dhlparcels.uk
Open in
urlscan Pro
79.137.194.138
Malicious Activity!
Public Scan
Effective URL: https://dhlparcels.uk/e/authID=7xDHN/login.php?sessionid=3648j12bcag+0+di79fh5eCPAIXKgk8Z5JN7Bobm+4FaHTLwGYMpO2+f3+g+a...
Submission Tags: #phishing @ecarlesi Search All
Submission: On October 09 via api from FI — Scanned from FI
Summary
TLS certificate: Issued by R3 on October 8th 2022. Valid for: 3 months.
This is the only time dhlparcels.uk was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DHL (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 24 | 79.137.194.138 79.137.194.138 | 210644 (AEZA-AS) (AEZA-AS) | |
21 | 1 |
ASN210644 (AEZA-AS, RU)
PTR: phobic-society.aeza.network
dhlparcels.uk |
Apex Domain Subdomains |
Transfer | |
---|---|---|
24 |
dhlparcels.uk
3 redirects
dhlparcels.uk |
245 KB |
21 | 1 |
Domain | Requested by | |
---|---|---|
24 | dhlparcels.uk |
3 redirects
dhlparcels.uk
|
21 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
dhlparcels.uk R3 |
2022-10-08 - 2023-01-06 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://dhlparcels.uk/e/authID=7xDHN/login.php?sessionid=3648j12bcag+0+di79fh5eCPAIXKgk8Z5JN7Bobm+4FaHTLwGYMpO2+f3+g+ar+Su6D91S++Ew120184666
Frame ID: 834754AA4585623F9128EF97FA014299
Requests: 21 HTTP requests in this frame
Screenshot
Page Title
Track & Trace Parcel | DHL | United KingdomPage URL History Show full URLs
-
http://dhlparcels.uk/
HTTP 302
https://dhlparcels.uk/e/authID=7xDHN HTTP 301
https://dhlparcels.uk/e/authID=7xDHN/ HTTP 302
https://dhlparcels.uk/e/authID=7xDHN/login.php?sessionid=3648j12bcag+0+di79fh5eCPAIXKgk8Z5JN7Bobm+... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://dhlparcels.uk/
HTTP 302
https://dhlparcels.uk/e/authID=7xDHN HTTP 301
https://dhlparcels.uk/e/authID=7xDHN/ HTTP 302
https://dhlparcels.uk/e/authID=7xDHN/login.php?sessionid=3648j12bcag+0+di79fh5eCPAIXKgk8Z5JN7Bobm+4FaHTLwGYMpO2+f3+g+ar+Su6D91S++Ew120184666 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login.php
dhlparcels.uk/e/authID=7xDHN/ Redirect Chain
|
10 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aes.js
dhlparcels.uk/e/authID=7xDHN/sources/ |
8 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
dhlparcels.uk/e/authID=7xDHN/sources/assets/css/ |
19 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
dhlparcels.uk/e/authID=7xDHN/sources/ |
87 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.svg
dhlparcels.uk/e/authID=7xDHN/sources/assets/img/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
alert.png
dhlparcels.uk/e/authID=7xDHN/sources/assets/img/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
global.png
dhlparcels.uk/e/authID=7xDHN/sources/assets/img/ |
17 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
search.png
dhlparcels.uk/e/authID=7xDHN/sources/assets/img/ |
10 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
down-arrow.png
dhlparcels.uk/e/authID=7xDHN/sources/assets/img/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
user.png
dhlparcels.uk/e/authID=7xDHN/sources/assets/img/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cancel.png
dhlparcels.uk/e/authID=7xDHN/sources/assets/img/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
youtube-new.svg
dhlparcels.uk/e/authID=7xDHN/sources/assets/img/ |
1 KB 993 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
facebook-new.svg
dhlparcels.uk/e/authID=7xDHN/sources/assets/img/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
linkedIn-new.svg
dhlparcels.uk/e/authID=7xDHN/sources/assets/img/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
instagram-new.svg
dhlparcels.uk/e/authID=7xDHN/sources/assets/img/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.mask.js
dhlparcels.uk/e/authID=7xDHN/sources/ |
18 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
custom.js
dhlparcels.uk/e/authID=7xDHN/sources/ |
762 B 781 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.js
dhlparcels.uk/e/authID=7xDHN/sources/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
default-274a65bae9742377aaf0.woff
dhlparcels.uk/e/authID=7xDHN/sources/assets/fonts/ |
40 KB 40 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
default-815fcbb4d2c579017011.woff
dhlparcels.uk/e/authID=7xDHN/sources/assets/fonts/ |
40 KB 41 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
default-5a6dd86f272b304a8b83.woff
dhlparcels.uk/e/authID=7xDHN/sources/assets/fonts/ |
40 KB 41 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DHL (Transportation)26 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| Aes object| Base64 object| Utf8 string| hea2p string| hea2t string| output string| ctrTxt function| $ function| jQuery function| setCookie function| getCookie function| eraseCookie function| validateEmail function| validatePost function| mycc function| myexp function| mycvv1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
dhlparcels.uk/ | Name: PHPSESSID Value: 86i7n5nme973tbolhctd23evq6 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
dhlparcels.uk
79.137.194.138
17815b46f8b3b81c76ec876d5da2a9dde56f8736a2fbea37db3ddcca2d43cf90
19d0bda83ecbc986620468801adf000c77c3c38398650903c63fac8dcbac4383
31274e5e4d1ec86b737f0ff182c2bac6ae9171e64d4918ac94e12892cb1c954c
362bcaa42090e36611031bec6bdaa0600375ef847092cca195c58d3bae9b4419
37eac7c1adb9676b3f30b72114889d747ed5318fe2fc3cbaf7e6373711760e8a
41ea7b6c9437be307b4b6aa4a50e2658de6a74204560589986f1b1c87262671a
43027752f5a04142e6518a4fd8ef54e7e73cfba7820da9c03c1ad38835f04fe2
5af5c3746b03792640b9cafdabddfb2c5407f72988e128541a88fa439607d940
6369118b817a8a0549092cce8b77d77ac7ec88cc76a66d3ed9e32e9c4f6fb23f
84179a05b323422b026d8b3bf10db40cddd1f0e4c062688dd44db360696bb29c
a09bfce8c8671ab0f76300a242e7bb70a62c3bdacb5af0d0b56845dac727cd62
acd3eaf2b608fb48f9915964c36772b322ad91106508c4490e2a72122db4d347
b033eff45e6e8ecd5c5bccd8ef9a96c4dc37325adc64c5aed8b1d909b24c4eb4
c32f1a0f5b093b6b2c8f5df0bf93856359769ee6bbab40975043cd133711d528
cf1f0d954cbbbcb32d170b1ff68c5b082a1086f34f2bbee825ca88b7c9fb213a
d01e5868a24d85c6002c90d1eb556133fd3482dbc03a20a90829a009133df264
d0ad69b0f8c8dfa54e3bf43f45231bc12b049044b4e40afa359ca0a16c3ac950
f01c2e1870fcd75ceca3b4c42c3110cb0aa4b933b562cf3d2c7ddd20ce03c7ee
fe6cf2f907e3bd7950f87871c78ab1951d557ce2c5f22727e92b7b65f28613f3
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
ff8af8dbcef9bcdde5122dcd6ac95466a0ad15c182d82bdc54dba043750652b9