7246.webhost-04.my-host.network
Open in
urlscan Pro
2a0f:5707:aaef:6000::4
Malicious Activity!
Public Scan
Submitted URL: http://polinisa.iceiy.com/
Effective URL: https://7246.webhost-04.my-host.network/dhl/
Submission: On April 13 via manual from CA — Scanned from GB
Effective URL: https://7246.webhost-04.my-host.network/dhl/
Submission: On April 13 via manual from CA — Scanned from GB
Summary
This website contacted 5 IPs
in 4 countries
across 5 domains to perform 14 HTTP transactions.
The main IP is 2a0f:5707:aaef:6000::4, located in
Germany and
belongs to SKYLINK, NL.
The main domain is 7246.webhost-04.my-host.network.
TLS certificate: Issued by R3 on April 10th 2023. Valid for: 3 months.
This is the only time 7246.webhost-04.my-host.network was scanned on urlscan.io!
TLS certificate: Issued by R3 on April 10th 2023. Valid for: 3 months.
This is the only time 7246.webhost-04.my-host.network was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DHL (Transportation) Microsoft (Consumer)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 3 | 185.27.134.218 185.27.134.218 | 34119 (WILDCARD-...) (WILDCARD-AS Wildcard UK Limited) | |
| 6 | 2a0f:5707:aae... 2a0f:5707:aaef:6000::4 | 44592 (SKYLINK) (SKYLINK) | |
| 2 | 2606:4700::68... 2606:4700::6812:acf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 2 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:2a | 20446 (STACKPATH...) (STACKPATH-CDN) | |
| 14 | 5 |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 6 |
my-host.network
7246.webhost-04.my-host.network |
1 MB |
| 3 |
iceiy.com
polinisa.iceiy.com |
32 KB |
| 2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 220 |
14 KB |
| 2 |
bootstrapcdn.com
netdna.bootstrapcdn.com — Cisco Umbrella Rank: 3338 |
26 KB |
| 1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 756 |
33 KB |
| 14 | 5 |
| Domain | Requested by | |
|---|---|---|
| 6 | 7246.webhost-04.my-host.network |
7246.webhost-04.my-host.network
|
| 3 | polinisa.iceiy.com |
polinisa.iceiy.com
|
| 2 | cdnjs.cloudflare.com |
7246.webhost-04.my-host.network
|
| 2 | netdna.bootstrapcdn.com |
7246.webhost-04.my-host.network
|
| 1 | code.jquery.com |
7246.webhost-04.my-host.network
|
| 14 | 5 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| 7246.webhost-04.my-host.network R3 |
2023-04-10 - 2023-07-09 |
3 months | crt.sh |
| sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-12-30 - 2023-12-30 |
a year | crt.sh |
| *.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2022-08-03 - 2023-07-14 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://7246.webhost-04.my-host.network/dhl/
Frame ID: A02B388D8422C91C7DD359BC43278FAF
Requests: 14 HTTP requests in this frame
Screenshot
Page Title
DocumentPage URL History Show full URLs
- http://polinisa.iceiy.com/ Page URL
- http://polinisa.iceiy.com/?i=1 Page URL
- https://7246.webhost-04.my-host.network/dhl/ Page URL
Detected technologies
Bootstrap
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://polinisa.iceiy.com/ Page URL
- http://polinisa.iceiy.com/?i=1 Page URL
- https://7246.webhost-04.my-host.network/dhl/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
/
polinisa.iceiy.com/ |
829 B 829 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
aes.js
polinisa.iceiy.com/ |
30 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
polinisa.iceiy.com/ |
180 B 535 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Primary Request
/
7246.webhost-04.my-host.network/dhl/ |
15 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap.min.css
netdna.bootstrapcdn.com/bootstrap/3.1.0/css/ |
99 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap-select.min.css
cdnjs.cloudflare.com/ajax/libs/bootstrap-select/1.13.2/css/ |
10 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-1.11.1.min.js
code.jquery.com/ |
94 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap.min.js
netdna.bootstrapcdn.com/bootstrap/3.1.0/js/ |
28 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap-select.min.js
cdnjs.cloudflare.com/ajax/libs/bootstrap-select/1.13.2/js/ |
44 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
img.svg
7246.webhost-04.my-host.network/dhl/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
pay.jpg
7246.webhost-04.my-host.network/dhl/ |
45 KB 45 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ic.png
7246.webhost-04.my-host.network/dhl/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
dhl.png
7246.webhost-04.my-host.network/dhl/ |
13 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bg.jpg
7246.webhost-04.my-host.network/dhl/ |
1 MB 1 MB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DHL (Transportation) Microsoft (Consumer)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| $ function| jQuery object| jQuery1111028038988334032781 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| polinisa.iceiy.com/ | Name: __test Value: f196a485f7ae7743eedbac3e41a4d356 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
7246.webhost-04.my-host.network
cdnjs.cloudflare.com
code.jquery.com
netdna.bootstrapcdn.com
polinisa.iceiy.com
185.27.134.218
2001:4de0:ac18::1:a:2a
2606:4700::6811:180e
2606:4700::6812:acf
2a0f:5707:aaef:6000::4
025bbdf9d1b1675e68b75251db3ed45d399fcefbb9c73e6abb31b7fc8bdd2a24
03bf371e3ca4739cfe6bea61f0126b7cbb94e4713e970651f9acd5acb3d9e399
0f10c5f18c1a08c7ac7b91e3510be995476218667bc3f3bbf7cfc9773131e28a
11c74aed50911d54c04455fe1d9c04f42c5f6cf438a94976f890f25f2a59f699
2f82a90b77ff5c73be322a6df897831593155cc0e21b0716f59812ea73beebcd
362bcaa42090e36611031bec6bdaa0600375ef847092cca195c58d3bae9b4419
43d7977e40842a30573239834df28dcd59fd7f8f95ab44a48e9fd5d008e99f54
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
6519a873ba0b98dfcc53a1130c1a235bcda84031bad09886808a11483d473f85
701e9359d3da696c164940630dbdd158a5f47473c5caa7c8e9371810ae35c09a
72d4bed7c73e0d192b7d3835ea2745f11ac3db87ced846d725ca49fdaba2afa4
81295e3657ad03f98dafc8b01981859656dcf33a052bfe61183ad7072821acd8
b7f03bb95aa20fe6b7902c8bd60c66d6a77ffa5b6681958862fcdede126cfd40
d2701c86a2a31a641520e72121749dbbabeed4b1a59aece20bbf14f9c9de82bc