dhl-parcel.74-241-128-34.cprapid.com
Open in
urlscan Pro
74.241.128.34
Malicious Activity!
Public Scan
Effective URL: https://dhl-parcel.74-241-128-34.cprapid.com/
Submission: On January 26 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on January 22nd 2024. Valid for: 3 months.
This is the only time dhl-parcel.74-241-128-34.cprapid.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DHL (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2606:4700:303... 2606:4700:3033::6815:24c4 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 74.241.128.34 74.241.128.34 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 2 | 2606:4700:10:... 2606:4700:10::ac43:2910 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 4 | 2606:4700::68... 2606:4700::6810:7baf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:4700:10:... 2606:4700:10::6816:4bab | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
10 | 6 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
dhl-parcel.74-241-128-34.cprapid.com |
ASN13335 (CLOUDFLARENET, US)
widgets.amung.us | |
whos.amung.us |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
unpkg.com
2 redirects
unpkg.com — Cisco Umbrella Rank: 867 |
18 KB |
4 |
cprapid.com
dhl-parcel.74-241-128-34.cprapid.com |
127 KB |
2 |
amung.us
widgets.amung.us — Cisco Umbrella Rank: 30312 whos.amung.us — Cisco Umbrella Rank: 16645 |
4 KB |
2 |
tailwindcss.com
1 redirects
cdn.tailwindcss.com — Cisco Umbrella Rank: 46008 |
109 KB |
1 |
lfa388.co
lfa388.co |
807 B |
10 | 5 |
Domain | Requested by | |
---|---|---|
4 | unpkg.com |
2 redirects
dhl-parcel.74-241-128-34.cprapid.com
|
4 | dhl-parcel.74-241-128-34.cprapid.com |
dhl-parcel.74-241-128-34.cprapid.com
|
2 | cdn.tailwindcss.com |
1 redirects
dhl-parcel.74-241-128-34.cprapid.com
|
1 | whos.amung.us |
widgets.amung.us
|
1 | widgets.amung.us |
dhl-parcel.74-241-128-34.cprapid.com
|
1 | lfa388.co | |
10 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
dhl-parcel.74-241-128-34.cprapid.com ZeroSSL RSA Domain Secure Site CA |
2024-01-22 - 2024-04-21 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-06-11 - 2024-06-09 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://dhl-parcel.74-241-128-34.cprapid.com/
Frame ID: 71C73D89C55CCCE3DB705637B77AB335
Requests: 11 HTTP requests in this frame
Screenshot
Page Title
DHL | Global - GermanyPage URL History Show full URLs
- http://lfa388.co/dhlcy.html?78472 Page URL
- https://dhl-parcel.74-241-128-34.cprapid.com/ Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://lfa388.co/dhlcy.html?78472 Page URL
- https://dhl-parcel.74-241-128-34.cprapid.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://cdn.tailwindcss.com/ HTTP 302
- https://cdn.tailwindcss.com/3.4.1
- https://unpkg.com/@alpinejs/mask@3.x.x/dist/cdn.min.js HTTP 302
- https://unpkg.com/@alpinejs/mask@3.13.5/dist/cdn.min.js
- https://unpkg.com/alpinejs@3.x.x/dist/cdn.min.js HTTP 302
- https://unpkg.com/alpinejs@3.13.5/dist/cdn.min.js
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
dhlcy.html
lfa388.co/ |
118 B 807 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
dhl-parcel.74-241-128-34.cprapid.com/ |
110 KB 110 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3.4.1
cdn.tailwindcss.com/ Redirect Chain
|
359 KB 109 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cdn.min.js
unpkg.com/@alpinejs/mask@3.13.5/dist/ Redirect Chain
|
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cdn.min.js
unpkg.com/alpinejs@3.13.5/dist/ Redirect Chain
|
43 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
engine.js
dhl-parcel.74-241-128-34.cprapid.com/files/ |
16 KB 16 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
small.js
widgets.amung.us/ |
8 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
gate.php
dhl-parcel.74-241-128-34.cprapid.com/ |
48 B 356 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
whos.amung.us/pingjs/ |
23 B 148 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
439 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
gate.php
dhl-parcel.74-241-128-34.cprapid.com/ |
48 B 356 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DHL (Transportation)35 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| tailwind string| /template.html object| _wau object| Alpine function| checkLuhn object| amex object| bccGlobal object| carteBlanche object| dinersClub object| discover object| instaPayment object| visa object| JCB object| koreanLocal object| laser object| maestro object| master object| solo object| switchCard object| unionPay object| WAU_ren function| WAU_small function| WAU_small_request function| WAU_r_s function| WAU_insert function| WAU_legacy_b function| WAU_la function| WAU_addCommas function| WAU_lrd function| WAU_lrs function| WAU_cps function| docReady object| x string| x1 string| x21 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
dhl-parcel.74-241-128-34.cprapid.com/ | Name: PHPSESSID Value: 6cb652db3b1db83b7c66fb3cc5921f41 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.tailwindcss.com
dhl-parcel.74-241-128-34.cprapid.com
lfa388.co
unpkg.com
whos.amung.us
widgets.amung.us
2606:4700:10::6816:4bab
2606:4700:10::ac43:2910
2606:4700:3033::6815:24c4
2606:4700::6810:7baf
74.241.128.34
151c30a9c3810c4a00decc7ac92110d0660b64b6e25973116935faa14d232a81
2052a227c361a7e99ea70f5bdcf54cd9e6c6b493dd4d20b73b376d94ce0dc0d1
2f7002451d78511fa76aaea453e83b29e339b93a533c238fd0de4f3be367c24f
58460b7996e094a13a01245f3bc486802d46a931ebf4f3bc7e802b663dc0cdd2
70d6fa3ab44c4122a5f4fed43ac5d5a6194d76eea727cba06a238f8a1822555d
8e25f17acdde06dbc2c1f63f7a579b3578902c7f018c2fd3c93f632af16ecd30
ca057831ef9be3d8ee47e14078089fd2381dc7820b4bb7fbdb85a490f5b8f68c
cf9f0c104d28e79b04d9788cbec27af3ffa3cd0b9b9a3074f5c0c2cdb0cdf18e
d45e227c3b794ace485cf3271f57f0ce2ac1687bf964613320b7cf1918bb7a61
f6d82f567d08ec91a1b6ef0d4abf21be7a2d3dbc0a41c122584ea3536755b3ac