urlscan.io logo urlscan.io
SecurityTrails logo

dhlparcel.ddns.net Open in urlscan Pro
103.142.204.181  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://smarturl.it/kml0yo?email=nimit.shah@citi.com
Effective URL: https://dhlparcel.ddns.net/DHL/hl/deutcheautolink.php?email=nimit.shah%40citi.com
Submission: On March 11 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 2 countries across 3 domains to perform 3 HTTP transactions. The main IP is 103.142.204.181, located in United States and belongs to XRCLOUDNETINC-AS-AP XRCLOUD.NET INC., HK. The main domain is dhlparcel.ddns.net.
TLS certificate: Issued by cPanel, Inc. Certification Authority on March 10th 2020. Valid for: 3 months.
This is the only time dhlparcel.ddns.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DHL (Transportation)

Domain & IP information

IP Address AS Autonomous System
1 1 54.175.187.212 14618 (AMAZON-AES)
1 1 217.174.152.38 31083 (TELEPOINT)
3 103.142.204.181 136746 (XRCLOUDNE...)
3 1
Apex Domain
Subdomains		 Transfer
3 ddns.net
dhlparcel.ddns.net
305 KB
1 bakerwala.com
dhl.bakerwala.com
281 B
1 smarturl.it
smarturl.it
1 KB
3 3
Domain Requested by
3 dhlparcel.ddns.net dhlparcel.ddns.net
1 dhl.bakerwala.com 1 redirects
1 smarturl.it 1 redirects
3 3

This site contains no links.

Subject Issuer Validity Valid
dhlparcel.ddns.net
cPanel, Inc. Certification Authority		 2020-03-10 -
2020-06-08		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://dhlparcel.ddns.net/DHL/hl/deutcheautolink.php?email=nimit.shah%40citi.com
Frame ID: E1D684FE35D93CF1478C1540E0FE9D01
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://smarturl.it/kml0yo?email=nimit.shah@citi.com HTTP 301
    http://dhl.bakerwala.com/?email=nimit.shah%40citi.com HTTP 302
    https://dhlparcel.ddns.net/DHL/hl/deutcheautolink.php?email=nimit.shah%40citi.com Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

3
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

1
IPs

2
Countries

305 kB
Transfer

304 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://smarturl.it/kml0yo?email=nimit.shah@citi.com HTTP 301
    http://dhl.bakerwala.com/?email=nimit.shah%40citi.com HTTP 302
    https://dhlparcel.ddns.net/DHL/hl/deutcheautolink.php?email=nimit.shah%40citi.com Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request deutcheautolink.php
dhlparcel.ddns.net/DHL/hl/
Redirect Chain
  • http://smarturl.it/kml0yo?email=nimit.shah@citi.com
  • http://dhl.bakerwala.com/?email=nimit.shah%40citi.com
  • https://dhlparcel.ddns.net/DHL/hl/deutcheautolink.php?email=nimit.shah%40citi.com
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://dhlparcel.ddns.net/DHL/hl/deutcheautolink.php?email=nimit.shah%40citi.com
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.142.204.181 , United States, ASN136746 (XRCLOUDNETINC-AS-AP XRCLOUD.NET INC., HK),
Reverse DNS
Software
Apache /
Resource Hash
418d1991741b54879307ec05caee82d99f790a9f2102be6381aac6d5d2d6f32a

Request headers

Host
dhlparcel.ddns.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 11 Mar 2020 13:20:17 GMT
Server
Apache
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Wed, 11 Mar 2020 13:20:16 GMT
Server
Apache
Location
https://dhlparcel.ddns.net/DHL/hl/deutcheautolink.php?email=nimit.shah%40citi.com
Content-Length
265
Keep-Alive
timeout=5
Connection
Keep-Alive
Content-Type
text/html; charset=iso-8859-1
butts.jpg
dhlparcel.ddns.net/DHL/hl/mgjss/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dhlparcel.ddns.net/DHL/hl/mgjss/butts.jpg
Requested by
Host: dhlparcel.ddns.net
URL: https://dhlparcel.ddns.net/DHL/hl/deutcheautolink.php?email=nimit.shah%40citi.com
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.142.204.181 , United States, ASN136746 (XRCLOUDNETINC-AS-AP XRCLOUD.NET INC., HK),
Reverse DNS
Software
Apache /
Resource Hash
36efac88a37707de014915765b4bf6cdc63810ade588732ed6d9de0a88233a57

Request headers

Referer
https://dhlparcel.ddns.net/DHL/hl/deutcheautolink.php?email=nimit.shah%40citi.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Wed, 11 Mar 2020 13:20:17 GMT
Last-Modified
Fri, 13 Apr 2018 17:06:00 GMT
Server
Apache
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
2511
leyinleyin.jpg
dhlparcel.ddns.net/DHL/hl/mgjss/ 		300 KB
300 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dhlparcel.ddns.net/DHL/hl/mgjss/leyinleyin.jpg
Requested by
Host: dhlparcel.ddns.net
URL: https://dhlparcel.ddns.net/DHL/hl/deutcheautolink.php?email=nimit.shah%40citi.com
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.142.204.181 , United States, ASN136746 (XRCLOUDNETINC-AS-AP XRCLOUD.NET INC., HK),
Reverse DNS
Software
Apache /
Resource Hash
9c3e014d9504263a21513eb708bb4c4dce45610b32f44a70f1e7fbf174420614

Request headers

Referer
https://dhlparcel.ddns.net/DHL/hl/deutcheautolink.php?email=nimit.shah%40citi.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Wed, 11 Mar 2020 13:20:17 GMT
Last-Modified
Fri, 13 Apr 2018 17:04:16 GMT
Server
Apache
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
307223

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DHL (Transportation)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies