Report - saluhallensvinesund.se/DHLEx/dhl_top/source/content/login.php?email=3mail@b.c,N/A,openphish.com/feed.txt

Report Overview

Visited public
2024-08-08 14:12:17
Tags
dhl logistics phishing
URL
saluhallensvinesund.se/DHLEx/dhl_top/source/content/login.php?email=3mail@b.c,N/A,openphish.com/feed.txt
Finishing URL
saluhallensvinesund.se/DHLEx/dhl_top/source/content/login.php?email=3mail@b.c,N/A,openphish.com/feed.txt
IP / ASN
172.93.120.138
#393960 HOST4GEEKS-LLC
Title
saluhallensvinesund.se/DHLEx/dhl_top/source/content/login.php?email=3mail@b.c,N/A,openphish.com/feed.txt
Phishing - DHL

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown				1.6 kB	4.4 kB	23.36.77.32
saluhallensvinesund.se	unknown				1.6 kB	15 kB	172.93.120.138

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (8)

	URL	From	Size	First Seen	Last Seen
	saluhallensvinesund.se/DHLEx/dhl_top/source/content/login.php?email=3mail@b.c,N/A,openphish.com/feed.txt	ScriptElement	3.6 kB	2023-03-07	2024-08-21
Pretty URL saluhallensvinesund.se/DHLEx/dhl_top/source/content/login.php?email=3mail@b.c,N/A,openphish.com/feed.txt IP 172.93.120.138 ASN #393960 HOST4GEEKS-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:05 Last Seen2024-08-21 06:46 Times Seen82 Hash e5da1f2764301ac1edd3453e7d43d9f0 726dcc8165caffecf708e40821ed03d0937ad762 1b46a674fd06b30d4300cef321d5757d6314dce2aae1a0ad8d60fbeb7f92d3e8 Loading...

	saluhallensvinesund.se/DHLEx/dhl_top/source/content/login.php?email=3mail@b.c,N/A,openphish.com/feed.txt	ScriptElement	2.0 kB	2023-03-07	2024-08-21
Pretty URL saluhallensvinesund.se/DHLEx/dhl_top/source/content/login.php?email=3mail@b.c,N/A,openphish.com/feed.txt IP 172.93.120.138 ASN #393960 HOST4GEEKS-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:05 Last Seen2024-08-21 06:46 Times Seen80 Hash f8af2a381574ffdbf2327b1c9fec599f e13f00894908b45e817dae5f00c87182e224f8e5 40b8c6fccce180c18c91963ce93213368b8bbe63e5ba19d50923811e693749ed Loading...

	saluhallensvinesund.se/DHLEx/dhl_top/source/content/login.php?email=3mail@b.c,N/A,openphish.com/feed.txt	ScriptElement	3.9 kB	2023-03-07	2024-08-21
Pretty URL saluhallensvinesund.se/DHLEx/dhl_top/source/content/login.php?email=3mail@b.c,N/A,openphish.com/feed.txt IP 172.93.120.138 ASN #393960 HOST4GEEKS-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:05 Last Seen2024-08-21 06:46 Times Seen82 Hash a3cf7dd06b7a0406f4c82c4408b1a903 6f51185dc1d894eae3d5d121f3e3a83379435305 62f1f19a04b6d24a245b21e497ac0c730da78a8dcfee6a7a869458e9f1be422f Loading...

	saluhallensvinesund.se/DHLEx/dhl_top/source/content/login.php?email=3mail@b.c,N/A,openphish.com/feed.txt	ScriptElement	564 B	2023-03-07	2024-08-21
Pretty URL saluhallensvinesund.se/DHLEx/dhl_top/source/content/login.php?email=3mail@b.c,N/A,openphish.com/feed.txt IP 172.93.120.138 ASN #393960 HOST4GEEKS-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:05 Last Seen2024-08-21 06:46 Times Seen83 Hash 4069f8c979f654519aebbd30247f15e3 6337a08f4f6854b041446eedb2ad7d830d1d181f e205ee9b9397f40605b28973f21620853b5a502c7e251c8e653ce4c923f3464e Loading...

		Size	First Seen	Last Seen
	#1 Write - e835232339500c39f2176849cacfcb22	1.2 kB	2023-03-07 12:05	2024-08-21 06:46
Pretty Observations First Seen2023-03-07 12:05 Last Seen2024-08-21 06:46 Times Seen82 Hash e835232339500c39f2176849cacfcb22 9c86468bc420cc4d428904166c843ce3e0eb9e1a 35a077b714fba1f1aeceed4f72192e47dda6df12ee145dacfcaa2e2ceda90851 Loading...

	#2 Write - eb771a99505381ee59ae13547d17176d	663 B	2023-03-07 12:05	2024-08-21 06:46
Pretty Observations First Seen2023-03-07 12:05 Last Seen2024-08-21 06:46 Times Seen80 Hash eb771a99505381ee59ae13547d17176d 4d59888e5044428d5abca3534b7ded06c615335a baa8d9add7ba1e94f4e1e7e93afb698c75262b5683e054d105404d345bbb6d45 Loading...

	#3 Write - 1530d5d1c773b3d7fadcb57ce5fb0dc0	1.3 kB	2023-03-07 12:05	2024-08-21 06:46
Pretty Observations First Seen2023-03-07 12:05 Last Seen2024-08-21 06:46 Times Seen82 Hash 1530d5d1c773b3d7fadcb57ce5fb0dc0 af56bc837d87abf4b7b8dbd416230ee5994a2983 86c7fd6a41e8f532dd6452d4d3e5c4943548df7c7c64e62cfd1ed0c4548fbfda Loading...

	#4 Write - 1f8938192c99716b0bb4d8ed79936b78	174 B	2023-03-07 12:05	2024-08-21 06:46
Pretty Observations First Seen2023-03-07 12:05 Last Seen2024-08-21 06:46 Times Seen83 Hash 1f8938192c99716b0bb4d8ed79936b78 642c0bf831f022d73a57dc236495c742ffb2ec96 3d6b10960aac86b66534f6cf13f13fa2de708e5ed8d7531a8dd5e52fb32e2e97 Loading...

HTTP Transactions (8)

URL IP Response Size

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
a4b0d33ac49c96c71e39bb632bda5673
f4a1b2c6888fbf71cf9f3a36170c0968463df973
b28c45ed35b17a62f81e5aa81541f61740e5dfb5d5c1baa572feed4a4e2db9c5

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B28C45ED35B17A62F81E5AA81541F61740E5DFB5D5C1BAA572FEED4A4E2DB9C5"
Last-Modified: Tue, 06 Aug 2024 06:28:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12196
Expires: Thu, 08 Aug 2024 17:35:07 GMT
Date: Thu, 08 Aug 2024 14:11:51 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
361994b45d17874f3d57044be82a542d
ddad8ebd0d7ecdc2c9d07245d5aff4df9e3e0a56
bf3643f753112c9f8fa5204e8ee172a6e0374d160407b7f14e2c0708aa0daad5

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BF3643F753112C9F8FA5204E8EE172A6E0374D160407B7F14E2C0708AA0DAAD5"
Last-Modified: Tue, 06 Aug 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19469
Expires: Thu, 08 Aug 2024 19:36:20 GMT
Date: Thu, 08 Aug 2024 14:11:51 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
e7a128439c6dec237227cc4b883a2c99
7794fc9e9bc964823a96cec60a2ec829dbce9919
f0a648a200fc7849174d4b74c6fbfee82b5bd098c9c9cae7084bdafaba169e3b

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F0A648A200FC7849174D4B74C6FBFEE82B5BD098C9C9CAE7084BDAFABA169E3B"
Last-Modified: Tue, 06 Aug 2024 06:26:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11435
Expires: Thu, 08 Aug 2024 17:22:26 GMT
Date: Thu, 08 Aug 2024 14:11:51 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
5aa0870760a323e0c76c1574633ed6e1
5ba6f90abf50092defc125757aef5f3775353f40
485adde6605f8d46bbb24f1ce8fbdeba81d44f09b75600300584d408aa9f3ce1

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "485ADDE6605F8D46BBB24F1CE8FBDEBA81D44F09B75600300584D408AA9F3CE1"
Last-Modified: Tue, 06 Aug 2024 06:57:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13107
Expires: Thu, 08 Aug 2024 17:50:19 GMT
Date: Thu, 08 Aug 2024 14:11:52 GMT
Connection: keep-alive

saluhallensvinesund.se/DHLEx/dhl_top/source/content/login.php?email=3mail@b.c,N/A,openphish.com/feed.txt

172.93.120.138

200 OK

10 kB

URL User Request GET HTTP/1.1
saluhallensvinesund.se/DHLEx/dhl_top/source/content/login.php?email=3mail@b.c,N/A,openphish.com/feed.txt
IP
172.93.120.138:443
ASN
#393960 HOST4GEEKS-LLC

Certificate
IssuerLet's Encrypt
Subjectsaluhallensvinesund.se
FingerprintFC:EA:F9:2E:9A:2B:D5:96:6E:83:9E:0D:AD:89:1F:69:08:2D:97:60
ValiditySun, 04 Aug 2024 15:18:14 GMT - Sat, 02 Nov 2024 15:18:13 GMT

File type
HTML document, ASCII text, with very long lines (3848), with CRLF line terminators
Size
10 kB (10391 bytes)
Hash
4bb6e4ace4c7b8e586433ab2255a69a6
ce3edf005c70c2f293e54b9a1a3ede1bb775af50
c27a5039d3b4e175ef582ceb71c0bb3541a1a32f45a38e73612355c03b8d3eb0

HTTP Headers

GET /DHLEx/dhl_top/source/content/login.php?email=3mail@b.c,N/A,openphish.com/feed.txt HTTP/1.1
Host: saluhallensvinesund.se
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 08 Aug 2024 14:11:52 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

saluhallensvinesund.se/DHLEx/dhl_top/source/content/photos/logo.jpg

172.93.120.138

200 OK

3.9 kB

URL GET HTTP/1.1
saluhallensvinesund.se/DHLEx/dhl_top/source/content/photos/logo.jpg
IP
172.93.120.138:443
ASN
#393960 HOST4GEEKS-LLC

Requested by
https://saluhallensvinesund.se/DHLEx/dhl_top/source/content/login.php?email=3mail@b.c,N/A,openphish.com/feed.txt
Certificate
IssuerLet's Encrypt
Subjectsaluhallensvinesund.se
FingerprintFC:EA:F9:2E:9A:2B:D5:96:6E:83:9E:0D:AD:89:1F:69:08:2D:97:60
ValiditySun, 04 Aug 2024 15:18:14 GMT - Sat, 02 Nov 2024 15:18:13 GMT

File type
PNG image data, 425 x 125, 8-bit colormap, non-interlaced
Size
3.9 kB (3902 bytes)
Hash
d8b38bb6321bd45ff42ed6931a870bb5
483fa5870b17eae93e8251dd50e694da5b0297a0
26933abb67839e269d8fc9d49b5ff722a1f48646776a8bdfb25e572d10996b41

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /DHLEx/dhl_top/source/content/photos/logo.jpg HTTP/1.1
Host: saluhallensvinesund.se
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://saluhallensvinesund.se/DHLEx/dhl_top/source/content/login.php?email=3mail@b.c,N/A,openphish.com/feed.txt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 08 Aug 2024 14:11:52 GMT
Server: Apache
Last-Modified: Fri, 17 Jan 2020 05:21:40 GMT
Accept-Ranges: bytes
Content-Length: 3902
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/jpeg

saluhallensvinesund.se/favicon.ico

172.93.120.138

404 Not Found

315 B

URL GET HTTP/1.1
saluhallensvinesund.se/favicon.ico
IP
172.93.120.138:443
ASN
#393960 HOST4GEEKS-LLC

Requested by
https://saluhallensvinesund.se/DHLEx/dhl_top/source/content/login.php?email=3mail@b.c,N/A,openphish.com/feed.txt
Certificate
IssuerLet's Encrypt
Subjectsaluhallensvinesund.se
FingerprintFC:EA:F9:2E:9A:2B:D5:96:6E:83:9E:0D:AD:89:1F:69:08:2D:97:60
ValiditySun, 04 Aug 2024 15:18:14 GMT - Sat, 02 Nov 2024 15:18:13 GMT

File type
HTML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: saluhallensvinesund.se
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://saluhallensvinesund.se/DHLEx/dhl_top/source/content/login.php?email=3mail@b.c,N/A,openphish.com/feed.txt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Thu, 08 Aug 2024 14:11:52 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
460334cc4e5b7d0e9bae1a2db2ad27cd
b0a331b5252d61b68e687dc25581842a360aac4f
8e85f0944ea44f26c441f73cd791e0cf50936b0278733f5af7305e594372df58

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8E85F0944EA44F26C441F73CD791E0CF50936B0278733F5AF7305E594372DF58"
Last-Modified: Tue, 06 Aug 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19012
Expires: Thu, 08 Aug 2024 19:28:45 GMT
Date: Thu, 08 Aug 2024 14:11:53 GMT
Connection: keep-alive

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (8)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP