de-dhl.xyz Open in urlscan Pro
2606:4700:3032::6815:507c Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://de-dhl.xyz/
Effective URL:
https://de-dhl.xyz/
Submission: On October 09 via api (October 9th 2023, 9:04:05 pm UTC) from IE — Scanned from DE

Summary HTTP 29 Redirects Links 97 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 29 HTTP transactions. The main IP is 2606:4700:3032::6815:507c, located in United States and belongs to CLOUDFLARENET, US. The main domain is de-dhl.xyz.
TLS certificate: Issued by E1 on October 9th 2023. Valid for: 3 months.

This is the only time de-dhl.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DHL (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3037::ac43:b50e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
25	2606:4700:303... 2606:4700:3032::6815:507c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
29	2

1 2606:4700:3037::ac43:b50e (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

de-dhl.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2606:4700:3032::6815:507c (United States)

ASN13335 (CLOUDFLARENET, US)

de-dhl.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
26	de-dhl.xyz 1 redirects de-dhl.xyz	2 MB
29	1

	Domain	Requested by
26	de-dhl.xyz	1 redirects de-dhl.xyz
29	1

This site contains links to these domains. Also see Links.

Domain
www.dhl.de
www.dhl.com
www.dpdhl.de
www.deutschepost.de
www.facebook.com
www.instagram.com
onetrust.com

Subject Issuer	Validity	Valid
de-dhl.xyz E1	`2023-10-09` - `2024-01-07`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://de-dhl.xyz/
Frame ID: 748B8FE6F859262EB1A782A49DC0A8AB
Requests: 29 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

DHL Privatkunden - Paketversand und Paketempfang mit DHLiconmonstr-menu-1loginlogged-inarrow-link-rightsearchplusminusplusminusplusminusplusminusarrow-down-02arrow-up-02plusminusplusminusplusminusplusminusarrow-down-02arrow-up-02plusminusplusminusplusminusarrow-down-02arrow-up-02searchloginlogged-inarrow-link-rightlinkarrowlinkarrowlinkarrowlinkarrowlinkarrowlinkarrowlinkarrowarrow-down-02arrow-up-02searchnewsletterfacebookinstagramBack ButtonSearch IconFilter Icon

Page URL History Show full URLs

http://de-dhl.xyz/ HTTP 301
https://de-dhl.xyz/ Page URL

Detected technologies

Socket.io (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

socket\.io.*\.js

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+\sdata-v(?:ue)?-

Page Statistics

29
Requests

86 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

2356 kB
Transfer

7331 kB
Size

0
Cookies

97 Outgoing links

These are links going to different origins than the main page.

URL: https://www.dhl.de/de/privatkunden.html
Title: Privatkunden

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response de-dhl.xyz/ Redirect Chain http://de-dhl.xyz/ https://de-dhl.xyz/	3 KB 2 KB	853ms 791ms	Document text/html	2606:4700:3032::6815:507c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://de-dhl.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::6815:507c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5873992805ea3af2d87810b1d796f5e9c5bad92ce1dc6966cfb619d0d71aa2d8` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 813992c89bb665d4-FRA content-encoding br content-type text/html date Mon, 09 Oct 2023 21:03:59 GMT last-modified Sun, 08 Oct 2023 18:15:49 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VezD8KyQKsCVjO9QeNTo2oLIub0ib1KBGvC2dMB7oW02jYc4YOoGGEzls6CgJwSzr3XTAHlOPQsyf8Jnb%2FQEyyMNFfGHaoWeU0fmi0257kXuVR3CPrv3b%2FDwVMfxmzxyUY37NuOnEHYw"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding Redirect headers CF-RAY 813992c7fe0b2c73-FRA Cache-Control max-age=3600 Connection keep-alive Date Mon, 09 Oct 2023 21:03:58 GMT Expires Mon, 09 Oct 2023 22:03:58 GMT Location https://de-dhl.xyz/ NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dz7g5qPmhU%2BPMrvqAN2TmpiB1JQZPr0H8CukTQ1WYk85BbwVEQppLmM7mEoSOpQMIUMOWOwUWN1Lic8FYuI4iC2stMok%2BqmP5u2nXZYqcEy9w0mx7skRP0LgfQdZpocdF%2BxeBlLnTvee"}],"group":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked Vary Accept-Encoding alt-svc h3=":443"; ma=86400
GET H2	200	EPGtQi5nkj3e7d1f38.1696788929173.js Show response de-dhl.xyz/assets/	7 MB 2 MB	56ms 55ms	Script application/javascript	2606:4700:3032::6815:507c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://de-dhl.xyz/assets/EPGtQi5nkj3e7d1f38.1696788929173.js Requested by Host: de-dhl.xyz URL: https://de-dhl.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::6815:507c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c43636a00035425d4f0e1e0db197d9692957a743e00aa5b8dcaa5af58d71dc4b` Request headers Referer https://de-dhl.xyz/ Origin https://de-dhl.xyz accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 21:03:59 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 38405 alt-svc h3=":443"; ma=86400 last-modified Sun, 08 Oct 2023 18:16:11 GMT server cloudflare etag W/"6522f1eb-6a2ddf" vary Accept-Encoding access-control-allow-methods GET content-type application/javascript access-control-allow-origin * report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c1sfHiTZ8%2BPersixvoHrBnzqsihRRtcrCgh7o4XCUH4aarxGRjSuCZYR4lQRiB9LPXW1qAYl5VrMts6Otl5DxXaL94rlPXNP2zAxqkZwXrojnPjwilNVAZbOvGKU3k4wVWJsFyeZ0N6%2B"}],"group":"cf-nel","max_age":604800} cache-control max-age=604800 cf-ray 813992cd995a65d4-FRA expires Mon, 16 Oct 2023 10:23:54 GMT
GET H2	200	WWcTkb73rZe055d3f1.1696788929173.css de-dhl.xyz/assets/	780 B 694 B	41ms 40ms	Stylesheet text/css	2606:4700:3032::6815:507c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://de-dhl.xyz/assets/WWcTkb73rZe055d3f1.1696788929173.css Requested by Host: de-dhl.xyz URL: https://de-dhl.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::6815:507c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e055d3f119a00ee47c6802612a3dd218ee5425dd73d40fd2f20df34be83c2a0b` Request headers accept-language de-DE,de;q=0.9 Referer https://de-dhl.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 21:03:59 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 38404 alt-svc h3=":443"; ma=86400 last-modified Sun, 08 Oct 2023 18:15:49 GMT server cloudflare etag W/"6522f1d5-30c" vary Accept-Encoding access-control-allow-methods GET content-type text/css access-control-allow-origin * report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qej7f9PZAHqfkuv1Kv8SWlvny2FJ8x%2BSqfQPDqYGiMwMP7M3FDq%2BPbsQMhgl0XQmtXpJtdVaAkINPXO%2FIkvHlRgIa%2FWQPtTdjZgo4JyV3Urgq04rBN9foV43avdwVlYeMt9aPhg2yuBn"}],"group":"cf-nel","max_age":604800} cache-control max-age=604800 cf-ray 813992cd995c65d4-FRA expires Mon, 16 Oct 2023 10:23:54 GMT
GET H3	200	/ Show response de-dhl.xyz/socket.io/	118 B 513 B	783ms 782ms	XHR text/plain	2606:4700:3032::6815:507c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://de-dhl.xyz/socket.io/?EIO=4&transport=polling&t=OiMGF_I Requested by Host: de-dhl.xyz URL: https://de-dhl.xyz/assets/EPGtQi5nkj3e7d1f38.1696788929173.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:507c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5b32017b5d6fac4107a3fd720be11943a251ba80104c0593874368e776483116` Request headers Accept / Referer https://de-dhl.xyz/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 21:04:01 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3SCk101n3FmF3niKWaCkMWcFTt2TA9j7pX5la3HDGbCY8SkH9evZg1RqSv%2F2FcPeuzHuyQUUxS%2BS57TPlgZ9IGHP7z53auyQNJ8KkMKbJa5dL1aZYw9b0dA2d39x3XQiDToWzufrLPHG"}],"group":"cf-nel","max_age":604800} content-type text/plain; charset=UTF-8 access-control-allow-origin * cf-ray 813992d30a1b920b-FRA alt-svc h3=":443"; ma=86400
GET H3	200	iKrraGcz8t390b914f.1696788929173.js Show response de-dhl.xyz/assets/	219 KB 45 KB	37ms 36ms	Script application/javascript	2606:4700:3032::6815:507c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://de-dhl.xyz/assets/iKrraGcz8t390b914f.1696788929173.js Requested by Host: de-dhl.xyz URL: https://de-dhl.xyz/assets/EPGtQi5nkj3e7d1f38.1696788929173.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:507c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `3f01c0a274411443114a8cdce614daf52f4c9d8607a40382c1c8404ad9ff70a8` Request headers Referer Origin https://de-dhl.xyz accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 21:04:00 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 38620 alt-svc h3=":443"; ma=86400 last-modified Sun, 08 Oct 2023 18:16:18 GMT server cloudflare etag W/"6522f1f2-36d88" vary Accept-Encoding access-control-allow-methods GET content-type application/javascript access-control-allow-origin * report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S%2BV8hfpSNKhGSfMD6axmhsFUOlod5fjHa5ssnklZoO4OEIHBHgs0oZai06qnd9EHxk14aDFE0wpWZfRMSP3nAFNVqIPuU7R5AnRWPH%2BODtoA9evjVjvVh9UDyIxUN7iY3CDm%2FJFTrNEO"}],"group":"cf-nel","max_age":604800} cache-control max-age=604800 cf-ray 813992d31a27920b-FRA expires Mon, 16 Oct 2023 10:20:20 GMT
GET H3	200	iKrraGcz8tc27b6911.1696788929173.js Show response de-dhl.xyz/assets/	4 KB 2 KB	32ms 30ms	Script application/javascript	2606:4700:3032::6815:507c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://de-dhl.xyz/assets/iKrraGcz8tc27b6911.1696788929173.js Requested by Host: de-dhl.xyz URL: https://de-dhl.xyz/assets/EPGtQi5nkj3e7d1f38.1696788929173.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:507c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `60d3752780a95ce359da2a82516fef1b43c387342129f7a500c0d86a0c3925de` Request headers Referer Origin https://de-dhl.xyz accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 21:04:00 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 38620 alt-svc h3=":443"; ma=86400 last-modified Sun, 08 Oct 2023 18:16:19 GMT server cloudflare etag W/"6522f1f3-11fa" vary Accept-Encoding access-control-allow-methods GET content-type application/javascript access-control-allow-origin * report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u3uXA4MHzrxYIgWlhSHljd3ff%2Bxq2zTQ6SZYsHStMpt7bLWRfX1EPPblDPDgAgKzCpPlTaBPhGKkPq46B97byjsRriDzWIa6zQg%2FzRLeOBKQXPZ2flROWzVy9w8jEAIbIK8uuXhecEKp"}],"group":"cf-nel","max_age":604800} cache-control max-age=604800 cf-ray 813992d31a28920b-FRA expires Mon, 16 Oct 2023 10:20:20 GMT
GET H3	200	WWcTkb73rZ1d03c613.1696788929173.css de-dhl.xyz/assets/	136 KB 21 KB	80ms 79ms	Stylesheet text/css	2606:4700:3032::6815:507c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://de-dhl.xyz/assets/WWcTkb73rZ1d03c613.1696788929173.css Requested by Host: de-dhl.xyz URL: https://de-dhl.xyz/assets/EPGtQi5nkj3e7d1f38.1696788929173.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:507c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `1d03c613f7e9ddc6235a29a8f8835e8b68d53c5560fc03e4e9ca1cf32da211f9` Request headers accept-language de-DE,de;q=0.9 Referer https://de-dhl.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 21:04:00 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 38620 alt-svc h3=":443"; ma=86400 last-modified Sun, 08 Oct 2023 18:15:49 GMT server cloudflare etag W/"6522f1d5-21f49" vary Accept-Encoding access-control-allow-methods GET content-type text/css access-control-allow-origin * report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LlzapslwwGVmbGeMnvjPlPDjYSc0UDW75WIafCcA6gFh9hKLa6Vvqq4ft65alnEYSgHvaz2eXpiKlD6fO5E4zup2%2Bf7eBwpZotRmUD50ySYNjeqithKX9EKy2OKWbZBsV1I89R0ZZD7N"}],"group":"cf-nel","max_age":604800} cache-control max-age=604800 cf-ray 813992d31a2a920b-FRA expires Mon, 16 Oct 2023 10:20:20 GMT
GET H3	200	iKrraGcz8t22bf90cf.1696788929173.js Show response de-dhl.xyz/assets/	9 KB 4 KB	34ms 34ms	Script application/javascript	2606:4700:3032::6815:507c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://de-dhl.xyz/assets/iKrraGcz8t22bf90cf.1696788929173.js Requested by Host: de-dhl.xyz URL: https://de-dhl.xyz/assets/EPGtQi5nkj3e7d1f38.1696788929173.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:507c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e1bbe1e00fd6b827a9b3d56434b193b31b51850c95cea8db37e28a6200e9014b` Request headers Referer Origin https://de-dhl.xyz accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 21:04:00 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 38620 alt-svc h3=":443"; ma=86400 last-modified Sun, 08 Oct 2023 18:16:15 GMT server cloudflare etag W/"6522f1ef-23bc" vary Accept-Encoding access-control-allow-methods GET content-type application/javascript access-control-allow-origin * report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ca5CKvGqaAZbDfQFKup1JTaQtoeVtfAtnq%2BGzyUzGzuh%2FmyXuOAq6lobbMWWuye6pPRsTF2TyLLD75liqkM%2BoNwuaROD5ZpbYQYz%2BEbds3tXUr%2BY6Y5GsSo8D3BcXF0Ds%2BxNEn1kqQ2P"}],"group":"cf-nel","max_age":604800} cache-control max-age=604800 cf-ray 813992d31a2b920b-FRA expires Mon, 16 Oct 2023 10:20:20 GMT
GET H3	200	WWcTkb73rZ4cd1ec68.1696788929173.css de-dhl.xyz/assets/	323 B 684 B	30ms 29ms	Stylesheet text/css	2606:4700:3032::6815:507c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://de-dhl.xyz/assets/WWcTkb73rZ4cd1ec68.1696788929173.css Requested by Host: de-dhl.xyz URL: https://de-dhl.xyz/assets/EPGtQi5nkj3e7d1f38.1696788929173.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:507c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4cd1ec684ce1c4f864a8e95f9f7695c7f708160192531ff8e55fc5023abf5b64` Request headers accept-language de-DE,de;q=0.9 Referer https://de-dhl.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 21:04:00 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 38620 alt-svc h3=":443"; ma=86400 last-modified Sun, 08 Oct 2023 18:15:49 GMT server cloudflare etag W/"6522f1d5-143" vary Accept-Encoding access-control-allow-methods GET content-type text/css access-control-allow-origin * report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uBZ284feMrbFgV7MJd8pDp9G%2BOS%2BG%2Fp3o5cFL1RtEj1YregNKFF%2BxpRCMuHFNgwN32hFz5kr5vW0DvqLU6QMbDGalvt14Q9B0PEB%2FW9vZQkLsbp%2FHpIhwj%2Bv%2BUYSCqxs1DUvFJv1LJVo"}],"group":"cf-nel","max_age":604800} cache-control max-age=604800 cf-ray 813992d31a2c920b-FRA expires Mon, 16 Oct 2023 10:20:20 GMT
POST H3	200	/ Show response de-dhl.xyz/socket.io/	2 B 400 B	774ms 772ms	XHR text/html	2606:4700:3032::6815:507c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://de-dhl.xyz/socket.io/?EIO=4&transport=polling&t=OiMGGBj&sid=GLDOaTMrDMhFYdBIAAfw Requested by Host: de-dhl.xyz URL: https://de-dhl.xyz/assets/EPGtQi5nkj3e7d1f38.1696788929173.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:507c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df` Request headers Accept / Referer https://de-dhl.xyz/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Content-type text/plain;charset=UTF-8 Response headers date Mon, 09 Oct 2023 21:04:02 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Oagfst5ZxM6at7BxNHcMD9sr7OLhwS1df1ONmuiG6fYRzwuhNNn%2BWdghRholqILGOesaUJxMXoh63AsDu9diJg1zmwXoHqqz2ffZhyjchQGBovq%2F5q7mjVsEGDXxDtGQaeC%2FPplH0pqp"}],"group":"cf-nel","max_age":604800} content-type text/html access-control-allow-origin * cf-ray 813992d80d6e920b-FRA alt-svc h3=":443"; ma=86400
GET H3	200	/ Show response de-dhl.xyz/socket.io/	32 B 447 B	781ms 781ms	XHR text/plain	2606:4700:3032::6815:507c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://de-dhl.xyz/socket.io/?EIO=4&transport=polling&t=OiMGGBk&sid=GLDOaTMrDMhFYdBIAAfw Requested by Host: de-dhl.xyz URL: https://de-dhl.xyz/assets/EPGtQi5nkj3e7d1f38.1696788929173.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:507c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8b421a1daa9d9da5a783a352feaaa92e7bc4fb080a74b218ca7950b919a9d012` Request headers Accept / Referer https://de-dhl.xyz/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 21:04:02 GMT cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KuING%2Fb7ErPzDm9wscowBI8KQK6gnF4NHZEIjopygERAj6Rylxhy%2BuUKCk%2B%2BdhcuWgNEBI9wHm6KhpvL6F9wlPArRIP%2Bas1jpzNMRLYt3FiNIAvUXzwmwUYy9GjSgeCumOGOKDusruF%2F"}],"group":"cf-nel","max_age":604800} content-type text/plain; charset=UTF-8 access-control-allow-origin * cf-ray 813992d80d6f920b-FRA alt-svc h3=":443"; ma=86400 content-length 32
GET H3	200	/ Show response de-dhl.xyz/socket.io/	8 B 420 B	404ms 404ms	XHR text/plain	2606:4700:3032::6815:507c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://de-dhl.xyz/socket.io/?EIO=4&transport=polling&t=OiMGGNz&sid=GLDOaTMrDMhFYdBIAAfw Requested by Host: de-dhl.xyz URL: https://de-dhl.xyz/assets/EPGtQi5nkj3e7d1f38.1696788929173.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:507c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `6581343350af22438cf2e2b22a8eecb72925d7292bae46f8b731f19a14e43747` Request headers Accept / Referer https://de-dhl.xyz/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 21:04:02 GMT cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uByHKm%2FdlzPUvyCxrzRpDji2fYnH%2F%2F9qIv71KRtOSH%2BeTze%2By26FCPJu1j5O8Ez0ur4tcmUP0NA5vJ2wcshX3hGHMZSDzs0Gj4TUhMQd%2BQ9PLN4sOwKzX4aNWf3wHLJG3WEx8G4W8h2c"}],"group":"cf-nel","max_age":604800} content-type text/plain; charset=UTF-8 access-control-allow-origin * cf-ray 813992dce868920b-FRA alt-svc h3=":443"; ma=86400 content-length 8
POST H3	200	/ Show response de-dhl.xyz/socket.io/	2 B 404 B	416ms 416ms	XHR text/html	2606:4700:3032::6815:507c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://de-dhl.xyz/socket.io/?EIO=4&transport=polling&t=OiMGGN-&sid=GLDOaTMrDMhFYdBIAAfw Requested by Host: de-dhl.xyz URL: https://de-dhl.xyz/assets/EPGtQi5nkj3e7d1f38.1696788929173.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:507c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df` Request headers Accept / Referer https://de-dhl.xyz/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Content-type text/plain;charset=UTF-8 Response headers date Mon, 09 Oct 2023 21:04:02 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1VIICNcVcJAx%2FvGVMq6shR1m974qI4p6bQYdSSdzICXBzee7qf1PalqddsSKSKkMRI%2Bz5XD8fxJxoL45HnQhdrk6RdDCLKeBPIAXdERpDv5YxFZv4d%2FrVLvK%2FfoL4ktY7Ba0Jkg73328"}],"group":"cf-nel","max_age":604800} content-type text/html access-control-allow-origin * cf-ray 813992dce869920b-FRA alt-svc h3=":443"; ma=86400
GET H3	200	/ Show response de-dhl.xyz/socket.io/	162 B 535 B	400ms 399ms	XHR text/plain	2606:4700:3032::6815:507c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://de-dhl.xyz/socket.io/?EIO=4&transport=polling&t=OiMGGUJ&sid=GLDOaTMrDMhFYdBIAAfw Requested by Host: de-dhl.xyz URL: https://de-dhl.xyz/assets/EPGtQi5nkj3e7d1f38.1696788929173.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:507c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `126c30e47d2a03377d9d1f1b32ac820ff7ee0af0be982970c7a3f27cc87f9f67` Request headers Accept / Referer https://de-dhl.xyz/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 21:04:02 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=89W7IFytyd4BnDscXDP79T2jUSY0XbX4ZgU1yA32GaR914JHkLMKS1cYdtCBRRyM63MujkulCT%2FM%2FhwTx6%2BvoydUkU%2B8Ql9BAn1lHyXYf1j%2BwL4FIbNVTStxSNznNB0kA5WKsjpi1PcH"}],"group":"cf-nel","max_age":604800} content-type text/plain; charset=UTF-8 access-control-allow-origin * cf-ray 813992df69ce920b-FRA alt-svc h3=":443"; ma=86400
POST H3	201	save-data Show response de-dhl.xyz/api/	748 B 1 KB	423ms 422ms	XHR application/json	2606:4700:3032::6815:507c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://de-dhl.xyz/api/save-data Requested by Host: de-dhl.xyz URL: https://de-dhl.xyz/assets/EPGtQi5nkj3e7d1f38.1696788929173.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:507c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `6438f7671db5f79f274b8d8dd02188ff455a18007d625998f9c50ddfd813d72c` Request headers Content-Type application/json Accept application/json, text/plain, / Referer https://de-dhl.xyz/ remark 0 accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 version 230803 Response headers date Mon, 09 Oct 2023 21:04:03 GMT cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express etag W/"2ec-yAXKHOV3pGEngjsGmTVTJUSmSRM" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yJN4BfMLfGpvM99e2pxa7%2FtneitZ5VNO91AEtb9zGAQ9tOsCjqYzfsdbY0AIyGPgsSjOrFPiUG23MnVW25owIJBM%2FK9Muyrl6tXB0gLl9UPivClvyDh8gWvMn09OehBPzVER7xAelt19"}],"group":"cf-nel","max_age":604800} content-type application/json; charset=utf-8 access-control-allow-origin * cf-ray 813992e47ce9920b-FRA alt-svc h3=":443"; ma=86400 content-length 748
GET H3	200	get-app-settings Show response de-dhl.xyz/api/	1 KB 967 B	405ms 405ms	XHR application/json	2606:4700:3032::6815:507c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://de-dhl.xyz/api/get-app-settings Requested by Host: de-dhl.xyz URL: https://de-dhl.xyz/assets/EPGtQi5nkj3e7d1f38.1696788929173.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:507c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `f0d3e3ec47f65af40cebc8c7954e62bbc51bd2938b034dc910f07f6258deba67` Request headers Accept application/json, text/plain, / Referer https://de-dhl.xyz/ remark 0 accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 version 230803 Response headers date Mon, 09 Oct 2023 21:04:03 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express etag W/"5bc-TilCqhIMGI2jd37mkdzPma5t5+M" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B3HoQBHF9ytMx6eMXX6W69sq1H5O6cnU1nCIklFgDNwlyJP8bMrucYgtQXsS2nA2PabMJpysRMMF0Yz%2FiQ07yUp2lWGDt4KgAghziwFt5wRP6hl9qGN0r8LmLqX2eizzm2KpACE8ynqf"}],"group":"cf-nel","max_age":604800} content-type application/json; charset=utf-8 access-control-allow-origin * cf-ray 813992e47cea920b-FRA alt-svc h3=":443"; ma=86400
GET H3	200	39.svg de-dhl.xyz/layout/images/	904 B 818 B	31ms 30ms	Image image/svg+xml	2606:4700:3032::6815:507c CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://de-dhl.xyz/layout/images/39.svg Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:507c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a6b35b6b7cabb9d33c2e1d6afef2d5f546a2fd3912f5f3e96495cd64218b9251` Request headers accept-language de-DE,de;q=0.9 Referer https://de-dhl.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 21:04:03 GMT content-encoding br cf-cache-status HIT last-modified Sun, 08 Oct 2023 18:15:31 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 38619 etag W/"6522f1c3-388" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BDf6D%2F46kPobu97N33maRn8HKl4ARW5Loz4W7bPrZoV9TZPPCBFBqPVC09j4%2FXstBfvZMqAjs0XJ70AAorNayOf2GhwFXDR%2FILwsdQA0hbnUQfggK1735nq7hdNlIIR%2FugizgZPh8hVx"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=604800 cf-ray 813992e7ef0b920b-FRA alt-svc h3=":443"; ma=86400 expires Mon, 16 Oct 2023 10:20:24 GMT
GET H3	200	40.svg de-dhl.xyz/layout/images/	2 KB 1 KB	33ms 32ms	Image image/svg+xml	2606:4700:3032::6815:507c CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://de-dhl.xyz/layout/images/40.svg Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:507c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `aeed178a287002e32c4a7767dc24b3c732a812cdd42017835055e42db4d2eae1` Request headers accept-language de-DE,de;q=0.9 Referer https://de-dhl.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 21:04:03 GMT content-encoding br cf-cache-status HIT last-modified Sun, 08 Oct 2023 18:15:31 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 38619 etag W/"6522f1c3-7f8" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9qeExXWqujQqlHCwkugV3BNPqBW63tO838fCK%2BdrmoCM1bxmdPacLGGvlymtJMJCBaZenQV3riB%2FJ9ALLRj1xKZy%2FSiTTfDdCemdbqjwBJbuHZXvW2mivpDrZoBxoYvPZ4dh5ng7U3BV"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=604800 cf-ray 813992e7ef0f920b-FRA alt-svc h3=":443"; ma=86400 expires Mon, 16 Oct 2023 10:20:24 GMT
GET H3	200	10.jpg de-dhl.xyz/layout/images/	141 KB 142 KB	37ms 36ms	Image image/jpeg	2606:4700:3032::6815:507c CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://de-dhl.xyz/layout/images/10.jpg Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:507c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e7e004461a5ac7a39884f92d3f0b3e12e6e3cb7910ed0e46c557c2eb3ba4e24b` Request headers accept-language de-DE,de;q=0.9 Referer https://de-dhl.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 21:04:03 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 38619 alt-svc h3=":443"; ma=86400 content-length 144736 last-modified Sun, 08 Oct 2023 18:15:31 GMT server cloudflare etag "6522f1c3-23560" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dm8PsWzoeVhuuCXa5B0bQrTcBuIX%2BWMZrYh%2Fzbgp9mDqlvzVgvLplaiOLVc%2BD%2B3hFnASahsyrnuP5tZ3fNGdkqUgKCgCw3IkVkyfMrYh%2Bxx3h2LxfmlKlmvEVmh85YPawZlfJLabUAea"}],"group":"cf-nel","max_age":604800} content-type image/jpeg cache-control max-age=604800 accept-ranges bytes cf-ray 813992e7ef11920b-FRA expires Mon, 16 Oct 2023 10:20:24 GMT
GET H3	200	57.png de-dhl.xyz/layout/images/	7 KB 8 KB	37ms 36ms	Image image/png	2606:4700:3032::6815:507c CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://de-dhl.xyz/layout/images/57.png Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:507c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `154a23dbce423c9279d9cb22e19181aa0f4f10b252aaf67aa82026ea46cffe19` Request headers accept-language de-DE,de;q=0.9 Referer https://de-dhl.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Mon, 09 Oct 2023 21:04:03 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 38619 alt-svc h3=":443"; ma=86400 content-length 7273 last-modified Sun, 08 Oct 2023 18:15:31 GMT server cloudflare etag "6522f1c3-1c69" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6PwCMB%2BcywRlGmZnZ1x7XSY2zkUQzVrxG0O%2BqeCxwOTayCIGxuUPi6C1jFtlEX5lbIbPEKKO3zL%2F8pCSIVONusPoGyr94aReFgDVv9UJ6RNjxS4AjIQLCdEgXVOWct6vMCl3whfh8HPT"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=604800 accept-ranges bytes cf-ray 813992e7ef13920b-FRA expires Mon, 16 Oct 2023 10:20:24 GMT

de-dhl.xyz Open in urlscan Pro 2606:4700:3032::6815:507c Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

29 Requests

86 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

2356 kBTransfer

7331 kBSize

0 Cookies

97 Outgoing links

Page URL History

Redirected requests

29 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

de-dhl.xyz Open in urlscan Pro
2606:4700:3032::6815:507c Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

29
Requests

86 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

2356 kB
Transfer

7331 kB
Size

0
Cookies

29 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!