magaz-zakaz.ru
Open in
urlscan Pro
95.216.42.58
Malicious Activity!
Public Scan
Effective URL: https://magaz-zakaz.ru//wp-content/upgrade/dhl.html
Submission: On August 26 via api from US
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on July 22nd 2019. Valid for: 3 months.
This is the only time magaz-zakaz.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DHL (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 193.106.200.227 193.106.200.227 | 50459 (INFORMSER...) (INFORMSERVICE-AS) | |
1 | 95.216.42.58 95.216.42.58 | 24940 (HETZNER-AS) (HETZNER-AS) | |
22 | 23.43.116.51 23.43.116.51 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 | 2a00:1450:400... 2a00:1450:4001:809::2008 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
31 | 4 |
ASN50459 (INFORMSERVICE-AS, UA)
PTR: karab-200-h227.ins.dn.ua
tomsk-today.ru |
ASN20940 (AKAMAI-ASN1, US)
PTR: a23-43-116-51.deploy.static.akamaitechnologies.com
www.mydhl.dhl.com |
ASN15169 (GOOGLE - Google LLC, US)
ssl.google-analytics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
dhl.com
www.mydhl.dhl.com |
320 KB |
2 |
google-analytics.com
ssl.google-analytics.com |
17 KB |
1 |
magaz-zakaz.ru
magaz-zakaz.ru |
28 KB |
1 |
tomsk-today.ru
1 redirects
tomsk-today.ru |
271 B |
0 |
edge-cdn.net
Failed
www.edge-cdn.net Failed |
|
0 |
fonts.net
Failed
fast.fonts.net Failed |
|
31 | 6 |
Domain | Requested by | |
---|---|---|
22 | www.mydhl.dhl.com |
magaz-zakaz.ru
www.mydhl.dhl.com |
2 | ssl.google-analytics.com |
magaz-zakaz.ru
|
1 | magaz-zakaz.ru |
magaz-zakaz.ru
|
1 | tomsk-today.ru | 1 redirects |
0 | www.edge-cdn.net Failed |
magaz-zakaz.ru
|
0 | fast.fonts.net Failed |
magaz-zakaz.ru
|
31 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.mydhl.dhl.com |
www.dhl.com |
www.dhl.de |
Subject Issuer | Validity | Valid | |
---|---|---|---|
magaz-zakaz.ru Let's Encrypt Authority X3 |
2019-07-22 - 2019-10-20 |
3 months | crt.sh |
www.mydhl.dhl.com DigiCert SHA2 Secure Server CA |
2018-08-01 - 2020-01-30 |
a year | crt.sh |
*.google-analytics.com Google Internet Authority G3 |
2019-07-29 - 2019-10-21 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://magaz-zakaz.ru//wp-content/upgrade/dhl.html
Frame ID: 324C182D38007267568B06B315BF4392
Requests: 30 HTTP requests in this frame
Frame:
https://www.edge-cdn.net/video_921234?playerskin=50107
Frame ID: 74B052397B1537BE6232D7D57FB32BA1
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://tomsk-today.ru/images/map/customer.php
HTTP 302
https://magaz-zakaz.ru//wp-content/upgrade/dhl.html Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Google Analytics (Analytics) Expand
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
6 Outgoing links
These are links going to different origins than the main page.
Title: Forgot Password or User ID?
Search URL Search Domain Scan URL
Title: Register Now
Search URL Search Domain Scan URL
Title: Find Out More
Search URL Search Domain Scan URL
Title: Masthead
Search URL Search Domain Scan URL
Title: Terms & Conditions
Search URL Search Domain Scan URL
Title: Privacy & Cookies
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://tomsk-today.ru/images/map/customer.php
HTTP 302
https://magaz-zakaz.ru//wp-content/upgrade/dhl.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://magaz-zakaz.ru//wp-content/upgrade/url(%22http://fast.fonts.net/t/1.css?apiType=css& HTTP 301
- https://magaz-zakaz.ru/wp-content/upgrade/url(%22http:/fast.fonts.net/t/1.css?apiType=css&
31 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
dhl.html
magaz-zakaz.ru//wp-content/upgrade/ Redirect Chain
|
28 KB 28 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
1.css
magaz-zakaz.ru/wp-content/upgrade/url(%22http:/fast.fonts.net/t/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
layout.css
www.mydhl.dhl.com/mydhl/framework/skeletons/bighorn/css/ |
1 KB 977 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
buttons.js
www.mydhl.dhl.com/mydhl/framework/skeletons/bighorn/js/ |
2 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
util.js
www.mydhl.dhl.com/mydhl/framework/skeletons/bighorn/js/ |
1 KB 1009 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
www.mydhl.dhl.com/mydhl/framework/skins/dhl/css/ |
115 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
plugins.min.js
www.mydhl.dhl.com/mydhl/framework/skins/dhl/js/ |
336 KB 100 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
www.mydhl.dhl.com/mydhl/framework/skins/dhl/js/ |
45 KB 13 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dhl_logo_transparent.png
www.mydhl.dhl.com/content/dam/Local_Images/g0/express/mydhl/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mydhl_logo_transparent.png
www.mydhl.dhl.com/content/dam/Local_Images/g0/express/mydhl/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
form_help.png
www.mydhl.dhl.com/mydhl/framework/skins/dhl/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mydhl_benefit_1.png
www.mydhl.dhl.com/content/dam/Local_Images/g0/express/mydhl/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mydhl_benefit_2.png
www.mydhl.dhl.com/content/dam/Local_Images/g0/express/mydhl/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mydhl_benefit_3.png
www.mydhl.dhl.com/content/dam/Local_Images/g0/express/mydhl/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mydhl_benefit_4.png
www.mydhl.dhl.com/content/dam/Local_Images/g0/express/mydhl/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mydhl_benefit_5.png
www.mydhl.dhl.com/content/dam/Local_Images/g0/express/mydhl/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dp_dhl_com_transparent.png
www.mydhl.dhl.com/content/dam/Local_Images/g0/express/mydhl/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
1.css
fast.fonts.net/t/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dhl-print.css
www.mydhl.dhl.com/mydhl/framework/skins/dhl/css/ |
546 B 738 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mydhl_image_western-cultural.jpg
www.mydhl.dhl.com/content/dam/Local_Images/g0/express/mydhl/ |
134 KB 135 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg-header.png
www.mydhl.dhl.com/mydhl/framework/skins/dhl/images/ |
988 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
shadow_navigation_main_bottom.png
www.mydhl.dhl.com/mydhl/framework/skins/dhl/images/ |
456 B 898 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
23c8fd07-fd70-4f71-8660-ee48fd5cdd78.woff2
www.mydhl.dhl.com/mydhl/framework/skins/dhl/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
443d53e8-5a36-44d4-a132-02501f29ccb4.woff2
www.mydhl.dhl.com/mydhl/framework/skins/dhl/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
video_921234
www.edge-cdn.net/ Frame 74B0 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-arrow-close.png
www.mydhl.dhl.com/mydhl/framework/skins/dhl/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga.js
ssl.google-analytics.com/ |
45 KB 17 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
servicelink_separator.gif
www.mydhl.dhl.com/mydhl/framework/skins/dhl/images/ |
44 B 485 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
select-arrow.png
www.mydhl.dhl.com/mydhl/framework/skins/dhl/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
__utm.gif
ssl.google-analytics.com/ |
35 B 133 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
758b3adb-babc-432f-8224-6d5987a29d87.woff
www.mydhl.dhl.com/mydhl/framework/skins/dhl/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- magaz-zakaz.ru
- URL
- https://magaz-zakaz.ru/wp-content/upgrade/url(%22http:/fast.fonts.net/t/1.css?apiType=css&
- Domain
- fast.fonts.net
- URL
- http://fast.fonts.net/t/1.css?apiType=css&projectid=a3f6fe50-744f-4123-952d-600048fa8a7c
- Domain
- www.mydhl.dhl.com
- URL
- https://www.mydhl.dhl.com/mydhl/framework/skins/dhl/fonts/23c8fd07-fd70-4f71-8660-ee48fd5cdd78.woff2
- Domain
- www.mydhl.dhl.com
- URL
- https://www.mydhl.dhl.com/mydhl/framework/skins/dhl/fonts/443d53e8-5a36-44d4-a132-02501f29ccb4.woff2
- Domain
- www.edge-cdn.net
- URL
- https://www.edge-cdn.net/video_921234?playerskin=50107
- Domain
- www.mydhl.dhl.com
- URL
- https://www.mydhl.dhl.com/mydhl/framework/skins/dhl/fonts/758b3adb-babc-432f-8224-6d5987a29d87.woff
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DHL (Transportation)103 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| MM_findObj function| MM_validateForm string| currentLanguage string| calendarLanguage string| contextPath string| btnConfirmOk string| btnConfirmCancel string| linkMore string| linkLess string| dateFormatPattern function| wlp_bighorn_float_handler function| wlp_bighorn_delete_handler function| wlp_bighorn_attachEventHandler function| wlp_bighorn_addClassName function| wlp_bighorn_removeClassName object| calToday string| dayIdPrefix string| dayIdSeparator function| getDayId function| getHoliday function| addHolidays function| addAppointments function| getAppointmentHtml object| optionLabels function| initCalendarOptions function| getCalendarConfig function| createCookie function| readCookie function| startsWithPattern function| getMatchingFormats function| getBestMatchingFormat function| getFormatHint function| getNumberOfSignificantChars function| getMaxFormatLength function| isNumber function| isLetter function| isFormatValidationRequired object| LazyMapLoader function| loaded object| gsplApi function| $ function| jQuery function| DP_jQuery function| jAlert function| jConfirm function| jPrompt function| jDecide string| portletContext function| beaUpdateListener function| beaUpdatePrepareContent function| initLogoutLink function| getDocumentHeight function| updateIFrame function| initHeadlines function| initIEHacks function| initJsValidation function| findInvalidChars function| buildInvalidCharList function| validateField2 function| toggleErrorStyle function| isBlank function| initDatepicker function| initCalendar function| initExpandableItems function| initExpandableNews function| initExpandableArticle function| initTooltips function| initFormSubmitDummy function| initMenuDivider function| initSubMenuDevider function| initReclamation function| initOverwriteSettings function| getDefaultSubmitButton function| printPage function| windowOpen object| popupWindows object| existingWindowsArray function| windowOpener function| jsConfirm function| jsAlert function| jsWarning function| isEnterPressed object| arrowimages object| jquerycssmenu function| initExpandableCheckbox function| initLccOverlay function| initLccTicker function| initLccSlider function| dummyMatcher function| initAccordion function| initPlaceholders function| lookupIdByTagId function| lookupIdScope object| netui_tagIdNameMap function| lookupNameByTagId object| _gaq object| $firstArtikel object| $headline boolean| showCalendar boolean| showHolidays boolean| showAppointments object| _gat object| gaGlobal0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fast.fonts.net
magaz-zakaz.ru
ssl.google-analytics.com
tomsk-today.ru
www.edge-cdn.net
www.mydhl.dhl.com
fast.fonts.net
magaz-zakaz.ru
www.edge-cdn.net
www.mydhl.dhl.com
193.106.200.227
23.43.116.51
2a00:1450:4001:809::2008
95.216.42.58
068ba5f7171905401b1fa65396ec01acd58fe2f4ed1ad1e57285c1f9b3497089
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
17f196c8885ad7c64020ab029a3e8490725f3664f28e5bb1231064125478a137
35b8eca53271516f3d66a3dd8f89e1366edb87adad26015424148de71dfcce46
3dbafdfa54ef76441f3f5e406264767885421889ccab69744e3f7d4226aebe9e
52ffe78ae85dbc710947c33c4eaec04b71ccbd9724bf91c9f89627f14f478555
5e7aa8776b6c81a885293c89911c50dfdc7967458e4734a6d322134dd8dc80ed
6b183a115aa27f57c515661c33997b1c96999981ac7e0534e4a46f1c19377c49
73d0a320b24bf8d072eaf30904a5b2ccf96579329e30723296d4a80a167a555d
77511e8beca58bc2e49bee41d5ad842b9da8c16370a36a15c2fe253b1fa79530
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
87fb396f8e33435afa46363e355587cf3494a8f61caa53b6f4aceeb9804c95b7
9f51d89d7ca154545b4cd1fa8973c24d5e518d31c86aacd3c4c37e7305ff52e1
9f6e2d3a6f15517380d4582c8770aee1ca0d29e53d5966aa6982c9f46a8c9efe
ab5f4d741318b9ef4174611a8d7ec60af9c2c619ea0784758e21231c859cdba4
aebcccf4e1b7b1f7e88b7703ba1427e8a1ccb63b8e43532d8839ab7a66e4ebe6
af7f14e6c8e65f74dac6afda27be4ce7512db2a778ec42c36f55a1ed363fc7d8
b3b3f72fefa8480eef99644b25181c2b18a91464466f24557ed598af68fee7dc
baffd233b0f77bcc50519a65a1e06f71ce63a8f4109581939029021878b56f59
cba36ffea0e05b51840b73b915ec8bdc13f68e7f8ca88565fabca1baaf75a00c
d233657e86bcdc818edebfd01971431ddf84a891c25d936bb65a2cee694d3c9f
d5bda57f1c9047620ecf845dbd6b457c0b0c6dcc4e83fb1832859a2f6ab10b02
e0556ca17eba8429f9d2d2b3997ff5d5386e350b3feed19347667de553a05110
e52f5819eb39b3c274812f71fcb4590b7d5bd218c0b0d5318cc8b5d5a66a2c15
fe0e5d03d5c401e19596f33aac27782bb91f9f3d020802de75d2d2a72c256225