urlscan.io logo urlscan.io
SecurityTrails logo

fmew.sr Open in urlscan Pro
168.195.218.176  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://fmew.sr//Order/DHL/portal/index.php?email=redacted_email
Submission: On February 15 via manual from IN — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 3 HTTP transactions. The main IP is 168.195.218.176, located in Suriname and belongs to Telecommunicationcompany Suriname - TeleSur, SR. The main domain is fmew.sr.
TLS certificate: Issued by fmew.sr on December 17th 2017. Valid for: a year.
This is the only time fmew.sr was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DHL (Transportation)

Domain & IP information

IP Address AS Autonomous System
1 168.195.218.176 27775 (Telecommu...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 104.21.73.198 13335 (CLOUDFLAR...)
3 3
Apex Domain
Subdomains		 Transfer
1 retailnews.asia
www.retailnews.asia
21 KB
1 aftership.com
assets.aftership.com — Cisco Umbrella Rank: 145918
1 KB
1 fmew.sr
fmew.sr
1 KB
3 3
Domain Requested by
1 www.retailnews.asia fmew.sr
1 assets.aftership.com fmew.sr
1 fmew.sr
3 3

This site contains no links.

Subject Issuer Validity Valid
fmew.sr
fmew.sr		 2017-12-17 -
2018-12-17		 a year crt.sh
*.aftership.com
Sectigo RSA Domain Validation Secure Server CA		 2021-03-08 -
2022-04-08		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-20 -
2022-07-19		 a year crt.sh

This page contains 1 frames:

Primary Page: https://fmew.sr//Order/DHL/portal/index.php?email=redacted_email
Frame ID: C02BB9755F68823E9D45E4D2F690C1EB
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

DHL | eCommerce Login

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

3
Requests

67 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

24 kB
Transfer

25 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request index.php
fmew.sr//Order/DHL/portal/ 		3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://fmew.sr//Order/DHL/portal/index.php?email=redacted_email
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
168.195.218.176 , Suriname, ASN27775 (Telecommunicationcompany Suriname - TeleSur, SR),
Reverse DNS
cpanel1.sr.net
Software
Apache /
Resource Hash
3babc6428cd169dabe57f8ba8baf8dd15a4f5a84fc778ba1db6c81e735467a78

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Date
Tue, 15 Feb 2022 05:14:36 GMT
Server
Apache
Vary
Accept-Encoding
Content-Encoding
br
Content-Length
936
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
dhl-global-mail.svg
assets.aftership.com/couriers/svg/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.aftership.com/couriers/svg/dhl-global-mail.svg
Requested by
Host: fmew.sr
URL: https://fmew.sr//Order/DHL/portal/index.php?email=redacted_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:8c6b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
db6ebba2977a42a5e9b482609e688bcb5bd2952bb5eeb6170a0b3bac41ee2b3b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fmew.sr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Tue, 15 Feb 2022 05:14:36 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
6171
x-amz-request-id
EJWJCXMJ84370HRT
x-amz-id-2
1Xnyw6E3Q+Edm6P0uZM1TajQdA/x1KP0s2VtKL+oyxZ3lz7LXj0c2MQ+zIeGOoS4ZzavdH9OUGI=
last-modified
Fri, 21 Jan 2022 02:51:27 GMT
server
cloudflare
etag
W/"e6a62002150991322dbc84771ec83544"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/svg+xml
cache-control
public, max-age=86400
cf-ray
6ddc0dbd0c499196-FRA
expires
Wed, 16 Feb 2022 05:14:36 GMT
DHL-DB-620x400.jpg
www.retailnews.asia/wp-content/uploads/2017/05/ 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.retailnews.asia/wp-content/uploads/2017/05/DHL-DB-620x400.jpg
Requested by
Host: fmew.sr
URL: https://fmew.sr//Order/DHL/portal/index.php?email=redacted_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.73.198 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ed1e5fd4cd361206314340a9e48635ace0c6bee38c8f018763cca831f2b6630

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fmew.sr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Tue, 15 Feb 2022 05:14:36 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
587718
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
21044
last-modified
Sat, 16 Dec 2017 11:36:33 GMT
server
cloudflare
etag
"5a350541-5234"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XOoyIKXPPJHhPlFGOV49y3cpg3Znxh60twqA6aw145B%2FD6ziBocNmod5jJG0s1pCpogj5MVdgdvg2TOwekDcHEtrxqfC3b1h%2Fl9jfOxCjM9rcBvPJvCXx4O9o4OD4IzsG8nR%2BosD"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6ddc0dbd1f1690fa-FRA
expires
Fri, 27 Aug 2021 06:12:06 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DHL (Transportation)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone

0 Cookies