helppackg.socialproofie.com

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 4 HTTP transactions. The main IP is 149.102.143.180, located in United States and belongs to CONTABO, DE. The main domain is helppackg.socialproofie.com.
TLS certificate: Issued by R3 on July 5th 2022. Valid for: 3 months.

This is the only time helppackg.socialproofie.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DHL (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1 2	149.102.143.180 149.102.143.180	51167 (CONTABO) (CONTABO)
1 4	104.90.140.168 104.90.140.168	16625 (AKAMAI-AS) (AKAMAI-AS)
4	3

2 149.102.143.180 (United States) 1 redirects

ASN51167 (CONTABO, DE)
PTR: germany.mywebsitepanel.com

helppackg.socialproofie.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.90.140.168 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-90-140-168.deploy.static.akamaitechnologies.com

mydhl.express.dhl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	express.dhl 1 redirects mydhl.express.dhl — Cisco Umbrella Rank: 36843	213 KB
2	socialproofie.com 1 redirects helppackg.socialproofie.com	1 MB
4	2

	Domain	Requested by
4	mydhl.express.dhl	1 redirects helppackg.socialproofie.com
2	helppackg.socialproofie.com	1 redirects
4	2

This site contains links to these domains. Also see Links.

Domain
mydhl.express.dhl
oso.dhl.com
www.dhl.com
www.facebook.com
www.linkedin.com
twitter.com
www.youtube.com
www.instagram.com

Subject Issuer	Validity	Valid
helppackg.socialproofie.com R3	`2022-07-05` - `2022-10-03`	3 months	crt.sh
mydhl.express.dhl DPDHL Global TLS CA - I5	`2021-07-22` - `2022-07-22`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://helppackg.socialproofie.com/delivery/checkout
Frame ID: 9AE9A7B5EBFAB998D177961E5AF3C1BB
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Receive a Shipment | DHL Express Shipping Labels | MyDHL+

Page URL History Show full URLs

https://helppackg.socialproofie.com/delivery/checkout/ HTTP 301
https://helppackg.socialproofie.com/delivery/checkout Page URL

Page Statistics

4
Requests

75 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

1439 kB
Transfer

2003 kB
Size

2
Cookies

24 Outgoing links

These are links going to different origins than the main page.

URL: https://mydhl.express.dhl/fr/en/home.html

Search URL Search Domain Scan URL

URL: https://mydhl.express.dhl/fr/en/shipment.html
Title: Receive a Shipment

Search URL Search Domain Scan URL

URL: https://mydhl.express.dhl/fr/en/shipment.html#/rate-and-quote
Title: Get a Rate and Time Quote

Search URL Search Domain Scan URL

URL: https://mydhl.express.dhl/fr/en/schedule-pickup.html#/schedule-pickup
Title: Schedule a Pickup

Search URL Search Domain Scan URL

URL: https://oso.dhl.com/fr/fr
Title: Order Supplies

Search URL Search Domain Scan URL

URL: https://mydhl.express.dhl/content/dhl/fr/en/legal.html
Title: Terms and Conditions of Carriage

Search URL Search Domain Scan URL

URL: https://mydhl.express.dhl/content/dhl/fr/en/shipment/online-credit-card-terms-and-conditions.html
Title: Online T&C

Search URL Search Domain Scan URL

URL: https://mydhl.express.dhl/fr/en/help-and-support.html
Title: Help and Support

Search URL Search Domain Scan URL

URL: https://mydhl.express.dhl/fr/en/help-and-support.html#/faqs
Title: FAQs

Search URL Search Domain Scan URL

URL: https://mydhl.express.dhl/fr/en/help-and-support.html#/contact_us
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://mydhl.express.dhl/fr/en/locator.html
Title: Find a location

Search URL Search Domain Scan URL

URL: https://mydhl.express.dhl/fr/en/legal.html
Title: Terms and Conditions

Search URL Search Domain Scan URL

URL: https://mydhl.express.dhl/fr/en/footer/privacy-and-cookies.html
Title: Privacy Notice

Search URL Search Domain Scan URL

URL: https://www.dhl.com/fr-en/home/footer/fraud-awareness.html
Title: Fraud Awareness

Search URL Search Domain Scan URL

URL: https://mydhl.express.dhl/fr/en/important-information.html
Title: Important Information

Search URL Search Domain Scan URL

URL: https://www.dhl.com/fr-en/home/about-us.html
Title: About DHL

Search URL Search Domain Scan URL

URL: https://www.dhl.com/fr-en/home/press.html
Title: Press

Search URL Search Domain Scan URL

URL: https://www.dhl.com/fr-en/home/careers.html
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.dhl.com/fr-en/home/footer/legal-notice.html
Title: Legal Notice

Search URL Search Domain Scan URL

URL: https://www.facebook.com/DHLExpressFr/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/16189934

Search URL Search Domain Scan URL

URL: https://twitter.com/DHLExpressFr

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/dhl

Search URL Search Domain Scan URL

URL: https://www.instagram.com/dhlexpressfrance/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://helppackg.socialproofie.com/delivery/checkout/ HTTP 301
https://helppackg.socialproofie.com/delivery/checkout Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://mydhl.express.dhl/content/dhl/fr/en/_jcr_content/top-nav-v2/image.img.png/1614969224184.png HTTP 302
https://mydhl.express.dhl/fr/en/_jcr_content/top-nav-v2/image.img.png/1614969224184.png

4 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request checkout Show response
helppackg.socialproofie.com/delivery/
Redirect Chain

https://helppackg.socialproofie.com/delivery/checkout/
https://helppackg.socialproofie.com/delivery/checkout

1 MB
1 MB

650ms
650ms

Document
text/html

149.102.143.180
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://helppackg.socialproofie.com/delivery/checkout
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 149.102.143.180 , United States, ASN51167 (CONTABO, DE),
Reverse DNS: germany.mywebsitepanel.com
Software: Apache /
Resource Hash: 03573f5b31967fe439adcc6dbffa62d0ee1e4225bf7744058744c7f68442eee4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache, private
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Tue, 05 Jul 2022 21:26:20 GMT
Keep-Alive: timeout=5, max=99
Server: Apache
Transfer-Encoding: chunked

Redirect headers

Connection: Keep-Alive
Content-Length: 261
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 05 Jul 2022 21:26:19 GMT
Keep-Alive: timeout=5, max=100
Location: https://helppackg.socialproofie.com/delivery/checkout
Server: Apache

GET
H2

200

1614969224184.png
mydhl.express.dhl/fr/en/_jcr_content/top-nav-v2/image.img.png/
Redirect Chain

https://mydhl.express.dhl/content/dhl/fr/en/_jcr_content/top-nav-v2/image.img.png/1614969224184.png
https://mydhl.express.dhl/fr/en/_jcr_content/top-nav-v2/image.img.png/1614969224184.png

2 KB
2 KB

41ms
41ms

Image
image/png

104.90.140.168
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mydhl.express.dhl/fr/en/_jcr_content/top-nav-v2/image.img.png/1614969224184.png

Requested by

Host: helppackg.socialproofie.com
URL: https://helppackg.socialproofie.com/delivery/checkout

Protocol

H2

Server

104.90.140.168 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-90-140-168.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

3f0c62b5ccdcdbf3b3ae3885f1e6959e2d937eba9b29dea9a6bdb98788041756

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://helppackg.socialproofie.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains
x-akamai-tls: tls1.2
last-modified: Sat, 02 Jul 2022 03:07:36 GMT
server: nginx
etag: W/"7ce-5e2c9ce00d16a"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=10800, public
date: Tue, 05 Jul 2022 21:26:20 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 1998
expires: Sat, 02 Jul 2022 06:07:35 GMT

Redirect headers

dc-name: PRG
strict-transport-security: max-age=31536000 ; includeSubDomains
x-akamai-tls: tls1.2
server: nginx
date: Tue, 05 Jul 2022 21:26:20 GMT
content-type: text/html
location: https://mydhl.express.dhl/fr/en/_jcr_content/top-nav-v2/image.img.png/1614969224184.png
server-timing: cdn-cache; desc=HIT, edge; dur=7
content-length: 138

GET
DATA 200
OK truncated
/ 38 KB
38 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 660a305219a1c6fc16bf2efa5c8f7732df118c16024f73e2f3407839f9ab3b53

Request headers

Referer
Origin: https://helppackg.socialproofie.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: application/x-font-woff

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5c4b801e60c49235941cfc562ed465a951c937c668db31e3c1ba152513c672d3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 ewf.fr.en.populateDictionariesCallback.8943235219b76a3fd4e1075745a23bd8977a77dbda0d138e7c3689678d90f762.js Show response
mydhl.express.dhl/etc/dhl/dictionary/ 769 KB
208 KB 233ms
51ms Script
application/javascript 104.90.140.168
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://mydhl.express.dhl/etc/dhl/dictionary/ewf.fr.en.populateDictionariesCallback.8943235219b76a3fd4e1075745a23bd8977a77dbda0d138e7c3689678d90f762.js

Requested by

Host: helppackg.socialproofie.com
URL: https://helppackg.socialproofie.com/delivery/checkout

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.90.140.168 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-90-140-168.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

cc7bad4b75bd53e635a538cb1662dc48dac7c80e6cd8796fa6302f82f890950c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://helppackg.socialproofie.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains
content-encoding: gzip
x-akamai-tls: tls1.2
last-modified: Sat, 02 Jul 2022 00:35:13 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: "c054a-5e2c7ad134236-gzip"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=86400, public
date: Tue, 05 Jul 2022 21:26:20 GMT
server-timing: cdn-cache; desc=MISS, edge; dur=1, origin; dur=217
accept-ranges: bytes
content-length: 212351
expires: Wed, 06 Jul 2022 16:50:43 GMT

GET
H2 200 regexp.populateRegexpCallback.8943235219b76a3fd4e1075745a23bd8977a77dbda0d138e7c3689678d90f762.js Show response
mydhl.express.dhl/etc/dhl/dictionary/ 4 KB
2 KB 261ms
87ms Script
application/javascript 104.90.140.168
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://mydhl.express.dhl/etc/dhl/dictionary/regexp.populateRegexpCallback.8943235219b76a3fd4e1075745a23bd8977a77dbda0d138e7c3689678d90f762.js

Requested by

Host: helppackg.socialproofie.com
URL: https://helppackg.socialproofie.com/delivery/checkout

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.90.140.168 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-90-140-168.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

8c763627dfd0223bb5731c0dd3e7f96606fb7f5fcac276029ea2292c34c93067

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://helppackg.socialproofie.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains
content-encoding: gzip
x-akamai-tls: tls1.2
last-modified: Sat, 02 Jul 2022 00:44:29 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: "f52-5e2c7ce2e00ed-gzip"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=86400, public
date: Tue, 05 Jul 2022 21:26:20 GMT
server-timing: cdn-cache; desc=MISS, edge; dur=1, origin; dur=187
accept-ranges: bytes
content-length: 1767
expires: Wed, 06 Jul 2022 16:50:43 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DHL (Transportation)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			helppackg.socialproofie.com/	1970-01-20 04:17:43	Name: XSRF-TOKEN Value: eyJpdiI6Ilhxdy9DVVR4TFBOclFab3JVWjZjTFE9PSIsInZhbHVlIjoibFFmNktaMGJJbjRLNHhVQjAzTm1yOVF1VW5XaGhiVENYbEpaeTNodFVQNnBiSWNCWEFkS2FGZE1JUzFhMUdmdUdzWFFCdHp1U0ZUL2paQ283T0xXdlBoQkJHY3JqKzJTcmU3SVBOTWVxTzdpdW5GdnM5cWY4WE1vSjFhZzU5QzUiLCJtYWMiOiJjNTM4YWM0YTM5M2MwYWNjYTk2NTQ4NjRlNTIwMDE5Nzg0NzMxNDc1ZTg2MWI4MzU0YzA2YWI5NTIyYzA5OTViIiwidGFnIjoiIn0%3D
			helppackg.socialproofie.com/	1970-01-20 04:17:43	Name: dhl_phisher_session Value: eyJpdiI6ImpLMlh5Qk11aVBsUzNuWXZSQUFLaWc9PSIsInZhbHVlIjoiZCtkMVVRYUpmekZST1lCSnl0bDlQeTBUSHB0Tjl1TnBXWVdwdlNXbVZ3RlRDYVh1Q3dPcExHeVJaQWR5L0h1YlpWY25oT01kbVllWXNqaTRMQmxaVm9BZTgvbGc2a1hoZnpFTW9haENYay9TTFcwOG5KTTdhNGttL3NEbHhNb0kiLCJtYWMiOiJlZTA4ODRiM2Y3Y2U0NzRmYWFkZjcyMmVjNzI3YTE4ZGZmZDZmY2JmYWRhOGMyYjg3NGQxY2Y5MGVlYTQ4MWQyIiwidGFnIjoiIn0%3D

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

helppackg.socialproofie.com
mydhl.express.dhl
104.90.140.168
149.102.143.180
03573f5b31967fe439adcc6dbffa62d0ee1e4225bf7744058744c7f68442eee4
3f0c62b5ccdcdbf3b3ae3885f1e6959e2d937eba9b29dea9a6bdb98788041756
5c4b801e60c49235941cfc562ed465a951c937c668db31e3c1ba152513c672d3
660a305219a1c6fc16bf2efa5c8f7732df118c16024f73e2f3407839f9ab3b53
8c763627dfd0223bb5731c0dd3e7f96606fb7f5fcac276029ea2292c34c93067
cc7bad4b75bd53e635a538cb1662dc48dac7c80e6cd8796fa6302f82f890950c

helppackg.socialproofie.com Open in urlscan Pro 149.102.143.180 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

4 Requests

75 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

1439 kBTransfer

2003 kBSize

2 Cookies

24 Outgoing links

Page URL History

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

2 Cookies

Indicators

helppackg.socialproofie.com Open in urlscan Pro
149.102.143.180 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

75 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

1439 kB
Transfer

2003 kB
Size

2
Cookies

4 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!