canadaroofsaver.com
Open in
urlscan Pro
67.20.76.74
Malicious Activity!
Public Scan
Effective URL: https://canadaroofsaver.com/dhl/
Submission: On April 04 via manual from IL
Summary
TLS certificate: Issued by R3 on March 11th 2021. Valid for: 3 months.
This is the only time canadaroofsaver.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DHL (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 7 | 67.20.76.74 67.20.76.74 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
1 | 2a00:1450:400... 2a00:1450:4001:82a::2002 | 15169 (GOOGLE) (GOOGLE) | |
3 | 2a00:1450:400... 2a00:1450:4001:827::2002 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:800::200e | 15169 (GOOGLE) (GOOGLE) | |
5 | 142.250.185.98 142.250.185.98 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:811::2002 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:809::2008 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:808::2002 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:810::2001 | 15169 (GOOGLE) (GOOGLE) | |
1 | 104.109.70.99 104.109.70.99 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 104.23.140.12 104.23.140.12 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
26 | 12 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: host2008.hostmonster.com
canadaroofsaver.com |
ASN15169 (GOOGLE, US)
adservice.google.com.eg |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net
securepubads.g.doubleclick.net |
ASN15169 (GOOGLE, US)
www.googletagservices.com |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN15169 (GOOGLE, US)
adservice.google.com.eg |
ASN15169 (GOOGLE, US)
tpc.googlesyndication.com |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-109-70-99.deploy.static.akamaitechnologies.com
www.dhl.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
canadaroofsaver.com
2 redirects
canadaroofsaver.com |
46 KB |
5 |
doubleclick.net
securepubads.g.doubleclick.net |
283 KB |
3 |
google.com
adservice.google.com |
819 B |
3 |
google.com.eg
adservice.google.com.eg |
2 KB |
2 |
googlesyndication.com
tpc.googlesyndication.com |
|
2 |
googletagservices.com
www.googletagservices.com |
47 KB |
1 |
prntscr.com
image.prntscr.com |
|
1 |
dhl.com
www.dhl.com Failed |
1 KB |
1 |
googletagmanager.com
www.googletagmanager.com |
56 KB |
1 |
google-analytics.com
www.google-analytics.com |
19 KB |
26 | 10 |
Domain | Requested by | |
---|---|---|
7 | canadaroofsaver.com |
2 redirects
canadaroofsaver.com
|
5 | securepubads.g.doubleclick.net |
canadaroofsaver.com
www.googletagservices.com securepubads.g.doubleclick.net |
3 | adservice.google.com |
canadaroofsaver.com
|
3 | adservice.google.com.eg |
canadaroofsaver.com
|
2 | tpc.googlesyndication.com |
canadaroofsaver.com
securepubads.g.doubleclick.net |
2 | www.googletagservices.com |
canadaroofsaver.com
|
1 | image.prntscr.com |
canadaroofsaver.com
|
1 | www.dhl.com |
canadaroofsaver.com
|
1 | www.googletagmanager.com |
canadaroofsaver.com
|
1 | www.google-analytics.com |
canadaroofsaver.com
|
26 | 10 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.walla.co.il |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.canadaroofsaver.solargreenzone.com R3 |
2021-03-11 - 2021-06-09 |
3 months | crt.sh |
*.google.com.eg GTS CA 1O1 |
2021-03-16 - 2021-06-08 |
3 months | crt.sh |
*.google.com GTS CA 1O1 |
2021-03-16 - 2021-06-08 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1O1 |
2021-03-16 - 2021-06-08 |
3 months | crt.sh |
*.g.doubleclick.net GTS CA 1O1 |
2021-03-16 - 2021-06-08 |
3 months | crt.sh |
tpc.googlesyndication.com GTS CA 1O1 |
2021-03-16 - 2021-06-08 |
3 months | crt.sh |
www.dhl.com DPDHL Global TLS CA - I5 |
2020-08-04 - 2021-08-04 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-08-02 - 2021-08-02 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://canadaroofsaver.com/dhl/
Frame ID: 89769703F55677C49F4953156751D500
Requests: 26 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://canadaroofsaver.com/booking/js
HTTP 301
https://canadaroofsaver.com/booking/js/ Page URL
-
https://canadaroofsaver.com/dhl
HTTP 301
https://canadaroofsaver.com/dhl/ Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
DoubleClick for Publishers (DFP) (Advertising Networks) Expand
Detected patterns
- script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i
Google Analytics (Analytics) Expand
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://canadaroofsaver.com/booking/js
HTTP 301
https://canadaroofsaver.com/booking/js/ Page URL
-
https://canadaroofsaver.com/dhl
HTTP 301
https://canadaroofsaver.com/dhl/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://canadaroofsaver.com/booking/js HTTP 301
- https://canadaroofsaver.com/booking/js/
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
canadaroofsaver.com/booking/js/ Redirect Chain
|
181 B 253 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
canadaroofsaver.com/dhl/ Redirect Chain
|
126 KB 45 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
integrator.js
adservice.google.com.eg/adsid/ |
107 B 799 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
integrator.js
adservice.google.com/adsid/ |
107 B 165 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
analytics.js
www.google-analytics.com/ |
48 KB 19 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pubads_impl_rendering_2019070801.js
securepubads.g.doubleclick.net/gpt/ |
67 KB 26 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
osd.js
www.googletagservices.com/activeview/js/current/ |
73 KB 28 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
gtm.js
www.googletagmanager.com/ |
356 KB 56 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
gpt.js
www.googletagservices.com/tag/js/ |
58 KB 20 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
glo-our-divisions-teaser-large.web.793.252.jpg
www.dhl.com/content/dam/dhl/global/core/images/teaser-large-2730x868/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
pubads_impl_2019070801.js
securepubads.g.doubleclick.net/gpt/ |
150 KB 55 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
glo-our-divisions-teaser-large.web.793.252.jpg
www.dhl.com/content/dam/dhl/global/core/images/teaser-large-2730x868/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
integrator.js
adservice.google.com.eg/adsid/ |
107 B 777 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
integrator.js
adservice.google.com/adsid/ |
107 B 531 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
pubads_impl_2021031801.js
securepubads.g.doubleclick.net/gpt/ |
286 KB 100 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
container.html
tpc.googlesyndication.com/safeframe/1-0-35/html/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
pubads_impl_2021033001.js
securepubads.g.doubleclick.net/gpt/ |
288 KB 101 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
integrator.js
adservice.google.com.eg/adsid/ |
107 B 123 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
integrator.js
adservice.google.com/adsid/ |
107 B 123 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dhl-logo.svg
www.dhl.com//content/dam/dhl/global/core/images/logos/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
inline.b30c555ec93d5e8b24c8.bundle.js
canadaroofsaver.com/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
scripts.eb27010e332a0e01cebe.bundle.js
canadaroofsaver.com/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.2135d531eeae70d97ef1.bundle.js
canadaroofsaver.com/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hhsH2h8wS7e755P3VB0d3g.png
image.prntscr.com/image/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
ads
securepubads.g.doubleclick.net/gampad/ |
203 B 575 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
container.html
tpc.googlesyndication.com/safeframe/1-0-35/html/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.dhl.com
- URL
- https://www.dhl.com/content/dam/dhl/global/core/images/teaser-large-2730x868/glo-our-divisions-teaser-large.web.793.252.jpg?ver=1
- Domain
- www.dhl.com
- URL
- https://www.dhl.com/content/dam/dhl/global/core/images/teaser-large-2730x868/glo-our-divisions-teaser-large.web.793.252.jpg?ver=1
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DHL (Transportation)48 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| google_tag_data function| ga object| gaplugins object| google_js_reporting_queue object| ggeac function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| isNumberKey object| googletag object| google_tag_manager function| postscribe object| google_tag_manager_external object| dataLayer string| GoogleAnalyticsObject object| gaGlobal object| gaData undefined| google_measure_js_timing boolean| google_noFetch boolean| google_DisableInitialLoad number| __google_ad_urls_id object| googleToken object| googleIMState number| google_unique_id object| google_reactive_ads_global_state object| closure_memoize_cache_ function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter object| __google_ad_urls function| google_osd_amcb2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.canadaroofsaver.com/ | Name: _gid Value: GA1.2.929165216.1617566504 |
|
.canadaroofsaver.com/ | Name: _ga Value: GA1.2.695216660.1617566504 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
adservice.google.com
adservice.google.com.eg
canadaroofsaver.com
image.prntscr.com
securepubads.g.doubleclick.net
tpc.googlesyndication.com
www.dhl.com
www.google-analytics.com
www.googletagmanager.com
www.googletagservices.com
www.dhl.com
104.109.70.99
104.23.140.12
142.250.185.98
2a00:1450:4001:800::200e
2a00:1450:4001:808::2002
2a00:1450:4001:809::2008
2a00:1450:4001:810::2001
2a00:1450:4001:811::2002
2a00:1450:4001:827::2002
2a00:1450:4001:82a::2002
67.20.76.74
0f5d6a89240be982d4543fcc3b47a049d3ed974efc2276c273eb172fe9176020
1bd05e125ef3d7c1b11e6a2bd07459ef0dbeede76af3184812d9c3e34b10c27d
234e58e81d77759daf07d771662c4e4b7711301f3a867a8bbf78651dfc13c2f6
362bcaa42090e36611031bec6bdaa0600375ef847092cca195c58d3bae9b4419
421ceb4773028aa8ef253d61a231a346430515b7168816ea277e40c8f4ab6c72
6777f8af5f264f4265e5d19f6d9871a873cca14adb5ef3b53c1c1131d5723f53
710bb035af3b6a17b98e7a60f289cbda442b0160707bd4e6b02f9797acda1598
75798654d23f6c676a5a0f50ad26c80652ab85bb597b773b2b0688c7bf80d4be
990b8aed006156731e08e68ec85706ebcf592462536e4374fa58a57fdee1c055
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
cf11ee480c48f4549785227f940e19e542a5a0075671cb581f9bc182567a19d5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ecf0ffde6e56a2c058421a0ca1a3446a00d047de48239cd168f7eb93a07a9269
f79723478f4c48501cd49ac52b81d6244a6562b9d3f08ce8ab208a8b8878d4c4