queenmobile.work
Open in
urlscan Pro
2606:4700:3036::ac43:b0b7
Malicious Activity!
Public Scan
Effective URL: https://queenmobile.work/css/login/
Submission: On February 22 via api from BE — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on January 5th 2024. Valid for: 3 months.
This is the only time queenmobile.work was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DHL (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:10:... 2606:4700:10::6816:7a4 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 18 | 2606:4700:303... 2606:4700:3036::ac43:b0b7 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
18 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
queenmobile.work
1 redirects
queenmobile.work |
590 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 233 |
5 KB |
1 |
snip.ly
1 redirects
snip.ly — Cisco Umbrella Rank: 496728 |
257 B |
18 | 3 |
Domain | Requested by | |
---|---|---|
18 | queenmobile.work |
1 redirects
queenmobile.work
|
1 | cdnjs.cloudflare.com |
queenmobile.work
|
1 | snip.ly | 1 redirects |
18 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
queenmobile.work GTS CA 1P5 |
2024-01-05 - 2024-04-04 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://queenmobile.work/css/login/
Frame ID: 267337E9CAE342E904D7086E5B307C1D
Requests: 18 HTTP requests in this frame
Screenshot
Page Title
Global Logistics - International Shipping | DHL Home | IsraelPage URL History Show full URLs
-
https://snip.ly/Dhlll
HTTP 302
https://queenmobile.work/css/login HTTP 301
https://queenmobile.work/css/login/ Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
animate.css (Web Frameworks) Expand
Detected patterns
- <link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css
Font Awesome (Font Scripts) Expand
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://snip.ly/Dhlll
HTTP 302
https://queenmobile.work/css/login HTTP 301
https://queenmobile.work/css/login/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
queenmobile.work/css/login/ Redirect Chain
|
7 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
gGnhaFgUmAF6JgrLhG4_QBFxwNY.js
queenmobile.work/cdn-cgi/apps/head/ |
11 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.css
queenmobile.work/css/assets/css/ |
152 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
helpers.css
queenmobile.work/css/assets/css/ |
40 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fonts.css
queenmobile.work/css/assets/css/ |
3 KB 1012 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.css
queenmobile.work/css/assets/css/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo.svg
queenmobile.work/css/assets/images/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
glo-footer-logo.svg
queenmobile.work/css/assets/images/ |
12 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.min.js
queenmobile.work/css/assets/js/ |
86 KB 32 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
popper.min.js
queenmobile.work/css/assets/js/ |
20 KB 8 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.js
queenmobile.work/css/assets/js/ |
133 KB 26 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fontawesome.min.js
queenmobile.work/css/assets/js/ |
1 MB 371 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.js
queenmobile.work/css/assets/js/ |
797 B 860 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Lato-Regular.woff2
queenmobile.work/css/assets/fonts/ |
29 KB 29 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Lato-Black.woff2
queenmobile.work/css/assets/fonts/ |
28 KB 28 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Lato-Light.woff2
queenmobile.work/css/assets/fonts/ |
24 KB 25 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Lato-Bold.woff2
queenmobile.work/css/assets/fonts/ |
28 KB 29 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
animate.min.css
cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.1/ |
70 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DHL (Transportation)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| CloudflareApps function| $ function| jQuery function| Popper object| bootstrap object| ___FONT_AWESOME___ object| FontAwesomeConfig object| FontAwesome boolean| isShift string| seperator string| dash function| cc_date function| date_of_birth string| dispatch2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
snip.ly/ | Name: sessionid Value: lbszq3a5kt5ph5ixpgvrw5bl9rlrx0zj |
|
queenmobile.work/ | Name: PHPSESSID Value: 6c459189dde71ceb3490811110ecba20 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
queenmobile.work
snip.ly
2606:4700:10::6816:7a4
2606:4700:3036::ac43:b0b7
2606:4700::6811:180e
198531279d3336f75ca9f47b6095a4d2e3ae2447d7c07b6262cd35ba166e73db
21bd54c766f0a1385f24f0b9a074e83881d82288d9d31bab0e3076721121f52e
2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a
2caa6404ddb0de2b9d191b1e2c8b5c35c68ca48f2a9521140bbf83b27c063700
315ac5479007d2e864a4b51f505fd0785ebbbe931a6b511467fa49504a082c58
362bcaa42090e36611031bec6bdaa0600375ef847092cca195c58d3bae9b4419
4642296fdae00b3b3f07504bda5725bf3ecc82fb074c0352d2a56cc5bf2ae741
5162de2ee844a80d76b7d7514c02ab7d5de72a5966113323d80eb56bf6ded038
5fbaeb9f8e25d7e0143bae61d4b1802c16ce7390b96ceb2d498b0d96ff4c853f
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
62fae6162fdef36b6f29192c48a261de4c76b8fe868566b99ed690af652f0fb0
6580d577168ce72c4d24561247070dfe13ca7b3242643ec4acf3f86dc66ffb60
76df5b67646f4f0f999d4e1c482ab2007b948f3b9acc2c8a207bfdb214103855
7f1c73f2a9aaa7cc6ad6c7fab243b6218d031eee86b97d6d716f31815e6f71d0
8869cd90c82d8ed1c71c22f067973a04d424c883bc79db8e522504fc9507958f
bd4c2248c2087eb5f44a46a67b8b4ce961d0fde9053dbfda30cf6af08a6c70e6
c16911984dce7909e91263930a1f34352a03476a6c58894a482f33aad91cd379
e47c34e4bb6a2fe7f50c02b0656e10666ded963f874015cb10ee1be923ea4448