unqiagj5nnq
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 08:41:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 24 Apr 2024 06:55:44 GMT
ETag: "16044bd-65545-616d228d5f717"
Accept-Ranges: bytes
Content-Length: 415045
Content-Type: text/css
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive

srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/assets/logo.png

31.28.24.131

200 OK

2.0 kB

URL GET HTTP/1.1
srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/assets/logo.png
IP
31.28.24.131:80
ASN
#12616 Citytelecom LLC

Requested by
http://srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php

File type
PNG image data, 214 x 20, 8-bit/color RGBA, non-interlaced
Size
2.0 kB (1998 bytes)
Hash
5d14ab93691604e826e1319d53599eb9
78724360e9d25da584445b851e37bca05abe6b85
3f0c62b5ccdcdbf3b3ae3885f1e6959e2d937eba9b29dea9a6bdb98788041756

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/assets/logo.png HTTP/1.1
Host: srv212170.hoster-test.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php
Cookie: PHPSESSID=hgi1vjsa6q9uu25unqiagj5nnq
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 08:41:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 24 Apr 2024 06:55:49 GMT
ETag: "16044cb-7ce-616d2292080e2"
Accept-Ranges: bytes
Content-Length: 1998
Cache-Control: max-age=86400
Expires: Sat, 27 Apr 2024 08:41:02 GMT
Content-Type: image/png
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: HIT from t0.hoster.ru:6666
Connection: keep-alive

srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/assets/foo.png

31.28.24.131

200 OK

18 kB

URL GET HTTP/1.1
srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/assets/foo.png
IP
31.28.24.131:80
ASN
#12616 Citytelecom LLC

Requested by
http://srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php

File type
PNG image data, 187 x 18, 8-bit/color RGBA, non-interlaced
Size
18 kB (17648 bytes)
Hash
f748283f1bdef35cbe2d225eccbe3895
c03c1864ca13cc124d7faf7d4bb11515fd40d814
cae9d5adf2b0220c74a93b644c26d53e27c3a87f9b5d3fe57d06442e808074a2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/assets/foo.png HTTP/1.1
Host: srv212170.hoster-test.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php
Cookie: PHPSESSID=hgi1vjsa6q9uu25unqiagj5nnq
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 08:41:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 24 Apr 2024 06:55:47 GMT
ETag: "16044c8-44f0-616d2290c398b"
Accept-Ranges: bytes
Content-Length: 17648
Cache-Control: max-age=86400
Expires: Sat, 27 Apr 2024 08:41:02 GMT
Content-Type: image/png
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: HIT from t0.hoster.ru:6666
Connection: keep-alive

srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/assets/clan.png

31.28.24.131

200 OK

475 B

URL GET HTTP/1.1
srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/assets/clan.png
IP
31.28.24.131:80
ASN
#12616 Citytelecom LLC

Requested by
http://srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php

File type
PNG image data, 27 x 29, 8-bit/color RGBA, non-interlaced
Size
475 B (475 bytes)
Hash
e00004714ce72691e26f9b61c9810780
51385af6cb9a9d372c3151e67d331ddc1b92b3c4
b8b7e6c193f0b11bece8c12b305cbf15130bc99b32ae92426eb747a3da3264d6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/assets/clan.png HTTP/1.1
Host: srv212170.hoster-test.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php
Cookie: PHPSESSID=hgi1vjsa6q9uu25unqiagj5nnq
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 08:41:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 24 Apr 2024 06:55:45 GMT
ETag: "16044c0-1db-616d228e1a356"
Accept-Ranges: bytes
Content-Length: 475
Cache-Control: max-age=86400
Expires: Sat, 27 Apr 2024 08:41:02 GMT
Content-Type: image/png
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: HIT from t0.hoster.ru:6666
Connection: keep-alive

srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/assets/col.png

31.28.24.131

200 OK

682 B

URL GET HTTP/1.1
srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/assets/col.png
IP
31.28.24.131:80
ASN
#12616 Citytelecom LLC

Requested by
http://srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php

File type
PNG image data, 39 x 28, 8-bit/color RGBA, non-interlaced
Size
682 B (682 bytes)
Hash
f9f5c8ccd73adc2df4d9e3acb9e24f85
ae26c7c6a83b6446179383c3b109fbad8b92c034
381941fc8b5df86879d6e2fcf3392d281b796c33f430f045405a0e6af0e474b9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/assets/col.png HTTP/1.1
Host: srv212170.hoster-test.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php
Cookie: PHPSESSID=hgi1vjsa6q9uu25unqiagj5nnq
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 08:41:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 24 Apr 2024 06:55:45 GMT
ETag: "16044c1-2aa-616d228e8c770"
Accept-Ranges: bytes
Content-Length: 682
Cache-Control: max-age=86400
Expires: Sat, 27 Apr 2024 08:41:02 GMT
Content-Type: image/png
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: HIT from t0.hoster.ru:6666
Connection: keep-alive

srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/assets/pak.png

31.28.24.131

200 OK

380 B

URL GET HTTP/1.1
srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/assets/pak.png
IP
31.28.24.131:80
ASN
#12616 Citytelecom LLC

Requested by
http://srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php

File type
PNG image data, 32 x 27, 8-bit/color RGBA, non-interlaced
Size
380 B (380 bytes)
Hash
5c71f27c78f2fa4c03011a7c22b82496
686900b9ead294ff018699e3fa65c023e5b41de0
eb6ca62c1e5d64c52be3ffa63c298dcda2483c04c4b17d1bfe605d134e52f91b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/assets/pak.png HTTP/1.1
Host: srv212170.hoster-test.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php
Cookie: PHPSESSID=hgi1vjsa6q9uu25unqiagj5nnq
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 08:41:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 24 Apr 2024 06:55:50 GMT
ETag: "16044d0-17c-616d22936a8b0"
Accept-Ranges: bytes
Content-Length: 380
Cache-Control: max-age=86400
Expires: Sat, 27 Apr 2024 08:41:02 GMT
Content-Type: image/png
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: HIT from t0.hoster.ru:6666
Connection: keep-alive

srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/assets/alert.png

31.28.24.131

200 OK

469 B

URL GET HTTP/1.1
srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/assets/alert.png
IP
31.28.24.131:80
ASN
#12616 Citytelecom LLC

Requested by
http://srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php

File type
PNG image data, 20 x 18, 8-bit/color RGBA, non-interlaced
Size
469 B (469 bytes)
Hash
16291265180a2dbcd246ada0b44ea35a
63eb909a37d9730a40955bebf35542cfc1a5ede9
b36e63b78f7ab077c9f74269deec4010ae803b687b27ca13e6aa58712520bb84

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/assets/alert.png HTTP/1.1
Host: srv212170.hoster-test.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php
Cookie: PHPSESSID=hgi1vjsa6q9uu25unqiagj5nnq
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 08:41:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 24 Apr 2024 06:55:42 GMT
ETag: "16044bb-1d5-616d228be2d53"
Accept-Ranges: bytes
Content-Length: 469
Cache-Control: max-age=86400
Expires: Sat, 27 Apr 2024 08:41:02 GMT
Content-Type: image/png
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: HIT from t0.hoster.ru:6666
Connection: keep-alive

srv212170.hoster-test.ru/fonts/vendor/@fontsource/roboto/files/roboto-latin-400-normal.woff2?4673b4537a84c7f7a130799aa6af329b

31.28.24.131

404 Not Found

355 B

URL GET HTTP/1.1
srv212170.hoster-test.ru/fonts/vendor/@fontsource/roboto/files/roboto-latin-400-normal.woff2?4673b4537a84c7f7a130799aa6af329b
IP
31.28.24.131:80
ASN
#12616 Citytelecom LLC

Requested by
http://srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php

File type
HTML document, ASCII text
Size
355 B (355 bytes)
Hash
c5298bcd922b565f16aa65ca7dbc0179
9f7be35c14a93b005beba76927914a613556aab1
1b9aea6b72ef9f21051a273a793c99bc06f0dff2cd3691dccc8239580bfe0aa6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /fonts/vendor/@fontsource/roboto/files/roboto-latin-400-normal.woff2?4673b4537a84c7f7a130799aa6af329b HTTP/1.1
Host: srv212170.hoster-test.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/assets/app.css
Cookie: PHPSESSID=hgi1vjsa6q9uu25unqiagj5nnq
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Fri, 26 Apr 2024 08:41:02 GMT
Server: Apache/2.2.15 (CentOS)
Content-Length: 355
Content-Type: text/html; charset=iso-8859-1
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive

srv212170.hoster-test.ru/fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.woff2?1551f4f60c37af51121f106501f69b80

31.28.24.131

404 Not Found

352 B

URL GET HTTP/1.1
srv212170.hoster-test.ru/fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.woff2?1551f4f60c37af51121f106501f69b80
IP
31.28.24.131:80
ASN
#12616 Citytelecom LLC

Requested by
http://srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php

File type
HTML document, ASCII text
Size
352 B (352 bytes)
Hash
a4d1bdad0b8762451776fa384d6722a5
4ad19cccd05971f82fdb73ffb13d0ed946b140d9
a9f5b3e673a25c68d3b56674319255cd8a1723122dcf0afc879d6cb2d0271194

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.woff2?1551f4f60c37af51121f106501f69b80 HTTP/1.1
Host: srv212170.hoster-test.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/assets/app.css
Cookie: PHPSESSID=hgi1vjsa6q9uu25unqiagj5nnq
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Fri, 26 Apr 2024 08:41:02 GMT
Server: Apache/2.2.15 (CentOS)
Content-Length: 352
Content-Type: text/html; charset=iso-8859-1
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive

srv212170.hoster-test.ru/js/app.js

31.28.24.131

404 Not Found

297 B

URL GET HTTP/1.1
srv212170.hoster-test.ru/js/app.js
IP
31.28.24.131:80
ASN
#12616 Citytelecom LLC

Requested by
http://srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php

File type
HTML document, ASCII text
Size
297 B (297 bytes)
Hash
d3abde0ea32a2ad6bbc46c50a6a472cb
e2ab8239c5c558c82ee2cb3190cf982af15eae02
0a4379fc5df349ffadb9ba1437d2dd7ed32ab142f7a35d32ec881cdff97703df

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /js/app.js HTTP/1.1
Host: srv212170.hoster-test.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php
Cookie: PHPSESSID=hgi1vjsa6q9uu25unqiagj5nnq
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Fri, 26 Apr 2024 08:41:02 GMT
Server: Apache/2.2.15 (CentOS)
Content-Length: 297
Content-Type: text/html; charset=iso-8859-1
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive

srv212170.hoster-test.ru/fonts/vendor/@fontsource/roboto/files/roboto-all-400-normal.woff?376ea5d93f71583052f65de4e0c6a92c

31.28.24.131

404 Not Found

352 B

URL GET HTTP/1.1
srv212170.hoster-test.ru/fonts/vendor/@fontsource/roboto/files/roboto-all-400-normal.woff?376ea5d93f71583052f65de4e0c6a92c
IP
31.28.24.131:80
ASN
#12616 Citytelecom LLC

Requested by
http://srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php

File type
HTML document, ASCII text
Size
352 B (352 bytes)
Hash
072b94c3564e38411de70f3585ac72f5
51b8ec67e0948986c4a93c5765477fccc091314c
2092dd1fa8b69a4722ca4abd868279402cd1cb56542a222371f336ea449c57e2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /fonts/vendor/@fontsource/roboto/files/roboto-all-400-normal.woff?376ea5d93f71583052f65de4e0c6a92c HTTP/1.1
Host: srv212170.hoster-test.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/assets/app.css
Cookie: PHPSESSID=hgi1vjsa6q9uu25unqiagj5nnq
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Fri, 26 Apr 2024 08:41:02 GMT
Server: Apache/2.2.15 (CentOS)
Content-Length: 352
Content-Type: text/html; charset=iso-8859-1
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive

srv212170.hoster-test.ru/fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.woff?eeccf4f66002c6f2ba24d3d22f2434c2

31.28.24.131

404 Not Found

351 B

URL GET HTTP/1.1
srv212170.hoster-test.ru/fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.woff?eeccf4f66002c6f2ba24d3d22f2434c2
IP
31.28.24.131:80
ASN
#12616 Citytelecom LLC

Requested by
http://srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php

File type
HTML document, ASCII text
Size
351 B (351 bytes)
Hash
e7a8f1e236ffbd9b9489774bfd4aa37a
4200cbb9ddd14c5103d10215a28cbd52424d5c91
9c76516a355e4f714f90e306fe776e53cc8bae1222d9224c1a5151757f22a924

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.woff?eeccf4f66002c6f2ba24d3d22f2434c2 HTTP/1.1
Host: srv212170.hoster-test.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/assets/app.css
Cookie: PHPSESSID=hgi1vjsa6q9uu25unqiagj5nnq
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Fri, 26 Apr 2024 08:41:02 GMT
Server: Apache/2.2.15 (CentOS)
Content-Length: 351
Content-Type: text/html; charset=iso-8859-1
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive

cdn.lr-in.com/logger-1.min.js

104.21.234.145

200 OK

171 kB

URL GET HTTP/2
cdn.lr-in.com/logger-1.min.js
IP
104.21.234.145:443
ASN
#13335 CLOUDFLARENET

Requested by
http://srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php
Certificate
IssuerLet's Encrypt
Subjectlr-in.com
Fingerprint9C:36:E8:C7:3B:FC:3A:32:F6:4B:7E:92:80:E3:9C:F6:8E:D3:5C:9A
ValiditySat, 09 Mar 2024 13:34:25 GMT - Fri, 07 Jun 2024 13:34:24 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
171 kB (170887 bytes)
Hash
fbda286876c88a19aa1c23015660d9e5
ab4470fc435a0fdbc0f97e6bb052c1034fb5ae28
5243b468bbc1846bb725247f855fbf722956696ff7e4b4764f5e47ba875c359f

HTTP Headers

GET /logger-1.min.js HTTP/1.1
Host: cdn.lr-in.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://srv212170.hoster-test.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 08:41:02 GMT
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400
cross-origin-resource-policy: cross-origin
etag: W/"0d2a5ebaf24b6bfe19b27ff8ff1ed0b52d154fbfdeea0f35659939a04fdbc62e-br"
last-modified: Thu, 25 Apr 2024 20:49:42 GMT
strict-transport-security: max-age=31556926
x-served-by: cache-lcy-eglc8600044-LCY
x-cache: HIT
x-cache-hits: 1
x-timer: S1714078285.773004,VS0,VE3
vary: x-fh-requested-host, accept-encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 190
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FztaPlRfwzcxFhOin7npiIwBmYXHIaSzqihjMWWqiywoNpkmylqToSHdxRkh3%2Fq2vNLy8QlS%2FnXrVbEirtnHXdZhKa1Sj2m03C0A9UXzVEca0zNnnRG2%2B2LDiroyCgbJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a5457bffc27190-LHR
content-encoding: br
X-Firefox-Spdy: h2

srv212170.hoster-test.ru/fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.ttf?be9ee23c0c6390141475d519c2c5fb8f

31.28.24.131

404 Not Found

350 B

URL GET HTTP/1.1
srv212170.hoster-test.ru/fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.ttf?be9ee23c0c6390141475d519c2c5fb8f
IP
31.28.24.131:80
ASN
#12616 Citytelecom LLC

Requested by
http://srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php

File type
HTML document, ASCII text
Size
350 B (350 bytes)
Hash
c83973fc67484e5bdabfe62d3f998010
fe3ef3ada23adf6baccfa21c8d1751f27d98890a
6b452e17380e67d7263ef27480d7df6d03b73d566030d701b2b61ddcfcbc03cf

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.ttf?be9ee23c0c6390141475d519c2c5fb8f HTTP/1.1
Host: srv212170.hoster-test.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/assets/app.css
Cookie: PHPSESSID=hgi1vjsa6q9uu25unqiagj5nnq
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Fri, 26 Apr 2024 08:41:02 GMT
Server: Apache/2.2.15 (CentOS)
Content-Length: 350
Content-Type: text/html; charset=iso-8859-1
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Connection: keep-alive

dispatching-centre.lasamericascargo.com/js/card.js

0.0.0.0

0 B

URL GET
dispatching-centre.lasamericascargo.com/js/card.js
IP
0.0.0.0:0
ASN
#0

Requested by
http://srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /js/card.js HTTP/1.1
Host: dispatching-centre.lasamericascargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://srv212170.hoster-test.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

dispatching-centre.lasamericascargo.com/js/intlTelInput.js

0.0.0.0

0 B

URL GET
dispatching-centre.lasamericascargo.com/js/intlTelInput.js
IP
0.0.0.0:0
ASN
#0

Requested by
http://srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /js/intlTelInput.js HTTP/1.1
Host: dispatching-centre.lasamericascargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://srv212170.hoster-test.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

dispatching-centre.lasamericascargo.com/images/favicon.gif

0.0.0.0

0 B

URL GET
dispatching-centre.lasamericascargo.com/images/favicon.gif
IP
0.0.0.0:0
ASN
#0

Requested by
http://srv212170.hoster-test.ru/DHLNEWPRIVATE20/DHLNEWPRIVATE2023/locatar/cc.php

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /images/favicon.gif HTTP/1.1
Host: dispatching-centre.lasamericascargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://srv212170.hoster-test.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (20)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections