Report - goflyeg.com/wp-admin/Dhl23

Report Overview

Visited public
2023-12-06 15:22:16
Tags
dhl logistics phishing
Submit Tags
URL
goflyeg.com/wp-admin/Dhl23
Finishing URL
goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
IP / ASN
198.38.83.161
#23352 SERVERCENTRAL
Title
Global Logistics - International Shipping | DHL Home
Phishing - DHL

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
kit.fontawesome.com	1868	2012-10-18	2019-12-16 20:51:31	2023-12-06 05:24:28	443 B	12 kB	172.64.147.188
goflyeg.com	unknown	unknown	No data	No data	19 kB	2.2 MB	198.38.83.161
www.dhl.com	40018	1989-05-25	2012-07-02 18:21:37	2023-12-04 16:20:26	3.8 kB	211 kB	96.6.17.154
ka-f.fontawesome.com	3598	2012-10-18	2019-12-17 07:36:13	2023-12-06 05:24:29	2.0 kB	138 kB	172.64.205.20

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	kit.fontawesome.com/2b0499d3bf.js	ScriptElement	12 kB	2023-12-04	2024-08-20
Pretty URL kit.fontawesome.com/2b0499d3bf.js IP 172.64.147.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-04 09:49 Last Seen2024-08-20 16:50 Times Seen16 Hash 6a26cfe652bf4624be8349f3b9e28d44 37c8e0ee56d8e16d824662ec998da5b860c2dc7b 6cb7278449719ee4d46a944a99b0ce6624f86726839744a136295acca977ee17 Loading...

HTTP Transactions (42)

URL IP Response Size

GET goflyeg.com/wp-admin/Dhl23

198.38.83.161

301 Moved Permanently

158 B

URL User Request GET HTTP/2
goflyeg.com/wp-admin/Dhl23
IP
198.38.83.161:443
ASN
#23352 SERVERCENTRAL

Certificate
IssuerLet's Encrypt
Subjectgoflyeg.com
Fingerprint56:13:FC:4C:BD:62:2E:70:08:56:4E:29:4B:00:7F:23:FD:15:7A:1B
ValidityTue, 05 Dec 2023 16:09:36 GMT - Mon, 04 Mar 2024 16:09:35 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text
Size
158 B (158 bytes)
Hash
070cb88212d9a2294b7e577d81b6caad
326226e377231428f3f1b63d56d301213352a18a
af886094307f072d687c5d54cfad6f98358dba81d6649c4d7ad4617ff39855c6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /wp-admin/Dhl23 HTTP/1.1
Host: goflyeg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
content-type: text/html; charset=UTF-8
location: https://goflyeg.com/wp-admin/Dhl23/
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Wed, 06 Dec 2023 15:21:58 GMT
content-length: 158
X-Firefox-Spdy: h2

GET goflyeg.com/wp-admin/Dhl23/

198.38.83.161

302 Found

0 B

URL User Request GET HTTP/2
goflyeg.com/wp-admin/Dhl23/
IP
198.38.83.161:443
ASN
#23352 SERVERCENTRAL

Certificate
IssuerLet's Encrypt
Subjectgoflyeg.com
Fingerprint56:13:FC:4C:BD:62:2E:70:08:56:4E:29:4B:00:7F:23:FD:15:7A:1B
ValidityTue, 05 Dec 2023 16:09:36 GMT - Mon, 04 Mar 2024 16:09:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /wp-admin/Dhl23/ HTTP/1.1
Host: goflyeg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
server: Microsoft-IIS/10.0
set-cookie: PHPSESSID=5kn9v855sn2mnku08vbv412hbe; path=/
x-powered-by: PHP/7.4.11, ASP.NET
date: Wed, 06 Dec 2023 15:21:58 GMT
content-length: 0
X-Firefox-Spdy: h2

GET goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707

198.38.83.161

200 OK

280 kB

URL User Request GET HTTP/2
goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
IP
198.38.83.161:443
ASN
#23352 SERVERCENTRAL

Certificate
IssuerLet's Encrypt
Subjectgoflyeg.com
Fingerprint56:13:FC:4C:BD:62:2E:70:08:56:4E:29:4B:00:7F:23:FD:15:7A:1B
ValidityTue, 05 Dec 2023 16:09:36 GMT - Mon, 04 Mar 2024 16:09:35 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1156)
Size
280 kB (279978 bytes)
Hash
6349cb8b8622553ad35f6f383c788a04
bd360167c6714e2479ed8d5c7604c3c284131e4a
971e6b6333a96b0af7b2e57df0674bc0ec9b9db4fad70584348137f86fe0573c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707 HTTP/1.1
Host: goflyeg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=5kn9v855sn2mnku08vbv412hbe
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
server: Microsoft-IIS/10.0
x-powered-by: PHP/7.4.11, ASP.NET
date: Wed, 06 Dec 2023 15:21:58 GMT
content-length: 279978
X-Firefox-Spdy: h2

GET goflyeg.com/wp-admin/Dhl23/app/styles/clientlib-core.min.css

198.38.83.161

200 OK

29 B

URL GET HTTP/2
goflyeg.com/wp-admin/Dhl23/app/styles/clientlib-core.min.css
IP
198.38.83.161:443
ASN
#23352 SERVERCENTRAL

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerLet's Encrypt
Subjectgoflyeg.com
Fingerprint56:13:FC:4C:BD:62:2E:70:08:56:4E:29:4B:00:7F:23:FD:15:7A:1B
ValidityTue, 05 Dec 2023 16:09:36 GMT - Mon, 04 Mar 2024 16:09:35 GMT

File type
ASCII text, with no line terminators
Size
29 B (29 bytes)
Hash
b104a4a85c21511ada13e2c6e7552d37
475c6eb572d41f86d612ef9d8d64c2cd9ae95980
34a8d4f240f1b7a01d0472d5367e1bc57e17f70a12a91aae37dcac3b33b24732

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /wp-admin/Dhl23/app/styles/clientlib-core.min.css HTTP/1.1
Host: goflyeg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Cookie: PHPSESSID=5kn9v855sn2mnku08vbv412hbe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/css
last-modified: Tue, 05 Dec 2023 11:00:38 GMT
accept-ranges: bytes
etag: "ac7fc1476a27da1:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Wed, 06 Dec 2023 15:21:58 GMT
content-length: 29
X-Firefox-Spdy: h2

GET www.dhl.com/etc/clientlibs/dhl/clientlib-all/assets/fonts/default-3e828e80f6e985c352eb.woff

96.6.17.154

200 OK

44 kB

URL GET HTTP/2
www.dhl.com/etc/clientlibs/dhl/clientlib-all/assets/fonts/default-3e828e80f6e985c352eb.woff
IP
96.6.17.154:443
ASN
#16625 AKAMAI-AS

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerDeutsche Post AG
Subjectwww.dhl.com
Fingerprint74:54:3F:D6:C6:2A:C2:09:FA:00:BA:FE:F9:DF:A2:BA:32:43:7E:27
ValidityMon, 31 Jul 2023 14:59:53 GMT - Tue, 30 Jul 2024 14:58:53 GMT

File type
Web Open Font Format, TrueType, length 44260, version 1.66\012- data
Size
44 kB (44219 bytes)
Hash
4a350e02a03ac62e72e9ea575b31ce84
d47b03b96b6e7034a1473a293bb594e597a41dc2
87c40e3961e21f759770615ae67568a3de3ec6e0735f1238a6aae062f4ea15d5

HTTP Headers

GET /etc/clientlibs/dhl/clientlib-all/assets/fonts/default-3e828e80f6e985c352eb.woff HTTP/1.1
Host: www.dhl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://goflyeg.com/
Origin: https://goflyeg.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-frame-options: DENY
content-security-policy: frame-ancestors 'self' https://dhlinsights.dhlsupplychain.dhl.com; default-src 'self' data: https: blob: wss://cctr-chat.dhl.com:443 wss://cctr-xchat.dhl.com:443 wss://streaming.mypurecloud.de wss://collection.decibelinsight.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' https: blob:; style-src 'unsafe-inline' 'self' https: blob:; media-src 'unsafe-inline' 'self' https: blob:
last-modified: Thu, 17 Nov 2022 12:35:44 GMT
etag: "ace4-5eda9d3ee5eff-gzip"
accept-ranges: bytes
content-encoding: gzip
content-length: 44219
content-type: application/font-woff
mpulse_cdn_cache: MISS
mpulse_origin_time: 168
cache-control: public, max-age=31536000
expires: Thu, 05 Dec 2024 15:22:00 GMT
date: Wed, 06 Dec 2023 15:22:00 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000 ; includeSubDomains
x-content-type-options: nosniff
x-akamai-cache: Hit from child
X-Firefox-Spdy: h2

GET www.dhl.com/etc/clientlibs/dhl/clientlib-all/assets/fonts/default-815fcbb4d2c579017011.woff

96.6.17.154

200 OK

41 kB

URL GET HTTP/2
www.dhl.com/etc/clientlibs/dhl/clientlib-all/assets/fonts/default-815fcbb4d2c579017011.woff
IP
96.6.17.154:443
ASN
#16625 AKAMAI-AS

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerDeutsche Post AG
Subjectwww.dhl.com
Fingerprint74:54:3F:D6:C6:2A:C2:09:FA:00:BA:FE:F9:DF:A2:BA:32:43:7E:27
ValidityMon, 31 Jul 2023 14:59:53 GMT - Tue, 30 Jul 2024 14:58:53 GMT

File type
Web Open Font Format, TrueType, length 41328, version 1.66\012- data
Size
41 kB (41263 bytes)
Hash
e39bd2e2657ce5dd6f9c33df18529233
6db81ebb91bfa67cef8f2f870f03046150568799
19d0bda83ecbc986620468801adf000c77c3c38398650903c63fac8dcbac4383

HTTP Headers

GET /etc/clientlibs/dhl/clientlib-all/assets/fonts/default-815fcbb4d2c579017011.woff HTTP/1.1
Host: www.dhl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://goflyeg.com/
Origin: https://goflyeg.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-frame-options: DENY
content-security-policy: frame-ancestors 'self' https://dhlinsights.dhlsupplychain.dhl.com https://dpdhlcsiace.my.site.com; default-src 'self' data: https: blob: wss://cctr-chat.dhl.com:443 wss://cctr-xchat.dhl.com:443 wss://streaming.mypurecloud.de wss://collection.decibelinsight.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' https: blob:; style-src 'unsafe-inline' 'self' https: blob:; media-src 'unsafe-inline' 'self' https: blob:
referrer-policy: same-origin
permissions-policy: microphone=(),camera=()
last-modified: Thu, 27 Apr 2023 08:32:05 GMT
etag: "a170-5fa4d310c72f5-gzip"
accept-ranges: bytes
content-encoding: gzip
content-length: 41263
content-type: application/font-woff
cache-control: public, max-age=31536000
expires: Thu, 05 Dec 2024 15:22:00 GMT
date: Wed, 06 Dec 2023 15:22:00 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000 ; includeSubDomains
x-content-type-options: nosniff
x-akamai-cache: Hit from child
X-Firefox-Spdy: h2

GET www.dhl.com/etc/clientlibs/dhl/clientlib-all/assets/fonts/iconfont-da52a17c1b8deb953bfe.woff

96.6.17.154

200 OK

35 kB

URL GET HTTP/2
www.dhl.com/etc/clientlibs/dhl/clientlib-all/assets/fonts/iconfont-da52a17c1b8deb953bfe.woff
IP
96.6.17.154:443
ASN
#16625 AKAMAI-AS

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerDeutsche Post AG
Subjectwww.dhl.com
Fingerprint74:54:3F:D6:C6:2A:C2:09:FA:00:BA:FE:F9:DF:A2:BA:32:43:7E:27
ValidityMon, 31 Jul 2023 14:59:53 GMT - Tue, 30 Jul 2024 14:58:53 GMT

File type
Web Open Font Format, TrueType, length 34820, version 1.0\012- data
Size
35 kB (34679 bytes)
Hash
078665c330eb91354c06e1dd7e3850a5
00c84f76451fe58596a41658e08a55f81ad4ceeb
8b8888bc016e1313438b7a9a1ca18aa288f6098122265fc03e985ca40e82a27c

HTTP Headers

GET /etc/clientlibs/dhl/clientlib-all/assets/fonts/iconfont-da52a17c1b8deb953bfe.woff HTTP/1.1
Host: www.dhl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://goflyeg.com/
Origin: https://goflyeg.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-frame-options: DENY
content-security-policy: frame-ancestors 'self' https://dhlinsights.dhlsupplychain.dhl.com https://dpdhlcsiace.my.site.com; default-src 'self' data: https: blob: wss://cctr-chat.dhl.com:443 wss://cctr-xchat.dhl.com:443 wss://streaming.mypurecloud.de wss://collection.decibelinsight.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' https: blob:; style-src 'unsafe-inline' 'self' https: blob:; media-src 'unsafe-inline' 'self' https: blob:
referrer-policy: same-origin
permissions-policy: microphone=(),camera=()
last-modified: Thu, 23 Feb 2023 14:50:21 GMT
etag: "8804-5f55f21d3ef1a-gzip"
accept-ranges: bytes
content-encoding: gzip
content-length: 34679
content-type: application/font-woff
cache-control: public, max-age=31536000
expires: Thu, 05 Dec 2024 15:22:00 GMT
date: Wed, 06 Dec 2023 15:22:00 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000 ; includeSubDomains
x-content-type-options: nosniff
x-akamai-cache: Hit from child
X-Firefox-Spdy: h2

GET www.dhl.com/etc/clientlibs/dhl/clientlib-all/assets/fonts/default-5a6dd86f272b304a8b83.woff

96.6.17.154

200 OK

41 kB

URL GET HTTP/2
www.dhl.com/etc/clientlibs/dhl/clientlib-all/assets/fonts/default-5a6dd86f272b304a8b83.woff
IP
96.6.17.154:443
ASN
#16625 AKAMAI-AS

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerDeutsche Post AG
Subjectwww.dhl.com
Fingerprint74:54:3F:D6:C6:2A:C2:09:FA:00:BA:FE:F9:DF:A2:BA:32:43:7E:27
ValidityMon, 31 Jul 2023 14:59:53 GMT - Tue, 30 Jul 2024 14:58:53 GMT

File type
Web Open Font Format, TrueType, length 41352, version 1.66\012- data
Size
41 kB (41322 bytes)
Hash
4e23ecf085132857bdb54b4da7373151
a50215c22a591536b21e509100d1707c6886ffd6
b033eff45e6e8ecd5c5bccd8ef9a96c4dc37325adc64c5aed8b1d909b24c4eb4

HTTP Headers

GET /etc/clientlibs/dhl/clientlib-all/assets/fonts/default-5a6dd86f272b304a8b83.woff HTTP/1.1
Host: www.dhl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://goflyeg.com/
Origin: https://goflyeg.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-frame-options: DENY
content-security-policy: frame-ancestors 'self' https://dhlinsights.dhlsupplychain.dhl.com https://dpdhlcsiace.my.site.com; default-src 'self' data: https: blob: wss://cctr-chat.dhl.com:443 wss://cctr-xchat.dhl.com:443 wss://streaming.mypurecloud.de wss://collection.decibelinsight.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' https: blob:; style-src 'unsafe-inline' 'self' https: blob:; media-src 'unsafe-inline' 'self' https: blob:
referrer-policy: same-origin
permissions-policy: microphone=(),camera=()
last-modified: Thu, 27 Apr 2023 18:48:09 GMT
etag: "a188-5fa55cc3a1bf1-gzip"
accept-ranges: bytes
content-encoding: gzip
content-length: 41322
content-type: application/font-woff
cache-control: public, max-age=31536000
expires: Thu, 05 Dec 2024 15:22:00 GMT
date: Wed, 06 Dec 2023 15:22:00 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000 ; includeSubDomains
x-content-type-options: nosniff
x-akamai-cache: Hit from child
X-Firefox-Spdy: h2

GET www.dhl.com/etc/clientlibs/dhl/clientlib-all/assets/fonts/default-274a65bae9742377aaf0.woff

96.6.17.154

200 OK

41 kB

URL GET HTTP/2
www.dhl.com/etc/clientlibs/dhl/clientlib-all/assets/fonts/default-274a65bae9742377aaf0.woff
IP
96.6.17.154:443
ASN
#16625 AKAMAI-AS

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerDeutsche Post AG
Subjectwww.dhl.com
Fingerprint74:54:3F:D6:C6:2A:C2:09:FA:00:BA:FE:F9:DF:A2:BA:32:43:7E:27
ValidityMon, 31 Jul 2023 14:59:53 GMT - Tue, 30 Jul 2024 14:58:53 GMT

File type
Web Open Font Format, TrueType, length 41084, version 1.66\012- data
Size
41 kB (41052 bytes)
Hash
03f859bf58e4d37841070de34be7d978
3436d4fa17e7ee470c3d62b08787cfa7de408408
5af5c3746b03792640b9cafdabddfb2c5407f72988e128541a88fa439607d940

HTTP Headers

GET /etc/clientlibs/dhl/clientlib-all/assets/fonts/default-274a65bae9742377aaf0.woff HTTP/1.1
Host: www.dhl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://goflyeg.com/
Origin: https://goflyeg.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-frame-options: DENY
content-security-policy: frame-ancestors 'self' https://dhlinsights.dhlsupplychain.dhl.com https://dpdhlcsiace.my.site.com; default-src 'self' data: https: blob: wss://cctr-chat.dhl.com:443 wss://cctr-xchat.dhl.com:443 wss://streaming.mypurecloud.de wss://collection.decibelinsight.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' https: blob:; style-src 'unsafe-inline' 'self' https: blob:; media-src 'unsafe-inline' 'self' https: blob:
referrer-policy: same-origin
permissions-policy: microphone=(),camera=()
last-modified: Wed, 22 Feb 2023 15:31:06 GMT
etag: W/"a07c-5f54b95b3ea21-gzip"
accept-ranges: bytes
content-encoding: gzip
content-length: 41052
content-type: application/font-woff
cache-control: public, max-age=31536000
expires: Thu, 05 Dec 2024 15:22:00 GMT
date: Wed, 06 Dec 2023 15:22:00 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000 ; includeSubDomains
x-content-type-options: nosniff
x-akamai-cache: Hit from child
X-Firefox-Spdy: h2

GET goflyeg.com/wp-admin/Dhl23/app/styles/dhl-logo.svg

198.38.83.161

200 OK

1.6 kB

URL GET HTTP/2
goflyeg.com/wp-admin/Dhl23/app/styles/dhl-logo.svg
IP
198.38.83.161:443
ASN
#23352 SERVERCENTRAL

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerLet's Encrypt
Subjectgoflyeg.com
Fingerprint56:13:FC:4C:BD:62:2E:70:08:56:4E:29:4B:00:7F:23:FD:15:7A:1B
ValidityTue, 05 Dec 2023 16:09:36 GMT - Mon, 04 Mar 2024 16:09:35 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.6 kB (1603 bytes)
Hash
3fecc9db35d5d2a9e6e71ab4b02d22e5
628ba2f505b480097445aaf08649a08242bd6847
362bcaa42090e36611031bec6bdaa0600375ef847092cca195c58d3bae9b4419

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /wp-admin/Dhl23/app/styles/dhl-logo.svg HTTP/1.1
Host: goflyeg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Cookie: PHPSESSID=5kn9v855sn2mnku08vbv412hbe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Tue, 05 Dec 2023 11:00:38 GMT
accept-ranges: bytes
etag: "ae2c3476a27da1:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Wed, 06 Dec 2023 15:21:59 GMT
content-length: 1603
X-Firefox-Spdy: h2

GET goflyeg.com/wp-admin/Dhl23/app/styles/bundle.d071057f32870c8e483f9e1082373aab.css

198.38.83.161

200 OK

819 kB

URL GET HTTP/2
goflyeg.com/wp-admin/Dhl23/app/styles/bundle.d071057f32870c8e483f9e1082373aab.css
IP
198.38.83.161:443
ASN
#23352 SERVERCENTRAL

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerLet's Encrypt
Subjectgoflyeg.com
Fingerprint56:13:FC:4C:BD:62:2E:70:08:56:4E:29:4B:00:7F:23:FD:15:7A:1B
ValidityTue, 05 Dec 2023 16:09:36 GMT - Mon, 04 Mar 2024 16:09:35 GMT

File type
ASCII text
Size
819 kB (819099 bytes)
Hash
96e36a6fbf650c9a862935d72b83391b
be0b679b5453e38359e73ed81b2e580bc285c5f4
5e2f78269b1a7f428ec9f3a07f9042d548fe85e2dd413911e2d9798ac04d4c15

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /wp-admin/Dhl23/app/styles/bundle.d071057f32870c8e483f9e1082373aab.css HTTP/1.1
Host: goflyeg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Cookie: PHPSESSID=5kn9v855sn2mnku08vbv412hbe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/css
last-modified: Tue, 05 Dec 2023 11:00:38 GMT
accept-ranges: bytes
etag: "ac7fc1476a27da1:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Wed, 06 Dec 2023 15:21:58 GMT
content-length: 819099
X-Firefox-Spdy: h2

GET goflyeg.com/wp-admin/Dhl23/app/styles/glo-home-maketing-stage-tracking.web.785.246.jpg

198.38.83.161

200 OK

22 kB

URL GET HTTP/2
goflyeg.com/wp-admin/Dhl23/app/styles/glo-home-maketing-stage-tracking.web.785.246.jpg
IP
198.38.83.161:443
ASN
#23352 SERVERCENTRAL

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerLet's Encrypt
Subjectgoflyeg.com
Fingerprint56:13:FC:4C:BD:62:2E:70:08:56:4E:29:4B:00:7F:23:FD:15:7A:1B
ValidityTue, 05 Dec 2023 16:09:36 GMT - Mon, 04 Mar 2024 16:09:35 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 785x245, components 3\012- data
Size
22 kB (21573 bytes)
Hash
f29dd8f4a355ac7ecc27f31f5b2bc887
672a2bf8b63b426332ee8f5af3073780ea6ee7fd
246e2fbe4b6f2217862629219543805f4409db6abcae9d39c6151e62ee015251

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /wp-admin/Dhl23/app/styles/glo-home-maketing-stage-tracking.web.785.246.jpg HTTP/1.1
Host: goflyeg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Cookie: PHPSESSID=5kn9v855sn2mnku08vbv412hbe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
last-modified: Tue, 05 Dec 2023 11:00:38 GMT
accept-ranges: bytes
etag: "5d44c6476a27da1:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Wed, 06 Dec 2023 15:21:59 GMT
content-length: 21573
X-Firefox-Spdy: h2

GET goflyeg.com/wp-admin/Dhl23/app/styles/glo-core-online.svg

198.38.83.161

200 OK

1.8 kB

URL GET HTTP/2
goflyeg.com/wp-admin/Dhl23/app/styles/glo-core-online.svg
IP
198.38.83.161:443
ASN
#23352 SERVERCENTRAL

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerLet's Encrypt
Subjectgoflyeg.com
Fingerprint56:13:FC:4C:BD:62:2E:70:08:56:4E:29:4B:00:7F:23:FD:15:7A:1B
ValidityTue, 05 Dec 2023 16:09:36 GMT - Mon, 04 Mar 2024 16:09:35 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.8 kB (1766 bytes)
Hash
3d612e654839ed972b9420e332b03ccc
33137c3f10363632fe66dbe6926ff4b436b25b81
7fb04530877285cb70aba19ab2f3eb8c2fcca66c408ca68715bd58e2dfee2b33

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /wp-admin/Dhl23/app/styles/glo-core-online.svg HTTP/1.1
Host: goflyeg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Cookie: PHPSESSID=5kn9v855sn2mnku08vbv412hbe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Tue, 05 Dec 2023 11:00:38 GMT
accept-ranges: bytes
etag: "ae2c3476a27da1:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Wed, 06 Dec 2023 15:21:59 GMT
content-length: 1766
X-Firefox-Spdy: h2

GET goflyeg.com/wp-admin/Dhl23/app/styles/glo-core-getaquote.svg

198.38.83.161

200 OK

786 B

URL GET HTTP/2
goflyeg.com/wp-admin/Dhl23/app/styles/glo-core-getaquote.svg
IP
198.38.83.161:443
ASN
#23352 SERVERCENTRAL

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerLet's Encrypt
Subjectgoflyeg.com
Fingerprint56:13:FC:4C:BD:62:2E:70:08:56:4E:29:4B:00:7F:23:FD:15:7A:1B
ValidityTue, 05 Dec 2023 16:09:36 GMT - Mon, 04 Mar 2024 16:09:35 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
786 B (786 bytes)
Hash
20224ab70f5524996910c3b856cced70
ca9f089140d5a68f6c4446494082df09c08b6e99
33e4d6ea85fcc033bc1d066cc202ae0a5a64dbbba953dce91874e81391d54eef

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /wp-admin/Dhl23/app/styles/glo-core-getaquote.svg HTTP/1.1
Host: goflyeg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Cookie: PHPSESSID=5kn9v855sn2mnku08vbv412hbe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Tue, 05 Dec 2023 11:00:38 GMT
accept-ranges: bytes
etag: "ae2c3476a27da1:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Wed, 06 Dec 2023 15:21:59 GMT
content-length: 786
X-Firefox-Spdy: h2

GET goflyeg.com/wp-admin/Dhl23/app/styles/glo-core-gogreen-warehousing.svg

198.38.83.161

200 OK

764 B

URL GET HTTP/2
goflyeg.com/wp-admin/Dhl23/app/styles/glo-core-gogreen-warehousing.svg
IP
198.38.83.161:443
ASN
#23352 SERVERCENTRAL

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerLet's Encrypt
Subjectgoflyeg.com
Fingerprint56:13:FC:4C:BD:62:2E:70:08:56:4E:29:4B:00:7F:23:FD:15:7A:1B
ValidityTue, 05 Dec 2023 16:09:36 GMT - Mon, 04 Mar 2024 16:09:35 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
764 B (764 bytes)
Hash
b35fdccf2d08e3881c190d2619449312
6818f542b225d5cea16f90de6ff82217ee7659a6
bea8a5bcb115d49d5222c79804eeaceadd425c1b36c19396e746749dcc5d9be3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /wp-admin/Dhl23/app/styles/glo-core-gogreen-warehousing.svg HTTP/1.1
Host: goflyeg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Cookie: PHPSESSID=5kn9v855sn2mnku08vbv412hbe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Tue, 05 Dec 2023 11:00:38 GMT
accept-ranges: bytes
etag: "ae2c3476a27da1:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Wed, 06 Dec 2023 15:21:59 GMT
content-length: 764
X-Firefox-Spdy: h2

GET goflyeg.com/wp-admin/Dhl23/app/styles/glo-core-aboutus-contact.svg

198.38.83.161

200 OK

1.3 kB

URL GET HTTP/2
goflyeg.com/wp-admin/Dhl23/app/styles/glo-core-aboutus-contact.svg
IP
198.38.83.161:443
ASN
#23352 SERVERCENTRAL

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerLet's Encrypt
Subjectgoflyeg.com
Fingerprint56:13:FC:4C:BD:62:2E:70:08:56:4E:29:4B:00:7F:23:FD:15:7A:1B
ValidityTue, 05 Dec 2023 16:09:36 GMT - Mon, 04 Mar 2024 16:09:35 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.3 kB (1288 bytes)
Hash
621d506e5c8a200d25767bc06010fef7
dc39f861f4206a5c2c45072bb1db1090ca022407
597649961adc705bcbffe79a3187ab1c7360a499fe285613490f5aa8e5eb4145

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /wp-admin/Dhl23/app/styles/glo-core-aboutus-contact.svg HTTP/1.1
Host: goflyeg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Cookie: PHPSESSID=5kn9v855sn2mnku08vbv412hbe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Tue, 05 Dec 2023 11:00:38 GMT
accept-ranges: bytes
etag: "ae2c3476a27da1:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Wed, 06 Dec 2023 15:21:59 GMT
content-length: 1288
X-Firefox-Spdy: h2

GET goflyeg.com/wp-admin/Dhl23/app/styles/glo-core-wizard-bulkletters.svg

198.38.83.161

200 OK

1.1 kB

URL GET HTTP/2
goflyeg.com/wp-admin/Dhl23/app/styles/glo-core-wizard-bulkletters.svg
IP
198.38.83.161:443
ASN
#23352 SERVERCENTRAL

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerLet's Encrypt
Subjectgoflyeg.com
Fingerprint56:13:FC:4C:BD:62:2E:70:08:56:4E:29:4B:00:7F:23:FD:15:7A:1B
ValidityTue, 05 Dec 2023 16:09:36 GMT - Mon, 04 Mar 2024 16:09:35 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.1 kB (1104 bytes)
Hash
2675cbe725f294695cebc4a0aaa74505
79f51edb2edae65bc9247438206c09b13512c2db
7b7e4adb65aa53b1bc731f15511c53d5beb73f187d5c5f35f19ebbfaf0decbbd

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /wp-admin/Dhl23/app/styles/glo-core-wizard-bulkletters.svg HTTP/1.1
Host: goflyeg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Cookie: PHPSESSID=5kn9v855sn2mnku08vbv412hbe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Tue, 05 Dec 2023 11:00:38 GMT
accept-ranges: bytes
etag: "5d44c6476a27da1:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Wed, 06 Dec 2023 15:21:59 GMT
content-length: 1104
X-Firefox-Spdy: h2

GET goflyeg.com/wp-admin/Dhl23/app/styles/glo-core-product-air.svg

198.38.83.161

200 OK

1.4 kB

URL GET HTTP/2
goflyeg.com/wp-admin/Dhl23/app/styles/glo-core-product-air.svg
IP
198.38.83.161:443
ASN
#23352 SERVERCENTRAL

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerLet's Encrypt
Subjectgoflyeg.com
Fingerprint56:13:FC:4C:BD:62:2E:70:08:56:4E:29:4B:00:7F:23:FD:15:7A:1B
ValidityTue, 05 Dec 2023 16:09:36 GMT - Mon, 04 Mar 2024 16:09:35 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.4 kB (1442 bytes)
Hash
dc5f0040f866c3bae2a6d826e6efc78c
66c1b84358d166588623a5fa2d3bfd9997ec5a8c
0b9219c0bb4070af4eca3f58737b60adf42ed3867bef6fbf9bf935ffa210d02f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /wp-admin/Dhl23/app/styles/glo-core-product-air.svg HTTP/1.1
Host: goflyeg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Cookie: PHPSESSID=5kn9v855sn2mnku08vbv412hbe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Tue, 05 Dec 2023 11:00:38 GMT
accept-ranges: bytes
etag: "ae2c3476a27da1:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Wed, 06 Dec 2023 15:21:59 GMT
content-length: 1442
X-Firefox-Spdy: h2

GET goflyeg.com/wp-admin/Dhl23/app/styles/glo-core-tracking-ocean.svg

198.38.83.161

200 OK

1.9 kB

URL GET HTTP/2
goflyeg.com/wp-admin/Dhl23/app/styles/glo-core-tracking-ocean.svg
IP
198.38.83.161:443
ASN
#23352 SERVERCENTRAL

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerLet's Encrypt
Subjectgoflyeg.com
Fingerprint56:13:FC:4C:BD:62:2E:70:08:56:4E:29:4B:00:7F:23:FD:15:7A:1B
ValidityTue, 05 Dec 2023 16:09:36 GMT - Mon, 04 Mar 2024 16:09:35 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.9 kB (1868 bytes)
Hash
e9d3c7621ba05770696f9427c8f7b79a
9a9f8deab831c26d36a6fbe1a1482f2e6370f6ca
fa27d936d088620b27debb4c2a3da24d27346505d247a56d098ae56e3a2da07a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /wp-admin/Dhl23/app/styles/glo-core-tracking-ocean.svg HTTP/1.1
Host: goflyeg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Cookie: PHPSESSID=5kn9v855sn2mnku08vbv412hbe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Tue, 05 Dec 2023 11:00:38 GMT
accept-ranges: bytes
etag: "5d44c6476a27da1:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Wed, 06 Dec 2023 15:21:59 GMT
content-length: 1868
X-Firefox-Spdy: h2

GET goflyeg.com/wp-admin/Dhl23/app/styles/glo-core-tracking-road.svg

198.38.83.161

200 OK

1.7 kB

URL GET HTTP/2
goflyeg.com/wp-admin/Dhl23/app/styles/glo-core-tracking-road.svg
IP
198.38.83.161:443
ASN
#23352 SERVERCENTRAL

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerLet's Encrypt
Subjectgoflyeg.com
Fingerprint56:13:FC:4C:BD:62:2E:70:08:56:4E:29:4B:00:7F:23:FD:15:7A:1B
ValidityTue, 05 Dec 2023 16:09:36 GMT - Mon, 04 Mar 2024 16:09:35 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.7 kB (1680 bytes)
Hash
0bdb553be0b73b3bf9801e265a5b2934
c7ce06aeb92797d69cc5961328671806d41ab4c5
b5335e0b117f099169020346db0d11cba41d56ff38935733e6987f09bd7ebbf5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /wp-admin/Dhl23/app/styles/glo-core-tracking-road.svg HTTP/1.1
Host: goflyeg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Cookie: PHPSESSID=5kn9v855sn2mnku08vbv412hbe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Tue, 05 Dec 2023 11:00:38 GMT
accept-ranges: bytes
etag: "5d44c6476a27da1:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Wed, 06 Dec 2023 15:21:59 GMT
content-length: 1680
X-Firefox-Spdy: h2

GET goflyeg.com/wp-admin/Dhl23/app/styles/glo-core-tracking-rail.svg

198.38.83.161

200 OK

1.4 kB

URL GET HTTP/2
goflyeg.com/wp-admin/Dhl23/app/styles/glo-core-tracking-rail.svg
IP
198.38.83.161:443
ASN
#23352 SERVERCENTRAL

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerLet's Encrypt
Subjectgoflyeg.com
Fingerprint56:13:FC:4C:BD:62:2E:70:08:56:4E:29:4B:00:7F:23:FD:15:7A:1B
ValidityTue, 05 Dec 2023 16:09:36 GMT - Mon, 04 Mar 2024 16:09:35 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.4 kB (1353 bytes)
Hash
e42909ccc508772de6cf31619bb50427
bea6a279882ac0077a49f8590766e8d87e914a2e
46098468df2bec8cb50790597de30d089ecd7dcc77432b6a08b9e3ff1a7d7802

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /wp-admin/Dhl23/app/styles/glo-core-tracking-rail.svg HTTP/1.1
Host: goflyeg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Cookie: PHPSESSID=5kn9v855sn2mnku08vbv412hbe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Tue, 05 Dec 2023 11:00:38 GMT
accept-ranges: bytes
etag: "5d44c6476a27da1:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Wed, 06 Dec 2023 15:21:59 GMT
content-length: 1353
X-Firefox-Spdy: h2

GET goflyeg.com/wp-admin/Dhl23/app/styles/glo-footer-logo.svg

198.38.83.161

200 OK

12 kB

URL GET HTTP/2
goflyeg.com/wp-admin/Dhl23/app/styles/glo-footer-logo.svg
IP
198.38.83.161:443
ASN
#23352 SERVERCENTRAL

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerLet's Encrypt
Subjectgoflyeg.com
Fingerprint56:13:FC:4C:BD:62:2E:70:08:56:4E:29:4B:00:7F:23:FD:15:7A:1B
ValidityTue, 05 Dec 2023 16:09:36 GMT - Mon, 04 Mar 2024 16:09:35 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (656)
Size
12 kB (11968 bytes)
Hash
d1b0e043744fd642282117a03d308b17
d8abe7a0887b804e516c45a344c542e291a1a84b
5162de2ee844a80d76b7d7514c02ab7d5de72a5966113323d80eb56bf6ded038

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /wp-admin/Dhl23/app/styles/glo-footer-logo.svg HTTP/1.1
Host: goflyeg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Cookie: PHPSESSID=5kn9v855sn2mnku08vbv412hbe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Tue, 05 Dec 2023 11:00:38 GMT
accept-ranges: bytes
etag: "5d44c6476a27da1:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Wed, 06 Dec 2023 15:21:59 GMT
content-length: 11968
X-Firefox-Spdy: h2

GET goflyeg.com/wp-admin/Dhl23/app/styles/youtube-new.svg

198.38.83.161

200 OK

1.4 kB

URL GET HTTP/2
goflyeg.com/wp-admin/Dhl23/app/styles/youtube-new.svg
IP
198.38.83.161:443
ASN
#23352 SERVERCENTRAL

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerLet's Encrypt
Subjectgoflyeg.com
Fingerprint56:13:FC:4C:BD:62:2E:70:08:56:4E:29:4B:00:7F:23:FD:15:7A:1B
ValidityTue, 05 Dec 2023 16:09:36 GMT - Mon, 04 Mar 2024 16:09:35 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (971)
Size
1.4 kB (1412 bytes)
Hash
376247a0b06e705c758fe04978ea9df5
90d50c682c2ea23a9d26926c6eb3d849b7b94661
acd3eaf2b608fb48f9915964c36772b322ad91106508c4490e2a72122db4d347

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /wp-admin/Dhl23/app/styles/youtube-new.svg HTTP/1.1
Host: goflyeg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Cookie: PHPSESSID=5kn9v855sn2mnku08vbv412hbe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Tue, 05 Dec 2023 11:00:38 GMT
accept-ranges: bytes
etag: "cb8ecb476a27da1:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Wed, 06 Dec 2023 15:21:59 GMT
content-length: 1412
X-Firefox-Spdy: h2

GET goflyeg.com/wp-admin/Dhl23/app/styles/facebook-new.svg

198.38.83.161

200 OK

1.4 kB

URL GET HTTP/2
goflyeg.com/wp-admin/Dhl23/app/styles/facebook-new.svg
IP
198.38.83.161:443
ASN
#23352 SERVERCENTRAL

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerLet's Encrypt
Subjectgoflyeg.com
Fingerprint56:13:FC:4C:BD:62:2E:70:08:56:4E:29:4B:00:7F:23:FD:15:7A:1B
ValidityTue, 05 Dec 2023 16:09:36 GMT - Mon, 04 Mar 2024 16:09:35 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (963)
Size
1.4 kB (1406 bytes)
Hash
259d8928a7fd5329b3d7fd80eca2ea2f
a6337de5ff5761b39a319cd7ec3f8b10f201d066
43027752f5a04142e6518a4fd8ef54e7e73cfba7820da9c03c1ad38835f04fe2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /wp-admin/Dhl23/app/styles/facebook-new.svg HTTP/1.1
Host: goflyeg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Cookie: PHPSESSID=5kn9v855sn2mnku08vbv412hbe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Tue, 05 Dec 2023 11:00:38 GMT
accept-ranges: bytes
etag: "ae2c3476a27da1:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Wed, 06 Dec 2023 15:21:59 GMT
content-length: 1406
X-Firefox-Spdy: h2

GET goflyeg.com/wp-admin/Dhl23/app/styles/instagram-new.svg

198.38.83.161

200 OK

4.5 kB

URL GET HTTP/2
goflyeg.com/wp-admin/Dhl23/app/styles/instagram-new.svg
IP
198.38.83.161:443
ASN
#23352 SERVERCENTRAL

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerLet's Encrypt
Subjectgoflyeg.com
Fingerprint56:13:FC:4C:BD:62:2E:70:08:56:4E:29:4B:00:7F:23:FD:15:7A:1B
ValidityTue, 05 Dec 2023 16:09:36 GMT - Mon, 04 Mar 2024 16:09:35 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4063)
Size
4.5 kB (4508 bytes)
Hash
056511aeb5282ecaab9fbf10ed2273e5
fc29c2c37c4b4a31ad13e80356371e338aef5894
f01c2e1870fcd75ceca3b4c42c3110cb0aa4b933b562cf3d2c7ddd20ce03c7ee

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /wp-admin/Dhl23/app/styles/instagram-new.svg HTTP/1.1
Host: goflyeg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Cookie: PHPSESSID=5kn9v855sn2mnku08vbv412hbe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Tue, 05 Dec 2023 11:00:38 GMT
accept-ranges: bytes
etag: "ff92c9476a27da1:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Wed, 06 Dec 2023 15:21:59 GMT
content-length: 4508
X-Firefox-Spdy: h2

GET goflyeg.com/wp-admin/Dhl23/app/styles/linkedIn-new.svg

198.38.83.161

200 OK

1.6 kB

URL GET HTTP/2
goflyeg.com/wp-admin/Dhl23/app/styles/linkedIn-new.svg
IP
198.38.83.161:443
ASN
#23352 SERVERCENTRAL

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerLet's Encrypt
Subjectgoflyeg.com
Fingerprint56:13:FC:4C:BD:62:2E:70:08:56:4E:29:4B:00:7F:23:FD:15:7A:1B
ValidityTue, 05 Dec 2023 16:09:36 GMT - Mon, 04 Mar 2024 16:09:35 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1204)
Size
1.6 kB (1647 bytes)
Hash
43efff953a2a3baf6a2ef0528f55dc07
b510bc0512da7d96cdf29a0f1e343319095776de
c32f1a0f5b093b6b2c8f5df0bf93856359769ee6bbab40975043cd133711d528

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /wp-admin/Dhl23/app/styles/linkedIn-new.svg HTTP/1.1
Host: goflyeg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Cookie: PHPSESSID=5kn9v855sn2mnku08vbv412hbe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Tue, 05 Dec 2023 11:00:38 GMT
accept-ranges: bytes
etag: "88cbca476a27da1:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Wed, 06 Dec 2023 15:21:59 GMT
content-length: 1647
X-Firefox-Spdy: h2

GET goflyeg.com/wp-admin/Dhl23/app/styles/bundle.d071057f32870c8e483f9e1082373aab.css

198.38.83.161

200 OK

819 kB

URL GET HTTP/2
goflyeg.com/wp-admin/Dhl23/app/styles/bundle.d071057f32870c8e483f9e1082373aab.css
IP
198.38.83.161:443
ASN
#23352 SERVERCENTRAL

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerLet's Encrypt
Subjectgoflyeg.com
Fingerprint56:13:FC:4C:BD:62:2E:70:08:56:4E:29:4B:00:7F:23:FD:15:7A:1B
ValidityTue, 05 Dec 2023 16:09:36 GMT - Mon, 04 Mar 2024 16:09:35 GMT

File type
ASCII text
Size
819 kB (819099 bytes)
Hash
96e36a6fbf650c9a862935d72b83391b
be0b679b5453e38359e73ed81b2e580bc285c5f4
5e2f78269b1a7f428ec9f3a07f9042d548fe85e2dd413911e2d9798ac04d4c15

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /wp-admin/Dhl23/app/styles/bundle.d071057f32870c8e483f9e1082373aab.css HTTP/1.1
Host: goflyeg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Cookie: PHPSESSID=5kn9v855sn2mnku08vbv412hbe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/css
last-modified: Tue, 05 Dec 2023 11:00:38 GMT
accept-ranges: bytes
etag: "ac7fc1476a27da1:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Wed, 06 Dec 2023 15:21:58 GMT
content-length: 819099
X-Firefox-Spdy: h2

GET goflyeg.com/wp-admin/Dhl23/app/styles/saved_resource.html

198.38.83.161

200 OK

0 B

URL GET HTTP/2
goflyeg.com/wp-admin/Dhl23/app/styles/saved_resource.html
IP
198.38.83.161:443
ASN
#23352 SERVERCENTRAL

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerLet's Encrypt
Subjectgoflyeg.com
Fingerprint56:13:FC:4C:BD:62:2E:70:08:56:4E:29:4B:00:7F:23:FD:15:7A:1B
ValidityTue, 05 Dec 2023 16:09:36 GMT - Mon, 04 Mar 2024 16:09:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /wp-admin/Dhl23/app/styles/saved_resource.html HTTP/1.1
Host: goflyeg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Cookie: PHPSESSID=5kn9v855sn2mnku08vbv412hbe
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
server: Microsoft-IIS/10.0
x-powered-by: PHP/7.4.11, ASP.NET
date: Wed, 06 Dec 2023 15:21:59 GMT
content-length: 0
X-Firefox-Spdy: h2

GET goflyeg.com/wp-admin/Dhl23/app/assets/fonts/default-815fcbb4d2c579017011.woff

198.38.83.161

200 OK

0 B

URL GET HTTP/2
goflyeg.com/wp-admin/Dhl23/app/assets/fonts/default-815fcbb4d2c579017011.woff
IP
198.38.83.161:443
ASN
#23352 SERVERCENTRAL

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerLet's Encrypt
Subjectgoflyeg.com
Fingerprint56:13:FC:4C:BD:62:2E:70:08:56:4E:29:4B:00:7F:23:FD:15:7A:1B
ValidityTue, 05 Dec 2023 16:09:36 GMT - Mon, 04 Mar 2024 16:09:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /wp-admin/Dhl23/app/assets/fonts/default-815fcbb4d2c579017011.woff HTTP/1.1
Host: goflyeg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://goflyeg.com/wp-admin/Dhl23/app/styles/bundle.d071057f32870c8e483f9e1082373aab.css
Cookie: PHPSESSID=5kn9v855sn2mnku08vbv412hbe
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
server: Microsoft-IIS/10.0
x-powered-by: PHP/7.4.11, ASP.NET
date: Wed, 06 Dec 2023 15:21:59 GMT
content-length: 0
X-Firefox-Spdy: h2

GET goflyeg.com/wp-admin/Dhl23/app/assets/fonts/default-274a65bae9742377aaf0.woff

198.38.83.161

200 OK

0 B

URL GET HTTP/2
goflyeg.com/wp-admin/Dhl23/app/assets/fonts/default-274a65bae9742377aaf0.woff
IP
198.38.83.161:443
ASN
#23352 SERVERCENTRAL

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerLet's Encrypt
Subjectgoflyeg.com
Fingerprint56:13:FC:4C:BD:62:2E:70:08:56:4E:29:4B:00:7F:23:FD:15:7A:1B
ValidityTue, 05 Dec 2023 16:09:36 GMT - Mon, 04 Mar 2024 16:09:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /wp-admin/Dhl23/app/assets/fonts/default-274a65bae9742377aaf0.woff HTTP/1.1
Host: goflyeg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://goflyeg.com/wp-admin/Dhl23/app/styles/bundle.d071057f32870c8e483f9e1082373aab.css
Cookie: PHPSESSID=5kn9v855sn2mnku08vbv412hbe
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
server: Microsoft-IIS/10.0
x-powered-by: PHP/7.4.11, ASP.NET
date: Wed, 06 Dec 2023 15:21:59 GMT
content-length: 0
X-Firefox-Spdy: h2

GET goflyeg.com/wp-admin/Dhl23/app/assets/fonts/default-3e828e80f6e985c352eb.woff

198.38.83.161

200 OK

0 B

URL GET HTTP/2
goflyeg.com/wp-admin/Dhl23/app/assets/fonts/default-3e828e80f6e985c352eb.woff
IP
198.38.83.161:443
ASN
#23352 SERVERCENTRAL

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerLet's Encrypt
Subjectgoflyeg.com
Fingerprint56:13:FC:4C:BD:62:2E:70:08:56:4E:29:4B:00:7F:23:FD:15:7A:1B
ValidityTue, 05 Dec 2023 16:09:36 GMT - Mon, 04 Mar 2024 16:09:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /wp-admin/Dhl23/app/assets/fonts/default-3e828e80f6e985c352eb.woff HTTP/1.1
Host: goflyeg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://goflyeg.com/wp-admin/Dhl23/app/styles/bundle.d071057f32870c8e483f9e1082373aab.css
Cookie: PHPSESSID=5kn9v855sn2mnku08vbv412hbe
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
server: Microsoft-IIS/10.0
x-powered-by: PHP/7.4.11, ASP.NET
date: Wed, 06 Dec 2023 15:21:59 GMT
content-length: 0
X-Firefox-Spdy: h2

GET goflyeg.com/wp-admin/Dhl23/app/assets/fonts/iconfont-da52a17c1b8deb953bfe.woff

198.38.83.161

200 OK

0 B

URL GET HTTP/2
goflyeg.com/wp-admin/Dhl23/app/assets/fonts/iconfont-da52a17c1b8deb953bfe.woff
IP
198.38.83.161:443
ASN
#23352 SERVERCENTRAL

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerLet's Encrypt
Subjectgoflyeg.com
Fingerprint56:13:FC:4C:BD:62:2E:70:08:56:4E:29:4B:00:7F:23:FD:15:7A:1B
ValidityTue, 05 Dec 2023 16:09:36 GMT - Mon, 04 Mar 2024 16:09:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /wp-admin/Dhl23/app/assets/fonts/iconfont-da52a17c1b8deb953bfe.woff HTTP/1.1
Host: goflyeg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://goflyeg.com/wp-admin/Dhl23/app/styles/bundle.d071057f32870c8e483f9e1082373aab.css
Cookie: PHPSESSID=5kn9v855sn2mnku08vbv412hbe
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
server: Microsoft-IIS/10.0
x-powered-by: PHP/7.4.11, ASP.NET
date: Wed, 06 Dec 2023 15:21:59 GMT
content-length: 0
X-Firefox-Spdy: h2

GET www.dhl.com/etc/clientlibs/dhl/clientlib-all/assets/favicon.ico

96.6.17.154

325 B

URL GET
www.dhl.com/etc/clientlibs/dhl/clientlib-all/assets/favicon.ico
IP
96.6.17.154:0
ASN
#16625 AKAMAI-AS

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerDeutsche Post AG
Subjectwww.dhl.com
Fingerprint74:54:3F:D6:C6:2A:C2:09:FA:00:BA:FE:F9:DF:A2:BA:32:43:7E:27
ValidityMon, 31 Jul 2023 14:59:53 GMT - Tue, 30 Jul 2024 14:58:53 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
325 B (325 bytes)
Hash
d8106bf3a1d00ab43b01e6e3c92500eb
202b5e8654ab1b28351378293bca3b9d844cc29b
9ada5709e264c31b04a05bd85448a9bd5e91925e8d83df5cef0762ec97cc283e

HTTP Headers

GET /etc/clientlibs/dhl/clientlib-all/assets/favicon.ico HTTP/1.1
Host: www.dhl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goflyeg.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: DENY
content-security-policy: frame-ancestors 'self' https://dhlinsights.dhlsupplychain.dhl.com https://dpdhlcsiace.my.site.com; default-src 'self' data: https: blob: wss://cctr-chat.dhl.com:443 wss://cctr-xchat.dhl.com:443 wss://streaming.mypurecloud.de wss://collection.decibelinsight.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' https: blob:; style-src 'unsafe-inline' 'self' https: blob:; media-src 'unsafe-inline' 'self' https: blob:
referrer-policy: same-origin
permissions-policy: microphone=(),camera=()
last-modified: Thu, 09 Nov 2023 18:45:31 GMT
etag: "47e-609bc9bb4ef14-gzip"
accept-ranges: bytes
content-encoding: gzip
content-length: 325
content-type: image/vnd.microsoft.icon
expires: Wed, 13 Dec 2023 15:22:01 GMT
date: Wed, 06 Dec 2023 15:22:01 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000 ; includeSubDomains
x-content-type-options: nosniff
cache-control: public, max-age=604800, stale-while-revalidate=86400
x-akamai-cache: Hit from child
X-Firefox-Spdy: h2

GET www.dhl.com/etc/clientlibs/dhl/clientlib-all/assets/appletouch/apple-touch-icon-180x180.png

96.6.17.154

200 OK

1.2 kB

URL GET HTTP/2
www.dhl.com/etc/clientlibs/dhl/clientlib-all/assets/appletouch/apple-touch-icon-180x180.png
IP
96.6.17.154:443
ASN
#16625 AKAMAI-AS

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerDeutsche Post AG
Subjectwww.dhl.com
Fingerprint74:54:3F:D6:C6:2A:C2:09:FA:00:BA:FE:F9:DF:A2:BA:32:43:7E:27
ValidityMon, 31 Jul 2023 14:59:53 GMT - Tue, 30 Jul 2024 14:58:53 GMT

File type
PNG image data, 180 x 180, 8-bit colormap, non-interlaced\012- data
Size
1.2 kB (1173 bytes)
Hash
6e5f4e072a2793f9d9cd2a6974d5ccc9
df0d0b28ae71a37dd321d33435c3143a446e2741
148a09a41b13df86b44d2a1f70e2482e5d31fd91ce540a0dbe016011a5fd29b9

HTTP Headers

GET /etc/clientlibs/dhl/clientlib-all/assets/appletouch/apple-touch-icon-180x180.png HTTP/1.1
Host: www.dhl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goflyeg.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: DENY
content-security-policy: frame-ancestors 'self' https://dhlinsights.dhlsupplychain.dhl.com https://dpdhlcsiace.my.site.com; default-src 'self' data: https: blob: wss://cctr-chat.dhl.com:443 wss://cctr-xchat.dhl.com:443 wss://streaming.mypurecloud.de wss://collection.decibelinsight.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' https: blob:; style-src 'unsafe-inline' 'self' https: blob:; media-src 'unsafe-inline' 'self' https: blob:
referrer-policy: same-origin
permissions-policy: microphone=(),camera=()
last-modified: Thu, 09 Nov 2023 16:12:33 GMT
etag: "495-609ba78a6a442"
accept-ranges: bytes
content-length: 1173
content-type: image/png
expires: Wed, 13 Dec 2023 15:22:01 GMT
date: Wed, 06 Dec 2023 15:22:01 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains
x-content-type-options: nosniff
cache-control: public, max-age=604800, stale-while-revalidate=86400
x-akamai-cache: Hit from child
X-Firefox-Spdy: h2

GET goflyeg.com/content/dam/dhl/global/core/images/flyout-container-350x224/glo-flyout-freightshipping.web.175.112.jpg

198.38.83.161

200 OK

87 kB

URL GET HTTP/2
goflyeg.com/content/dam/dhl/global/core/images/flyout-container-350x224/glo-flyout-freightshipping.web.175.112.jpg
IP
198.38.83.161:443
ASN
#23352 SERVERCENTRAL

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerLet's Encrypt
Subjectgoflyeg.com
Fingerprint56:13:FC:4C:BD:62:2E:70:08:56:4E:29:4B:00:7F:23:FD:15:7A:1B
ValidityTue, 05 Dec 2023 16:09:36 GMT - Mon, 04 Mar 2024 16:09:35 GMT

File type
HTML document, ASCII text, with very long lines (65443)
Size
87 kB (87004 bytes)
Hash
be3966eece9a3b1e1376de43d8b03870
df876c5610b6eab141a8710e05b6e335b19494c8
d7c41ae040b2fff1dcf90e680cbe7f270c8fd084022516bb9b680bc8cb18ec0f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /content/dam/dhl/global/core/images/flyout-container-350x224/glo-flyout-freightshipping.web.175.112.jpg HTTP/1.1
Host: goflyeg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Cookie: PHPSESSID=5kn9v855sn2mnku08vbv412hbe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
server: Microsoft-IIS/10.0
x-powered-by: PHP/7.4.11, ASP.NET
date: Wed, 06 Dec 2023 15:22:01 GMT
content-length: 87004
X-Firefox-Spdy: h2

GET goflyeg.com/content/dam/dhl/global/core/images/flyout-container-350x224/glo-flyout-solution.web.175.112.jpg

198.38.83.161

200 OK

87 kB

URL GET HTTP/2
goflyeg.com/content/dam/dhl/global/core/images/flyout-container-350x224/glo-flyout-solution.web.175.112.jpg
IP
198.38.83.161:443
ASN
#23352 SERVERCENTRAL

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerLet's Encrypt
Subjectgoflyeg.com
Fingerprint56:13:FC:4C:BD:62:2E:70:08:56:4E:29:4B:00:7F:23:FD:15:7A:1B
ValidityTue, 05 Dec 2023 16:09:36 GMT - Mon, 04 Mar 2024 16:09:35 GMT

File type
HTML document, ASCII text, with very long lines (65443)
Size
87 kB (87004 bytes)
Hash
be3966eece9a3b1e1376de43d8b03870
df876c5610b6eab141a8710e05b6e335b19494c8
d7c41ae040b2fff1dcf90e680cbe7f270c8fd084022516bb9b680bc8cb18ec0f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /content/dam/dhl/global/core/images/flyout-container-350x224/glo-flyout-solution.web.175.112.jpg HTTP/1.1
Host: goflyeg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Cookie: PHPSESSID=5kn9v855sn2mnku08vbv412hbe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
server: Microsoft-IIS/10.0
x-powered-by: PHP/7.4.11, ASP.NET
date: Wed, 06 Dec 2023 15:22:01 GMT
content-length: 87004
X-Firefox-Spdy: h2

GET goflyeg.com/content/dam/dhl/global/core/images/flyout-container-350x224/glo-flyout-parcelsdocuments.web.175.112.jpg

198.38.83.161

200 OK

87 kB

URL GET HTTP/2
goflyeg.com/content/dam/dhl/global/core/images/flyout-container-350x224/glo-flyout-parcelsdocuments.web.175.112.jpg
IP
198.38.83.161:443
ASN
#23352 SERVERCENTRAL

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerLet's Encrypt
Subjectgoflyeg.com
Fingerprint56:13:FC:4C:BD:62:2E:70:08:56:4E:29:4B:00:7F:23:FD:15:7A:1B
ValidityTue, 05 Dec 2023 16:09:36 GMT - Mon, 04 Mar 2024 16:09:35 GMT

File type
HTML document, ASCII text, with very long lines (65443)
Size
87 kB (87004 bytes)
Hash
be3966eece9a3b1e1376de43d8b03870
df876c5610b6eab141a8710e05b6e335b19494c8
d7c41ae040b2fff1dcf90e680cbe7f270c8fd084022516bb9b680bc8cb18ec0f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /content/dam/dhl/global/core/images/flyout-container-350x224/glo-flyout-parcelsdocuments.web.175.112.jpg HTTP/1.1
Host: goflyeg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Cookie: PHPSESSID=5kn9v855sn2mnku08vbv412hbe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
server: Microsoft-IIS/10.0
x-powered-by: PHP/7.4.11, ASP.NET
date: Wed, 06 Dec 2023 15:22:01 GMT
content-length: 87004
X-Firefox-Spdy: h2

GET ka-f.fontawesome.com/releases/v6.5.1/css/free-v4-shims.min.css?token=2b0499d3bf

172.64.205.20

200 OK

28 kB

URL GET HTTP/2
ka-f.fontawesome.com/releases/v6.5.1/css/free-v4-shims.min.css?token=2b0499d3bf
IP
172.64.205.20:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerGoogle Trust Services LLC
Subjectka-f.fontawesome.com
FingerprintBC:9B:12:21:8D:67:FE:B5:D3:76:65:FC:D3:F7:91:AE:B4:65:CA:81
ValidityWed, 08 Nov 2023 07:11:36 GMT - Tue, 06 Feb 2024 07:11:35 GMT

File type
ASCII text, with very long lines (27377)
Size
28 kB (27592 bytes)
Hash
604d6da359831b0dc67e0f522f1ff94d
48b776b939a780fde0270dedf7cc163d25e28bb1
5031c11dd77875afefe4eeddfaa320af07fdccea327f7416a5ee8980674c9c76

HTTP Headers

GET /releases/v6.5.1/css/free-v4-shims.min.css?token=2b0499d3bf HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://goflyeg.com/
Origin: https://goflyeg.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 06 Dec 2023 15:22:00 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Thu, 30 Nov 2023 17:25:51 GMT
etag: W/"604d6da359831b0dc67e0f522f1ff94d"
x-amz-server-side-encryption: AES256
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 15daa09affbc43879e6c6220fe3ec1dc.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR5-P6
x-amz-cf-id: g7PmJSAia7ubbyifpUdLIvbkLlEa-wbOy-DJ8Lo9l0xU1npyQZFhFQ==
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qzElq5QVjdTYMrehEBhGgmmXW7fLlLB9rrqLuRFly8ulcz0lqwreuuZyBDrkYVn%2FNmNqjo%2FC83%2B40z6ATJeDnGh0yzRA4AOb4D4W5xoxpHGxTzvVrvI7Wtt6gz9DP%2Fg6k8KM9ojRPA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8315859a0ab763f4-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET kit.fontawesome.com/2b0499d3bf.js

172.64.147.188

200 OK

12 kB

URL GET HTTP/2
kit.fontawesome.com/2b0499d3bf.js
IP
172.64.147.188:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint93:F9:69:8C:73:B0:08:60:65:F3:39:41:39:66:D3:2B:78:3A:6E:3D
ValidityMon, 04 Dec 2023 00:00:00 GMT - Fri, 03 Jan 2025 23:59:59 GMT

File type
ASCII text, with very long lines (11461)
Size
12 kB (11891 bytes)
Hash
6a26cfe652bf4624be8349f3b9e28d44
37c8e0ee56d8e16d824662ec998da5b860c2dc7b
6cb7278449719ee4d46a944a99b0ce6624f86726839744a136295acca977ee17

HTTP Headers

GET /2b0499d3bf.js HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://goflyeg.com
DNT: 1
Connection: keep-alive
Referer: https://goflyeg.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 06 Dec 2023 15:22:00 GMT
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, stale-while-revalidate=30
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: F55HUHEQgBvVX49RW_Ni
cf-cache-status: MISS
server: cloudflare
cf-ray: 8315859578585689-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

GET ka-f.fontawesome.com/releases/v6.5.1/css/free.min.css?token=2b0499d3bf

172.64.205.20

200 OK

103 kB

URL GET HTTP/2
ka-f.fontawesome.com/releases/v6.5.1/css/free.min.css?token=2b0499d3bf
IP
172.64.205.20:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerGoogle Trust Services LLC
Subjectka-f.fontawesome.com
FingerprintBC:9B:12:21:8D:67:FE:B5:D3:76:65:FC:D3:F7:91:AE:B4:65:CA:81
ValidityWed, 08 Nov 2023 07:11:36 GMT - Tue, 06 Feb 2024 07:11:35 GMT

File type
ASCII text, with very long lines (65321)
Size
103 kB (103173 bytes)
Hash
edc53d8d44037708e54122b9e30bb2a1
7210b158d88b1e463ba0b08d26835a9fd4e6c57e
b2bfe99e2e78f71c88eb00c49e1392a15531fb6486d0d0c2ea71937dda34deab

HTTP Headers

GET /releases/v6.5.1/css/free.min.css?token=2b0499d3bf HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://goflyeg.com/
Origin: https://goflyeg.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 06 Dec 2023 15:22:00 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Thu, 30 Nov 2023 17:25:52 GMT
etag: W/"edc53d8d44037708e54122b9e30bb2a1"
x-amz-server-side-encryption: AES256
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6699805b9870134f60ff76c262d76a02.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR5-P6
x-amz-cf-id: pRVftr9PsF9fiPRvmq-MoLJIBAer7Tee2rznRlxQ6_QA1qH5e9GMdQ==
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hEk6WEJj1OWHep8gfvBFj6R2fDM6s3TsI4zGa%2FVHQCO2lLNwkHA9YTVKGhwbgudTwXvAhl%2Fi%2FUt%2FMtMWyZ00LB4RpEW84TY8esydGUro4BHuC39%2BbqjJndzdKzRsKJWegoLvoz9vBA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83158599ca6163f4-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET ka-f.fontawesome.com/releases/v6.5.1/css/free-v5-font-face.min.css?token=2b0499d3bf

172.64.205.20

200 OK

823 B

URL GET HTTP/2
ka-f.fontawesome.com/releases/v6.5.1/css/free-v5-font-face.min.css?token=2b0499d3bf
IP
172.64.205.20:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerGoogle Trust Services LLC
Subjectka-f.fontawesome.com
FingerprintBC:9B:12:21:8D:67:FE:B5:D3:76:65:FC:D3:F7:91:AE:B4:65:CA:81
ValidityWed, 08 Nov 2023 07:11:36 GMT - Tue, 06 Feb 2024 07:11:35 GMT

File type
ASCII text, with very long lines (845), with no line terminators
Size
823 B (823 bytes)
Hash
e6d3783736d2fad2b606057fbb27accf
42a95cbe55b5192414282a64e5f0a106ebd0cfcd
428e4fa90d3cad30b14fe0c63a3a23e6487de4dad755477a33a385844e5a91a7

HTTP Headers

GET /releases/v6.5.1/css/free-v5-font-face.min.css?token=2b0499d3bf HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://goflyeg.com/
Origin: https://goflyeg.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 06 Dec 2023 15:22:00 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Thu, 30 Nov 2023 17:25:51 GMT
etag: W/"496965a55b1faa4d5c41073ef276afc0"
x-amz-server-side-encryption: AES256
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
x-cache: Hit from cloudfront
via: 1.1 6c6d82becb156e1fafffc710575e601a.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR5-P6
x-amz-cf-id: NlRCRDRXz8QOK7cQrax--qD758clPVbAeBddXfS2H_s8jASUrXRbcA==
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7OLfDLCiSpxX%2B7YljCKHt9d8xzRddFuhdLHsQqcy1L9COSdkzTfShzrbywFz6IKAl9FhkYmA9T0rK5a1ffOm5qwrs0WD3cQ0dQHjFDAVtDzKF4O8UrlJZ7%2Br6dKK0%2BZPCc6q7%2B6eTg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 83158599da6e63f4-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET ka-f.fontawesome.com/releases/v6.5.1/css/free-v4-font-face.min.css?token=2b0499d3bf

172.64.205.20

200 OK

1.8 kB

URL GET HTTP/2
ka-f.fontawesome.com/releases/v6.5.1/css/free-v4-font-face.min.css?token=2b0499d3bf
IP
172.64.205.20:443
ASN
#13335 CLOUDFLARENET

Requested by
https://goflyeg.com/wp-admin/Dhl23/app/index.php?userid=75d4d59c79907488754d09c531b79005&ue=72e9068a1a07c12065e87a4451c2e707
Certificate
IssuerGoogle Trust Services LLC
Subjectka-f.fontawesome.com
FingerprintBC:9B:12:21:8D:67:FE:B5:D3:76:65:FC:D3:F7:91:AE:B4:65:CA:81
ValidityWed, 08 Nov 2023 07:11:36 GMT - Tue, 06 Feb 2024 07:11:35 GMT

File type
ASCII text, with very long lines (1803), with no line terminators
Size
1.8 kB (1775 bytes)
Hash
b0e7ed6622101ceea9a31043809aabaf
22fefad8852cf1d903fc7d99970d572ddc6b613c
5f9c11fbca88fe6e6e8ce0de6c76eaca7b8c258572153af5ff88c831316347d0

HTTP Headers

GET /releases/v6.5.1/css/free-v4-font-face.min.css?token=2b0499d3bf HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://goflyeg.com/
Origin: https://goflyeg.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 06 Dec 2023 15:22:00 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Thu, 30 Nov 2023 17:25:51 GMT
etag: W/"cc84affe95dbdd9726525f57d20b4ea6"
x-amz-server-side-encryption: AES256
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 15daa09affbc43879e6c6220fe3ec1dc.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR5-P6
x-amz-cf-id: 9E-K4IY5QioZL0f6SfvSfS_Woa8Cs8AcZe4-hJ8Xx5kb3VjYl_UL5g==
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X3pjumVKaztYa6epD4l4t0n5b16NC7c6NL36gpMMXpfyCXilMw5zDlflPSj9LRswTxTjh89XjDBFyaWIwbxN74WoqMhpAS7AydwwbMeh%2BpbMWEJJKxVFJJaZ%2Ft2iw7z7V97Hou8gsA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8315859a0aba63f4-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (42)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by