dhl-parcel.74-241-128-34.cprapid.com Open in urlscan Pro
74.241.128.34  Malicious Activity! Public Scan

Submitted URL: http://lfa388.co/dhlcy.html?78472
Effective URL: https://dhl-parcel.74-241-128-34.cprapid.com/
Submission: On January 26 via automatic, source openphish — Scanned from DE

Summary

This website contacted 6 IPs in 2 countries across 5 domains to perform 10 HTTP transactions. The main IP is 74.241.128.34, located in Sweden and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is dhl-parcel.74-241-128-34.cprapid.com.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on January 22nd 2024. Valid for: 3 months.
This is the only time dhl-parcel.74-241-128-34.cprapid.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DHL (Transportation)

Domain & IP information

IP Address AS Autonomous System
1 2606:4700:303... 13335 (CLOUDFLAR...)
4 74.241.128.34 8075 (MICROSOFT...)
1 2 2606:4700:10:... 13335 (CLOUDFLAR...)
2 4 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700:10:... 13335 (CLOUDFLAR...)
10 6
Apex Domain
Subdomains
Transfer
4 unpkg.com
unpkg.com — Cisco Umbrella Rank: 867
18 KB
4 cprapid.com
dhl-parcel.74-241-128-34.cprapid.com
127 KB
2 amung.us
widgets.amung.us — Cisco Umbrella Rank: 30312
whos.amung.us — Cisco Umbrella Rank: 16645
4 KB
2 tailwindcss.com
cdn.tailwindcss.com — Cisco Umbrella Rank: 46008
109 KB
1 lfa388.co
lfa388.co
807 B
10 5
Domain Requested by
4 unpkg.com 2 redirects dhl-parcel.74-241-128-34.cprapid.com
4 dhl-parcel.74-241-128-34.cprapid.com dhl-parcel.74-241-128-34.cprapid.com
2 cdn.tailwindcss.com 1 redirects dhl-parcel.74-241-128-34.cprapid.com
1 whos.amung.us widgets.amung.us
1 widgets.amung.us dhl-parcel.74-241-128-34.cprapid.com
1 lfa388.co
10 6

This site contains no links.

Subject Issuer Validity Valid
dhl-parcel.74-241-128-34.cprapid.com
ZeroSSL RSA Domain Secure Site CA
2024-01-22 -
2024-04-21
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-06-11 -
2024-06-09
a year crt.sh

This page contains 1 frames:

Primary Page: https://dhl-parcel.74-241-128-34.cprapid.com/
Frame ID: 71C73D89C55CCCE3DB705637B77AB335
Requests: 11 HTTP requests in this frame

Screenshot

Page Title

DHL | Global - Germany

Page URL History Show full URLs

  1. http://lfa388.co/dhlcy.html?78472 Page URL
  2. https://dhl-parcel.74-241-128-34.cprapid.com/ Page URL

Page Statistics

10
Requests

60 %
HTTPS

80 %
IPv6

5
Domains

6
Subdomains

6
IPs

2
Countries

258 kB
Transfer

539 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://lfa388.co/dhlcy.html?78472 Page URL
  2. https://dhl-parcel.74-241-128-34.cprapid.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://cdn.tailwindcss.com/ HTTP 302
  • https://cdn.tailwindcss.com/3.4.1
Request Chain 2
  • https://unpkg.com/@alpinejs/mask@3.x.x/dist/cdn.min.js HTTP 302
  • https://unpkg.com/@alpinejs/mask@3.13.5/dist/cdn.min.js
Request Chain 3
  • https://unpkg.com/alpinejs@3.x.x/dist/cdn.min.js HTTP 302
  • https://unpkg.com/alpinejs@3.13.5/dist/cdn.min.js

10 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
dhlcy.html
lfa388.co/
118 B
807 B
Document
General
Full URL
http://lfa388.co/dhlcy.html?78472
Protocol
HTTP/1.1
Server
2606:4700:3033::6815:24c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
70d6fa3ab44c4122a5f4fed43ac5d5a6194d76eea727cba06a238f8a1822555d

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

CF-Cache-Status
DYNAMIC
CF-RAY
84b91efe48a04db6-FRA
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Fri, 26 Jan 2024 13:32:17 GMT
Last-Modified
Wed, 24 Jan 2024 11:21:27 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nnf36RFRYaf281L5iKGb8rOwgkRzlhNNkT7XhG33vkVZUv28LUGbxO%2F%2FGiP0B3OY%2BnI4xE%2BkO1pxIZl1%2BRBw7%2FylfjzfKt95Uop1NWKASpUWgWLLnBMvMUJHl35DG20tS%2Fo7NArctqg%3D"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
alt-svc
h3=":443"; ma=86400
Primary Request /
dhl-parcel.74-241-128-34.cprapid.com/
110 KB
110 KB
Document
General
Full URL
https://dhl-parcel.74-241-128-34.cprapid.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
74.241.128.34 , Sweden, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash
58460b7996e094a13a01245f3bc486802d46a931ebf4f3bc7e802b663dc0cdd2

Request headers

Referer
http://lfa388.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Date
Fri, 26 Jan 2024 13:32:17 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=100
Pragma
no-cache
Server
Apache
Transfer-Encoding
chunked
3.4.1
cdn.tailwindcss.com/
Redirect Chain
  • https://cdn.tailwindcss.com/
  • https://cdn.tailwindcss.com/3.4.1
359 KB
109 KB
Script
General
Full URL
https://cdn.tailwindcss.com/3.4.1
Requested by
Host: dhl-parcel.74-241-128-34.cprapid.com
URL: https://dhl-parcel.74-241-128-34.cprapid.com/
Protocol
H2
Server
2606:4700:10::ac43:2910 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
151c30a9c3810c4a00decc7ac92110d0660b64b6e25973116935faa14d232a81
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dhl-parcel.74-241-128-34.cprapid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 26 Jan 2024 13:32:18 GMT
content-encoding
gzip
strict-transport-security
max-age=63072000
last-modified
Fri, 05 Jan 2024 20:53:26 GMT
x-vercel-id
cle1::iad1::nrl2g-1704488004870-28d22f50c8bf
cf-cache-status
HIT
age
1787839
server
cloudflare
x-vercel-cache
MISS
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=31536000
cf-ray
84b91f07cb512bde-FRA

Redirect headers

date
Fri, 26 Jan 2024 13:32:18 GMT
strict-transport-security
max-age=63072000
cf-cache-status
HIT
x-vercel-id
cle1::iad1::4g2gm-1706275272294-b07ea3ddb5d4
server
cloudflare
age
581
x-vercel-cache
MISS
vary
Accept-Encoding
location
/3.4.1
cache-control
max-age=14400
cf-ray
84b91f079b252bde-FRA
content-length
0
cdn.min.js
unpkg.com/@alpinejs/mask@3.13.5/dist/
Redirect Chain
  • https://unpkg.com/@alpinejs/mask@3.x.x/dist/cdn.min.js
  • https://unpkg.com/@alpinejs/mask@3.13.5/dist/cdn.min.js
2 KB
1 KB
Script
General
Full URL
https://unpkg.com/@alpinejs/mask@3.13.5/dist/cdn.min.js
Requested by
Host: dhl-parcel.74-241-128-34.cprapid.com
URL: https://dhl-parcel.74-241-128-34.cprapid.com/
Protocol
H2
Server
2606:4700::6810:7baf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2f7002451d78511fa76aaea453e83b29e339b93a533c238fd0de4f3be367c24f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dhl-parcel.74-241-128-34.cprapid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 26 Jan 2024 13:32:18 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
171159
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id
01HMXW9V31BYQ8RGWHYRK9N3WK-fra
server
cloudflare
etag
W/"878-ku3LoIU+/WbDOm/U/U19w2jl0fE"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
84b91f07b97b9b8c-FRA

Redirect headers

date
Fri, 26 Jan 2024 13:32:18 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
fly-request-id
01HN2Z8F9ZEZG4BRQTQJ2ENF4G-fra
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
287
vary
Accept, Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
location
/@alpinejs/mask@3.13.5/dist/cdn.min.js
cache-control
public, s-maxage=600, max-age=60
cf-ray
84b91f0789439b8c-FRA
cdn.min.js
unpkg.com/alpinejs@3.13.5/dist/
Redirect Chain
  • https://unpkg.com/alpinejs@3.x.x/dist/cdn.min.js
  • https://unpkg.com/alpinejs@3.13.5/dist/cdn.min.js
43 KB
16 KB
Script
General
Full URL
https://unpkg.com/alpinejs@3.13.5/dist/cdn.min.js
Requested by
Host: dhl-parcel.74-241-128-34.cprapid.com
URL: https://dhl-parcel.74-241-128-34.cprapid.com/
Protocol
H2
Server
2606:4700::6810:7baf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ca057831ef9be3d8ee47e14078089fd2381dc7820b4bb7fbdb85a490f5b8f68c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dhl-parcel.74-241-128-34.cprapid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 26 Jan 2024 13:32:18 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
171185
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id
01HMXW92DKHSAT8XBVA0Q7047D-fra
server
cloudflare
etag
W/"ab3e-KHzG9sJIAx/9hZihHLQgQ/D0M14"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
84b91f0819eb9b8c-FRA

Redirect headers

date
Fri, 26 Jan 2024 13:32:18 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
fly-request-id
01HN2ZDCX92AN3SF3V7JXDAAQY-fra
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
126
vary
Accept, Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
location
/alpinejs@3.13.5/dist/cdn.min.js
cache-control
public, s-maxage=600, max-age=60
cf-ray
84b91f07e9b09b8c-FRA
engine.js
dhl-parcel.74-241-128-34.cprapid.com/files/
16 KB
16 KB
Script
General
Full URL
https://dhl-parcel.74-241-128-34.cprapid.com/files/engine.js
Requested by
Host: dhl-parcel.74-241-128-34.cprapid.com
URL: https://dhl-parcel.74-241-128-34.cprapid.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
74.241.128.34 , Sweden, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash
8e25f17acdde06dbc2c1f63f7a579b3578902c7f018c2fd3c93f632af16ecd30

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dhl-parcel.74-241-128-34.cprapid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Fri, 26 Jan 2024 13:32:18 GMT
Last-Modified
Thu, 05 Oct 2023 13:31:54 GMT
Server
Apache
Content-Type
text/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
16512
small.js
widgets.amung.us/
8 KB
4 KB
Script
General
Full URL
https://widgets.amung.us/small.js
Requested by
Host: dhl-parcel.74-241-128-34.cprapid.com
URL: https://dhl-parcel.74-241-128-34.cprapid.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4bab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2052a227c361a7e99ea70f5bdcf54cd9e6c6b493dd4d20b73b376d94ce0dc0d1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dhl-parcel.74-241-128-34.cprapid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 26 Jan 2024 13:32:18 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 12 Jan 2023 17:19:48 GMT
server
cloudflare
age
2752
etag
W/"63c04134-2170"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=86400
cf-ray
84b91f0938251983-FRA
alt-svc
h3=":443"; ma=86400
expires
Sat, 27 Jan 2024 12:46:26 GMT
gate.php
dhl-parcel.74-241-128-34.cprapid.com/
48 B
356 B
Fetch
General
Full URL
https://dhl-parcel.74-241-128-34.cprapid.com/gate.php
Requested by
Host: dhl-parcel.74-241-128-34.cprapid.com
URL: https://dhl-parcel.74-241-128-34.cprapid.com/files/engine.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
74.241.128.34 , Sweden, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash
d45e227c3b794ace485cf3271f57f0ce2ac1687bf964613320b7cf1918bb7a61

Request headers

Referer
https://dhl-parcel.74-241-128-34.cprapid.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
content-type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma
no-cache
Date
Fri, 26 Jan 2024 13:32:18 GMT
Server
Apache
Transfer-Encoding
chunked
Content-Type
application/json
Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=98
Expires
Thu, 19 Nov 1981 08:52:00 GMT
/
whos.amung.us/pingjs/
23 B
148 B
Script
General
Full URL
https://whos.amung.us/pingjs/?k=dhl01&t=DHL%20%7C%20Global%20-%20Germany&c=s&x=https%3A%2F%2Fdhl-parcel.74-241-128-34.cprapid.com%2F&y=http%3A%2F%2Flfa388.co%2F&a=0&d=1.433&v=27&r=7801
Requested by
Host: widgets.amung.us
URL: https://widgets.amung.us/small.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4bab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf9f0c104d28e79b04d9788cbec27af3ffa3cd0b9b9a3074f5c0c2cdb0cdf18e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dhl-parcel.74-241-128-34.cprapid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 26 Jan 2024 13:32:19 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
84b91f0998861983-FRA
alt-svc
h3=":443"; ma=86400
content-type
text/javascript;charset=UTF-8
truncated
/
439 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f6d82f567d08ec91a1b6ef0d4abf21be7a2d3dbc0a41c122584ea3536755b3ac

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/gif
gate.php
dhl-parcel.74-241-128-34.cprapid.com/
48 B
356 B
Fetch
General
Full URL
https://dhl-parcel.74-241-128-34.cprapid.com/gate.php
Requested by
Host: dhl-parcel.74-241-128-34.cprapid.com
URL: https://dhl-parcel.74-241-128-34.cprapid.com/files/engine.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
74.241.128.34 , Sweden, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash
d45e227c3b794ace485cf3271f57f0ce2ac1687bf964613320b7cf1918bb7a61

Request headers

Referer
https://dhl-parcel.74-241-128-34.cprapid.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
content-type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma
no-cache
Date
Fri, 26 Jan 2024 13:32:20 GMT
Server
Apache
Transfer-Encoding
chunked
Content-Type
application/json
Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=97
Expires
Thu, 19 Nov 1981 08:52:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DHL (Transportation)

35 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| tailwind string| /template.html object| _wau object| Alpine function| checkLuhn object| amex object| bccGlobal object| carteBlanche object| dinersClub object| discover object| instaPayment object| visa object| JCB object| koreanLocal object| laser object| maestro object| master object| solo object| switchCard object| unionPay object| WAU_ren function| WAU_small function| WAU_small_request function| WAU_r_s function| WAU_insert function| WAU_legacy_b function| WAU_la function| WAU_addCommas function| WAU_lrd function| WAU_lrs function| WAU_cps function| docReady object| x string| x1 string| x2

1 Cookies

Domain/Path Name / Value
dhl-parcel.74-241-128-34.cprapid.com/ Name: PHPSESSID
Value: 6cb652db3b1db83b7c66fb3cc5921f41