access-3648w86gd9097.cj1-ap4.su Open in urlscan Pro
185.149.120.121 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php
Submission: On December 27 via automatic, source phishtank (December 27th 2022, 10:08:38 am UTC) — Scanned from DE

Summary HTTP 19 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 19 HTTP transactions. The main IP is 185.149.120.121, located in Russian Federation and belongs to DDOS-GUARD, RU. The main domain is access-3648w86gd9097.cj1-ap4.su.
TLS certificate: Issued by R3 on December 23rd 2022. Valid for: 3 months.

This is the only time access-3648w86gd9097.cj1-ap4.su was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DPD (Transportation)

Domain & IP information

	IP Address		AS Autonomous System
19	185.149.120.121 185.149.120.121		57724 (DDOS-GUARD) (DDOS-GUARD)
19	1

19 185.149.120.121 (Russian Federation)

ASN57724 (DDOS-GUARD, RU)
PTR: ddos-guard.net

access-3648w86gd9097.cj1-ap4.su	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	cj1-ap4.su access-3648w86gd9097.cj1-ap4.su	1 MB
19	1

	Domain	Requested by
19	access-3648w86gd9097.cj1-ap4.su	access-3648w86gd9097.cj1-ap4.su
19	1

This site contains no links.

Subject Issuer	Validity	Valid
access-3648w86gd9097.cj1-ap4.su R3	`2022-12-23` - `2023-03-23`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php
Frame ID: 5C2CF546085B12EF3468FA4FA3000A16
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Step 1

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

19
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

1318 kB
Transfer

1314 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request barclaypayment.php Show response access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/	13 KB 14 KB	166ms 49ms	Document text/html	185.149.120.121 DDOS-GUARD
General Check archive.org Show headers Download Go to Full URL https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.149.120.121 , Russian Federation, ASN57724 (DDOS-GUARD, RU), Reverse DNS ddos-guard.net Software Apache / Resource Hash `28ec2083d618b5eeca59076da43a82addfea8841e172486aa6feafe72880e318` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Tue, 27 Dec 2022 10:08:34 GMT Keep-Alive timeout=5, max=100 Server Apache Transfer-Encoding chunked
GET H/1.1	200 OK	depede.js Show response access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/	2 KB 3 KB	148ms 49ms	Script application/javascript	185.149.120.121 DDOS-GUARD
General Check archive.org Show headers Download Go to Full URL https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/depede.js Requested by Host: access-3648w86gd9097.cj1-ap4.su URL: https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.149.120.121 , Russian Federation, ASN57724 (DDOS-GUARD, RU), Reverse DNS ddos-guard.net Software Apache / Resource Hash `a3cad17da1326292ee82711b54f0cddb52bf550bf4aeb6f7ee9851cd33fe30b5` Request headers accept-language de-DE,de;q=0.9 Referer https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Tue, 27 Dec 2022 10:08:34 GMT Last-Modified Fri, 25 Feb 2022 07:35:46 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 2370
GET H/1.1	200 OK	reset.css;jsessionid=746A4C1D6E2647F6E00F3E001135F499.live7e.css access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/	32 KB 33 KB	94ms 49ms	Stylesheet text/css	185.149.120.121 DDOS-GUARD
General Check archive.org Show headers Download Go to Full URL https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/reset.css;jsessionid=746A4C1D6E2647F6E00F3E001135F499.live7e.css Requested by Host: access-3648w86gd9097.cj1-ap4.su URL: https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.149.120.121 , Russian Federation, ASN57724 (DDOS-GUARD, RU), Reverse DNS ddos-guard.net Software Apache / Resource Hash `edef66a2065dc21083c858393df0f2270317e409d4e2ded03589ec30e6a5c818` Request headers accept-language de-DE,de;q=0.9 Referer https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Tue, 27 Dec 2022 10:08:34 GMT Last-Modified Fri, 13 Nov 2020 08:56:46 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 33265
GET H/1.1	200 OK	screen.css access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/	343 KB 343 KB	147ms 49ms	Stylesheet text/css	185.149.120.121 DDOS-GUARD
General Check archive.org Show headers Download Go to Full URL https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/screen.css Requested by Host: access-3648w86gd9097.cj1-ap4.su URL: https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.149.120.121 , Russian Federation, ASN57724 (DDOS-GUARD, RU), Reverse DNS ddos-guard.net Software Apache / Resource Hash `bd5f582c4692f5cb96f57ac983c5b0a4a268f030202c3fddf76c4fe0168a4899` Request headers accept-language de-DE,de;q=0.9 Referer https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Tue, 27 Dec 2022 10:08:34 GMT Last-Modified Fri, 13 Nov 2020 08:56:46 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 350737
GET H/1.1	200 OK	logo.png access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/	6 KB 6 KB	50ms 50ms	Image image/png	185.149.120.121 DDOS-GUARD
General Check archive.org Show headers Download Go to Show image Full URL https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/logo.png Requested by Host: access-3648w86gd9097.cj1-ap4.su URL: https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.149.120.121 , Russian Federation, ASN57724 (DDOS-GUARD, RU), Reverse DNS ddos-guard.net Software Apache / Resource Hash `d1279be257d81aff851b00ab49ba9bf8699eae1613582f5b6a9fcb630d939094` Request headers accept-language de-DE,de;q=0.9 Referer https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Tue, 27 Dec 2022 10:08:34 GMT Last-Modified Fri, 13 Nov 2020 08:56:46 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 6314
GET H/1.1	200 OK	suma1.png access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/	2 KB 2 KB	50ms 49ms	Image image/png	185.149.120.121 DDOS-GUARD
General Check archive.org Show headers Download Go to Show image Full URL https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/suma1.png Requested by Host: access-3648w86gd9097.cj1-ap4.su URL: https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.149.120.121 , Russian Federation, ASN57724 (DDOS-GUARD, RU), Reverse DNS ddos-guard.net Software Apache / Resource Hash `6a1aec186966f7471b10efd09aeaf6336278cfec3fe21877d26d785a2530f97a` Request headers accept-language de-DE,de;q=0.9 Referer https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Tue, 27 Dec 2022 10:08:34 GMT Last-Modified Fri, 13 Nov 2020 08:56:46 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 1789
GET H/1.1	200 OK	blogo.png access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/	12 KB 12 KB	55ms 53ms	Image image/png	185.149.120.121 DDOS-GUARD
General Check archive.org Show headers Download Go to Show image Full URL https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/blogo.png Requested by Host: access-3648w86gd9097.cj1-ap4.su URL: https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.149.120.121 , Russian Federation, ASN57724 (DDOS-GUARD, RU), Reverse DNS ddos-guard.net Software Apache / Resource Hash `bb3314682a4e0ee4c89460a7410b9fc5d1b41d629d62e8ab055679dc0dce1de7` Request headers accept-language de-DE,de;q=0.9 Referer https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Tue, 27 Dec 2022 10:08:34 GMT Last-Modified Fri, 13 Nov 2020 08:56:46 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 11823
GET H/1.1	200 OK	ilogo.gif access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/	4 KB 4 KB	98ms 50ms	Image image/gif	185.149.120.121 DDOS-GUARD
General Check archive.org Show headers Download Go to Show image Full URL https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/ilogo.gif Requested by Host: access-3648w86gd9097.cj1-ap4.su URL: https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.149.120.121 , Russian Federation, ASN57724 (DDOS-GUARD, RU), Reverse DNS ddos-guard.net Software Apache / Resource Hash `e86f711febfea65d435366b3383974830c0145cf22c90c0aaa823d7ca6c6520a` Request headers accept-language de-DE,de;q=0.9 Referer https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Tue, 27 Dec 2022 10:08:34 GMT Last-Modified Fri, 13 Nov 2020 08:56:46 GMT Server Apache Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 4247
GET H/1.1	200 OK	mc_small.png access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/	862 B 1 KB	98ms 49ms	Image image/png	185.149.120.121 DDOS-GUARD
General Check archive.org Show headers Download Go to Show image Full URL https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/mc_small.png Requested by Host: access-3648w86gd9097.cj1-ap4.su URL: https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.149.120.121 , Russian Federation, ASN57724 (DDOS-GUARD, RU), Reverse DNS ddos-guard.net Software Apache / Resource Hash `161cd4bc8e59d504839a8248c81bfa8fad578ca9b0530ab7c99f806a73c4e1c3` Request headers accept-language de-DE,de;q=0.9 Referer https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Tue, 27 Dec 2022 10:08:34 GMT Last-Modified Fri, 13 Nov 2020 08:56:46 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 862
GET H/1.1	200 OK	visa_small.png access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/	2 KB 2 KB	62ms 52ms	Image image/png	185.149.120.121 DDOS-GUARD
General Check archive.org Show headers Download Go to Show image Full URL https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/visa_small.png Requested by Host: access-3648w86gd9097.cj1-ap4.su URL: https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.149.120.121 , Russian Federation, ASN57724 (DDOS-GUARD, RU), Reverse DNS ddos-guard.net Software Apache / Resource Hash `0655276f9d154c6d4c153939c0f2c3dfccb4c8945c011a01a1d6049e65b34b25` Request headers accept-language de-DE,de;q=0.9 Referer https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Tue, 27 Dec 2022 10:08:34 GMT Last-Modified Fri, 13 Nov 2020 08:56:46 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 1919
GET H/1.1	200 OK	maestro_small.png access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/	2 KB 2 KB	100ms 53ms	Image image/png	185.149.120.121 DDOS-GUARD
General Check archive.org Show headers Download Go to Show image Full URL https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/maestro_small.png Requested by Host: access-3648w86gd9097.cj1-ap4.su URL: https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.149.120.121 , Russian Federation, ASN57724 (DDOS-GUARD, RU), Reverse DNS ddos-guard.net Software Apache / Resource Hash `cb2857dc78e90e87a97fefa96d800c022e3491994a4ab7a833c56efd4524a462` Request headers accept-language de-DE,de;q=0.9 Referer https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Tue, 27 Dec 2022 10:08:34 GMT Last-Modified Fri, 13 Nov 2020 08:56:46 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1722
GET H/1.1	200 OK	civi2.png access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/	6 KB 6 KB	91ms 51ms	Image image/png	185.149.120.121 DDOS-GUARD
General Check archive.org Show headers Download Go to Show image Full URL https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/civi2.png Requested by Host: access-3648w86gd9097.cj1-ap4.su URL: https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.149.120.121 , Russian Federation, ASN57724 (DDOS-GUARD, RU), Reverse DNS ddos-guard.net Software Apache / Resource Hash `12e1c05feaf2f0c9d7311040474b90c754a6962a580bd59f15bdcf3df2989968` Request headers accept-language de-DE,de;q=0.9 Referer https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Tue, 27 Dec 2022 10:08:34 GMT Last-Modified Fri, 13 Nov 2020 08:56:46 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 6276
GET H/1.1	200 OK	print.css access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/	133 B 373 B	49ms 49ms	Stylesheet text/css	185.149.120.121 DDOS-GUARD
General Check archive.org Show headers Download Go to Full URL https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/print.css Requested by Host: access-3648w86gd9097.cj1-ap4.su URL: https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.149.120.121 , Russian Federation, ASN57724 (DDOS-GUARD, RU), Reverse DNS ddos-guard.net Software Apache / Resource Hash `dd8e3896584f14411d09bec0f4ea78f7cc922766361557ee6192aa6924d19306` Request headers accept-language de-DE,de;q=0.9 Referer https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Tue, 27 Dec 2022 10:08:34 GMT Last-Modified Fri, 13 Nov 2020 08:56:46 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 133
GET H/1.1	200 OK	layout.css access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/	325 KB 325 KB	54ms 50ms	Stylesheet text/css	185.149.120.121 DDOS-GUARD
General Check archive.org Show headers Download Go to Full URL https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/layout.css Requested by Host: access-3648w86gd9097.cj1-ap4.su URL: https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.149.120.121 , Russian Federation, ASN57724 (DDOS-GUARD, RU), Reverse DNS ddos-guard.net Software Apache / Resource Hash `df36784020de74eecca9ccf4cdd2f1d1fa4f818ad88361deb38853ca8cc0e78a` Request headers accept-language de-DE,de;q=0.9 Referer https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Tue, 27 Dec 2022 10:08:34 GMT Last-Modified Fri, 13 Nov 2020 08:56:46 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 332713
GET H/1.1	200 OK	PlutoSansDPDLight-Web.woff access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/	59 KB 60 KB	51ms 51ms	Font font/woff	185.149.120.121 DDOS-GUARD
General Check archive.org Show headers Download Go to Full URL https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/PlutoSansDPDLight-Web.woff Requested by Host: access-3648w86gd9097.cj1-ap4.su URL: https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.149.120.121 , Russian Federation, ASN57724 (DDOS-GUARD, RU), Reverse DNS ddos-guard.net Software Apache / Resource Hash `9e462606602d426b676f2b6f9c0b6629b02f91204214898f7d4a56749c4e00d0` Request headers Referer https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php Origin https://access-3648w86gd9097.cj1-ap4.su accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Tue, 27 Dec 2022 10:08:34 GMT Last-Modified Fri, 13 Nov 2020 08:56:46 GMT Server Apache Content-Type font/woff Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 60781
GET H/1.1	404 Not Found	fontawesome-webfont.woff2 access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/	0 0	48ms 48ms	Font text/html	185.149.120.121 DDOS-GUARD
General Check archive.org Show headers Download Go to Full URL https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/fontawesome-webfont.woff2 Requested by Host: access-3648w86gd9097.cj1-ap4.su URL: https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/screen.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.149.120.121 , Russian Federation, ASN57724 (DDOS-GUARD, RU), Reverse DNS ddos-guard.net Software Apache / Resource Hash Request headers Referer https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/screen.css Origin https://access-3648w86gd9097.cj1-ap4.su accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Tue, 27 Dec 2022 10:08:34 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=95 Content-Length 315 Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	screen.css access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/	343 KB 343 KB	49ms 49ms	Font text/css	185.149.120.121 DDOS-GUARD
General Check archive.org Show headers Download Go to Full URL https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/screen.css Requested by Host: access-3648w86gd9097.cj1-ap4.su URL: https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/screen.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.149.120.121 , Russian Federation, ASN57724 (DDOS-GUARD, RU), Reverse DNS ddos-guard.net Software Apache / Resource Hash `bd5f582c4692f5cb96f57ac983c5b0a4a268f030202c3fddf76c4fe0168a4899` Request headers Referer https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/screen.css Origin https://access-3648w86gd9097.cj1-ap4.su accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Tue, 27 Dec 2022 10:08:34 GMT Last-Modified Fri, 13 Nov 2020 08:56:46 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 350737
GET H/1.1	404 Not Found	fontawesome-webfont.woff access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/	0 0	49ms 48ms	Font text/html	185.149.120.121 DDOS-GUARD
General Check archive.org Show headers Download Go to Full URL https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/fontawesome-webfont.woff Requested by Host: access-3648w86gd9097.cj1-ap4.su URL: https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/screen.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.149.120.121 , Russian Federation, ASN57724 (DDOS-GUARD, RU), Reverse DNS ddos-guard.net Software Apache / Resource Hash Request headers Referer https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/screen.css Origin https://access-3648w86gd9097.cj1-ap4.su accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Tue, 27 Dec 2022 10:08:34 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=94 Content-Length 315 Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	fontawesome-webfont.ttf access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/	162 KB 162 KB	309ms 307ms	Font font/ttf	185.149.120.121 DDOS-GUARD
General Check archive.org Show headers Download Go to Full URL https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/fontawesome-webfont.ttf Requested by Host: access-3648w86gd9097.cj1-ap4.su URL: https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/screen.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.149.120.121 , Russian Federation, ASN57724 (DDOS-GUARD, RU), Reverse DNS ddos-guard.net Software Apache / Resource Hash `aa58f33f239a0fb02f5c7a6c45c043d7a9ac9a093335806694ecd6d4edc0d6a8` Request headers Referer https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/screen.css Origin https://access-3648w86gd9097.cj1-ap4.su accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Tue, 27 Dec 2022 10:08:34 GMT Last-Modified Fri, 13 Nov 2020 08:56:46 GMT Server Apache Content-Type font/ttf Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=93 Content-Length 165548

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DPD (Transportation)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange function| validateAddress function| validateDidi

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

10 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/fontawesome-webfont.woff2 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/fontawesome-webfont.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
other	warning	URL: https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php Message: Failed to decode downloaded font: https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/screen.css
other	warning	URL: https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php Message: OTS parsing error: invalid sfntVersion: 1752460652
other	warning	URL: https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php Message: Failed to decode downloaded font: https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/screen.css
other	warning	URL: https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php Message: OTS parsing error: invalid sfntVersion: 1752460652
other	warning	URL: https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php Message: Failed to decode downloaded font: https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/screen.css
other	warning	URL: https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php Message: OTS parsing error: invalid sfntVersion: 1752460652
other	warning	URL: https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php Message: Failed to decode downloaded font: https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/welcome/screen.css
other	warning	URL: https://access-3648w86gd9097.cj1-ap4.su/26-12-2022/dpd/barclaypayment.php Message: OTS parsing error: invalid sfntVersion: 1752460652

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

access-3648w86gd9097.cj1-ap4.su
185.149.120.121
0655276f9d154c6d4c153939c0f2c3dfccb4c8945c011a01a1d6049e65b34b25
12e1c05feaf2f0c9d7311040474b90c754a6962a580bd59f15bdcf3df2989968
161cd4bc8e59d504839a8248c81bfa8fad578ca9b0530ab7c99f806a73c4e1c3
28ec2083d618b5eeca59076da43a82addfea8841e172486aa6feafe72880e318
6a1aec186966f7471b10efd09aeaf6336278cfec3fe21877d26d785a2530f97a
9e462606602d426b676f2b6f9c0b6629b02f91204214898f7d4a56749c4e00d0
a3cad17da1326292ee82711b54f0cddb52bf550bf4aeb6f7ee9851cd33fe30b5
aa58f33f239a0fb02f5c7a6c45c043d7a9ac9a093335806694ecd6d4edc0d6a8
bb3314682a4e0ee4c89460a7410b9fc5d1b41d629d62e8ab055679dc0dce1de7
bd5f582c4692f5cb96f57ac983c5b0a4a268f030202c3fddf76c4fe0168a4899
cb2857dc78e90e87a97fefa96d800c022e3491994a4ab7a833c56efd4524a462
d1279be257d81aff851b00ab49ba9bf8699eae1613582f5b6a9fcb630d939094
dd8e3896584f14411d09bec0f4ea78f7cc922766361557ee6192aa6924d19306
df36784020de74eecca9ccf4cdd2f1d1fa4f818ad88361deb38853ca8cc0e78a
e86f711febfea65d435366b3383974830c0145cf22c90c0aaa823d7ca6c6520a
edef66a2065dc21083c858393df0f2270317e409d4e2ded03589ec30e6a5c818

access-3648w86gd9097.cj1-ap4.su Open in urlscan Pro 185.149.120.121 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

19 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

1318 kBTransfer

1314 kBSize

0 Cookies

0 Outgoing links

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

10 Console Messages

Indicators

access-3648w86gd9097.cj1-ap4.su Open in urlscan Pro
185.149.120.121 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

1318 kB
Transfer

1314 kB
Size

0
Cookies

19 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!