parcel002.05422548052004148804588404.thebiteofbend.com
Open in
urlscan Pro
46.29.234.247
Malicious Activity!
Public Scan
Submitted URL: https://ams3-ib.adnxs.com/click2?e=wqT_3QKaAfCBmgAAAAMAxBkFAQiI5uWtBhC__unItO3n8kkYoL3bxNH986BfIOWfgAYo2wowmgk4AkC6ms7lAUj...
Effective URL: https://parcel002.05422548052004148804588404.thebiteofbend.com/public/2283829?page=777
Submission: On February 07 via api from BE — Scanned from DE
Effective URL: https://parcel002.05422548052004148804588404.thebiteofbend.com/public/2283829?page=777
Submission: On February 07 via api from BE — Scanned from DE
Summary
This website contacted 4 IPs
in 3 countries
across 5 domains to perform 16 HTTP transactions.
The main IP is 46.29.234.247, located in
Vilnius, Lithuania and
belongs to GIR-AS, RU.
The main domain is parcel002.05422548052004148804588404.thebiteofbend.com.
TLS certificate: Issued by R3 on February 7th 2024. Valid for: 3 months.
This is the only time parcel002.05422548052004148804588404.thebiteofbend.com was scanned on urlscan.io!
TLS certificate: Issued by R3 on February 7th 2024. Valid for: 3 months.
This is the only time parcel002.05422548052004148804588404.thebiteofbend.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DHL (Transportation)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 1 | 185.89.210.46 185.89.210.46 | 29990 (ASN-APPNEX) (ASN-APPNEX) | |
| 1 | 2606:4700:20:... 2606:4700:20::681a:73c | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 14 | 46.29.234.247 46.29.234.247 | 207713 (GIR-AS) (GIR-AS) | |
| 1 | 2606:4700::68... 2606:4700::6812:82ec | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 16 | 4 |
1
185.89.210.46
(Frankfurt am Main, Germany)
ASN29990 (ASN-APPNEX, US)
PTR: 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
ASN29990 (ASN-APPNEX, US)
PTR: 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
| ams3-ib.adnxs.com |
14
46.29.234.247
(Vilnius, Lithuania)
ASN207713 (GIR-AS, RU)
PTR: litva3.ip-ptr.tech
ASN207713 (GIR-AS, RU)
PTR: litva3.ip-ptr.tech
| parcel002.05422548052004148804588404.thebiteofbend.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 14 |
thebiteofbend.com
1 redirects
parcel002.05422548052004148804588404.thebiteofbend.com |
482 KB |
| 1 |
cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 337 |
2 KB |
| 1 |
5958383020.app
r8.5958383020.app |
606 B |
| 1 |
adnxs.com
1 redirects
ams3-ib.adnxs.com — Cisco Umbrella Rank: 6972 |
843 B |
| 0 |
Failed
function sub() { [native code] }. Failed |
|
| 16 | 5 |
| Domain | Requested by | |
|---|---|---|
| 14 | parcel002.05422548052004148804588404.thebiteofbend.com |
1 redirects
r8.5958383020.app
parcel002.05422548052004148804588404.thebiteofbend.com |
| 1 | cdn.cookielaw.org |
parcel002.05422548052004148804588404.thebiteofbend.com
|
| 1 | r8.5958383020.app | |
| 1 | ams3-ib.adnxs.com | 1 redirects |
| 0 | eofcbnmajmjmplflapaojjnihcjkigck Failed |
parcel002.05422548052004148804588404.thebiteofbend.com
|
| 16 | 5 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.dhl.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| 5958383020.app E1 |
2024-01-25 - 2024-04-24 |
3 months | crt.sh |
| parcel002.05422548052004148804588404.thebiteofbend.com R3 |
2024-02-07 - 2024-05-07 |
3 months | crt.sh |
| cookielaw.org Cloudflare Inc ECC CA-3 |
2023-04-01 - 2024-03-31 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://parcel002.05422548052004148804588404.thebiteofbend.com/public/2283829?page=777
Frame ID: EAFA8798166802F41E2234838C2BDC40
Requests: 16 HTTP requests in this frame
Screenshot
Page Title
DHLBack ButtonSearch IconFilter IconPage URL History Show full URLs
-
https://ams3-ib.adnxs.com/click2?e=wqT_3QKaAfCBmgAAAAMAxBkFAQiI5uWtBhC__unItO3n8kkYoL3bxNH986BfIOWfgAY...
HTTP 302
https://r8.5958383020.app/vw/ Page URL
-
https://parcel002.05422548052004148804588404.thebiteofbend.com/dlogin.php?page=777
HTTP 302
https://parcel002.05422548052004148804588404.thebiteofbend.com/public/2283829?page=777 Page URL
Detected technologies
Font Awesome
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
OneTrust
(Cookie compliance)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- cdn\.cookielaw\.org
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
URL: https://www.dhl.com/global-en/home/footer/legal-notice.html
Title: Impressum
Title: Impressum
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://ams3-ib.adnxs.com/click2?e=wqT_3QKaAfCBmgAAAAMAxBkFAQiI5uWtBhC__unItO3n8kkYoL3bxNH986BfIOWfgAYo2wowmgk4AkC6ms7lAUjPiFNQAFoDVVNEYgNFVVJoeHDYBHjxrWyAAfjxBYgBAZABAZgBBaABAqkBzGJi83FtwD-xAdhHTPUJRbs_uQEAAAAghesbQMEB2A0UAMkVKBjYAfAC4AEA/s=b8be3442c4f95496cf38f9d7f0d9c45a1e06a00e/bcr=AAAAAAAA8D8=/cnd=!1x5iAwja4v8bELqazuUBGM-IUyAAKAAxrkfhehSuFkA6CUFNUzM6NjAxOUDJRUkGL_oK0oztP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAggEcCODpJRAFGAIiACkAAAAAAAAAADG4HoXrUbieP4kBAAAAAAAA8D8./cca=MTE3OCNBTVMzOjYwMTk=/bn=96504/clickenc=https://r8%2e5958383020%2eapp/vw/
HTTP 302
https://r8.5958383020.app/vw/ Page URL
-
https://parcel002.05422548052004148804588404.thebiteofbend.com/dlogin.php?page=777
HTTP 302
https://parcel002.05422548052004148804588404.thebiteofbend.com/public/2283829?page=777 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://ams3-ib.adnxs.com/click2?e=wqT_3QKaAfCBmgAAAAMAxBkFAQiI5uWtBhC__unItO3n8kkYoL3bxNH986BfIOWfgAYo2wowmgk4AkC6ms7lAUjPiFNQAFoDVVNEYgNFVVJoeHDYBHjxrWyAAfjxBYgBAZABAZgBBaABAqkBzGJi83FtwD-xAdhHTPUJRbs_uQEAAAAghesbQMEB2A0UAMkVKBjYAfAC4AEA/s=b8be3442c4f95496cf38f9d7f0d9c45a1e06a00e/bcr=AAAAAAAA8D8=/cnd=!1x5iAwja4v8bELqazuUBGM-IUyAAKAAxrkfhehSuFkA6CUFNUzM6NjAxOUDJRUkGL_oK0oztP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAggEcCODpJRAFGAIiACkAAAAAAAAAADG4HoXrUbieP4kBAAAAAAAA8D8./cca=MTE3OCNBTVMzOjYwMTk=/bn=96504/clickenc=https://r8%2e5958383020%2eapp/vw/ HTTP 302
- https://r8.5958383020.app/vw/
16 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
/
r8.5958383020.app/vw/ Redirect Chain
|
166 B 606 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Primary Request
2283829
parcel002.05422548052004148804588404.thebiteofbend.com/public/ Redirect Chain
|
142 KB 27 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
app.css
parcel002.05422548052004148804588404.thebiteofbend.com/public/css/ |
428 KB 56 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
font-awesome.min.css
parcel002.05422548052004148804588404.thebiteofbend.com/public/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-1.12.2.min.js
parcel002.05422548052004148804588404.thebiteofbend.com/public/js/ |
95 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
fonts.css
eofcbnmajmjmplflapaojjnihcjkigck/common/ui/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo.png
parcel002.05422548052004148804588404.thebiteofbend.com/public/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
all.png
parcel002.05422548052004148804588404.thebiteofbend.com/public/img/ |
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
foo.png
parcel002.05422548052004148804588404.thebiteofbend.com/images/ |
316 B 316 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
powered_by_logo.svg
cdn.cookielaw.org/logos/static/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
roboto-latin-400-normal.woff2
parcel002.05422548052004148804588404.thebiteofbend.com/fonts/vendor/@fontsource/roboto/files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
free-fa-solid-900.woff2
parcel002.05422548052004148804588404.thebiteofbend.com/public/fonts/ |
153 KB 153 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
fontawesome-webfont.woff2
parcel002.05422548052004148804588404.thebiteofbend.com/public/fonts/ |
75 KB 76 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
free-fa-brands-400.woff2
parcel002.05422548052004148804588404.thebiteofbend.com/public/fonts/ |
115 KB 115 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
ajax.php
parcel002.05422548052004148804588404.thebiteofbend.com/public/phplib/ |
0 338 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
roboto-all-400-normal.woff
parcel002.05422548052004148804588404.thebiteofbend.com/fonts/vendor/@fontsource/roboto/files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- eofcbnmajmjmplflapaojjnihcjkigck
- URL
- chrome-extension://eofcbnmajmjmplflapaojjnihcjkigck/common/ui/fonts/fonts.css
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DHL (Transportation)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 function| $ function| jQuery string| botid function| check_link function| second_page function| button_click3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .adnxs.com/ | Name: anj Value: dTM7k!M4/8CxrEQF']wIg2Illq1jCd!]tbP6j2F-XstGt!@Dl/$qow- |
|
| .adnxs.com/ | Name: receive-cookie-deprecation Value: 1 |
|
| parcel002.05422548052004148804588404.thebiteofbend.com/ | Name: PHPSESSID Value: hisjqdlgl62vug669r5mosnhe4 |
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ams3-ib.adnxs.com
cdn.cookielaw.org
eofcbnmajmjmplflapaojjnihcjkigck
parcel002.05422548052004148804588404.thebiteofbend.com
r8.5958383020.app
eofcbnmajmjmplflapaojjnihcjkigck
185.89.210.46
2606:4700:20::681a:73c
2606:4700::6812:82ec
46.29.234.247
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
3f0c62b5ccdcdbf3b3ae3885f1e6959e2d937eba9b29dea9a6bdb98788041756
58522c58cbb9b2231026ce7d65096807a3f97fffaf22cea6fb180590286fa53d
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7f20a863202c4e61da70741b9f4781644083a87f1636426ab1c6359c2371b3e1
95914789b5f3307a3718679e867d61b9d4c03f749cd2e2970570331d7d6c8ed9
a7352743989b2e4e420938b4a2d70efd21d103d04f8011ae31a7fefc5172b93c
a93f7f459e0dabc5d86e6b6e3936c07d2dd02b52369f26bb7e8c0005a5d26368
c1d5409eecb402a99f10718b06c266ba314d9e25f0b56c6fd063699334b8be6d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fb1a2c4e880dbf9260cef3d1635bf056a00caa8abfaaeaf24ac4fb6987549292