Report - xflirt.com/desabo/NzE0NjMxfGNodWNrQGJ3YnVja25lci5jb20

Report Overview

Visited public
2023-12-01 18:20:35
Tags
dhl logistics phishing
URL
xflirt.com/desabo/NzE0NjMxfGNodWNrQGJ3YnVja25lci5jb20
Finishing URL
xflirt.com/desabo/NzE0NjMxfGNodWNrQGJ3YnVja25lci5jb20
IP / ASN
3.121.52.233
#16509 AMAZON-02
Title
xflirt.com/desabo/NzE0NjMxfGNodWNrQGJ3YnVja25lci5jb20
Phishing - DHL

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2023-12-01 05:10:14	442 B	9.7 kB	151.101.65.229
xflirt.com	834238	2005-07-27	2019-06-03 11:09:31	2023-12-01 13:57:22	7.6 kB	5.8 MB	3.121.52.233
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-01 05:29:09	1.1 kB	80 kB	142.250.74.131
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-01 08:02:13	915 B	8.0 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	unknown	Function	160 B	2023-11-30	2025-04-23
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-11-30 23:44 Last Seen2025-04-23 23:28 Times Seen9 Hash 715d2ef5e0afdc38badcba6a90eadf03 bdfc3ec637af620d5697c7e518fbd08ffcd67ac2 cc46d16f15f0dff8390601428a6c5b0e9779b58d63813d8c28b37fe6f29b2a68 Loading...

	xflirt.com/livewire/livewire.js?id=54d078b2ce39327a1702	ScriptElement	153 kB	2023-03-08	2024-08-21
Pretty URL xflirt.com/livewire/livewire.js?id=54d078b2ce39327a1702 IP 3.121.52.233 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:22 Last Seen2024-08-21 03:52 Times Seen14 Hash 469c78754f3193e947f4f688f21a6146 5629e27d2bcad323d8f5378aff8387eee66cb7af 5fba42a016e326e62e8bc3d69c73bbfafbf461dbbd46689abe5ee657ec57087c Loading...

	xflirt.com/desabo/NzE0NjMxfGNodWNrQGJ3YnVja25lci5jb20	ScriptElement	370 B	2024-08-20	2024-08-20
Pretty URL xflirt.com/desabo/NzE0NjMxfGNodWNrQGJ3YnVja25lci5jb20 IP 3.121.52.233 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 17:09 Last Seen2024-08-20 17:09 Times Seen1 Hash 705fc2df7f81e4bd42d08d30bb0d2ef7 88b4ef38352a27879f5d316a368e900d8839255a f717f21d1829d3caf16d04d9b318659e3647c67a41c26081a3b5dc340bbc95c8 Loading...

	cdn.jsdelivr.net/gh/alpinejs/alpine@v2.7.3/dist/alpine.min.js	ScriptElement	26 kB	2023-03-13	2025-03-10
Pretty URL cdn.jsdelivr.net/gh/alpinejs/alpine@v2.7.3/dist/alpine.min.js IP 151.101.65.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 00:19 Last Seen2025-03-10 08:28 Times Seen13 Hash 315958b2a377b7cf36c61b9c18da5950 4074a2dded03891bd71579609e638fa6a5836e3a f11b72978f3f04621c2e130d92527099190788f5e08f4a5ef05c72a95fcfa707 Loading...

HTTP Transactions (12)

URL IP Response Size

cdn.jsdelivr.net/gh/alpinejs/alpine@v2.7.3/dist/alpine.min.js

151.101.65.229

200 OK

8.9 kB

URL GET HTTP/2
cdn.jsdelivr.net/gh/alpinejs/alpine@v2.7.3/dist/alpine.min.js
IP
151.101.65.229:443
ASN
#54113 FASTLY

Requested by
https://xflirt.com/desabo/NzE0NjMxfGNodWNrQGJ3YnVja25lci5jb20
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (26195)
Size
8.9 kB (8891 bytes)
Hash
315958b2a377b7cf36c61b9c18da5950
4074a2dded03891bd71579609e638fa6a5836e3a
f11b72978f3f04621c2e130d92527099190788f5e08f4a5ef05c72a95fcfa707

HTTP Headers

GET /gh/alpinejs/alpine@v2.7.3/dist/alpine.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xflirt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 2.7.3
x-jsd-version-type: version
etag: W/"67a0-QHSi3e0DiRvXFXlgnmOPpqWDbjo"
content-encoding: br
accept-ranges: bytes
date: Fri, 01 Dec 2023 18:20:18 GMT
age: 2730326
x-served-by: cache-fra-eddf8230037-FRA, cache-bma1655-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 8891
X-Firefox-Spdy: h2

xflirt.com/img/dating/components/RegisterWithPostal/soft-woman.jpg

3.121.52.233

200 OK

732 kB

URL GET HTTP/2
xflirt.com/img/dating/components/RegisterWithPostal/soft-woman.jpg
IP
3.121.52.233:443
ASN
#16509 AMAZON-02

Requested by
https://xflirt.com/desabo/NzE0NjMxfGNodWNrQGJ3YnVja25lci5jb20
Certificate
IssuerLet's Encrypt
Subjectwww.xflirt.com
FingerprintAD:92:6C:B1:24:11:BC:B6:B4:77:CB:4A:18:75:CA:9A:BA:9F:0F:0C
ValidityTue, 21 Nov 2023 14:17:27 GMT - Mon, 19 Feb 2024 14:17:26 GMT

File type
PNG image data, 805 x 747, 8-bit/color RGBA, non-interlaced\012- data
Size
732 kB (731676 bytes)
Hash
530270218c3bbdc5443a7448abcd0850
1e7afee008fdfeab1df586d84ba68e4c9c9aa98b
7f7999f6facb4f817d897215332f7d93b1c27a4305680ac95d7b1098e8fbf233

HTTP Headers

GET /img/dating/components/RegisterWithPostal/soft-woman.jpg HTTP/1.1
Host: xflirt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xflirt.com/desabo/NzE0NjMxfGNodWNrQGJ3YnVja25lci5jb20
Cookie: XSRF-TOKEN=eyJpdiI6IjVZMWF4cmJhSUVHMWJhc0hrUnJubVE9PSIsInZhbHVlIjoibVZoTmswK2YvdzVuNUlvRmNjSnBrZnk3UjlpaXNPQnUzZTNrSXgrZkZGY2ZJRTVKNVhLZnNyRFA3dXV2VExBVVRkL09uS1h4Z3dBZlR0eDYwNnBabHRHWm1LZ3FtRk12U2xXcVcweFp3RWhwdkZaZ1Z5SUhoMlpXblZsQ3FQWUciLCJtYWMiOiI5MDkxNDU4ZGFmYjdhOWVkNDZkYzhiZjU0MzZlOTZjNGZjYWY0ZjEyMzBmOGRlNTZjNDFiMTNlZTJkMGJjMmY4In0%3D; laravel_session=eyJpdiI6IlJrY0g4NkhYOFkzYVRON0hyZm1XWVE9PSIsInZhbHVlIjoiaWNtbkV5WE9pWU1kSmMveC9SbmNiL3JKTzYzdTJOR1dMQmttTWw2eDQ1bFEzQm03L1lmUS9HQ1Y2bUZKbXU0ak0xYy9JS1YzbU1haVZ4Q3JLOTBkdE1CVnpUWmpzTmR5Q0c1NDJFaDRwby9TenNMOWxsQ3p4MzVQb1BINmpOWDkiLCJtYWMiOiJkNDJhODE3YjMzNDgzZTYwOTQ5ZDRiZTM4MjZlZWU4MjM4ODNiMjgyMjJiMzFmNzU0MTE5ZTQxYmQ1MGY4NmQyIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/jpeg
date: Fri, 01 Dec 2023 18:20:18 GMT
etag: "6569c18e-b2a1c"
last-modified: Fri, 01 Dec 2023 11:20:46 GMT
server: nginx
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 731676
X-Firefox-Spdy: h2

fonts.gstatic.com/s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2

142.250.74.131

200 OK

39 kB

URL GET HTTP/2
fonts.gstatic.com/s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://xflirt.com/desabo/NzE0NjMxfGNodWNrQGJ3YnVja25lci5jb20
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 39124, version 1.0\012- data
Size
39 kB (39124 bytes)
Hash
86b73ab5f530be7984b704414f2a711d
8e297794ed7b6f5ea476d14b5270df12e8f3e42a
1a48b70f97555c13f84b8f088a417f9179d99b5101250819350acaf6e91bb92f

HTTP Headers

GET /s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xflirt.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 39124
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:48:24 GMT
expires: Fri, 29 Nov 2024 04:48:24 GMT
cache-control: public, max-age=31536000
age: 135115
last-modified: Thu, 14 Sep 2023 00:02:20 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2

142.250.74.131

200 OK

39 kB

URL GET HTTP/2
fonts.gstatic.com/s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://xflirt.com/desabo/NzE0NjMxfGNodWNrQGJ3YnVja25lci5jb20
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 39124, version 1.0\012- data
Size
39 kB (39124 bytes)
Hash
86b73ab5f530be7984b704414f2a711d
8e297794ed7b6f5ea476d14b5270df12e8f3e42a
1a48b70f97555c13f84b8f088a417f9179d99b5101250819350acaf6e91bb92f

HTTP Headers

GET /s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xflirt.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 39124
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:48:24 GMT
expires: Fri, 29 Nov 2024 04:48:24 GMT
cache-control: public, max-age=31536000
age: 135115
last-modified: Thu, 14 Sep 2023 00:02:20 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

xflirt.com/favicon.ico

3.121.52.233

200 OK

0 B

URL GET HTTP/2
xflirt.com/favicon.ico
IP
3.121.52.233:443
ASN
#16509 AMAZON-02

Requested by
https://xflirt.com/desabo/NzE0NjMxfGNodWNrQGJ3YnVja25lci5jb20
Certificate
IssuerLet's Encrypt
Subjectwww.xflirt.com
FingerprintAD:92:6C:B1:24:11:BC:B6:B4:77:CB:4A:18:75:CA:9A:BA:9F:0F:0C
ValidityTue, 21 Nov 2023 14:17:27 GMT - Mon, 19 Feb 2024 14:17:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: xflirt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xflirt.com/desabo/NzE0NjMxfGNodWNrQGJ3YnVja25lci5jb20
Cookie: XSRF-TOKEN=eyJpdiI6IjVZMWF4cmJhSUVHMWJhc0hrUnJubVE9PSIsInZhbHVlIjoibVZoTmswK2YvdzVuNUlvRmNjSnBrZnk3UjlpaXNPQnUzZTNrSXgrZkZGY2ZJRTVKNVhLZnNyRFA3dXV2VExBVVRkL09uS1h4Z3dBZlR0eDYwNnBabHRHWm1LZ3FtRk12U2xXcVcweFp3RWhwdkZaZ1Z5SUhoMlpXblZsQ3FQWUciLCJtYWMiOiI5MDkxNDU4ZGFmYjdhOWVkNDZkYzhiZjU0MzZlOTZjNGZjYWY0ZjEyMzBmOGRlNTZjNDFiMTNlZTJkMGJjMmY4In0%3D; laravel_session=eyJpdiI6IlJrY0g4NkhYOFkzYVRON0hyZm1XWVE9PSIsInZhbHVlIjoiaWNtbkV5WE9pWU1kSmMveC9SbmNiL3JKTzYzdTJOR1dMQmttTWw2eDQ1bFEzQm03L1lmUS9HQ1Y2bUZKbXU0ak0xYy9JS1YzbU1haVZ4Q3JLOTBkdE1CVnpUWmpzTmR5Q0c1NDJFaDRwby9TenNMOWxsQ3p4MzVQb1BINmpOWDkiLCJtYWMiOiJkNDJhODE3YjMzNDgzZTYwOTQ5ZDRiZTM4MjZlZWU4MjM4ODNiMjgyMjJiMzFmNzU0MTE5ZTQxYmQ1MGY4NmQyIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/x-icon
date: Fri, 01 Dec 2023 18:20:19 GMT
etag: "6569c18e-0"
last-modified: Fri, 01 Dec 2023 11:20:46 GMT
server: nginx
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 0
X-Firefox-Spdy: h2

xflirt.com/desabo/css/style-commun.css?v=6.2

3.121.52.233

404 Not Found

6.6 kB

URL GET HTTP/2
xflirt.com/desabo/css/style-commun.css?v=6.2
IP
3.121.52.233:443
ASN
#16509 AMAZON-02

Requested by
https://xflirt.com/desabo/NzE0NjMxfGNodWNrQGJ3YnVja25lci5jb20
Certificate
IssuerLet's Encrypt
Subjectwww.xflirt.com
FingerprintAD:92:6C:B1:24:11:BC:B6:B4:77:CB:4A:18:75:CA:9A:BA:9F:0F:0C
ValidityTue, 21 Nov 2023 14:17:27 GMT - Mon, 19 Feb 2024 14:17:26 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (6693), with no line terminators
Size
6.6 kB (6609 bytes)
Hash
637c64dcfa59899545c1dce3f050200d
8cf7d3405932c23d2b4ee4c3473a611cb924c05f
bc61d266b689e585d2ae0c93c625d665dff0f4dfcbfc0263df35ca4c1bb1494f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /desabo/css/style-commun.css?v=6.2 HTTP/1.1
Host: xflirt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xflirt.com/desabo/NzE0NjMxfGNodWNrQGJ3YnVja25lci5jb20
Cookie: XSRF-TOKEN=eyJpdiI6IjVZMWF4cmJhSUVHMWJhc0hrUnJubVE9PSIsInZhbHVlIjoibVZoTmswK2YvdzVuNUlvRmNjSnBrZnk3UjlpaXNPQnUzZTNrSXgrZkZGY2ZJRTVKNVhLZnNyRFA3dXV2VExBVVRkL09uS1h4Z3dBZlR0eDYwNnBabHRHWm1LZ3FtRk12U2xXcVcweFp3RWhwdkZaZ1Z5SUhoMlpXblZsQ3FQWUciLCJtYWMiOiI5MDkxNDU4ZGFmYjdhOWVkNDZkYzhiZjU0MzZlOTZjNGZjYWY0ZjEyMzBmOGRlNTZjNDFiMTNlZTJkMGJjMmY4In0%3D; laravel_session=eyJpdiI6IlJrY0g4NkhYOFkzYVRON0hyZm1XWVE9PSIsInZhbHVlIjoiaWNtbkV5WE9pWU1kSmMveC9SbmNiL3JKTzYzdTJOR1dMQmttTWw2eDQ1bFEzQm03L1lmUS9HQ1Y2bUZKbXU0ak0xYy9JS1YzbU1haVZ4Q3JLOTBkdE1CVnpUWmpzTmR5Q0c1NDJFaDRwby9TenNMOWxsQ3p4MzVQb1BINmpOWDkiLCJtYWMiOiJkNDJhODE3YjMzNDgzZTYwOTQ5ZDRiZTM4MjZlZWU4MjM4ODNiMjgyMjJiMzFmNzU0MTE5ZTQxYmQ1MGY4NmQyIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
cache-control: no-cache, private
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 01 Dec 2023 18:20:18 GMT
server: nginx
vary: Accept-Encoding
X-Firefox-Spdy: h2

xflirt.com/desabo/css/responsive-commun.css?v=5.9

3.121.52.233

404 Not Found

6.6 kB

URL GET HTTP/2
xflirt.com/desabo/css/responsive-commun.css?v=5.9
IP
3.121.52.233:443
ASN
#16509 AMAZON-02

Requested by
https://xflirt.com/desabo/NzE0NjMxfGNodWNrQGJ3YnVja25lci5jb20
Certificate
IssuerLet's Encrypt
Subjectwww.xflirt.com
FingerprintAD:92:6C:B1:24:11:BC:B6:B4:77:CB:4A:18:75:CA:9A:BA:9F:0F:0C
ValidityTue, 21 Nov 2023 14:17:27 GMT - Mon, 19 Feb 2024 14:17:26 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (6693), with no line terminators
Size
6.6 kB (6609 bytes)
Hash
637c64dcfa59899545c1dce3f050200d
8cf7d3405932c23d2b4ee4c3473a611cb924c05f
bc61d266b689e585d2ae0c93c625d665dff0f4dfcbfc0263df35ca4c1bb1494f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /desabo/css/responsive-commun.css?v=5.9 HTTP/1.1
Host: xflirt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xflirt.com/desabo/NzE0NjMxfGNodWNrQGJ3YnVja25lci5jb20
Cookie: XSRF-TOKEN=eyJpdiI6IjVZMWF4cmJhSUVHMWJhc0hrUnJubVE9PSIsInZhbHVlIjoibVZoTmswK2YvdzVuNUlvRmNjSnBrZnk3UjlpaXNPQnUzZTNrSXgrZkZGY2ZJRTVKNVhLZnNyRFA3dXV2VExBVVRkL09uS1h4Z3dBZlR0eDYwNnBabHRHWm1LZ3FtRk12U2xXcVcweFp3RWhwdkZaZ1Z5SUhoMlpXblZsQ3FQWUciLCJtYWMiOiI5MDkxNDU4ZGFmYjdhOWVkNDZkYzhiZjU0MzZlOTZjNGZjYWY0ZjEyMzBmOGRlNTZjNDFiMTNlZTJkMGJjMmY4In0%3D; laravel_session=eyJpdiI6IlJrY0g4NkhYOFkzYVRON0hyZm1XWVE9PSIsInZhbHVlIjoiaWNtbkV5WE9pWU1kSmMveC9SbmNiL3JKTzYzdTJOR1dMQmttTWw2eDQ1bFEzQm03L1lmUS9HQ1Y2bUZKbXU0ak0xYy9JS1YzbU1haVZ4Q3JLOTBkdE1CVnpUWmpzTmR5Q0c1NDJFaDRwby9TenNMOWxsQ3p4MzVQb1BINmpOWDkiLCJtYWMiOiJkNDJhODE3YjMzNDgzZTYwOTQ5ZDRiZTM4MjZlZWU4MjM4ODNiMjgyMjJiMzFmNzU0MTE5ZTQxYmQ1MGY4NmQyIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
cache-control: no-cache, private
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 01 Dec 2023 18:20:18 GMT
server: nginx
vary: Accept-Encoding
X-Firefox-Spdy: h2

xflirt.com/livewire/livewire.js?id=54d078b2ce39327a1702

3.121.52.233

200 OK

153 kB

URL GET HTTP/2
xflirt.com/livewire/livewire.js?id=54d078b2ce39327a1702
IP
3.121.52.233:443
ASN
#16509 AMAZON-02

Requested by
https://xflirt.com/desabo/NzE0NjMxfGNodWNrQGJ3YnVja25lci5jb20
Certificate
IssuerLet's Encrypt
Subjectwww.xflirt.com
FingerprintAD:92:6C:B1:24:11:BC:B6:B4:77:CB:4A:18:75:CA:9A:BA:9F:0F:0C
ValidityTue, 21 Nov 2023 14:17:27 GMT - Mon, 19 Feb 2024 14:17:26 GMT

File type

Size
153 kB (152770 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /livewire/livewire.js?id=54d078b2ce39327a1702 HTTP/1.1
Host: xflirt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xflirt.com/desabo/NzE0NjMxfGNodWNrQGJ3YnVja25lci5jb20
Cookie: XSRF-TOKEN=eyJpdiI6IjVZMWF4cmJhSUVHMWJhc0hrUnJubVE9PSIsInZhbHVlIjoibVZoTmswK2YvdzVuNUlvRmNjSnBrZnk3UjlpaXNPQnUzZTNrSXgrZkZGY2ZJRTVKNVhLZnNyRFA3dXV2VExBVVRkL09uS1h4Z3dBZlR0eDYwNnBabHRHWm1LZ3FtRk12U2xXcVcweFp3RWhwdkZaZ1Z5SUhoMlpXblZsQ3FQWUciLCJtYWMiOiI5MDkxNDU4ZGFmYjdhOWVkNDZkYzhiZjU0MzZlOTZjNGZjYWY0ZjEyMzBmOGRlNTZjNDFiMTNlZTJkMGJjMmY4In0%3D; laravel_session=eyJpdiI6IlJrY0g4NkhYOFkzYVRON0hyZm1XWVE9PSIsInZhbHVlIjoiaWNtbkV5WE9pWU1kSmMveC9SbmNiL3JKTzYzdTJOR1dMQmttTWw2eDQ1bFEzQm03L1lmUS9HQ1Y2bUZKbXU0ak0xYy9JS1YzbU1haVZ4Q3JLOTBkdE1CVnpUWmpzTmR5Q0c1NDJFaDRwby9TenNMOWxsQ3p4MzVQb1BINmpOWDkiLCJtYWMiOiJkNDJhODE3YjMzNDgzZTYwOTQ5ZDRiZTM4MjZlZWU4MjM4ODNiMjgyMjJiMzFmNzU0MTE5ZTQxYmQ1MGY4NmQyIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: max-age=31536000, public
content-encoding: gzip
content-type: application/javascript; charset=utf-8
date: Fri, 01 Dec 2023 18:20:18 GMT
expires: Sun, 01 Dec 2024 18:20:18 GMT
last-modified: Fri, 01 Dec 2023 11:20:49 GMT
server: nginx
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Niramit&display=swap

142.250.74.106

200 OK

1.4 kB

URL GET HTTP/3
fonts.googleapis.com/css?family=Niramit&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://xflirt.com/desabo/NzE0NjMxfGNodWNrQGJ3YnVja25lci5jb20
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (1477), with no line terminators
Size
1.4 kB (1441 bytes)
Hash
bc64ab1b7829d2c1e795621afba37bab
03b9541e9b88b72d3f61233e55a154048198e659
6b5c12ca670da0401715738bedba1e12dec32e9a3f00b4d318b0fb86c7e282cf

HTTP Headers

GET /css?family=Niramit&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xflirt.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 01 Dec 2023 18:20:18 GMT
date: Fri, 01 Dec 2023 18:20:18 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.googleapis.com/css2?family=Nunito:wght@400;600;700&display=swap

142.250.74.106

200 OK

5.3 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Nunito:wght@400;600;700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://xflirt.com/desabo/NzE0NjMxfGNodWNrQGJ3YnVja25lci5jb20
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (5427), with no line terminators
Size
5.3 kB (5292 bytes)
Hash
05877a8dea1826f3da6dd40f3358d1d4
0b6c7ec98a7fd243d9d81666bd80d9712bde4e4b
8c24ae0c1302148a7a95cec44a5e97cdf549fea4bba60a9f4c2ade782371262d

HTTP Headers

GET /css2?family=Nunito:wght@400;600;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xflirt.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 01 Dec 2023 18:20:18 GMT
date: Fri, 01 Dec 2023 18:20:18 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

xflirt.com/css/app.css?v=5.0

3.121.52.233

200 OK

4.9 MB

URL GET HTTP/2
xflirt.com/css/app.css?v=5.0
IP
3.121.52.233:443
ASN
#16509 AMAZON-02

Requested by
https://xflirt.com/desabo/NzE0NjMxfGNodWNrQGJ3YnVja25lci5jb20
Certificate
IssuerLet's Encrypt
Subjectwww.xflirt.com
FingerprintAD:92:6C:B1:24:11:BC:B6:B4:77:CB:4A:18:75:CA:9A:BA:9F:0F:0C
ValidityTue, 21 Nov 2023 14:17:27 GMT - Mon, 19 Feb 2024 14:17:26 GMT

File type

Size
4.9 MB (4886627 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /css/app.css?v=5.0 HTTP/1.1
Host: xflirt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xflirt.com/desabo/NzE0NjMxfGNodWNrQGJ3YnVja25lci5jb20
Cookie: XSRF-TOKEN=eyJpdiI6IjVZMWF4cmJhSUVHMWJhc0hrUnJubVE9PSIsInZhbHVlIjoibVZoTmswK2YvdzVuNUlvRmNjSnBrZnk3UjlpaXNPQnUzZTNrSXgrZkZGY2ZJRTVKNVhLZnNyRFA3dXV2VExBVVRkL09uS1h4Z3dBZlR0eDYwNnBabHRHWm1LZ3FtRk12U2xXcVcweFp3RWhwdkZaZ1Z5SUhoMlpXblZsQ3FQWUciLCJtYWMiOiI5MDkxNDU4ZGFmYjdhOWVkNDZkYzhiZjU0MzZlOTZjNGZjYWY0ZjEyMzBmOGRlNTZjNDFiMTNlZTJkMGJjMmY4In0%3D; laravel_session=eyJpdiI6IlJrY0g4NkhYOFkzYVRON0hyZm1XWVE9PSIsInZhbHVlIjoiaWNtbkV5WE9pWU1kSmMveC9SbmNiL3JKTzYzdTJOR1dMQmttTWw2eDQ1bFEzQm03L1lmUS9HQ1Y2bUZKbXU0ak0xYy9JS1YzbU1haVZ4Q3JLOTBkdE1CVnpUWmpzTmR5Q0c1NDJFaDRwby9TenNMOWxsQ3p4MzVQb1BINmpOWDkiLCJtYWMiOiJkNDJhODE3YjMzNDgzZTYwOTQ5ZDRiZTM4MjZlZWU4MjM4ODNiMjgyMjJiMzFmNzU0MTE5ZTQxYmQ1MGY4NmQyIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
content-type: text/css
date: Fri, 01 Dec 2023 18:20:18 GMT
etag: W/"6569c18e-4a9063"
last-modified: Fri, 01 Dec 2023 11:20:46 GMT
server: nginx
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2

xflirt.com/desabo/NzE0NjMxfGNodWNrQGJ3YnVja25lci5jb20

3.121.52.233

200 OK

7.4 kB

URL User Request GET HTTP/2
xflirt.com/desabo/NzE0NjMxfGNodWNrQGJ3YnVja25lci5jb20
IP
3.121.52.233:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjectwww.xflirt.com
FingerprintAD:92:6C:B1:24:11:BC:B6:B4:77:CB:4A:18:75:CA:9A:BA:9F:0F:0C
ValidityTue, 21 Nov 2023 14:17:27 GMT - Mon, 19 Feb 2024 14:17:26 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7653), with no line terminators
Size
7.4 kB (7359 bytes)
Hash
b2cb31bc5ac6c8a6ff1e1f787ea9cb90
f6c6eb172b5a8df3a00e7253a1bf88be40bb2fc6
4958f47ddb214aa4ee373791f070defeee462f3224e92ed5a25a36bc85a727f8

HTTP Headers

GET /desabo/NzE0NjMxfGNodWNrQGJ3YnVja25lci5jb20 HTTP/1.1
Host: xflirt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: no-cache, private
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 01 Dec 2023 18:20:18 GMT
server: nginx
set-cookie: XSRF-TOKEN=eyJpdiI6IjVZMWF4cmJhSUVHMWJhc0hrUnJubVE9PSIsInZhbHVlIjoibVZoTmswK2YvdzVuNUlvRmNjSnBrZnk3UjlpaXNPQnUzZTNrSXgrZkZGY2ZJRTVKNVhLZnNyRFA3dXV2VExBVVRkL09uS1h4Z3dBZlR0eDYwNnBabHRHWm1LZ3FtRk12U2xXcVcweFp3RWhwdkZaZ1Z5SUhoMlpXblZsQ3FQWUciLCJtYWMiOiI5MDkxNDU4ZGFmYjdhOWVkNDZkYzhiZjU0MzZlOTZjNGZjYWY0ZjEyMzBmOGRlNTZjNDFiMTNlZTJkMGJjMmY4In0%3D; expires=Fri, 01-Dec-2023 20:20:18 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6IlJrY0g4NkhYOFkzYVRON0hyZm1XWVE9PSIsInZhbHVlIjoiaWNtbkV5WE9pWU1kSmMveC9SbmNiL3JKTzYzdTJOR1dMQmttTWw2eDQ1bFEzQm03L1lmUS9HQ1Y2bUZKbXU0ak0xYy9JS1YzbU1haVZ4Q3JLOTBkdE1CVnpUWmpzTmR5Q0c1NDJFaDRwby9TenNMOWxsQ3p4MzVQb1BINmpOWDkiLCJtYWMiOiJkNDJhODE3YjMzNDgzZTYwOTQ5ZDRiZTM4MjZlZWU4MjM4ODNiMjgyMjJiMzFmNzU0MTE5ZTQxYmQ1MGY4NmQyIn0%3D; expires=Fri, 01-Dec-2023 20:20:18 GMT; Max-Age=7200; path=/; httponly; samesite=lax
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (12)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate