july4thparties.com Open in urlscan Pro
69.49.244.153 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://klisc.or.ke/well-known/acme-challenge
Effective URL:
https://july4thparties.com/DHL-Paket/de/trackingnumber.dhl.de/JJD00340433988242290667/de/paket/00340433988242290667/-/
Submission: On April 03 via manual (April 3rd 2023, 7:55:59 am UTC) from ES — Scanned from ES

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 4 countries across 6 domains to perform 18 HTTP transactions. The main IP is 69.49.244.153, located in United States and belongs to NETWORK-SOLUTIONS-HOSTING, US. The main domain is july4thparties.com.
TLS certificate: Issued by R3 on March 27th 2023. Valid for: 3 months.

This is the only time july4thparties.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DHL (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1 2	41.204.160.14 41.204.160.14	36914 (KENET-AS) (KENET-AS)
1 2	173.82.5.134 173.82.5.134	35916 (MULTA-ASN1) (MULTA-ASN1)
1 2	50.87.249.237 50.87.249.237	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
1 10	69.49.244.153 69.49.244.153	19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
1	2606:4700:303... 2606:4700:3038::6815:ea91	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	135.181.58.223 135.181.58.223	24940 (HETZNER-AS) (HETZNER-AS)
18	6

2 41.204.160.14 (Kenya) 1 redirects

ASN36914 (KENET-AS, KE)
PTR: webhost-uon.kenet.or.ke

klisc.or.ke	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 173.82.5.134 (San Pedro, United States) 1 redirects

ASN35916 (MULTA-ASN1, US)
PTR: bwin.thesecurededicatedserver.com

acmebuildersmohali.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 50.87.249.237 (Ottawa, Canada) 1 redirects

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: box2085.bluehost.com

immigrant.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 69.49.244.153 (United States) 1 redirects

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 69-49-244-153.webhostbox.net

july4thparties.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3038::6815:ea91 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.lr-in.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 135.181.58.223 (Helsinki, Finland)

ASN24940 (HETZNER-AS, DE)
PTR: white.hostingcolor.com

dispatching-centre.lasamericascargo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	july4thparties.com 1 redirects july4thparties.com	466 KB
5	lasamericascargo.com dispatching-centre.lasamericascargo.com	54 KB
2	immigrant.ca 1 redirects immigrant.ca	374 B
2	acmebuildersmohali.com 1 redirects acmebuildersmohali.com	318 B
2	klisc.or.ke 1 redirects klisc.or.ke	597 B
1	lr-in.com cdn.lr-in.com — Cisco Umbrella Rank: 19471	163 KB
18	6

	Domain	Requested by
10	july4thparties.com	1 redirects july4thparties.com
5	dispatching-centre.lasamericascargo.com	july4thparties.com
2	immigrant.ca	1 redirects
2	acmebuildersmohali.com	1 redirects
2	klisc.or.ke	1 redirects
1	cdn.lr-in.com	july4thparties.com
18	6

This site contains no links.

Subject Issuer	Validity	Valid
klisc.or.ke R3	`2023-03-14` - `2023-06-12`	3 months	crt.sh
acmebuildersmohali.com R3	`2023-02-07` - `2023-05-08`	3 months	crt.sh
cpcontacts.immigrant.ca R3	`2023-03-20` - `2023-06-18`	3 months	crt.sh
cpanel.july4thparties.com R3	`2023-03-27` - `2023-06-25`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-18` - `2023-06-18`	a year	crt.sh
dispatching-centre.lasamericascargo.com cPanel, Inc. Certification Authority	`2023-02-05` - `2023-05-06`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://july4thparties.com/DHL-Paket/de/trackingnumber.dhl.de/JJD00340433988242290667/de/paket/00340433988242290667/-/
Frame ID: F51626F77E366DC0CCB6B3E36F09B38A
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Verification | DHL

Page URL History Show full URLs

https://klisc.or.ke/well-known/acme-challenge HTTP 301
https://klisc.or.ke/well-known/acme-challenge/ Page URL
https://acmebuildersmohali.com/.well-known/1 HTTP 301
https://acmebuildersmohali.com/.well-known/1/ Page URL
https://immigrant.ca/well-known/acme-challenge/cookies HTTP 301
https://immigrant.ca/well-known/acme-challenge/cookies/ Page URL
https://july4thparties.com/DHL-Paket/de/trackingnumber.dhl.de/JJD00340433988242290667/de/paket/00340433... HTTP 301
https://july4thparties.com/DHL-Paket/de/trackingnumber.dhl.de/JJD00340433988242290667/de/paket/00340433... Page URL

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

18
Requests

100 %
HTTPS

17 %
IPv6

6
Domains

6
Subdomains

6
IPs

4
Countries

683 kB
Transfer

1447 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://klisc.or.ke/well-known/acme-challenge HTTP 301
https://klisc.or.ke/well-known/acme-challenge/ Page URL
https://acmebuildersmohali.com/.well-known/1 HTTP 301
https://acmebuildersmohali.com/.well-known/1/ Page URL
https://immigrant.ca/well-known/acme-challenge/cookies HTTP 301
https://immigrant.ca/well-known/acme-challenge/cookies/ Page URL
https://july4thparties.com/DHL-Paket/de/trackingnumber.dhl.de/JJD00340433988242290667/de/paket/00340433988242290667/- HTTP 301
https://july4thparties.com/DHL-Paket/de/trackingnumber.dhl.de/JJD00340433988242290667/de/paket/00340433988242290667/-/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://klisc.or.ke/well-known/acme-challenge HTTP 301
https://klisc.or.ke/well-known/acme-challenge/

Request Chain 1

https://acmebuildersmohali.com/.well-known/1 HTTP 301
https://acmebuildersmohali.com/.well-known/1/

Request Chain 2

https://immigrant.ca/well-known/acme-challenge/cookies HTTP 301
https://immigrant.ca/well-known/acme-challenge/cookies/

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

/ Show response
klisc.or.ke/well-known/acme-challenge/
Redirect Chain

https://klisc.or.ke/well-known/acme-challenge
https://klisc.or.ke/well-known/acme-challenge/

97 B
330 B

490ms
490ms

Document
text/html

41.204.160.14
KENET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://klisc.or.ke/well-known/acme-challenge/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 41.204.160.14 , Kenya, ASN36914 (KENET-AS, KE),
Reverse DNS: webhost-uon.kenet.or.ke
Software: Apache / PHP/7.4.33
Resource Hash: 3a01132276e80db3f2277bd97c73d675f3853abc0c243f733b3b6d956e933fb6

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: es-ES,es;q=0.9

Response headers

Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Mon, 03 Apr 2023 07:55:45 GMT
Keep-Alive: timeout=2, max=499
Server: Apache
Transfer-Encoding: chunked
X-Powered-By: PHP/7.4.33

Redirect headers

Connection: Keep-Alive
Content-Length: 254
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 03 Apr 2023 07:55:45 GMT
Keep-Alive: timeout=2, max=500
Location: https://klisc.or.ke/well-known/acme-challenge/
Server: Apache

GET
H2

200

/ Show response
acmebuildersmohali.com/.well-known/1/
Redirect Chain

https://acmebuildersmohali.com/.well-known/1
https://acmebuildersmohali.com/.well-known/1/

104 B
162 B

461ms
461ms

Document
text/html

173.82.5.134
MULTA-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://acmebuildersmohali.com/.well-known/1/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 173.82.5.134 San Pedro, United States, ASN35916 (MULTA-ASN1, US),
Reverse DNS: bwin.thesecurededicatedserver.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 945465b8d90000b826d67fa7ee0692f7a67c283d7b9626440da8e1d9cba15b04

Request headers

Referer: https://klisc.or.ke/well-known/acme-challenge/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: es-ES,es;q=0.9

Response headers

content-encoding: br
content-length: 108
content-type: text/html; charset=UTF-8
date: Mon, 03 Apr 2023 07:55:38 GMT
server: Microsoft-IIS/10.0
vary: Accept-Encoding
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin

Redirect headers

content-length: 168
content-type: text/html; charset=UTF-8
date: Mon, 03 Apr 2023 07:55:38 GMT
location: https://acmebuildersmohali.com/.well-known/1/
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin

GET
H2

200

/ Show response
immigrant.ca/well-known/acme-challenge/cookies/
Redirect Chain

https://immigrant.ca/well-known/acme-challenge/cookies
https://immigrant.ca/well-known/acme-challenge/cookies/

167 B
256 B

524ms
523ms

Document
text/html

50.87.249.237
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://immigrant.ca/well-known/acme-challenge/cookies/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.87.249.237 Ottawa, Canada, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box2085.bluehost.com
Software: Apache /
Resource Hash: cf335517a3aa936c62526c5e7ab15ebd13fa1260f034e9b5134bd5372b88a39e

Request headers

Referer: https://acmebuildersmohali.com/.well-known/1/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: es-ES,es;q=0.9

Response headers

content-encoding: gzip
content-length: 158
content-type: text/html; charset=UTF-8
date: Mon, 03 Apr 2023 07:55:56 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
server: Apache
vary: Accept-Encoding

Redirect headers

content-length: 263
content-type: text/html; charset=iso-8859-1
date: Mon, 03 Apr 2023 07:55:56 GMT
location: https://immigrant.ca/well-known/acme-challenge/cookies/
server: Apache

GET
H/1.1

200
OK

Primary Request / Show response
july4thparties.com/DHL-Paket/de/trackingnumber.dhl.de/JJD00340433988242290667/de/paket/00340433988242290667/-/
Redirect Chain

https://july4thparties.com/DHL-Paket/de/trackingnumber.dhl.de/JJD00340433988242290667/de/paket/00340433988242290667/-
https://july4thparties.com/DHL-Paket/de/trackingnumber.dhl.de/JJD00340433988242290667/de/paket/00340433988242290667/-/

60 KB
60 KB

205ms
205ms

Document
text/html

69.49.244.153
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL

https://july4thparties.com/DHL-Paket/de/trackingnumber.dhl.de/JJD00340433988242290667/de/paket/00340433988242290667/-/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

69.49.244.153 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),

Reverse DNS

69-49-244-153.webhostbox.net

Software

Apache /

Resource Hash

1057e2092776ce5cf51730a8e1b4e732ab44c6d38061bdb2eeedbc7d34ae85ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://immigrant.ca/well-known/acme-challenge/cookies/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: es-ES,es;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Mon, 03 Apr 2023 07:55:56 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=5, max=99
Pragma: no-cache
Server: Apache
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

Redirect headers

Connection: Keep-Alive
Content-Length: 326
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 03 Apr 2023 07:55:56 GMT
Keep-Alive: timeout=5, max=100
Location: https://july4thparties.com/DHL-Paket/de/trackingnumber.dhl.de/JJD00340433988242290667/de/paket/00340433988242290667/-/
Server: Apache

GET
H/1.1 200
OK app.css
july4thparties.com/DHL-Paket/de/trackingnumber.dhl.de/JJD00340433988242290667/de/paket/00340433988242290667/-/assets/ 405 KB
406 KB 413ms
163ms Stylesheet
text/css 69.49.244.153
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL

https://july4thparties.com/DHL-Paket/de/trackingnumber.dhl.de/JJD00340433988242290667/de/paket/00340433988242290667/-/assets/app.css

Requested by

Host: july4thparties.com
URL: https://july4thparties.com/DHL-Paket/de/trackingnumber.dhl.de/JJD00340433988242290667/de/paket/00340433988242290667/-/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

69.49.244.153 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),

Reverse DNS

69-49-244-153.webhostbox.net

Software

Apache /

Resource Hash

a0b9419777f544b665051cae80f11bf8ff9f925072a9f062a3d82c383e6cdfde

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://july4thparties.com/DHL-Paket/de/trackingnumber.dhl.de/JJD00340433988242290667/de/paket/00340433988242290667/-/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Mon, 03 Apr 2023 07:55:57 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 12 Apr 2022 12:39:24 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 415045
X-XSS-Protection: 1; mode=block

GET
H2 200 logger-1.min.js Show response
cdn.lr-in.com/ 819 KB
163 KB 139ms
60ms Script
text/javascript 2606:4700:3038::6815:ea91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.lr-in.com/logger-1.min.js

Requested by

Host: july4thparties.com
URL: https://july4thparties.com/DHL-Paket/de/trackingnumber.dhl.de/JJD00340433988242290667/de/paket/00340433988242290667/-/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3038::6815:ea91 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55dfd13a8716b14daa39e5591321f3fcb291dbe01620a3c997279c846f03b508

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://july4thparties.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Mon, 03 Apr 2023 07:55:58 GMT
strict-transport-security: max-age=31556926
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 120
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-mad22067-MAD
last-modified: Fri, 31 Mar 2023 22:47:04 GMT
server: cloudflare
x-timer: S1680303059.837093,VS0,VE1
etag: W/"4a93bc2a39cc823d2508e78af198f72a6ef6ee4f7c9067223553ef3abf68a1d2"
vary: x-fh-requested-host, accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fBUImEMOGAG1i1l%2Bia59gIJ7XeeIVKd3FmTR%2BqVfbzm6KPnbF5kQ985TzbYPTkmBNn6ZkKB%2BTHWpzO%2Bcsj8ZL%2F0MCp9rRDphQRwP5rTjgg5QVGRYgCvHhfKDbV82Aawd5cfAAg6J%2Brt8ifJY"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 7b1fc09839cb86cc-MAD
x-cache-hits: 1

GET
H/1.1 200
OK logo.png
dispatching-centre.lasamericascargo.com/images/ 2 KB
2 KB 621ms
91ms Image
image/png 135.181.58.223
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dispatching-centre.lasamericascargo.com/images/logo.png
Requested by: Host: july4thparties.com
URL: https://july4thparties.com/DHL-Paket/de/trackingnumber.dhl.de/JJD00340433988242290667/de/paket/00340433988242290667/-/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 135.181.58.223 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: white.hostingcolor.com
Software: Apache /
Resource Hash: 3f0c62b5ccdcdbf3b3ae3885f1e6959e2d937eba9b29dea9a6bdb98788041756

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://july4thparties.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Mon, 03 Apr 2023 07:55:55 GMT
Last-Modified: Sun, 13 Mar 2022 04:36:24 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=1, max=100
Content-Length: 1998

GET
H/1.1 200
OK all.png
dispatching-centre.lasamericascargo.com/images/ 12 KB
12 KB 365ms
88ms Image
image/png 135.181.58.223
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dispatching-centre.lasamericascargo.com/images/all.png
Requested by: Host: july4thparties.com
URL: https://july4thparties.com/DHL-Paket/de/trackingnumber.dhl.de/JJD00340433988242290667/de/paket/00340433988242290667/-/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 135.181.58.223 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: white.hostingcolor.com
Software: Apache /
Resource Hash: c1d5409eecb402a99f10718b06c266ba314d9e25f0b56c6fd063699334b8be6d

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://july4thparties.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Mon, 03 Apr 2023 07:55:55 GMT
Last-Modified: Sun, 13 Mar 2022 04:36:24 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=1, max=100
Content-Length: 12499

GET
H/1.1 200
OK foo.png
dispatching-centre.lasamericascargo.com/images/ 4 KB
4 KB 366ms
90ms Image
image/png 135.181.58.223
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dispatching-centre.lasamericascargo.com/images/foo.png
Requested by: Host: july4thparties.com
URL: https://july4thparties.com/DHL-Paket/de/trackingnumber.dhl.de/JJD00340433988242290667/de/paket/00340433988242290667/-/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 135.181.58.223 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: white.hostingcolor.com
Software: Apache /
Resource Hash: 5c4b801e60c49235941cfc562ed465a951c937c668db31e3c1ba152513c672d3

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://july4thparties.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Mon, 03 Apr 2023 07:55:55 GMT
Last-Modified: Sun, 13 Mar 2022 04:36:32 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=1, max=100
Content-Length: 3878

GET
H/1.1 404
Not Found app.js
july4thparties.com/js/ 0
0 138ms
131ms Script
text/html 69.49.244.153
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://july4thparties.com/js/app.js
Requested by: Host: july4thparties.com
URL: https://july4thparties.com/DHL-Paket/de/trackingnumber.dhl.de/JJD00340433988242290667/de/paket/00340433988242290667/-/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 69.49.244.153 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 69-49-244-153.webhostbox.net
Software: Apache /
Resource Hash

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://july4thparties.com/DHL-Paket/de/trackingnumber.dhl.de/JJD00340433988242290667/de/paket/00340433988242290667/-/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Mon, 03 Apr 2023 07:55:57 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found session-recorder.js
july4thparties.com/js/ 0
0 270ms
131ms Script
text/html 69.49.244.153
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://july4thparties.com/js/session-recorder.js
Requested by: Host: july4thparties.com
URL: https://july4thparties.com/DHL-Paket/de/trackingnumber.dhl.de/JJD00340433988242290667/de/paket/00340433988242290667/-/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 69.49.244.153 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 69-49-244-153.webhostbox.net
Software: Apache /
Resource Hash

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://july4thparties.com/DHL-Paket/de/trackingnumber.dhl.de/JJD00340433988242290667/de/paket/00340433988242290667/-/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Mon, 03 Apr 2023 07:55:57 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK card.js Show response
dispatching-centre.lasamericascargo.com/js/ 57 KB
14 KB 367ms
92ms Script
application/javascript 135.181.58.223
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://dispatching-centre.lasamericascargo.com/js/card.js
Requested by: Host: july4thparties.com
URL: https://july4thparties.com/DHL-Paket/de/trackingnumber.dhl.de/JJD00340433988242290667/de/paket/00340433988242290667/-/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 135.181.58.223 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: white.hostingcolor.com
Software: Apache /
Resource Hash: 18c4b9b4c27233b541a47300a4ee98239e1f8dec4bbcd9fabb6bdad12ca82025

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://july4thparties.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Mon, 03 Apr 2023 07:55:55 GMT
Content-Encoding: gzip
Last-Modified: Sun, 13 Mar 2022 04:36:34 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=1, max=100
Content-Length: 14123

GET
H/1.1 200
OK intlTelInput.js Show response
dispatching-centre.lasamericascargo.com/js/ 87 KB
21 KB 366ms
92ms Script
application/javascript 135.181.58.223
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://dispatching-centre.lasamericascargo.com/js/intlTelInput.js
Requested by: Host: july4thparties.com
URL: https://july4thparties.com/DHL-Paket/de/trackingnumber.dhl.de/JJD00340433988242290667/de/paket/00340433988242290667/-/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 135.181.58.223 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: white.hostingcolor.com
Software: Apache /
Resource Hash: 691ff3918fb72cddc3abf2b84af0d66e0d2875b18b032ef6864923789c7e4077

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://july4thparties.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Mon, 03 Apr 2023 07:55:55 GMT
Content-Encoding: gzip
Last-Modified: Sun, 13 Mar 2022 04:36:34 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=1, max=100
Content-Length: 20974

GET
H/1.1 404
Not Found roboto-latin-400-normal.woff2
july4thparties.com/fonts/vendor/@fontsource/roboto/files/ 0
0 132ms
131ms Font
text/html 69.49.244.153
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://july4thparties.com/fonts/vendor/@fontsource/roboto/files/roboto-latin-400-normal.woff2?4673b4537a84c7f7a130799aa6af329b
Requested by: Host: july4thparties.com
URL: https://july4thparties.com/DHL-Paket/de/trackingnumber.dhl.de/JJD00340433988242290667/de/paket/00340433988242290667/-/assets/app.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 69.49.244.153 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 69-49-244-153.webhostbox.net
Software: Apache /
Resource Hash

Request headers

Referer: https://july4thparties.com/DHL-Paket/de/trackingnumber.dhl.de/JJD00340433988242290667/de/paket/00340433988242290667/-/assets/app.css
Origin: https://july4thparties.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Mon, 03 Apr 2023 07:55:57 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=97
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found webfa-solid-900.woff2
july4thparties.com/fonts/vendor/@fortawesome/fontawesome-free/ 0
0 132ms
132ms Font
text/html 69.49.244.153
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://july4thparties.com/fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.woff2?1551f4f60c37af51121f106501f69b80
Requested by: Host: july4thparties.com
URL: https://july4thparties.com/DHL-Paket/de/trackingnumber.dhl.de/JJD00340433988242290667/de/paket/00340433988242290667/-/assets/app.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 69.49.244.153 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 69-49-244-153.webhostbox.net
Software: Apache /
Resource Hash

Request headers

Referer: https://july4thparties.com/DHL-Paket/de/trackingnumber.dhl.de/JJD00340433988242290667/de/paket/00340433988242290667/-/assets/app.css
Origin: https://july4thparties.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Mon, 03 Apr 2023 07:55:57 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found roboto-all-400-normal.woff
july4thparties.com/fonts/vendor/@fontsource/roboto/files/ 0
0 132ms
131ms Font
text/html 69.49.244.153
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://july4thparties.com/fonts/vendor/@fontsource/roboto/files/roboto-all-400-normal.woff?376ea5d93f71583052f65de4e0c6a92c
Requested by: Host: july4thparties.com
URL: https://july4thparties.com/DHL-Paket/de/trackingnumber.dhl.de/JJD00340433988242290667/de/paket/00340433988242290667/-/assets/app.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 69.49.244.153 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 69-49-244-153.webhostbox.net
Software: Apache /
Resource Hash

Request headers

Referer: https://july4thparties.com/DHL-Paket/de/trackingnumber.dhl.de/JJD00340433988242290667/de/paket/00340433988242290667/-/assets/app.css
Origin: https://july4thparties.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Mon, 03 Apr 2023 07:55:57 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=97
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found webfa-solid-900.woff
july4thparties.com/fonts/vendor/@fortawesome/fontawesome-free/ 0
0 132ms
132ms Font
text/html 69.49.244.153
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://july4thparties.com/fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.woff?eeccf4f66002c6f2ba24d3d22f2434c2
Requested by: Host: july4thparties.com
URL: https://july4thparties.com/DHL-Paket/de/trackingnumber.dhl.de/JJD00340433988242290667/de/paket/00340433988242290667/-/assets/app.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 69.49.244.153 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 69-49-244-153.webhostbox.net
Software: Apache /
Resource Hash

Request headers

Referer: https://july4thparties.com/DHL-Paket/de/trackingnumber.dhl.de/JJD00340433988242290667/de/paket/00340433988242290667/-/assets/app.css
Origin: https://july4thparties.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Mon, 03 Apr 2023 07:55:57 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=96
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found webfa-solid-900.ttf
july4thparties.com/fonts/vendor/@fortawesome/fontawesome-free/ 0
0 132ms
131ms Font
text/html 69.49.244.153
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://july4thparties.com/fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.ttf?be9ee23c0c6390141475d519c2c5fb8f
Requested by: Host: july4thparties.com
URL: https://july4thparties.com/DHL-Paket/de/trackingnumber.dhl.de/JJD00340433988242290667/de/paket/00340433988242290667/-/assets/app.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 69.49.244.153 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 69-49-244-153.webhostbox.net
Software: Apache /
Resource Hash

Request headers

Referer: https://july4thparties.com/DHL-Paket/de/trackingnumber.dhl.de/JJD00340433988242290667/de/paket/00340433988242290667/-/assets/app.css
Origin: https://july4thparties.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Mon, 03 Apr 2023 07:55:58 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=95
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DHL (Transportation)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			july4thparties.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 4c5f4f8f626523bad66c7c861dfb4b8b

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://july4thparties.com/js/app.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://july4thparties.com/js/session-recorder.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://july4thparties.com/fonts/vendor/@fontsource/roboto/files/roboto-latin-400-normal.woff2?4673b4537a84c7f7a130799aa6af329b Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://july4thparties.com/fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.woff2?1551f4f60c37af51121f106501f69b80 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://july4thparties.com/fonts/vendor/@fontsource/roboto/files/roboto-all-400-normal.woff?376ea5d93f71583052f65de4e0c6a92c Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://july4thparties.com/fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.woff?eeccf4f66002c6f2ba24d3d22f2434c2 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://july4thparties.com/fonts/vendor/@fortawesome/fontawesome-free/webfa-solid-900.ttf?be9ee23c0c6390141475d519c2c5fb8f Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

acmebuildersmohali.com
cdn.lr-in.com
dispatching-centre.lasamericascargo.com
immigrant.ca
july4thparties.com
klisc.or.ke
135.181.58.223
173.82.5.134
2606:4700:3038::6815:ea91
41.204.160.14
50.87.249.237
69.49.244.153
1057e2092776ce5cf51730a8e1b4e732ab44c6d38061bdb2eeedbc7d34ae85ea
18c4b9b4c27233b541a47300a4ee98239e1f8dec4bbcd9fabb6bdad12ca82025
3a01132276e80db3f2277bd97c73d675f3853abc0c243f733b3b6d956e933fb6
3f0c62b5ccdcdbf3b3ae3885f1e6959e2d937eba9b29dea9a6bdb98788041756
55dfd13a8716b14daa39e5591321f3fcb291dbe01620a3c997279c846f03b508
5c4b801e60c49235941cfc562ed465a951c937c668db31e3c1ba152513c672d3
691ff3918fb72cddc3abf2b84af0d66e0d2875b18b032ef6864923789c7e4077
945465b8d90000b826d67fa7ee0692f7a67c283d7b9626440da8e1d9cba15b04
a0b9419777f544b665051cae80f11bf8ff9f925072a9f062a3d82c383e6cdfde
c1d5409eecb402a99f10718b06c266ba314d9e25f0b56c6fd063699334b8be6d
cf335517a3aa936c62526c5e7ab15ebd13fa1260f034e9b5134bd5372b88a39e

july4thparties.com Open in urlscan Pro 69.49.244.153 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

18 Requests

100 %HTTPS

17 %IPv6

6 Domains

6 Subdomains

6 IPs

4 Countries

683 kBTransfer

1447 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

15 JavaScript Global Variables

1 Cookies

7 Console Messages

Indicators

july4thparties.com Open in urlscan Pro
69.49.244.153 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

100 %
HTTPS

17 %
IPv6

6
Domains

6
Subdomains

6
IPs

4
Countries

683 kB
Transfer

1447 kB
Size

1
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!