dhl.versand.website Open in urlscan Pro
195.35.78.44  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
8 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request go Show response dhl.versand.website/	405 KB 405 KB	241ms 44ms	Document text/html	195.35.78.44 ENBW-AG
General Check archive.org Show headers Download Go to Full URL http://dhl.versand.website/go?r=f84dfcdb5162657c588449eb5e015d5f-fb370f12bb Protocol HTTP/1.1 Server 195.35.78.44 Karlsruhe, Germany, ASN15698 (ENBW-AG, DE), Reverse DNS Software Apache / Resource Hash 2fd1d54eaf8eb8b048439b403682e0a2996695fddfa868d485d0ea35c2f0f655 Request headers Host dhl.versand.website Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 03 Aug 2020 06:57:21 GMT Server Apache Last-Modified Wed, 29 Jul 2020 13:32:20 GMT ETag "654dc-5ab9495c86100" Accept-Ranges bytes Content-Length 414940 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html
GET DATA	200 OK	truncated /	2 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash aeed178a287002e32c4a7767dc24b3c732a812cdd42017835055e42db4d2eae1 Request headers Referer http://dhl.versand.website/go?r=f84dfcdb5162657c588449eb5e015d5f-fb370f12bb User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	33 KB 0		Font text/plain
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 2a2dc315ce559a3636bcbfaf666ee1ac382222798eceeef8d464c8d1e4e18de7 Request headers Origin http://dhl.versand.website Referer http://dhl.versand.website/go?r=f84dfcdb5162657c588449eb5e015d5f-fb370f12bb User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type text/plain;charset=US-ASCII
GET DATA	200 OK	truncated /	33 KB 0		Font text/plain
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 4d5879466a996b0bc74a71e513a743e240b69199449fa59e51d32d133b99576f Request headers Origin http://dhl.versand.website Referer http://dhl.versand.website/go?r=f84dfcdb5162657c588449eb5e015d5f-fb370f12bb User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type text/plain;charset=US-ASCII
GET DATA	200 OK	truncated /	33 KB 0		Font text/plain
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 41b4a75c89d2860d206985b9a04448e8f809595ec6e088b3f44315285e0d563f Request headers Origin http://dhl.versand.website Referer http://dhl.versand.website/go?r=f84dfcdb5162657c588449eb5e015d5f-fb370f12bb User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type text/plain;charset=US-ASCII
GET DATA	200 OK	truncated /	36 KB 0		Font text/plain
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash ccdf7761ca4d7eaa78f7135627c83d85ed7324d9e12a36258f1f21a5842c27b1 Request headers Origin http://dhl.versand.website Referer http://dhl.versand.website/go?r=f84dfcdb5162657c588449eb5e015d5f-fb370f12bb User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type text/plain;charset=US-ASCII
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 8ef2e763cf232a209ec9a8db241dd9b6cd193a6447cba2f45d8163def5c8d38e Request headers Referer http://dhl.versand.website/go?r=f84dfcdb5162657c588449eb5e015d5f-fb370f12bb User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/png
GET H/1.1	200 OK	keepref.js Show response catch-us-if-you-can.org/	563 B 845 B	132ms 32ms	Script application/javascript	195.35.78.44 ENBW-AG
General Check archive.org Show headers Download Go to Full URL https://catch-us-if-you-can.org/keepref.js Requested by Host: dhl.versand.website URL: http://dhl.versand.website/go?r=f84dfcdb5162657c588449eb5e015d5f-fb370f12bb Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 195.35.78.44 Karlsruhe, Germany, ASN15698 (ENBW-AG, DE), Reverse DNS Software Apache / Resource Hash 34d2b75b6fcf7bc5fc35a9d5531ebac4ea16cddf3ac213e836dad3b7b4010f1f Request headers Referer http://dhl.versand.website/go?r=f84dfcdb5162657c588449eb5e015d5f-fb370f12bb User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 03 Aug 2020 06:57:22 GMT Last-Modified Mon, 20 Jul 2020 09:19:50 GMT Server Apache ETag "233-5aadc02335980" Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 563
GET H/1.1	200 OK	initgc.js Show response catch-us-if-you-can.org/	192 B 473 B	134ms 35ms	Script application/javascript	195.35.78.44 ENBW-AG
General Check archive.org Show headers Download Go to Full URL https://catch-us-if-you-can.org/initgc.js Requested by Host: dhl.versand.website URL: http://dhl.versand.website/go?r=f84dfcdb5162657c588449eb5e015d5f-fb370f12bb Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 195.35.78.44 Karlsruhe, Germany, ASN15698 (ENBW-AG, DE), Reverse DNS Software Apache / Resource Hash 0b94fd0a536d8f6a0d6a97e1f52a449f55b0dda230c015328710c61955102c35 Request headers Referer http://dhl.versand.website/go?r=f84dfcdb5162657c588449eb5e015d5f-fb370f12bb User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 03 Aug 2020 06:57:22 GMT Last-Modified Mon, 20 Jul 2020 09:17:00 GMT Server Apache ETag "c0-5aadbf8115b00" Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 192
GET H/1.1	200 OK	count.js Show response dashboard.catch-us-if-you-can.org/	5 KB 5 KB	197ms 29ms	Script application/javascript	195.35.78.44 ENBW-AG
General Check archive.org Show headers Download Go to Full URL https://dashboard.catch-us-if-you-can.org/count.js Requested by Host: dhl.versand.website URL: http://dhl.versand.website/go?r=f84dfcdb5162657c588449eb5e015d5f-fb370f12bb Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 195.35.78.44 Karlsruhe, Germany, ASN15698 (ENBW-AG, DE), Reverse DNS Software Apache / Resource Hash 3c1a9d367b05e54510f2d9139ed64cabc18afbd5bb697ce14202b3b1d9df3d24 Request headers Referer http://dhl.versand.website/go?r=f84dfcdb5162657c588449eb5e015d5f-fb370f12bb User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 03 Aug 2020 06:57:22 GMT Server Apache Transfer-Encoding chunked Content-Type application/javascript Access-Control-Allow-Origin * Cache-Control no-store,no-cache Connection Keep-Alive Keep-Alive timeout=5, max=100
GET H/1.1	200 OK	countfuncs.js Show response catch-us-if-you-can.org/	728 B 1010 B	134ms 34ms	Script application/javascript	195.35.78.44 ENBW-AG
General Check archive.org Show headers Download Go to Full URL https://catch-us-if-you-can.org/countfuncs.js Requested by Host: dhl.versand.website URL: http://dhl.versand.website/go?r=f84dfcdb5162657c588449eb5e015d5f-fb370f12bb Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 195.35.78.44 Karlsruhe, Germany, ASN15698 (ENBW-AG, DE), Reverse DNS Software Apache / Resource Hash c0e63d74933ba810e5b215e3cc655ebbcae33e13883dd6cd10a26cd938ba233a Request headers Referer http://dhl.versand.website/go?r=f84dfcdb5162657c588449eb5e015d5f-fb370f12bb User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 03 Aug 2020 06:57:22 GMT Last-Modified Mon, 20 Jul 2020 09:16:54 GMT Server Apache ETag "2d8-5aadbf7b5cd80" Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 728
GET DATA	200 OK	truncated /	9 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 55de7fa1d7d120cab791bbbeadf10fe0f15783b296aceee56dc72c80896e4114 Request headers Referer http://dhl.versand.website/go?r=f84dfcdb5162657c588449eb5e015d5f-fb370f12bb User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	102 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash db5ffa6e23423c2affe94a4259f6e293d453ae2f8166f5acbb5b474761fd4479 Request headers Referer http://dhl.versand.website/go?r=f84dfcdb5162657c588449eb5e015d5f-fb370f12bb User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/jpeg
GET H/1.1	200 OK	count dashboard.catch-us-if-you-can.org/	43 B 454 B	43ms 42ms	Image image/gif	195.35.78.44 ENBW-AG
General Check archive.org Show headers Download Go to Show image Full URL https://dashboard.catch-us-if-you-can.org/count?p=dhl.versand.website&r=f84dfcdb5162657c588449eb5e015d5f-fb370f12bb&t=Seite_geladen&e=true&s=1600%2C1200%2C1&b=153&q=%3Fr%3Df84dfcdb5162657c588449eb5e015d5f-fb370f12bb&rnd=afq2i Requested by Host: dhl.versand.website URL: http://dhl.versand.website/go?r=f84dfcdb5162657c588449eb5e015d5f-fb370f12bb Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 195.35.78.44 Karlsruhe, Germany, ASN15698 (ENBW-AG, DE), Reverse DNS Software Apache / Resource Hash 42cb846e07917f6731406e500f24aeb2e88c42cda124eaa59e08c5331cad8bcb Security Headers Name Value Strict-Transport-Security max-age=2592000 X-Content-Type-Options nosniff X-Frame-Options deny Request headers Referer http://dhl.versand.website/go?r=f84dfcdb5162657c588449eb5e015d5f-fb370f12bb User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 03 Aug 2020 06:57:22 GMT Strict-Transport-Security max-age=2592000 X-Content-Type-Options nosniff Server Apache X-Frame-Options deny Content-Type image/gif Access-Control-Allow-Origin * X-Rate-Limit-Remaining 3 Cache-Control no-store,no-cache X-Rate-Limit-Limit 4 Connection Keep-Alive X-Rate-Limit-Reset 1 Keep-Alive timeout=5, max=99 Content-Length 43

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DHL (Transportation)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| findGetParameter object| goatcounter function| sleep function| count_and_stay function| count_and_redirect string| redirect_to string| phishing_domain

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

catch-us-if-you-can.org
dashboard.catch-us-if-you-can.org
dhl.versand.website
195.35.78.44
0b94fd0a536d8f6a0d6a97e1f52a449f55b0dda230c015328710c61955102c35
2a2dc315ce559a3636bcbfaf666ee1ac382222798eceeef8d464c8d1e4e18de7
2fd1d54eaf8eb8b048439b403682e0a2996695fddfa868d485d0ea35c2f0f655
34d2b75b6fcf7bc5fc35a9d5531ebac4ea16cddf3ac213e836dad3b7b4010f1f
3c1a9d367b05e54510f2d9139ed64cabc18afbd5bb697ce14202b3b1d9df3d24
41b4a75c89d2860d206985b9a04448e8f809595ec6e088b3f44315285e0d563f
42cb846e07917f6731406e500f24aeb2e88c42cda124eaa59e08c5331cad8bcb
4d5879466a996b0bc74a71e513a743e240b69199449fa59e51d32d133b99576f
55de7fa1d7d120cab791bbbeadf10fe0f15783b296aceee56dc72c80896e4114
8ef2e763cf232a209ec9a8db241dd9b6cd193a6447cba2f45d8163def5c8d38e
aeed178a287002e32c4a7767dc24b3c732a812cdd42017835055e42db4d2eae1
c0e63d74933ba810e5b215e3cc655ebbcae33e13883dd6cd10a26cd938ba233a
ccdf7761ca4d7eaa78f7135627c83d85ed7324d9e12a36258f1f21a5842c27b1
db5ffa6e23423c2affe94a4259f6e293d453ae2f8166f5acbb5b474761fd4479