myrtle.com.pk Open in urlscan Pro
192.185.198.14 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://dezede.it/
Effective URL:
https://myrtle.com.pk/meta/F004f19441/00951124a.php?web=succes&local=_&id=82061080
Submission: On October 09 via api (October 9th 2023, 6:44:18 am UTC) from NL — Scanned from CH

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 2 countries across 2 domains to perform 8 HTTP transactions. The main IP is 192.185.198.14, located in United States and belongs to NETWORK-SOLUTIONS-HOSTING, US. The main domain is myrtle.com.pk.
TLS certificate: Issued by R3 on October 4th 2023. Valid for: 3 months.

This is the only time myrtle.com.pk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DHL (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1 1	217.160.133.98 217.160.133.98	8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS)
3 11	192.185.198.14 192.185.198.14	19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
8	1

1 217.160.133.98 (Germany) 1 redirects

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: s22944692.onlinehome-server.info

dezede.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 192.185.198.14 (United States) 3 redirects

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 192-185-198-14.unifiedlayer.com

myrtle.com.pk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	myrtle.com.pk 3 redirects myrtle.com.pk	219 KB
1	dezede.it 1 redirects dezede.it	134 B
8	2

	Domain	Requested by
11	myrtle.com.pk	3 redirects myrtle.com.pk
1	dezede.it	1 redirects
8	2

This site contains no links.

Subject Issuer	Validity	Valid
myrtle.com.pk R3	`2023-10-04` - `2024-01-02`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://myrtle.com.pk/meta/F004f19441/00951124a.php?web=succes&local=_&id=82061080
Frame ID: F3CBE1F88E616D008E6501D6B17ACD86
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

herzlich willkommen

Page URL History Show full URLs

https://dezede.it/ HTTP 302
https://myrtle.com.pk/meta HTTP 301
https://myrtle.com.pk/meta/ HTTP 302
https://myrtle.com.pk/meta/F004f19441/index.php?valid=true&id=26621037 HTTP 302
https://myrtle.com.pk/meta/F004f19441/00951124a.php?web=succes&local=_&id=82061080 Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

219 kB
Transfer

400 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://dezede.it/ HTTP 302
https://myrtle.com.pk/meta HTTP 301
https://myrtle.com.pk/meta/ HTTP 302
https://myrtle.com.pk/meta/F004f19441/index.php?valid=true&id=26621037 HTTP 302
https://myrtle.com.pk/meta/F004f19441/00951124a.php?web=succes&local=_&id=82061080 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request 00951124a.php Show response myrtle.com.pk/meta/F004f19441/ Redirect Chain https://dezede.it/ https://myrtle.com.pk/meta https://myrtle.com.pk/meta/ https://myrtle.com.pk/meta/F004f19441/index.php?valid=true&id=26621037 https://myrtle.com.pk/meta/F004f19441/00951124a.php?web=succes&local=_&id=82061080	3 KB 1 KB	162ms 162ms	Document text/html	192.185.198.14 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Full URL https://myrtle.com.pk/meta/F004f19441/00951124a.php?web=succes&local=_&id=82061080 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.198.14 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS 192-185-198-14.unifiedlayer.com Software Apache / Resource Hash `426150d6bdb661bc644900bf03c5d6346dff583ae2de6df9780daea72c84ff57` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 accept-language de-CH,de;q=0.9 Response headers cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 content-encoding gzip content-length 1275 content-type text/html; charset-UTF-8;charset=UTF-8 date Mon, 09 Oct 2023 06:44:13 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server Apache vary Accept-Encoding Redirect headers cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 content-encoding gzip content-length 311 content-type text/html; charset-UTF-8;charset=UTF-8 date Mon, 09 Oct 2023 06:44:12 GMT expires Thu, 19 Nov 1981 08:52:00 GMT location ./00951124a.php?web=succes&local=_&id=82061080 pragma no-cache server Apache vary Accept-Encoding
GET H2	200	style.css myrtle.com.pk/meta/F004f19441/layout/css/	208 KB 82 KB	290ms 289ms	Stylesheet text/css	192.185.198.14 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Full URL https://myrtle.com.pk/meta/F004f19441/layout/css/style.css Requested by Host: myrtle.com.pk URL: https://myrtle.com.pk/meta/F004f19441/00951124a.php?web=succes&local=_&id=82061080 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.198.14 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS 192-185-198-14.unifiedlayer.com Software Apache / Resource Hash `4f8f4fd45d94287ee659e98b6351916a02a5cbf388a53a31fa0219e06a7d03b0` Request headers accept-language de-CH,de;q=0.9 Referer https://myrtle.com.pk/meta/F004f19441/00951124a.php?web=succes&local=_&id=82061080 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Mon, 09 Oct 2023 06:44:13 GMT content-encoding gzip last-modified Sat, 01 May 2021 11:00:42 GMT server Apache accept-ranges bytes vary Accept-Encoding content-type text/css
GET H2	200	style.js Show response myrtle.com.pk/meta/F004f19441/layout/js/	96 KB 42 KB	290ms 290ms	Script application/javascript	192.185.198.14 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Full URL https://myrtle.com.pk/meta/F004f19441/layout/js/style.js Requested by Host: myrtle.com.pk URL: https://myrtle.com.pk/meta/F004f19441/00951124a.php?web=succes&local=_&id=82061080 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.198.14 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS 192-185-198-14.unifiedlayer.com Software Apache / Resource Hash `b56dd0f5e443608e46b42696f86fe376190c1688f2586cf5345b0b43f2973a5c` Request headers accept-language de-CH,de;q=0.9 Referer https://myrtle.com.pk/meta/F004f19441/00951124a.php?web=succes&local=_&id=82061080 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Mon, 09 Oct 2023 06:44:13 GMT content-encoding gzip last-modified Sun, 11 Nov 2018 21:23:54 GMT server Apache accept-ranges bytes vary Accept-Encoding content-type application/javascript
GET H2	200	lg.svg myrtle.com.pk/meta/F004f19441/layout/img/	2 KB 2 KB	180ms 180ms	Image image/svg+xml	192.185.198.14 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Show image Full URL https://myrtle.com.pk/meta/F004f19441/layout/img/lg.svg Requested by Host: myrtle.com.pk URL: https://myrtle.com.pk/meta/F004f19441/00951124a.php?web=succes&local=_&id=82061080 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.198.14 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS 192-185-198-14.unifiedlayer.com Software Apache / Resource Hash `aeed178a287002e32c4a7767dc24b3c732a812cdd42017835055e42db4d2eae1` Request headers accept-language de-CH,de;q=0.9 Referer https://myrtle.com.pk/meta/F004f19441/00951124a.php?web=succes&local=_&id=82061080 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Mon, 09 Oct 2023 06:44:13 GMT last-modified Thu, 15 Aug 2019 02:02:52 GMT server Apache accept-ranges bytes content-length 2040 content-type image/svg+xml
GET H2	200	pak.png myrtle.com.pk/meta/F004f19441/layout/img/	878 B 976 B	178ms 178ms	Image image/png	192.185.198.14 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Show image Full URL https://myrtle.com.pk/meta/F004f19441/layout/img/pak.png Requested by Host: myrtle.com.pk URL: https://myrtle.com.pk/meta/F004f19441/00951124a.php?web=succes&local=_&id=82061080 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.198.14 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS 192-185-198-14.unifiedlayer.com Software Apache / Resource Hash `4057023fcfa4360934b1a1409a74a40ffbc2bb7dacd2bcc6f69d66a9673f09e8` Request headers accept-language de-CH,de;q=0.9 Referer https://myrtle.com.pk/meta/F004f19441/00951124a.php?web=succes&local=_&id=82061080 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Mon, 09 Oct 2023 06:44:13 GMT last-modified Thu, 15 Aug 2019 03:02:56 GMT server Apache content-type image/png cache-control max-age=2592000 accept-ranges bytes content-length 878 expires Wed, 08 Nov 2023 06:44:13 GMT
GET H2	200	ta3.svg myrtle.com.pk/meta/F004f19441/layout/img/	2 KB 2 KB	163ms 163ms	Image image/svg+xml	192.185.198.14 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Show image Full URL https://myrtle.com.pk/meta/F004f19441/layout/img/ta3.svg Requested by Host: myrtle.com.pk URL: https://myrtle.com.pk/meta/F004f19441/00951124a.php?web=succes&local=_&id=82061080 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.198.14 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS 192-185-198-14.unifiedlayer.com Software Apache / Resource Hash `42794908246997d603888b2c2098941e0c3f9b7b0f719134365789189c7edac0` Request headers accept-language de-CH,de;q=0.9 Referer https://myrtle.com.pk/meta/F004f19441/00951124a.php?web=succes&local=_&id=82061080 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Mon, 09 Oct 2023 06:44:13 GMT last-modified Thu, 15 Aug 2019 23:27:28 GMT server Apache accept-ranges bytes content-length 1917 content-type image/svg+xml
GET H2	200	pub.jpg myrtle.com.pk/meta/F004f19441/layout/img/	80 KB 80 KB	161ms 161ms	Image image/jpeg	192.185.198.14 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Show image Full URL https://myrtle.com.pk/meta/F004f19441/layout/img/pub.jpg Requested by Host: myrtle.com.pk URL: https://myrtle.com.pk/meta/F004f19441/00951124a.php?web=succes&local=_&id=82061080 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.198.14 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS 192-185-198-14.unifiedlayer.com Software Apache / Resource Hash `fd6d79b881550d2aced201e506cbd7dfacafc19c16db81a655ad06f2835819c5` Request headers accept-language de-CH,de;q=0.9 Referer https://myrtle.com.pk/meta/F004f19441/00951124a.php?web=succes&local=_&id=82061080 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Mon, 09 Oct 2023 06:44:13 GMT last-modified Thu, 15 Aug 2019 02:59:12 GMT server Apache content-type image/jpeg cache-control max-age=2592000 accept-ranges bytes content-length 82133 expires Wed, 08 Nov 2023 06:44:13 GMT
GET H2	200	pubr.gif myrtle.com.pk/meta/F004f19441/layout/img/	8 KB 8 KB	159ms 159ms	Image image/gif	192.185.198.14 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Show image Full URL https://myrtle.com.pk/meta/F004f19441/layout/img/pubr.gif Requested by Host: myrtle.com.pk URL: https://myrtle.com.pk/meta/F004f19441/00951124a.php?web=succes&local=_&id=82061080 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.198.14 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS 192-185-198-14.unifiedlayer.com Software Apache / Resource Hash `38d38e7a9e31f364cf1238ed6efcad478b3d71b56a8070c7aeda136e7a09dfa6` Request headers accept-language de-CH,de;q=0.9 Referer https://myrtle.com.pk/meta/F004f19441/00951124a.php?web=succes&local=_&id=82061080 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Mon, 09 Oct 2023 06:44:13 GMT last-modified Thu, 15 Aug 2019 06:49:28 GMT server Apache content-type image/gif cache-control max-age=2592000 accept-ranges bytes content-length 8344 expires Wed, 08 Nov 2023 06:44:13 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DHL (Transportation)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| preventBack object| Modernizr function| $ function| jQuery

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			myrtle.com.pk/	1969-12-31 23:59:59	Name: PHPSESSID Value: lh17tg8jj06fl9u9kd89q66g93

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dezede.it
myrtle.com.pk
192.185.198.14
217.160.133.98
38d38e7a9e31f364cf1238ed6efcad478b3d71b56a8070c7aeda136e7a09dfa6
4057023fcfa4360934b1a1409a74a40ffbc2bb7dacd2bcc6f69d66a9673f09e8
426150d6bdb661bc644900bf03c5d6346dff583ae2de6df9780daea72c84ff57
42794908246997d603888b2c2098941e0c3f9b7b0f719134365789189c7edac0
4f8f4fd45d94287ee659e98b6351916a02a5cbf388a53a31fa0219e06a7d03b0
aeed178a287002e32c4a7767dc24b3c732a812cdd42017835055e42db4d2eae1
b56dd0f5e443608e46b42696f86fe376190c1688f2586cf5345b0b43f2973a5c
fd6d79b881550d2aced201e506cbd7dfacafc19c16db81a655ad06f2835819c5

myrtle.com.pk Open in urlscan Pro 192.185.198.14 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

8 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

1 IPs

2 Countries

219 kBTransfer

400 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

1 Cookies

Indicators

myrtle.com.pk Open in urlscan Pro
192.185.198.14 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

219 kB
Transfer

400 kB
Size

1
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!