urlscan.io logo urlscan.io
SecurityTrails logo

phpmi2.delivery-projects.com Open in urlscan Pro
141.193.213.21  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://z-bike.ch/nli?ID=56bc4a0f3e4dc32a2c196253780a3e4f=ID48302395223834748216765434
Effective URL: https://phpmi2.delivery-projects.com/wp-content/maintenance/assets/images/css/Meine/auth/login-action/index.html
Submission: On May 03 via api from GB — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 3 HTTP transactions. The main IP is 141.193.213.21, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is phpmi2.delivery-projects.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on September 28th 2022. Valid for: a year.
This is the only time phpmi2.delivery-projects.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DPD (Transportation)

Domain & IP information

IP Address AS Autonomous System
1 2 195.190.166.206 12620 (TICINOCOM)
2 141.193.213.21 209242 (CLOUDFLAR...)
3 3
Apex Domain
Subdomains		 Transfer
2 delivery-projects.com
phpmi2.delivery-projects.com
233 KB
2 z-bike.ch
z-bike.ch
694 B
3 2
Domain Requested by
2 phpmi2.delivery-projects.com
2 z-bike.ch 1 redirects
3 2

This site contains no links.

Subject Issuer Validity Valid
webdisk.z-bike.ch
R3		 2023-03-23 -
2023-06-21		 3 months crt.sh
phpmi2.delivery-projects.com
Cloudflare Inc ECC CA-3		 2022-09-28 -
2023-09-28		 a year crt.sh

This page contains 1 frames:

Primary Page: https://phpmi2.delivery-projects.com/wp-content/maintenance/assets/images/css/Meine/auth/login-action/index.html
Frame ID: F21E7C5A2E7CF0249636074439E9238C
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Zahlung bestätigen - Schweizerische DṖD

Page URL History Show full URLs

  1. https://z-bike.ch/nli?ID=56bc4a0f3e4dc32a2c196253780a3e4f=ID48302395223834748216765434 HTTP 301
    https://z-bike.ch/nli/?ID=56bc4a0f3e4dc32a2c196253780a3e4f=ID48302395223834748216765434 Page URL
  2. https://phpmi2.delivery-projects.com/wp-content/maintenance/assets/images/css/Meine/auth/ Page URL
  3. https://phpmi2.delivery-projects.com/wp-content/maintenance/assets/images/css/Meine/auth/login-action/index.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/

Page Statistics

3
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

440 kB
Transfer

587 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://z-bike.ch/nli?ID=56bc4a0f3e4dc32a2c196253780a3e4f=ID48302395223834748216765434 HTTP 301
    https://z-bike.ch/nli/?ID=56bc4a0f3e4dc32a2c196253780a3e4f=ID48302395223834748216765434 Page URL
  2. https://phpmi2.delivery-projects.com/wp-content/maintenance/assets/images/css/Meine/auth/ Page URL
  3. https://phpmi2.delivery-projects.com/wp-content/maintenance/assets/images/css/Meine/auth/login-action/index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://z-bike.ch/nli?ID=56bc4a0f3e4dc32a2c196253780a3e4f=ID48302395223834748216765434 HTTP 301
  • https://z-bike.ch/nli/?ID=56bc4a0f3e4dc32a2c196253780a3e4f=ID48302395223834748216765434

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
z-bike.ch/nli/
Redirect Chain
  • https://z-bike.ch/nli?ID=56bc4a0f3e4dc32a2c196253780a3e4f=ID48302395223834748216765434
  • https://z-bike.ch/nli/?ID=56bc4a0f3e4dc32a2c196253780a3e4f=ID48302395223834748216765434
195 B
386 B 		Document
General
Check archive.org
Download Go to
Full URL
https://z-bike.ch/nli/?ID=56bc4a0f3e4dc32a2c196253780a3e4f=ID48302395223834748216765434
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
195.190.166.206 , Switzerland, ASN12620 (TICINOCOM, CH),
Reverse DNS
sh06.ticino.com
Software
Apache /
Resource Hash
33db932201f949fb38746f7cba40a6b2f11737f5a9a528077f54c87a43b79a7b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language
de-DE,de;q=0.9

Response headers

Connection
Keep-Alive
Content-Type
text/html
Date
Wed, 03 May 2023 12:36:40 GMT
Keep-Alive
timeout=5, max=99
Server
Apache
Transfer-Encoding
chunked

Redirect headers

Connection
Keep-Alive
Content-Length
355
Content-Type
text/html; charset=iso-8859-1
Date
Wed, 03 May 2023 12:36:40 GMT
Keep-Alive
timeout=5, max=100
Location
https://z-bike.ch/nli/?ID=56bc4a0f3e4dc32a2c196253780a3e4f=ID48302395223834748216765434
Server
Apache
/
phpmi2.delivery-projects.com/wp-content/maintenance/assets/images/css/Meine/auth/ 		122 B
383 B 		Document
General
Check archive.org
Download Go to
Full URL
https://phpmi2.delivery-projects.com/wp-content/maintenance/assets/images/css/Meine/auth/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / WP Engine
Resource Hash
3452c8b113a7ad07526208fa56f93d0bb970829d9ec475f16ada3129e1dac1c8

Request headers

Referer
https://z-bike.ch/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
max-age=600, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
7c188d14dbab9b33-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 03 May 2023 12:36:42 GMT
server
cloudflare
vary
Accept-Encoding Accept-Encoding,Cookie
x-cache
HIT: 2
x-cache-group
iphone
x-cacheable
SHORT
x-powered-by
WP Engine
Primary Request index.html
phpmi2.delivery-projects.com/wp-content/maintenance/assets/images/css/Meine/auth/login-action/ 		361 KB
233 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://phpmi2.delivery-projects.com/wp-content/maintenance/assets/images/css/Meine/auth/login-action/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
35202dfdd82b80efc884fe906e6e2df7e753e5d9bfd98be9d04db06e0b5a901f

Request headers

Referer
https://phpmi2.delivery-projects.com/wp-content/maintenance/assets/images/css/Meine/auth/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
max-age=600, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
7c188d153c0a9b33-FRA
content-encoding
br
content-type
text/html
date
Wed, 03 May 2023 12:36:42 GMT
last-modified
Mon, 01 May 2023 14:23:43 GMT
server
cloudflare
vary
Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache
HIT: 5
x-cache-group
iphone
x-cacheable
SHORT
x-orig-cache-control
max-age=600, must-revalidate
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c1ff2532853664ecbc145f4dbc95fae8291a3ec722dbb0586b5a248790d9a52f

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/svg+xml
truncated
/ 		12 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a123b651c9caea90bfa0b9dd5c1df7ce16ed998ff8ee14801147f0113cc68a14

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/jpeg
truncated
/ 		597 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
255ac343be8acf31ca3debe1a89ecfeb7bf7949ca9bfcce726ec20db90d4ff71

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/png
truncated
/ 		572 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
441985bca86f350bd89721c5219dbcee393f2d9b206930ba3997919a1f4d2e9c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/png
truncated
/ 		564 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1dd20181a733ac6bad0e65d39105cd1fe1bdd5cb9f68341a82d7a206310a1290

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/png
truncated
/ 		657 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b07b4ba931d2ff580554dec6bcdad83977282139a2c2278df7b37eeb811c9ade

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/png
truncated
/ 		187 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bf3d35d5cb9529e6a751dd854a9916e390be29855f04209c316a9ae8b2ceadb9

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/svg+xml
truncated
/ 		44 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
291cb4d4ba35092b9b8bd849c7156784c4d15c7b6857da97fa41ae0b80e972b9

Request headers

Referer
Origin
https://phpmi2.delivery-projects.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
font/woff
truncated
/ 		37 KB
37 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dceea27395ed1b2ab536cc460a7b398429d88232a11cea81458db125457a2b1c

Request headers

Referer
Origin
https://phpmi2.delivery-projects.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
font/woff
truncated
/ 		50 KB
50 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fa4f0aed1d0ec5764d186315819d7d80651bf620bc6378a9745701ad501a4984

Request headers

Referer
Origin
https://phpmi2.delivery-projects.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
font/woff
truncated
/ 		75 KB
75 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer
Origin
https://phpmi2.delivery-projects.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
font/woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DPD (Transportation)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| sk_opts

0 Cookies