suspicious-babbage-5073e7.netlify.app

Summary

This website contacted 5 IPs in 2 countries across 7 domains to perform 7 HTTP transactions. The main IP is 2a05:d014:58f:6201::65, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is suspicious-babbage-5073e7.netlify.app.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on January 15th 2024. Valid for: a year.

This is the only time suspicious-babbage-5073e7.netlify.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DHL (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1	2a05:d014:58f... 2a05:d014:58f:6201::65	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42:600... 2a04:4e42:600::649	54113 (FASTLY) (FASTLY)
1	104.131.67.145 104.131.67.145	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2 2	2606:4700::68... 2606:4700::6812:bd73	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6812:1bc4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	2a02:26f0:350... 2a02:26f0:3500:882::296d	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
2	2a02:26f0:170... 2a02:26f0:1700:11::b856:679c	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
7	5

1 2a05:d014:58f:6201::65 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

suspicious-babbage-5073e7.netlify.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.131.67.145 (Clifton, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

cdn.freebiesupply.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:bd73 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

www.dhlparcel.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:1bc4 (United States)

ASN13335 (CLOUDFLARENET, US)

www.dhlecommerce.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:882::296d (Frankfurt am Main, Germany) 2 redirects

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

www.dpdhl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:1700:11::b856:679c (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

group.dhl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	dhl.com group.dhl.com — Cisco Umbrella Rank: 999808	262 KB
2	dpdhl.com 2 redirects www.dpdhl.com	641 B
2	dhlecommerce.nl www.dhlecommerce.nl — Cisco Umbrella Rank: 302960	3 KB
2	dhlparcel.nl 2 redirects www.dhlparcel.nl — Cisco Umbrella Rank: 587831	740 B
1	freebiesupply.com cdn.freebiesupply.com — Cisco Umbrella Rank: 246777	45 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 847	33 KB
1	netlify.app suspicious-babbage-5073e7.netlify.app	5 KB
7	7

	Domain	Requested by
2	group.dhl.com	suspicious-babbage-5073e7.netlify.app
2	www.dpdhl.com	2 redirects
2	www.dhlecommerce.nl	suspicious-babbage-5073e7.netlify.app
2	www.dhlparcel.nl	2 redirects
1	cdn.freebiesupply.com	suspicious-babbage-5073e7.netlify.app
1	code.jquery.com	suspicious-babbage-5073e7.netlify.app
1	suspicious-babbage-5073e7.netlify.app
7	7

This site contains no links.

Subject Issuer	Validity	Valid
*.netlify.app DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-01-15` - `2025-02-14`	a year	crt.sh
*.jquery.com Sectigo ECC Domain Validation Secure Server CA	`2024-06-25` - `2025-06-25`	a year	crt.sh
cdn.freebiesupply.com R10	`2024-11-17` - `2025-02-15`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://suspicious-babbage-5073e7.netlify.app/
Frame ID: A0A9CDAF1694D0D64491FE3D5CFF7F23
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

DHL Express | Track Shipment

Detected technologies

Netlify (Web Servers) Expand

Overall confidence: 100%
Detected patterns

^https?://[^/]+\.netlify\.(?:com|app)/

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

7
Requests

43 %
HTTPS

86 %
IPv6

7
Domains

7
Subdomains

5
IPs

2
Countries

349 kB
Transfer

426 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2

https://www.dhlparcel.nl/themes/custom/dp_theme/images/logo.svg HTTP 301
https://www.dhlecommerce.nl/themes/custom/dp_theme/images/logo.svg

Request Chain 3

https://www.dpdhl.com/content/dam/dpdhl/en/media-relations/press-release-1592x896/2021/freight-volvo-1-1592x896.web.796.448.jpg HTTP 301
https://group.dhl.com/content/dam/deutschepostdhl/en/media-relations/press-release-1592x896/2021/freight-volvo-1-1592x896.web.796.448.jpg

Request Chain 4

https://www.dhlparcel.nl/themes/custom/dp_theme/favicon.ico HTTP 301
https://www.dhlecommerce.nl/themes/custom/dp_theme/favicon.ico

Request Chain 5

https://www.dpdhl.com/content/dam/dpdhl/en/media-relations/press-release-1592x896/2021/freight-volvo-2-1592x896.jpg HTTP 301
https://group.dhl.com/content/dam/deutschepostdhl/en/media-relations/press-release-1592x896/2021/freight-volvo-2-1592x896.jpg

7 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
suspicious-babbage-5073e7.netlify.app/ 17 KB
5 KB 28ms
8ms Document
text/html 2a05:d014:58f:6201::65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://suspicious-babbage-5073e7.netlify.app/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:58f:6201::65 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

c3fec2be83001d869a45f761a093871b57140312991fe3fd6b599a06216aca59

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 32315
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; hit
content-encoding: br
content-length: 5114
content-type: text/html; charset=UTF-8
date: Sat, 04 Jan 2025 09:43:40 GMT
etag: "98b4d5680ad5989860278884a90e85c9-ssl-df"
server: Netlify
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-nf-request-id: 01JGRB5VR5V6K5YHDYZYV4JHPS

GET
H2 200 jquery-1.11.1.min.js Show response
code.jquery.com/ 94 KB
33 KB 26ms
7ms Script
application/javascript 2a04:4e42:600::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-1.11.1.min.js
Requested by: Host: suspicious-babbage-5073e7.netlify.app
URL: https://suspicious-babbage-5073e7.netlify.app/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://suspicious-babbage-5073e7.netlify.app/

Response headers

content-encoding: gzip
etag: W/"28feccc0-1762a"
age: 2660176
x-cache: HIT, HIT
date: Sat, 04 Jan 2025 09:43:40 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
x-cache-hits: 45, 31794
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
x-served-by: cache-lga21922-LGA, cache-fra-etou8220024-FRA
cache-control: public, max-age=31536000, stale-while-revalidate=604800
x-timer: S1735983821.578542,VS0,VE0
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 33202
server: nginx

GET
H/1.1 200
OK dhl-1-logo-png-transparent.png
cdn.freebiesupply.com/logos/large/2x/ 45 KB
45 KB 360ms
170ms Image
image/png 104.131.67.145
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.freebiesupply.com/logos/large/2x/dhl-1-logo-png-transparent.png
Requested by: Host: suspicious-babbage-5073e7.netlify.app
URL: https://suspicious-babbage-5073e7.netlify.app/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.131.67.145 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 7f8a7411080898c5e0e9a1b99c27c4c0951d558c6948a8f5cd712364f85e9bc7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://suspicious-babbage-5073e7.netlify.app/

Response headers

X-Cache-Status: HIT
Cache-Control: max-age=15552000, public, no-transform
ETag: "c254c6e963469ddf999da53d10109dea"
Connection: keep-alive
x-amz-request-id: 28614FAD7B274E59
Expires: Thu, 03 Jul 2025 09:43:40 GMT
Accept-Ranges: bytes
Content-Length: 45805
Date: Sat, 04 Jan 2025 09:43:40 GMT
Content-Type: image/png
Last-Modified: Fri, 09 Mar 2018 21:42:13 GMT
Server: nginx
x-amz-id-2: XZbIpmPf9PFo2XVF7tEO9Qr7mSd4FG4AA+Rw98IEpb27+/GWXHNMfBTBVGvb4Conea/CEiMQ2Lc=

GET
H2

200

logo.svg
www.dhlecommerce.nl/themes/custom/dp_theme/images/
Redirect Chain

https://www.dhlparcel.nl/themes/custom/dp_theme/images/logo.svg
https://www.dhlecommerce.nl/themes/custom/dp_theme/images/logo.svg

3 KB
1 KB

48ms
19ms

Image
image/svg+xml

2606:4700::6812:1bc4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.dhlecommerce.nl/themes/custom/dp_theme/images/logo.svg

Requested by

Host: suspicious-babbage-5073e7.netlify.app
URL: https://suspicious-babbage-5073e7.netlify.app/

Protocol

H2

Server

2606:4700::6812:1bc4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a62bf08fcdd300ef2c47e160b8d0a9f2dcb2fd9278af0a4e52cc716deb8a14c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://suspicious-babbage-5073e7.netlify.app/

Response headers

strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
content-encoding: br
cf-cache-status: HIT
etag: W/"c72-62533bc1f6d80"
age: 3880582
x-content-type-options: nosniff
cf-ray: 8fca491efd54d279-FRA
expires: Thu, 20 Nov 2025 11:47:18 GMT
date: Sat, 04 Jan 2025 09:43:40 GMT
content-type: image/svg+xml
last-modified: Thu, 24 Oct 2024 07:13:10 GMT
vary: Accept-Encoding
server: cloudflare

Redirect headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=3600
location: https://www.dhlecommerce.nl/themes/custom/dp_theme/images/logo.svg
x-content-type-options: nosniff
cf-ray: 8fca491eadd49f45-FRA
expires: Sat, 04 Jan 2025 10:43:40 GMT
content-length: 167
date: Sat, 04 Jan 2025 09:43:40 GMT
content-type: text/html
vary: Accept-Encoding
server: cloudflare

GET
H2

200

freight-volvo-1-1592x896.web.796.448.jpg
group.dhl.com/content/dam/deutschepostdhl/en/media-relations/press-release-1592x896/2021/
Redirect Chain

https://www.dpdhl.com/content/dam/dpdhl/en/media-relations/press-release-1592x896/2021/freight-volvo-1-1592x896.web.796.448.jpg
https://group.dhl.com/content/dam/deutschepostdhl/en/media-relations/press-release-1592x896/2021/freight-volvo-1-1592x896.web.796.448.jpg

90 KB
90 KB

89ms
42ms

Image
image/jpeg

2a02:26f0:1700:11::b856:679c
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://group.dhl.com/content/dam/deutschepostdhl/en/media-relations/press-release-1592x896/2021/freight-volvo-1-1592x896.web.796.448.jpg

Requested by

Host: suspicious-babbage-5073e7.netlify.app
URL: https://suspicious-babbage-5073e7.netlify.app/

Protocol

H2

Server

2a02:26f0:1700:11::b856:679c Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

/

Resource Hash

9ecffc589fabf1eddb43842acfbff00c31fbf44245108bbbca289863af0b06c1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://dhlinsights.dhlsupplychain.dhl.com; default-src 'self' data: https: blob: wss://cctr-chat.dhl.com:443 wss://cctr-xchat.dhl.com:443 wss://streaming.mypurecloud.de wss://collection.decibelinsight.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' https: blob:; style-src 'unsafe-inline' 'self' https: blob:; media-src 'unsafe-inline' 'self' https: blob:
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://suspicious-babbage-5073e7.netlify.app/

Response headers

etag: "1663d-629cfec613922"
x-content-type-options: nosniff
expires: Sat, 04 Jan 2025 09:43:40 GMT
date: Sat, 04 Jan 2025 09:43:40 GMT
last-modified: Sat, 21 Dec 2024 23:14:21 GMT
content-type: image/jpeg
x-frame-options: DENY
strict-transport-security: max-age=31536000 ; includeSubDomains
content-security-policy: frame-ancestors 'self' https://dhlinsights.dhlsupplychain.dhl.com; default-src 'self' data: https: blob: wss://cctr-chat.dhl.com:443 wss://cctr-xchat.dhl.com:443 wss://streaming.mypurecloud.de wss://collection.decibelinsight.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' https: blob:; style-src 'unsafe-inline' 'self' https: blob:; media-src 'unsafe-inline' 'self' https: blob:
cache-control: max-age=0, no-cache
pragma: no-cache
referrer-policy: same-origin
permissions-policy: microphone=(),camera=()
accept-ranges: bytes
content-length: 91709
x-akamai-cache: RefreshHit from child, Hit from parent

Redirect headers

strict-transport-security: max-age=31536000 ; includeSubDomains
content-security-policy: frame-ancestors 'self'
cache-control: max-age=0, no-cache
location: https://group.dhl.com/content/dam/deutschepostdhl/en/media-relations/press-release-1592x896/2021/freight-volvo-1-1592x896.web.796.448.jpg
pragma: no-cache
x-content-type-options: nosniff
expires: Sat, 04 Jan 2025 09:43:40 GMT
content-length: 0
date: Sat, 04 Jan 2025 09:43:40 GMT
server: AkamaiGHost
x-akamai-cache: Redirect from child

GET
H2

200

favicon.ico
www.dhlecommerce.nl/themes/custom/dp_theme/
Redirect Chain

https://www.dhlparcel.nl/themes/custom/dp_theme/favicon.ico
https://www.dhlecommerce.nl/themes/custom/dp_theme/favicon.ico

7 KB
2 KB

19ms
19ms

Other
image/vnd.microsoft.icon

2606:4700::6812:1bc4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.dhlecommerce.nl/themes/custom/dp_theme/favicon.ico

Protocol

H2

Server

2606:4700::6812:1bc4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6804c64aa3c5ed0b33ea0127c00d7d5af5bcca300162e009ce80de5032618cb6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://suspicious-babbage-5073e7.netlify.app/

Response headers

strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=31536000
content-encoding: br
cf-cache-status: HIT
etag: W/"1cee-62533bc1f6d80"
age: 719735
x-content-type-options: nosniff
cf-ray: 8fca49230bf3d279-FRA
expires: Sat, 27 Dec 2025 01:48:06 GMT
date: Sat, 04 Jan 2025 09:43:41 GMT
content-type: image/vnd.microsoft.icon
last-modified: Thu, 24 Oct 2024 07:13:10 GMT
vary: Accept-Encoding
server: cloudflare

Redirect headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=3600
location: https://www.dhlecommerce.nl/themes/custom/dp_theme/favicon.ico
x-content-type-options: nosniff
cf-ray: 8fca4922f8c29f45-FRA
expires: Sat, 04 Jan 2025 10:43:41 GMT
content-length: 167
date: Sat, 04 Jan 2025 09:43:41 GMT
content-type: text/html
vary: Accept-Encoding
server: cloudflare

GET
H2

200

freight-volvo-2-1592x896.jpg
group.dhl.com/content/dam/deutschepostdhl/en/media-relations/press-release-1592x896/2021/
Redirect Chain

https://www.dpdhl.com/content/dam/dpdhl/en/media-relations/press-release-1592x896/2021/freight-volvo-2-1592x896.jpg
https://group.dhl.com/content/dam/deutschepostdhl/en/media-relations/press-release-1592x896/2021/freight-volvo-2-1592x896.jpg

171 KB
172 KB

31ms
31ms

Image
image/jpeg

2a02:26f0:1700:11::b856:679c
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://group.dhl.com/content/dam/deutschepostdhl/en/media-relations/press-release-1592x896/2021/freight-volvo-2-1592x896.jpg

Protocol

H2

Server

2a02:26f0:1700:11::b856:679c Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

/

Resource Hash

f449ce762ddce439c1eeeb45cd4ef484fa90dd58e9de00d41d9e7953e211be11

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://dhlinsights.dhlsupplychain.dhl.com; default-src 'self' data: https: blob: wss://cctr-chat.dhl.com:443 wss://cctr-xchat.dhl.com:443 wss://streaming.mypurecloud.de wss://collection.decibelinsight.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' https: blob:; style-src 'unsafe-inline' 'self' https: blob:; media-src 'unsafe-inline' 'self' https: blob:
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://suspicious-babbage-5073e7.netlify.app/

Response headers

etag: "2adae-629f97e0a351e"
x-content-type-options: nosniff
expires: Sat, 04 Jan 2025 09:43:44 GMT
date: Sat, 04 Jan 2025 09:43:44 GMT
last-modified: Tue, 24 Dec 2024 00:49:58 GMT
content-type: image/jpeg
x-frame-options: DENY
strict-transport-security: max-age=31536000 ; includeSubDomains
content-security-policy: frame-ancestors 'self' https://dhlinsights.dhlsupplychain.dhl.com; default-src 'self' data: https: blob: wss://cctr-chat.dhl.com:443 wss://cctr-xchat.dhl.com:443 wss://streaming.mypurecloud.de wss://collection.decibelinsight.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' https: blob:; style-src 'unsafe-inline' 'self' https: blob:; media-src 'unsafe-inline' 'self' https: blob:
cache-control: max-age=0, no-cache
pragma: no-cache
referrer-policy: same-origin
permissions-policy: microphone=(),camera=()
accept-ranges: bytes
content-length: 175534
x-akamai-cache: RefreshHit from child, Hit from parent

Redirect headers

strict-transport-security: max-age=31536000 ; includeSubDomains
content-security-policy: frame-ancestors 'self'
cache-control: max-age=0, no-cache
location: https://group.dhl.com/content/dam/deutschepostdhl/en/media-relations/press-release-1592x896/2021/freight-volvo-2-1592x896.jpg
pragma: no-cache
x-content-type-options: nosniff
expires: Sat, 04 Jan 2025 09:43:44 GMT
content-length: 0
date: Sat, 04 Jan 2025 09:43:44 GMT
server: AkamaiGHost
x-akamai-cache: Redirect from child

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DHL (Transportation)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.dhlecommerce.nl/	1969-12-31 23:59:59	Name: _cfuvid Value: He3y2etm1hwdyr.T5B_FFyjrKpyJKfQ.V6LUAs6pODw-1735983820645-0.0.1.1-604800000

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://suspicious-babbage-5073e7.netlify.app/ Message: [DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.freebiesupply.com
code.jquery.com
group.dhl.com
suspicious-babbage-5073e7.netlify.app
www.dhlecommerce.nl
www.dhlparcel.nl
www.dpdhl.com
104.131.67.145
2606:4700::6812:1bc4
2606:4700::6812:bd73
2a02:26f0:1700:11::b856:679c
2a02:26f0:3500:882::296d
2a04:4e42:600::649
2a05:d014:58f:6201::65
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
6804c64aa3c5ed0b33ea0127c00d7d5af5bcca300162e009ce80de5032618cb6
7f8a7411080898c5e0e9a1b99c27c4c0951d558c6948a8f5cd712364f85e9bc7
9ecffc589fabf1eddb43842acfbff00c31fbf44245108bbbca289863af0b06c1
a62bf08fcdd300ef2c47e160b8d0a9f2dcb2fd9278af0a4e52cc716deb8a14c3
c3fec2be83001d869a45f761a093871b57140312991fe3fd6b599a06216aca59
f449ce762ddce439c1eeeb45cd4ef484fa90dd58e9de00d41d9e7953e211be11

suspicious-babbage-5073e7.netlify.app Open in urlscan Pro 2a05:d014:58f:6201::65 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

7 Requests

43 %HTTPS

86 %IPv6

7 Domains

7 Subdomains

5 IPs

2 Countries

349 kBTransfer

426 kBSize

1 Cookies

0 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

11 JavaScript Global Variables

1 Cookies

1 Console Messages

Security Headers

Indicators

suspicious-babbage-5073e7.netlify.app Open in urlscan Pro
2a05:d014:58f:6201::65 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

43 %
HTTPS

86 %
IPv6

7
Domains

7
Subdomains

5
IPs

2
Countries

349 kB
Transfer

426 kB
Size

1
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!