dhl-cz.id4287621.xyz

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 5 HTTP transactions. The main IP is 212.193.14.2, located in Czech Republic and belongs to MDCLOUD, IT. The main domain is dhl-cz.id4287621.xyz.
TLS certificate: Issued by R3 on September 24th 2022. Valid for: 3 months.

This is the only time dhl-cz.id4287621.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 2	45.130.41.48 45.130.41.48	198610 (BEGET-AS) (BEGET-AS)
1 5	212.193.14.2 212.193.14.2	203394 (MDCLOUD) (MDCLOUD)
5	2

2 45.130.41.48 (Russian Federation) 1 redirects

ASN198610 (BEGET-AS, RU)
PTR: ssl.plotva.beget.com

hide.su	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 212.193.14.2 (Czech Republic) 1 redirects

ASN203394 (MDCLOUD, IT)

dhl-cz.id4287621.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	id4287621.xyz 1 redirects dhl-cz.id4287621.xyz	29 KB
2	hide.su 1 redirects hide.su	606 B
5	2

	Domain	Requested by
5	dhl-cz.id4287621.xyz	1 redirects hide.su dhl-cz.id4287621.xyz
2	hide.su	1 redirects
5	2

This site contains no links.

Subject Issuer	Validity	Valid
hide.su R3	`2022-09-07` - `2022-12-06`	3 months	crt.sh
id4287621.xyz R3	`2022-09-24` - `2022-12-23`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://dhl-cz.id4287621.xyz/404
Frame ID: 7AD0176901EED9ECBB06C44C82025663
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

An error has occurred!

Page URL History Show full URLs

https://hide.su/ct2Q/ Page URL
https://hide.su/ct2Q/ HTTP 301
https://dhl-cz.id4287621.xyz/csh/81001216 HTTP 302
https://dhl-cz.id4287621.xyz/csh/81001216 Page URL
https://dhl-cz.id4287621.xyz/404 Page URL

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

29 kB
Transfer

36 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://hide.su/ct2Q/ Page URL
https://hide.su/ct2Q/ HTTP 301
https://dhl-cz.id4287621.xyz/csh/81001216 HTTP 302
https://dhl-cz.id4287621.xyz/csh/81001216 Page URL
https://dhl-cz.id4287621.xyz/404 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://hide.su/ct2Q/ HTTP 301
https://dhl-cz.id4287621.xyz/csh/81001216 HTTP 302
https://dhl-cz.id4287621.xyz/csh/81001216

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ hide.su/ct2Q/	274 B 408 B	179ms 57ms	Document text/html	45.130.41.48 BEGET-AS
General Check archive.org Show headers Download Go to Full URL https://hide.su/ct2Q/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 45.130.41.48 , Russian Federation, ASN198610 (BEGET-AS, RU), Reverse DNS ssl.plotva.beget.com Software nginx-reuseport/1.21.1 / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes content-length 274 content-type text/html date Sun, 25 Sep 2022 21:08:13 GMT etag "62740dcd-112" last-modified Thu, 05 May 2022 17:47:57 GMT server nginx-reuseport/1.21.1
GET H2	200	81001216 Show response dhl-cz.id4287621.xyz/csh/ Redirect Chain https://hide.su/ct2Q/ https://dhl-cz.id4287621.xyz/csh/81001216 https://dhl-cz.id4287621.xyz/csh/81001216	8 KB 1 KB	5925ms 5924ms	Document text/html	212.193.14.2 MDCLOUD
General Check archive.org Show headers Download Go to Full URL https://dhl-cz.id4287621.xyz/csh/81001216 Requested by Host: hide.su URL: https://hide.su/ct2Q/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 212.193.14.2 , Czech Republic, ASN203394 (MDCLOUD, IT), Reverse DNS Software AntiDDoS / Resource Hash `05a02a2f4086026678166890e17e531715766bd4bbce4010125fe760947df48c` Request headers Referer https://hide.su/ct2Q/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding br content-type text/html; charset=utf-8 date Sun, 25 Sep 2022 21:08:20 GMT server AntiDDoS vary Accept-Encoding Redirect headers content-length 0 content-type text/html date Sun, 25 Sep 2022 21:08:14 GMT location /csh/81001216 server AntiDDoS x-powered-by PHP/5.4.16
POST H2	200	redir.php dhl-cz.id4287621.xyz/files/	0 80 B	363ms 363ms	XHR text/html	212.193.14.2 MDCLOUD
General Check archive.org Show headers Download Go to Full URL https://dhl-cz.id4287621.xyz/files/redir.php Requested by Host: dhl-cz.id4287621.xyz URL: https://dhl-cz.id4287621.xyz/csh/81001216 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 212.193.14.2 , Czech Republic, ASN203394 (MDCLOUD, IT), Reverse DNS Software AntiDDoS / PHP/5.4.16 Resource Hash Request headers Referer https://dhl-cz.id4287621.xyz/csh/81001216 accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers date Sun, 25 Sep 2022 21:08:21 GMT server AntiDDoS x-powered-by PHP/5.4.16 content-length 0 content-type text/html
GET H2	200	Primary Request 404 Show response dhl-cz.id4287621.xyz/	818 B 469 B	54ms 53ms	Document text/html	212.193.14.2 MDCLOUD
General Check archive.org Show headers Download Go to Full URL https://dhl-cz.id4287621.xyz/404 Requested by Host: dhl-cz.id4287621.xyz URL: https://dhl-cz.id4287621.xyz/csh/81001216 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 212.193.14.2 , Czech Republic, ASN203394 (MDCLOUD, IT), Reverse DNS Software AntiDDoS / PHP/5.4.16 Resource Hash `8fc47ada62a9d1c8497c91b2bb46b4b35318c5167e0e9da1502972d84779be16` Request headers Referer https://dhl-cz.id4287621.xyz/csh/81001216 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding br content-type text/html; charset=utf-8 date Sun, 25 Sep 2022 21:08:21 GMT server AntiDDoS vary Accept-Encoding x-powered-by PHP/5.4.16
GET H2	200	notf dhl-cz.id4287621.xyz/css/81365841/img/	27 KB 27 KB	721ms 721ms	Image image/png	212.193.14.2 MDCLOUD
General Check archive.org Show headers Download Go to Show image Full URL https://dhl-cz.id4287621.xyz/css/81365841/img/notf Requested by Host: dhl-cz.id4287621.xyz URL: https://dhl-cz.id4287621.xyz/404 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 212.193.14.2 , Czech Republic, ASN203394 (MDCLOUD, IT), Reverse DNS Software AntiDDoS / Resource Hash `ba4939a530e9e7723685b001b309d139ce20c3e148bf635cd97926e038c2576d` Request headers accept-language de-DE,de;q=0.9 Referer https://dhl-cz.id4287621.xyz/404 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Sun, 25 Sep 2022 21:08:22 GMT content-type image/png server AntiDDoS

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
hide.su/	1970-01-20 11:38:20	Name: beget Value: begetok
dhl-cz.id4287621.xyz/	1970-01-20 06:15:43	Name: browser Value: Chrome
dhl-cz.id4287621.xyz/	1970-01-20 06:15:43	Name: device Value: Windows
dhl-cz.id4287621.xyz/	1970-01-20 06:15:43	Name: ip Value: 5.9.93.145
dhl-cz.id4287621.xyz/	1970-01-20 06:15:43	Name: access Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dhl-cz.id4287621.xyz
hide.su
212.193.14.2
45.130.41.48
05a02a2f4086026678166890e17e531715766bd4bbce4010125fe760947df48c
8fc47ada62a9d1c8497c91b2bb46b4b35318c5167e0e9da1502972d84779be16
ba4939a530e9e7723685b001b309d139ce20c3e148bf635cd97926e038c2576d

dhl-cz.id4287621.xyz Open in urlscan Pro 212.193.14.2 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

5 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

29 kBTransfer

36 kBSize

5 Cookies

0 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

5 Cookies

Indicators

dhl-cz.id4287621.xyz Open in urlscan Pro
212.193.14.2 Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

29 kB
Transfer

36 kB
Size

5
Cookies

5 HTTP transactions
0 data transactions