dostawdhl.com Open in urlscan Pro
2606:4700:3033::ac43:80d7 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://dostawdhl.com/ux38?r7738910
Effective URL:
https://dostawdhl.com/Jw6iK2zJ9/VRcw5b
Submission: On November 16 via manual (November 16th 2020, 8:34:41 pm UTC) from PL

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 13 HTTP transactions. The main IP is 2606:4700:3033::ac43:80d7, located in United States and belongs to CLOUDFLARENET, US. The main domain is dostawdhl.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on November 16th 2020. Valid for: a year.

This is the only time dostawdhl.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayU (Financial)

Domain & IP information

	IP Address		AS Autonomous System
2 15	2606:4700:303... 2606:4700:3033::ac43:80d7		13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	1

15 2606:4700:3033::ac43:80d7 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

dostawdhl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	dostawdhl.com 2 redirects dostawdhl.com	644 KB
13	1

	Domain	Requested by
15	dostawdhl.com	2 redirects dostawdhl.com
13	1

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-11-16` - `2021-11-15`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://dostawdhl.com/Jw6iK2zJ9/VRcw5b
Frame ID: 27C9495F2655A84BFA57FE83094FE079
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://dostawdhl.com/ux38?r7738910 HTTP 301
https://dostawdhl.com/ux38?r7738910 HTTP 302
https://dostawdhl.com/Jw6iK2zJ9/VRcw5b Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

13
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

643 kB
Transfer

741 kB
Size

7
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://dostawdhl.com/ux38?r7738910 HTTP 301
https://dostawdhl.com/ux38?r7738910 HTTP 302
https://dostawdhl.com/Jw6iK2zJ9/VRcw5b Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request VRcw5b Show response dostawdhl.com/Jw6iK2zJ9/ Redirect Chain http://dostawdhl.com/ux38?r7738910 https://dostawdhl.com/ux38?r7738910 https://dostawdhl.com/Jw6iK2zJ9/VRcw5b	13 KB 4 KB	78ms 78ms	Document text/html	2606:4700:3033::ac43:80d7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://dostawdhl.com/Jw6iK2zJ9/VRcw5b Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::ac43:80d7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.7RC1 Resource Hash `13a97cd53edfadbc20c4b4dcdcae78663d9727b883219db08b49372acb05a5d4` Request headers :method GET :authority dostawdhl.com :scheme https :path /Jw6iK2zJ9/VRcw5b pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US cookie __cfduid=d838aa140ec324c47f209e793b9c7e6941605558863 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 date Mon, 16 Nov 2020 20:34:23 GMT content-type text/html; charset=UTF-8 vary Accept-Encoding x-powered-by PHP/7.4.7RC1 set-cookie PHPSESSID=eq42habg2fch2rl4or69h2ulp9; path=/ 58aa4e1a2f544a3a0e2a7a1d647e0029=3005871050; expires=Mon, 16-Nov-2020 21:34:59 GMT; Max-Age=3636 2ddc2911b84b50c1083523ae92d74e78=4040500205; expires=Mon, 16-Nov-2020 21:36:56 GMT; Max-Age=3753 a43a3ab69d161c599d33dbb64f19771a=2239397684; expires=Mon, 16-Nov-2020 21:29:45 GMT; Max-Age=3322 44667c192c6e7dc187ef7ad63114e1a3=1966031785; expires=Mon, 16-Nov-2020 21:35:14 GMT; Max-Age=3651 328f2cbe1334ebc3433ad5937f15bcfa=447095272; expires=Mon, 16-Nov-2020 21:31:31 GMT; Max-Age=3428 expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate pragma no-cache cf-cache-status DYNAMIC cf-request-id 06745d1f630000dfdbc63af000000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=xFDTcv1FwTMls4MqNwc00qp5jPzsp0034svzDA0roqDKtscBuS3Pa61f8gs2ufTWnegwqOzQzTJrVe0%2FaZkuaWtm9BusmkKUz3fK%2F9qXE9XKgjYhW8btbH2i"}],"group":"cf-nel","max_age":604800} nel {"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 5f33fe123a34dfdb-FRA content-encoding br Redirect headers status 302 date Mon, 16 Nov 2020 20:34:23 GMT content-type text/html; charset=UTF-8 set-cookie __cfduid=d838aa140ec324c47f209e793b9c7e6941605558863; expires=Wed, 16-Dec-20 20:34:23 GMT; path=/; domain=.dostawdhl.com; HttpOnly; SameSite=Lax; Secure x-powered-by PHP/7.4.7RC1 location https://dostawdhl.com/Jw6iK2zJ9/VRcw5b cf-cache-status DYNAMIC cf-request-id 06745d1e970000dfdbcab47000000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=cFIz6nB1g%2BR5JP4BH1rBk5cAco0kOvpIRDcJE5FMwsIGm%2Fawdz04w6210HZZ5Yc8yOk0a1l5WXAyXorBuVLyBouC1nyqFwi4n3q0eZRiTneWlmAHzoh1lBzU"}],"group":"cf-nel","max_age":604800} nel {"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 5f33fe10fe90dfdb-FRA
GET H2	200	cb5a6ca947cb27cacbcbaaae649c75ffc.css dostawdhl.com/Jw6iK2zJ9/css/	38 KB 9 KB	116ms 116ms	Stylesheet text/css	2606:4700:3033::ac43:80d7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://dostawdhl.com/Jw6iK2zJ9/css/cb5a6ca947cb27cacbcbaaae649c75ffc.css Requested by Host: dostawdhl.com URL: https://dostawdhl.com/Jw6iK2zJ9/VRcw5b Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::ac43:80d7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.7RC1 Resource Hash `277e6ea7621c274b484d23682eeda9b4b0779cfc1b9bc67de508925227f0d4e8` Request headers Referer https://dostawdhl.com/Jw6iK2zJ9/VRcw5b User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 16 Nov 2020 20:34:23 GMT content-encoding br cf-cache-status BYPASS nel {"report_to":"cf-nel","max_age":604800} x-powered-by PHP/7.4.7RC1 status 200 cf-request-id 06745d1fb80000dfdb968eb000000001 pragma no-cache server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=4hpQ0yaN0vt%2BauiTmBgEups9x%2B1%2FnlpL%2BrOR%2BzBYMbdRe24wwyZmoh4ZQRubhKhzsQ1eyQME0fAu5TRjvhsczLq99dBgAu2%2F2j2d%2BS%2Fh%2Fbng06Yl869jRvGF"}],"group":"cf-nel","max_age":604800} content-type text/css;charset=UTF-8 cache-control no-store, no-cache, must-revalidate cf-ray 5f33fe12bb31dfdb-FRA expires Thu, 19 Nov 1981 08:52:00 GMT
GET H2	200	jquery.js Show response dostawdhl.com/Jw6iK2zJ9/	86 KB 30 KB	146ms 146ms	Script application/javascript	2606:4700:3033::ac43:80d7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://dostawdhl.com/Jw6iK2zJ9/jquery.js Requested by Host: dostawdhl.com URL: https://dostawdhl.com/Jw6iK2zJ9/VRcw5b Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::ac43:80d7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a` Request headers Referer https://dostawdhl.com/Jw6iK2zJ9/VRcw5b User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 16 Nov 2020 20:34:23 GMT content-encoding br cf-cache-status MISS nel {"report_to":"cf-nel","max_age":604800} status 200 cf-request-id 06745d1fb80000dfdb0d8ad000000001 last-modified Fri, 06 Mar 2020 13:17:46 GMT server cloudflare etag W/"5e624d7a-15851" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=MxI8L3M67%2FqIq40na4oG9NI9T2Zvczu7eFlWcxmqwsiYxdaioMiVtkDj045N%2FRv%2Fcrz3DUEFDlRIx0PvuaIDj9wxB5SMEAMnHxzLlTwYxpkklDBk9xwWy2so"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=315360000 cf-ray 5f33fe12bb33dfdb-FRA expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	514dcbcee7263e99462d5b3826756847.jpg dostawdhl.com/Jw6iK2zJ9/css/	59 KB 60 KB	99ms 99ms	Image image/jpeg	2606:4700:3033::ac43:80d7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://dostawdhl.com/Jw6iK2zJ9/css/514dcbcee7263e99462d5b3826756847.jpg Requested by Host: dostawdhl.com URL: https://dostawdhl.com/Jw6iK2zJ9/css/cb5a6ca947cb27cacbcbaaae649c75ffc.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::ac43:80d7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.7RC1 Resource Hash `c8e2e361fce5e8001a093bb070e80cb9d716a3f24652e827bf39279570176fdb` Request headers Referer https://dostawdhl.com/Jw6iK2zJ9/css/cb5a6ca947cb27cacbcbaaae649c75ffc.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma no-cache date Mon, 16 Nov 2020 20:34:24 GMT cf-cache-status BYPASS nel {"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.4.7RC1 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=VrM6c7lywHhReEAEoAmC4WjuMVU0qzj8TbH6134cJ4yzmz0oX7KqhtakwvdZcPkSaJK8e07%2BlxgFeJdzlKsMQSdNhh2keoxE5boy1PZLEjDWhsAzVB%2FiiJbc"}],"group":"cf-nel","max_age":604800} content-type image/jpeg status 200 cache-control no-store, no-cache, must-revalidate cf-ray 5f33fe13cda0dfdb-FRA cf-request-id 06745d205c0000dfdbe52b2000000001 expires Thu, 19 Nov 1981 08:52:00 GMT
GET H2	200	541844a001e92f98d65d1b52b09ce812.png dostawdhl.com/Jw6iK2zJ9/css/	5 KB 6 KB	98ms 98ms	Image image/png	2606:4700:3033::ac43:80d7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://dostawdhl.com/Jw6iK2zJ9/css/541844a001e92f98d65d1b52b09ce812.png Requested by Host: dostawdhl.com URL: https://dostawdhl.com/Jw6iK2zJ9/css/cb5a6ca947cb27cacbcbaaae649c75ffc.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::ac43:80d7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.7RC1 Resource Hash `2396502d413f5abd7b7d104bf7242b0acf6a45e3eef20cd66f980691ed17dae3` Request headers Referer https://dostawdhl.com/Jw6iK2zJ9/css/cb5a6ca947cb27cacbcbaaae649c75ffc.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 16 Nov 2020 20:34:24 GMT cf-cache-status BYPASS nel {"report_to":"cf-nel","max_age":604800} x-powered-by PHP/7.4.7RC1 status 200 content-length 5442 cf-request-id 06745d205d0000dfdb9bb72000000001 pragma no-cache server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=DglJihxLdo4QGQmqDd6CQlugjnmQG7Tnddqdesf3CqArcw8Bvjb9rBzXB9Am%2BboqZYBs4vh%2FKurVJrVN8AJyEWu6Rrh6apSLL%2BTzJEl5xO6fms9mEEN4qY%2B8"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control no-store, no-cache, must-revalidate accept-ranges bytes cf-ray 5f33fe13cda3dfdb-FRA expires Thu, 19 Nov 1981 08:52:00 GMT
GET H2	200	bb51009534b66ecea5443e155979e1cb.png dostawdhl.com/Jw6iK2zJ9/css/	135 KB 135 KB	338ms 338ms	Image image/png	2606:4700:3033::ac43:80d7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://dostawdhl.com/Jw6iK2zJ9/css/bb51009534b66ecea5443e155979e1cb.png Requested by Host: dostawdhl.com URL: https://dostawdhl.com/Jw6iK2zJ9/css/cb5a6ca947cb27cacbcbaaae649c75ffc.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::ac43:80d7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.7RC1 Resource Hash `cbc7c1b2ae5ded23ca8428554553bb9f53b174bc73faca435ca5574d7e9da752` Request headers Referer https://dostawdhl.com/Jw6iK2zJ9/css/cb5a6ca947cb27cacbcbaaae649c75ffc.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma no-cache date Mon, 16 Nov 2020 20:34:24 GMT cf-cache-status BYPASS nel {"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.4.7RC1 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=C4PNZqICBz3r1jMKVm5qIBW5jDzmOEpAyifiBHlGO8JGT4zaZFL8leE%2F4o6kVaoCMbx0YZKTAkYyNOQ2a27k6W%2FbUUthlR70L7K4uzsLm0tsl7BYO%2FRS1btd"}],"group":"cf-nel","max_age":604800} content-type image/png status 200 cache-control no-store, no-cache, must-revalidate cf-ray 5f33fe13cda8dfdb-FRA cf-request-id 06745d20600000dfdb99b27000000001 expires Thu, 19 Nov 1981 08:52:00 GMT
GET H2	200	8a56280be7a5f292be01f03a4f5917fa.png dostawdhl.com/Jw6iK2zJ9/css/	1 KB 2 KB	140ms 139ms	Image image/png	2606:4700:3033::ac43:80d7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://dostawdhl.com/Jw6iK2zJ9/css/8a56280be7a5f292be01f03a4f5917fa.png Requested by Host: dostawdhl.com URL: https://dostawdhl.com/Jw6iK2zJ9/css/cb5a6ca947cb27cacbcbaaae649c75ffc.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::ac43:80d7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.7RC1 Resource Hash `fc615b505e432c6840ec30cb577293760e1936b6dccb707a7b67fe16f525cd4d` Request headers Referer https://dostawdhl.com/Jw6iK2zJ9/css/cb5a6ca947cb27cacbcbaaae649c75ffc.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 16 Nov 2020 20:34:24 GMT cf-cache-status BYPASS nel {"report_to":"cf-nel","max_age":604800} x-powered-by PHP/7.4.7RC1 status 200 content-length 1393 cf-request-id 06745d205d0000dfdbaf8ea000000001 pragma no-cache server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=rvjfJcSD30lZFUv8xTk7rtcmAqjs%2BR5iQ1LjaGwS43Auk1QEXsD8uIf%2FMPT5ELrKAB3X%2BFFqb4c%2B%2B0qyYikK7mCBbRF0Kqa%2BvPlgwvCMW%2FZ9jcOn3GLyHczF"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control no-store, no-cache, must-revalidate accept-ranges bytes cf-ray 5f33fe13cdabdfdb-FRA expires Thu, 19 Nov 1981 08:52:00 GMT
GET H2	200	opensans-regular-webfont.woff dostawdhl.com/Jw6iK2zJ9/css/fonts/	87 KB 88 KB	225ms 224ms	Font application/font-woff	2606:4700:3033::ac43:80d7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://dostawdhl.com/Jw6iK2zJ9/css/fonts/opensans-regular-webfont.woff Requested by Host: dostawdhl.com URL: https://dostawdhl.com/Jw6iK2zJ9/css/cb5a6ca947cb27cacbcbaaae649c75ffc.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::ac43:80d7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `9650a5ba277274205e90974e7fb4183289ca51653c33fc291ad064bf8dd998e1` Request headers Origin https://dostawdhl.com Referer https://dostawdhl.com/Jw6iK2zJ9/css/cb5a6ca947cb27cacbcbaaae649c75ffc.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 16 Nov 2020 20:34:24 GMT content-encoding br cf-cache-status MISS last-modified Sun, 21 Oct 2018 18:37:28 GMT server cloudflare etag W/"15de8-578c16db2aa00" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=jOJy6aPvY7g4lq%2BpxaNM6zmQNt4DWvd%2BRL%2FvhrUo0764cDB3qLgTaeWJw9BkTmi20NgBPxREIZ76BG2YvAKXc0pGEmYtu9x18eJDbZEyW96hohjudf%2FUlKBd"}],"group":"cf-nel","max_age":604800} content-type application/font-woff status 200 cache-control max-age=14400 nel {"report_to":"cf-nel","max_age":604800} cf-ray 5f33fe13cdafdfdb-FRA cf-request-id 06745d205e0000dfdb17995000000001
GET H2	200	opensans-light-webfont.woff dostawdhl.com/Jw6iK2zJ9/css/fonts/	84 KB 84 KB	451ms 450ms	Font application/font-woff	2606:4700:3033::ac43:80d7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://dostawdhl.com/Jw6iK2zJ9/css/fonts/opensans-light-webfont.woff Requested by Host: dostawdhl.com URL: https://dostawdhl.com/Jw6iK2zJ9/css/cb5a6ca947cb27cacbcbaaae649c75ffc.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::ac43:80d7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0fe491e2047389b9deb7a06fd36de7fec03af2791ec29461be02571cbebdb4ab` Request headers Origin https://dostawdhl.com Referer https://dostawdhl.com/Jw6iK2zJ9/css/cb5a6ca947cb27cacbcbaaae649c75ffc.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 16 Nov 2020 20:34:24 GMT content-encoding br cf-cache-status MISS last-modified Sun, 21 Oct 2018 18:36:32 GMT server cloudflare etag W/"15000-578c16a5c2c00" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=RNLABcISS0rpE%2BKI0KyW77V7FXANJ1UK2v8VhiHAFOfGJgNgDq8hJNTPp58kRHWFfqB6BdGDbXA2%2FL1XnbSkrzHaqSBBl214apGNc3uwkQvSYDCVHy6aKxb6"}],"group":"cf-nel","max_age":604800} content-type application/font-woff status 200 cache-control max-age=14400 nel {"report_to":"cf-nel","max_age":604800} cf-ray 5f33fe13ddccdfdb-FRA cf-request-id 06745d20640000dfdbd33c4000000001
GET H2	200	opensans-semibold-webfont.woff dostawdhl.com/Jw6iK2zJ9/css/fonts/	89 KB 89 KB	244ms 244ms	Font application/font-woff	2606:4700:3033::ac43:80d7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://dostawdhl.com/Jw6iK2zJ9/css/fonts/opensans-semibold-webfont.woff Requested by Host: dostawdhl.com URL: https://dostawdhl.com/Jw6iK2zJ9/css/cb5a6ca947cb27cacbcbaaae649c75ffc.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::ac43:80d7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `431817115e31ff8604ab76a86ce6ed55d02cd5ea7332bd0ed3d15d9b5bf9aaae` Request headers Origin https://dostawdhl.com Referer https://dostawdhl.com/Jw6iK2zJ9/css/cb5a6ca947cb27cacbcbaaae649c75ffc.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 16 Nov 2020 20:34:24 GMT content-encoding br cf-cache-status MISS last-modified Sun, 21 Oct 2018 18:38:38 GMT server cloudflare etag W/"16420-578c171dec780" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=L42O1YW1H5vBkG3x2VTSwDPo96eS1vwXVfCjPk%2BTrMbMXNbSbXK2oWWcLLMFI7Cz%2FdHa%2F8j3kQ2%2FTG1gRPBNcy7DW81io50OSlgr8vxg4OGBko5aWtF%2FonvG"}],"group":"cf-nel","max_age":604800} content-type application/font-woff status 200 cache-control max-age=14400 nel {"report_to":"cf-nel","max_age":604800} cf-ray 5f33fe13ddcfdfdb-FRA cf-request-id 06745d20650000dfdbc3291000000001
GET H2	200	PFBeauSansPro-Bold.woff dostawdhl.com/Jw6iK2zJ9/css/fonts/	142 KB 136 KB	359ms 359ms	Font application/font-woff	2606:4700:3033::ac43:80d7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://dostawdhl.com/Jw6iK2zJ9/css/fonts/PFBeauSansPro-Bold.woff Requested by Host: dostawdhl.com URL: https://dostawdhl.com/Jw6iK2zJ9/css/cb5a6ca947cb27cacbcbaaae649c75ffc.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::ac43:80d7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c8b380cdc92601f7195d0cd34c777bcdee7dcd285e110534a8cf48bfa7d8b2e8` Request headers Origin https://dostawdhl.com Referer https://dostawdhl.com/Jw6iK2zJ9/css/cb5a6ca947cb27cacbcbaaae649c75ffc.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 16 Nov 2020 20:34:24 GMT content-encoding br cf-cache-status MISS last-modified Sun, 21 Oct 2018 18:35:56 GMT server cloudflare etag W/"2374c-578c16836db00" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=3Eswi419hblUBs4TnpLfLTLRjRcpauotfviiADqRnMrnH2H6BFzyeIKD08iyovYRaKWN%2FAvAa84jewk%2B4Dg%2Fdq9NHOFNPMy%2FsVavuss7M1TotwErup5kDtIx"}],"group":"cf-nel","max_age":604800} content-type application/font-woff status 200 cache-control max-age=14400 nel {"report_to":"cf-nel","max_age":604800} cf-ray 5f33fe13ddd2dfdb-FRA cf-request-id 06745d20650000dfdbe52b3000000001
POST H2	200	online.php Show response dostawdhl.com/Jw6iK2zJ9/	0 617 B	102ms 102ms	XHR text/html	2606:4700:3033::ac43:80d7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://dostawdhl.com/Jw6iK2zJ9/online.php Requested by Host: dostawdhl.com URL: https://dostawdhl.com/Jw6iK2zJ9/jquery.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::ac43:80d7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.7RC1 Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept / Referer https://dostawdhl.com/Jw6iK2zJ9/VRcw5b X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers pragma no-cache date Mon, 16 Nov 2020 20:34:34 GMT content-encoding br cf-cache-status DYNAMIC nel {"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.4.7RC1 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=NhXgXM12Pj21ZmNP7F2Iaw8HgySVCLjzCIKoIGX%2FpvU61sqRVJvhJH6lO5rLNmHSSgKXM0H755o9txjDh9e%2FKdNSPLm0xuepPx1wFt7Q0ep8RBCM6V3xUpes"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 status 200 cache-control no-store, no-cache, must-revalidate cf-ray 5f33fe52dd25dfdb-FRA cf-request-id 06745d47c30000dfdb1c327000000001 expires Thu, 19 Nov 1981 08:52:00 GMT
POST H2	200	online.php Show response dostawdhl.com/Jw6iK2zJ9/	0 305 B	97ms 97ms	XHR text/html	2606:4700:3033::ac43:80d7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://dostawdhl.com/Jw6iK2zJ9/online.php Requested by Host: dostawdhl.com URL: https://dostawdhl.com/Jw6iK2zJ9/jquery.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::ac43:80d7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.7RC1 Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept / Referer https://dostawdhl.com/Jw6iK2zJ9/VRcw5b X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers pragma no-cache date Mon, 16 Nov 2020 20:34:35 GMT content-encoding br cf-cache-status DYNAMIC nel {"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.4.7RC1 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=apL8a1ARtuNXYw%2BspHpoYeySeYYU4t2LBKlONBfL0Ru3UsZU%2FN6ghWJc%2B5VayvK6HBZyLN4l9%2BIdJc8TSQbd7rssdsSmH8HFL%2BD7uRNMJXr5IKLzqxzK6rd4"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 status 200 cache-control no-store, no-cache, must-revalidate cf-ray 5f33fe5cd9e0dfdb-FRA cf-request-id 06745d4e070000dfdbf604b000000001 expires Thu, 19 Nov 1981 08:52:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayU (Financial)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
dostawdhl.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: eq42habg2fch2rl4or69h2ulp9
dostawdhl.com/Jw6iK2zJ9	1970-01-19 13:59:22	Name: 44667c192c6e7dc187ef7ad63114e1a3 Value: 1966031785
dostawdhl.com/Jw6iK2zJ9	1970-01-19 13:59:22	Name: a43a3ab69d161c599d33dbb64f19771a Value: 2239397684
.dostawdhl.com/	1970-01-19 14:42:30	Name: __cfduid Value: d838aa140ec324c47f209e793b9c7e6941605558863
dostawdhl.com/Jw6iK2zJ9	1970-01-19 13:59:22	Name: 328f2cbe1334ebc3433ad5937f15bcfa Value: 447095272
dostawdhl.com/Jw6iK2zJ9	1970-01-19 13:59:22	Name: 2ddc2911b84b50c1083523ae92d74e78 Value: 4040500205
dostawdhl.com/Jw6iK2zJ9	1970-01-19 13:59:22	Name: 58aa4e1a2f544a3a0e2a7a1d647e0029 Value: 3005871050

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dostawdhl.com
2606:4700:3033::ac43:80d7
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0fe491e2047389b9deb7a06fd36de7fec03af2791ec29461be02571cbebdb4ab
13a97cd53edfadbc20c4b4dcdcae78663d9727b883219db08b49372acb05a5d4
2396502d413f5abd7b7d104bf7242b0acf6a45e3eef20cd66f980691ed17dae3
277e6ea7621c274b484d23682eeda9b4b0779cfc1b9bc67de508925227f0d4e8
431817115e31ff8604ab76a86ce6ed55d02cd5ea7332bd0ed3d15d9b5bf9aaae
9650a5ba277274205e90974e7fb4183289ca51653c33fc291ad064bf8dd998e1
c8b380cdc92601f7195d0cd34c777bcdee7dcd285e110534a8cf48bfa7d8b2e8
c8e2e361fce5e8001a093bb070e80cb9d716a3f24652e827bf39279570176fdb
cbc7c1b2ae5ded23ca8428554553bb9f53b174bc73faca435ca5574d7e9da752
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fc615b505e432c6840ec30cb577293760e1936b6dccb707a7b67fe16f525cd4d

dostawdhl.com Open in urlscan Pro 2606:4700:3033::ac43:80d7 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

643 kBTransfer

741 kBSize

7 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

7 Cookies

Indicators

dostawdhl.com Open in urlscan Pro
2606:4700:3033::ac43:80d7 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

643 kB
Transfer

741 kB
Size

7
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!