phpmi2.delivery-projects.com
Open in
urlscan Pro
141.193.213.21
Malicious Activity!
Public Scan
Effective URL: https://phpmi2.delivery-projects.com/wp-content/maintenance/assets/images/css/Meine/auth/login-action/index.html
Submission: On May 03 via api from GB — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on September 28th 2022. Valid for: a year.
This is the only time phpmi2.delivery-projects.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DPD (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 195.190.166.206 195.190.166.206 | 12620 (TICINOCOM) (TICINOCOM) | |
2 | 141.193.213.21 141.193.213.21 | 209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare) | |
3 | 3 |
ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)
phpmi2.delivery-projects.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
delivery-projects.com
phpmi2.delivery-projects.com |
233 KB |
2 |
z-bike.ch
1 redirects
z-bike.ch |
694 B |
3 | 2 |
Domain | Requested by | |
---|---|---|
2 | phpmi2.delivery-projects.com | |
2 | z-bike.ch | 1 redirects |
3 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
webdisk.z-bike.ch R3 |
2023-03-23 - 2023-06-21 |
3 months | crt.sh |
phpmi2.delivery-projects.com Cloudflare Inc ECC CA-3 |
2022-09-28 - 2023-09-28 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://phpmi2.delivery-projects.com/wp-content/maintenance/assets/images/css/Meine/auth/login-action/index.html
Frame ID: F21E7C5A2E7CF0249636074439E9238C
Requests: 14 HTTP requests in this frame
Screenshot
Page Title
Zahlung bestätigen - Schweizerische DṖDPage URL History Show full URLs
-
https://z-bike.ch/nli?ID=56bc4a0f3e4dc32a2c196253780a3e4f=ID48302395223834748216765434
HTTP 301
https://z-bike.ch/nli/?ID=56bc4a0f3e4dc32a2c196253780a3e4f=ID48302395223834748216765434 Page URL
- https://phpmi2.delivery-projects.com/wp-content/maintenance/assets/images/css/Meine/auth/ Page URL
- https://phpmi2.delivery-projects.com/wp-content/maintenance/assets/images/css/Meine/auth/login-action/index.html Page URL
Detected technologies
WordPress (CMS) ExpandDetected patterns
- /wp-(?:content|includes)/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://z-bike.ch/nli?ID=56bc4a0f3e4dc32a2c196253780a3e4f=ID48302395223834748216765434
HTTP 301
https://z-bike.ch/nli/?ID=56bc4a0f3e4dc32a2c196253780a3e4f=ID48302395223834748216765434 Page URL
- https://phpmi2.delivery-projects.com/wp-content/maintenance/assets/images/css/Meine/auth/ Page URL
- https://phpmi2.delivery-projects.com/wp-content/maintenance/assets/images/css/Meine/auth/login-action/index.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://z-bike.ch/nli?ID=56bc4a0f3e4dc32a2c196253780a3e4f=ID48302395223834748216765434 HTTP 301
- https://z-bike.ch/nli/?ID=56bc4a0f3e4dc32a2c196253780a3e4f=ID48302395223834748216765434
3 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
z-bike.ch/nli/ Redirect Chain
|
195 B 386 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
phpmi2.delivery-projects.com/wp-content/maintenance/assets/images/css/Meine/auth/ |
122 B 383 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
index.html
phpmi2.delivery-projects.com/wp-content/maintenance/assets/images/css/Meine/auth/login-action/ |
361 KB 233 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
12 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
597 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
572 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
564 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
657 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
187 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
44 KB 44 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
37 KB 37 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
50 KB 50 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
75 KB 75 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DPD (Transportation)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| sk_opts0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
phpmi2.delivery-projects.com
z-bike.ch
141.193.213.21
195.190.166.206
1dd20181a733ac6bad0e65d39105cd1fe1bdd5cb9f68341a82d7a206310a1290
255ac343be8acf31ca3debe1a89ecfeb7bf7949ca9bfcce726ec20db90d4ff71
291cb4d4ba35092b9b8bd849c7156784c4d15c7b6857da97fa41ae0b80e972b9
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
33db932201f949fb38746f7cba40a6b2f11737f5a9a528077f54c87a43b79a7b
3452c8b113a7ad07526208fa56f93d0bb970829d9ec475f16ada3129e1dac1c8
35202dfdd82b80efc884fe906e6e2df7e753e5d9bfd98be9d04db06e0b5a901f
441985bca86f350bd89721c5219dbcee393f2d9b206930ba3997919a1f4d2e9c
a123b651c9caea90bfa0b9dd5c1df7ce16ed998ff8ee14801147f0113cc68a14
b07b4ba931d2ff580554dec6bcdad83977282139a2c2278df7b37eeb811c9ade
bf3d35d5cb9529e6a751dd854a9916e390be29855f04209c316a9ae8b2ceadb9
c1ff2532853664ecbc145f4dbc95fae8291a3ec722dbb0586b5a248790d9a52f
dceea27395ed1b2ab536cc460a7b398429d88232a11cea81458db125457a2b1c
fa4f0aed1d0ec5764d186315819d7d80651bf620bc6378a9745701ad501a4984