Report - dl7oyher5z.onrocket.site/dr/swica/login.php...

Report Overview

Visited public
2025-05-01 20:10:38
Tags
URL
dl7oyher5z.onrocket.site/dr/swica/login.php...
Finishing URL
dl7oyher5z.onrocket.site/dr/swica/login.php
IP / ASN
104.16.151.108
#13335 CLOUDFLARENET
Title
Page not found – Anusa

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
dl7oyher5z.onrocket.site	unknown	2020-03-18	2025-05-01	2025-05-01	6.7 kB	497 kB	104.16.150.108

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2025-05-01	medium	dl7oyher5z.onrocket.site/dr/swica/login.php	Generic/Spear Phishing
2025-05-01	medium	dl7oyher5z.onrocket.site/dr/swica/login.php	Generic/Spear Phishing
2025-05-01	medium	dl7oyher5z.onrocket.site/dr/swica/login.php	Generic/Spear Phishing

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (5)

	URL	From	Size	First Seen	Last Seen
	dl7oyher5z.onrocket.site/wp-includes/js/dist/script-modules/block-library/navigation/view.min.js?ver=61572d447d60c0aa5240	ScriptElement	3.4 kB	2025-04-16	2025-06-09
Pretty URL dl7oyher5z.onrocket.site/wp-includes/js/dist/script-modules/block-library/navigation/view.min.js?ver=61572d447d60c0aa5240 IP 104.16.150.108 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-16 10:49 Last Seen2025-06-09 21:54 Times Seen770 Hash 39b6679f083c89806ae1dab66a6b1f83 ccc3e4d82490e24c5bab603beb04961ba3225571 091b36f4ce349cd155f3d0ffb19f46e954f82aa4eb78dd9091da2ab9c9f20a99 Loading...

	dl7oyher5z.onrocket.site/wp-includes/js/dist/script-modules/interactivity/index.min.js?ver=55aebb6e0a16726baffb	ImportedModule	38 kB	2025-04-16	2025-06-09
Pretty URL dl7oyher5z.onrocket.site/wp-includes/js/dist/script-modules/interactivity/index.min.js?ver=55aebb6e0a16726baffb IP 104.16.150.108 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2025-04-16 10:49 Last Seen2025-06-09 21:54 Times Seen489 Hash b9b0d2f85c70314f27a45ed78db1b656 3b35f410e88cf8d8014baa7612653e6a1768ae2b ab666642de849c4230ef48434db5da6798a7ee20a3730893075f9735fbacde00 Loading...

	dl7oyher5z.onrocket.site/wp-includes/js/wp-emoji-release.min.js?ver=6.8.1	ScriptElement	19 kB	2025-04-03	2025-06-10
Pretty URL dl7oyher5z.onrocket.site/wp-includes/js/wp-emoji-release.min.js?ver=6.8.1 IP 104.16.150.108 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-03 04:02 Last Seen2025-06-10 04:56 Times Seen7603 Hash 1dafa7fe14b33c26fef9b0e5ba0c8e72 62f67cdac55d89c43570bf0c338f4edf548b14e1 50cc1a0490008ec62ca8b581fa9cdcfb2eda2d36a08ccbeb1f004da599e9cc61 Loading...

	dl7oyher5z.onrocket.site/dr/swica/login.php	ScriptElement	3.2 kB	2025-05-01	2025-05-02
Pretty URL dl7oyher5z.onrocket.site/dr/swica/login.php IP 104.16.150.108 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-01 20:10 Last Seen2025-05-02 04:46 Times Seen2 Hash ec6d07381b85a895003833b323cbe3ef c0359d1b83e5db692cba15864735cf1bb00eef2c 00ce980aec60306a7cb76caadff273e2b3214964e9aa4de97424bc2bc31ebf8c Loading...

	dl7oyher5z.onrocket.site/dr/swica/login.php	ScriptElement	1.0 kB	2025-04-01	2025-06-10
Pretty URL dl7oyher5z.onrocket.site/dr/swica/login.php IP 104.16.150.108 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-01 15:25 Last Seen2025-06-10 02:55 Times Seen780 Hash 109ecd7a5db87f00e65d345b77d35af6 c66861c01aea1d24bd27652e7b55152a4850d145 165cc50d501719caea80126aefbf88c799ee0f01af6953afcbc26ce11d5173ca Loading...

HTTP Transactions (13)

URL IP Response Size

dl7oyher5z.onrocket.site/wp-includes/js/dist/script-modules/interactivity/index.min.js?ver=55aebb6e0a16726baffb

104.16.150.108

200 OK

38 kB

URL GET
dl7oyher5z.onrocket.site/wp-includes/js/dist/script-modules/interactivity/index.min.js?ver=55aebb6e0a16726baffb
IP
104.16.150.108:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dl7oyher5z.onrocket.site/dr/swica/login.php
Certificate
IssuerGoogle Trust Services
Subjectonrocket.site
Fingerprint2C:42:1C:30:9C:A4:B4:45:DC:1A:EA:6D:3F:EF:11:B7:2A:40:7F:24
ValidityMon, 17 Mar 2025 07:21:22 GMT - Sun, 15 Jun 2025 08:21:14 GMT

File type
JavaScript source, ASCII text, with very long lines (38256), with no line terminators
Size
38 kB (38256 bytes)
Hash
b9b0d2f85c70314f27a45ed78db1b656
3b35f410e88cf8d8014baa7612653e6a1768ae2b
ab666642de849c4230ef48434db5da6798a7ee20a3730893075f9735fbacde00

HTTP Headers

GET /wp-includes/js/dist/script-modules/interactivity/index.min.js?ver=55aebb6e0a16726baffb HTTP/1.1
Host: dl7oyher5z.onrocket.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dl7oyher5z.onrocket.site/wp-includes/js/dist/script-modules/block-library/navigation/view.min.js?ver=61572d447d60c0aa5240
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 01 May 2025 20:10:06 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Mon, 03 Mar 2025 18:08:42 GMT
expires: Fri, 01 May 2026 13:30:32 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
priority: u=3,i=?0
x-robots-tag: noindex, noarchive, nosnippet
server: cloudflare
cf-ray: 9391eb9d7c1b56a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

dl7oyher5z.onrocket.site/favicon.ico

104.16.150.108

302 Found

3.3 kB

URL GET
dl7oyher5z.onrocket.site/favicon.ico
IP
104.16.150.108:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dl7oyher5z.onrocket.site/dr/swica/login.php
Certificate
IssuerGoogle Trust Services
Subjectonrocket.site
Fingerprint2C:42:1C:30:9C:A4:B4:45:DC:1A:EA:6D:3F:EF:11:B7:2A:40:7F:24
ValidityMon, 17 Mar 2025 07:21:22 GMT - Sun, 15 Jun 2025 08:21:14 GMT

File type

Size
3.3 kB (3300 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: dl7oyher5z.onrocket.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dl7oyher5z.onrocket.site/dr/swica/login.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Thu, 01 May 2025 20:10:06 GMT
content-type: text/html; charset=UTF-8
location: https://dl7oyher5z.onrocket.site/wp-includes/images/w-logo-blue-white-bg.png
link: <https://dl7oyher5z.onrocket.site/wp-json/>; rel="https://api.w.org/"
x-redirect-by: WordPress
expires: Mon, 30 Jun 2025 05:38:06 GMT
cache-control: max-age=5184000
cf-cache-status: HIT
age: 2277
priority: u=6,i=?0
vary: Accept-Encoding
x-robots-tag: noindex, noarchive, nosnippet
server: cloudflare
cf-ray: 9391eb9e3d4756a2-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

dl7oyher5z.onrocket.site/wp-includes/images/w-logo-blue-white-bg.png

104.16.150.108

200 OK

3.3 kB

URL GET
dl7oyher5z.onrocket.site/wp-includes/images/w-logo-blue-white-bg.png
IP
104.16.150.108:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dl7oyher5z.onrocket.site/dr/swica/login.php
Certificate
IssuerGoogle Trust Services
Subjectonrocket.site
Fingerprint2C:42:1C:30:9C:A4:B4:45:DC:1A:EA:6D:3F:EF:11:B7:2A:40:7F:24
ValidityMon, 17 Mar 2025 07:21:22 GMT - Sun, 15 Jun 2025 08:21:14 GMT

File type
RIFF (little-endian) data, Web/P image
Size
3.3 kB (3300 bytes)
Hash
b3f1f6d16540b377a707741171523d56
2c0806f9890c5437dc2acdcc19c8601bc523c3fe
ffc310a0d5c943072ff5c5d0a6556b9fc58dd107a4d0c8488ef9b58f89e597ea

HTTP Headers

GET /wp-includes/images/w-logo-blue-white-bg.png HTTP/1.1
Host: dl7oyher5z.onrocket.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dl7oyher5z.onrocket.site/dr/swica/login.php
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 01 May 2025 20:10:06 GMT
content-type: image/webp
content-length: 3300
cache-control: max-age=31536000
cf-bgj: imgq:85,h2pri
cf-polished: origFmt=png, origSize=4119
content-disposition: inline; filename="w-logo-blue-white-bg.webp"
vary: Accept
expires: Fri, 01 May 2026 05:38:14 GMT
last-modified: Tue, 16 Nov 2021 00:04:02 GMT
cf-cache-status: HIT
age: 2276
accept-ranges: bytes
priority: u=6,i=?0
x-robots-tag: noindex, noarchive, nosnippet
server: cloudflare
cf-ray: 9391eb9ece5856a2-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

dl7oyher5z.onrocket.site/dr/swica/login.php...

104.16.150.108

301 Moved Permanently

55 kB

URL User Request GET
dl7oyher5z.onrocket.site/dr/swica/login.php...
IP
104.16.150.108:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectonrocket.site
Fingerprint2C:42:1C:30:9C:A4:B4:45:DC:1A:EA:6D:3F:EF:11:B7:2A:40:7F:24
ValidityMon, 17 Mar 2025 07:21:22 GMT - Sun, 15 Jun 2025 08:21:14 GMT

File type

Size
55 kB (55249 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /dr/swica/login.php... HTTP/1.1
Host: dl7oyher5z.onrocket.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Thu, 01 May 2025 20:10:05 GMT
content-type: text/html; charset=UTF-8
location: https://dl7oyher5z.onrocket.site/dr/swica/login.php
x-redirect-by: WordPress
cache-control: public, max-age=0, s-maxage=2592000
cf-cache-status: DYNAMIC
x-robots-tag: noindex, noarchive, nosnippet
server: cloudflare
cf-ray: 9391eb97bd86b50b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

dl7oyher5z.onrocket.site/dr/swica/login.php

104.16.150.108

404 Not Found

55 kB

URL User Request GET
dl7oyher5z.onrocket.site/dr/swica/login.php
IP
104.16.150.108:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectonrocket.site
Fingerprint2C:42:1C:30:9C:A4:B4:45:DC:1A:EA:6D:3F:EF:11:B7:2A:40:7F:24
ValidityMon, 17 Mar 2025 07:21:22 GMT - Sun, 15 Jun 2025 08:21:14 GMT

File type
HTML document, ASCII text, with very long lines (16443)
Size
55 kB (55249 bytes)
Hash
eb009a9faed26f8a0a9eb775f14f0d03
b813602d6868f0c3f57d0a86549662054e2723b9
f6d9691518008db5c97570c1cb28c8593dd8a7c1519db596f15cb0261501adb0

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /dr/swica/login.php HTTP/1.1
Host: dl7oyher5z.onrocket.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Thu, 01 May 2025 20:10:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
link: <https://dl7oyher5z.onrocket.site/wp-json/>; rel="https://api.w.org/"
cf-cache-status: DYNAMIC
priority: u=1,i=?0
x-robots-tag: noindex, noarchive, nosnippet
server: cloudflare
cf-ray: 9391eb9b2f7556a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

dl7oyher5z.onrocket.site/wp-content/themes/twentytwentyfive/style.css?ver=1.2

104.16.150.108

200 OK

2.5 kB

URL GET
dl7oyher5z.onrocket.site/wp-content/themes/twentytwentyfive/style.css?ver=1.2
IP
104.16.150.108:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dl7oyher5z.onrocket.site/dr/swica/login.php
Certificate
IssuerGoogle Trust Services
Subjectonrocket.site
Fingerprint2C:42:1C:30:9C:A4:B4:45:DC:1A:EA:6D:3F:EF:11:B7:2A:40:7F:24
ValidityMon, 17 Mar 2025 07:21:22 GMT - Sun, 15 Jun 2025 08:21:14 GMT

File type
ASCII text, with very long lines (540)
Size
2.5 kB (2503 bytes)
Hash
170ee56e685a7f2100c8b99ecd17cd93
97bb382f75f1f3bcec9836ea91309222ad8faf33
1deb03fa90a5760e659f5316bfb68d2ceb587c09f2a90106c925f26c4277bb2e

HTTP Headers

GET /wp-content/themes/twentytwentyfive/style.css?ver=1.2 HTTP/1.1
Host: dl7oyher5z.onrocket.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dl7oyher5z.onrocket.site/dr/swica/login.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 01 May 2025 20:10:06 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Mon, 14 Apr 2025 15:27:20 GMT
expires: Fri, 01 May 2026 05:40:54 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
priority: u=2,i=?0
x-robots-tag: noindex, noarchive, nosnippet
server: cloudflare
cf-ray: 9391eb9caa4156a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

dl7oyher5z.onrocket.site/wp-includes/js/dist/script-modules/block-library/navigation/view.min.js?ver=61572d447d60c0aa5240

104.16.150.108

200 OK

3.4 kB

URL GET
dl7oyher5z.onrocket.site/wp-includes/js/dist/script-modules/block-library/navigation/view.min.js?ver=61572d447d60c0aa5240
IP
104.16.150.108:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dl7oyher5z.onrocket.site/dr/swica/login.php
Certificate
IssuerGoogle Trust Services
Subjectonrocket.site
Fingerprint2C:42:1C:30:9C:A4:B4:45:DC:1A:EA:6D:3F:EF:11:B7:2A:40:7F:24
ValidityMon, 17 Mar 2025 07:21:22 GMT - Sun, 15 Jun 2025 08:21:14 GMT

File type
ASCII text, with very long lines (3358), with no line terminators
Size
3.4 kB (3358 bytes)
Hash
39b6679f083c89806ae1dab66a6b1f83
ccc3e4d82490e24c5bab603beb04961ba3225571
091b36f4ce349cd155f3d0ffb19f46e954f82aa4eb78dd9091da2ab9c9f20a99

HTTP Headers

GET /wp-includes/js/dist/script-modules/block-library/navigation/view.min.js?ver=61572d447d60c0aa5240 HTTP/1.1
Host: dl7oyher5z.onrocket.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dl7oyher5z.onrocket.site/dr/swica/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 01 May 2025 20:10:06 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Mon, 03 Mar 2025 18:08:42 GMT
expires: Fri, 01 May 2026 13:30:32 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
priority: u=3,i=?0
x-robots-tag: noindex, noarchive, nosnippet
server: cloudflare
cf-ray: 9391eb9caa4456a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

dl7oyher5z.onrocket.site/wp-content/themes/twentytwentyfive/assets/fonts/manrope/Manrope-VariableFont_wght.woff2

104.16.150.108

200 OK

54 kB

URL GET
dl7oyher5z.onrocket.site/wp-content/themes/twentytwentyfive/assets/fonts/manrope/Manrope-VariableFont_wght.woff2
IP
104.16.150.108:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dl7oyher5z.onrocket.site/dr/swica/login.php
Certificate
IssuerGoogle Trust Services
Subjectonrocket.site
Fingerprint2C:42:1C:30:9C:A4:B4:45:DC:1A:EA:6D:3F:EF:11:B7:2A:40:7F:24
ValidityMon, 17 Mar 2025 07:21:22 GMT - Sun, 15 Jun 2025 08:21:14 GMT

File type
Web Open Font Format (Version 2), TrueType, length 53600, version 1.0
Size
54 kB (53600 bytes)
Hash
a8ebc7eb54efacfda66d0a2531058ecd
5b56dbe3d3eabe178719988f4fee76d9d4ad7079
ce340d48531930f3f2c8b7c47d149f82c9f4413548dd216e0f4d9af94a87c374

HTTP Headers

GET /wp-content/themes/twentytwentyfive/assets/fonts/manrope/Manrope-VariableFont_wght.woff2 HTTP/1.1
Host: dl7oyher5z.onrocket.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://dl7oyher5z.onrocket.site/dr/swica/login.php
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 01 May 2025 20:10:06 GMT
content-type: font/woff2
content-length: 53600
last-modified: Tue, 29 Oct 2024 00:02:18 GMT
expires: Fri, 01 May 2026 13:30:33 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
x-robots-tag: noindex, noarchive, nosnippet
server: cloudflare
cf-ray: 9391eb9d5bd856a2-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

dl7oyher5z.onrocket.site/dr/swica/login.php

104.16.150.108

404 Not Found

55 kB

URL User Request GET
dl7oyher5z.onrocket.site/dr/swica/login.php
IP
104.16.150.108:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectonrocket.site
Fingerprint2C:42:1C:30:9C:A4:B4:45:DC:1A:EA:6D:3F:EF:11:B7:2A:40:7F:24
ValidityMon, 17 Mar 2025 07:21:22 GMT - Sun, 15 Jun 2025 08:21:14 GMT

File type
HTML document, ASCII text, with very long lines (16443)
Size
55 kB (55249 bytes)
Hash
eb009a9faed26f8a0a9eb775f14f0d03
b813602d6868f0c3f57d0a86549662054e2723b9
f6d9691518008db5c97570c1cb28c8593dd8a7c1519db596f15cb0261501adb0

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /dr/swica/login.php HTTP/1.1
Host: dl7oyher5z.onrocket.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Thu, 01 May 2025 20:10:05 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
link: <https://dl7oyher5z.onrocket.site/wp-json/>; rel="https://api.w.org/"
cf-cache-status: DYNAMIC
x-robots-tag: noindex, noarchive, nosnippet
server: cloudflare
cf-ray: 9391eb98af11b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

dl7oyher5z.onrocket.site/dr/swica/login.php

104.16.150.108

301 Moved Permanently

55 kB

URL User Request GET
dl7oyher5z.onrocket.site/dr/swica/login.php
IP
104.16.150.108:80
ASN
#13335 CLOUDFLARENET

File type

Size
55 kB (55249 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /dr/swica/login.php HTTP/1.1
Host: dl7oyher5z.onrocket.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Thu, 01 May 2025 20:10:05 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 01 May 2025 21:10:05 GMT
Location: https://dl7oyher5z.onrocket.site/dr/swica/login.php
Vary: Accept-Encoding
X-Robots-Tag: noindex, noarchive, nosnippet
Server: cloudflare
CF-RAY: 9391eb9aefb20b45-OSL
alt-svc: h3=":443"; ma=86400

dl7oyher5z.onrocket.site/wp-includes/blocks/navigation/style.min.css?ver=6.8.1

104.16.150.108

200 OK

16 kB

URL GET
dl7oyher5z.onrocket.site/wp-includes/blocks/navigation/style.min.css?ver=6.8.1
IP
104.16.150.108:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dl7oyher5z.onrocket.site/dr/swica/login.php
Certificate
IssuerGoogle Trust Services
Subjectonrocket.site
Fingerprint2C:42:1C:30:9C:A4:B4:45:DC:1A:EA:6D:3F:EF:11:B7:2A:40:7F:24
ValidityMon, 17 Mar 2025 07:21:22 GMT - Sun, 15 Jun 2025 08:21:14 GMT

File type
ASCII text, with very long lines (16449), with no line terminators
Size
16 kB (16449 bytes)
Hash
d9709693f6fa74e9eae622c2b6d3fbfa
8562935219e2b4299d36f0304c0382ee16390a9e
377c5dd7befdaaeb1b293089c92885e8af3b42fca9e72e098a3bfc384ff33207

HTTP Headers

GET /wp-includes/blocks/navigation/style.min.css?ver=6.8.1 HTTP/1.1
Host: dl7oyher5z.onrocket.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dl7oyher5z.onrocket.site/dr/swica/login.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 01 May 2025 20:10:06 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Fri, 07 Feb 2025 15:46:48 GMT
expires: Fri, 01 May 2026 05:40:54 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
priority: u=2,i=?0
x-robots-tag: noindex, noarchive, nosnippet
server: cloudflare
cf-ray: 9391eb9caa3f56a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

dl7oyher5z.onrocket.site/wp-content/themes/twentytwentyfive/assets/images/404-image.webp

104.16.150.108

200 OK

130 kB

URL GET
dl7oyher5z.onrocket.site/wp-content/themes/twentytwentyfive/assets/images/404-image.webp
IP
104.16.150.108:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dl7oyher5z.onrocket.site/dr/swica/login.php
Certificate
IssuerGoogle Trust Services
Subjectonrocket.site
Fingerprint2C:42:1C:30:9C:A4:B4:45:DC:1A:EA:6D:3F:EF:11:B7:2A:40:7F:24
ValidityMon, 17 Mar 2025 07:21:22 GMT - Sun, 15 Jun 2025 08:21:14 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1048x1342, Scaling: [none]x[none], YUV color, decoders should clamp
Size
130 kB (129970 bytes)
Hash
189ee7f2a40c13d4a2094d2497929e62
c116aec61bec386a9cf15e8cf935d673014eb8ef
6873efa2823693885dcb88526d155c461d23d785f817249e5721b92025133059

HTTP Headers

GET /wp-content/themes/twentytwentyfive/assets/images/404-image.webp HTTP/1.1
Host: dl7oyher5z.onrocket.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dl7oyher5z.onrocket.site/dr/swica/login.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 01 May 2025 20:10:06 GMT
content-type: image/webp
content-length: 129970
last-modified: Tue, 22 Oct 2024 01:43:18 GMT
expires: Fri, 01 May 2026 09:02:49 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
x-robots-tag: noindex, noarchive, nosnippet
server: cloudflare
cf-ray: 9391eb9caa4856a2-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

dl7oyher5z.onrocket.site/wp-includes/js/wp-emoji-release.min.js?ver=6.8.1

104.16.150.108

200 OK

19 kB

URL GET
dl7oyher5z.onrocket.site/wp-includes/js/wp-emoji-release.min.js?ver=6.8.1
IP
104.16.150.108:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dl7oyher5z.onrocket.site/dr/swica/login.php
Certificate
IssuerGoogle Trust Services
Subjectonrocket.site
Fingerprint2C:42:1C:30:9C:A4:B4:45:DC:1A:EA:6D:3F:EF:11:B7:2A:40:7F:24
ValidityMon, 17 Mar 2025 07:21:22 GMT - Sun, 15 Jun 2025 08:21:14 GMT

File type
JavaScript source, ASCII text, with very long lines (16290)
Size
19 kB (19264 bytes)
Hash
1dafa7fe14b33c26fef9b0e5ba0c8e72
62f67cdac55d89c43570bf0c338f4edf548b14e1
50cc1a0490008ec62ca8b581fa9cdcfb2eda2d36a08ccbeb1f004da599e9cc61

HTTP Headers

GET /wp-includes/js/wp-emoji-release.min.js?ver=6.8.1 HTTP/1.1
Host: dl7oyher5z.onrocket.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dl7oyher5z.onrocket.site/dr/swica/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 01 May 2025 20:10:06 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Tue, 18 Mar 2025 03:01:26 GMT
expires: Fri, 01 May 2026 05:47:27 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
priority: u=3,i=?0
x-robots-tag: noindex, noarchive, nosnippet
server: cloudflare
cf-ray: 9391eb9e4d5856a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (13)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type