dhl-international-online.com Open in urlscan Pro
192.254.233.175 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://berylmartinv7.dev.radixweb.net/blog/
Effective URL:
https://dhl-international-online.com/payout/Card-BryJkYImMP.php?clt_id=76344&defaults=webhelp?srcid=navigation-now&ion=1&espv=2&ie=UTF-8
Submission: On August 26 via api (August 26th 2021, 5:28:06 am UTC) from IE

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 15 HTTP transactions. The main IP is 192.254.233.175, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is dhl-international-online.com.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on August 26th 2021. Valid for: 3 months.

This is the only time dhl-international-online.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DHL (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1 1	120.72.91.18 120.72.91.18	17625 (BLAZENET-...) (BLAZENET-IN-AP BlazeNets Network)
1 13	192.254.233.175 192.254.233.175	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
1	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
15	4

1 120.72.91.18 (Ahmedabad, India) 1 redirects

ASN17625 (BLAZENET-IN-AP BlazeNets Network, IN)
PTR: dev.radixweb.net

berylmartinv7.dev.radixweb.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 192.254.233.175 (United States) 1 redirects

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: lagra.pt

dhl-international-online.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	dhl-international-online.com 1 redirects dhl-international-online.com	374 KB
2	googleapis.com ajax.googleapis.com fonts.googleapis.com	34 KB
1	gstatic.com fonts.gstatic.com	20 KB
1	radixweb.net 1 redirects berylmartinv7.dev.radixweb.net	414 B
15	4

	Domain	Requested by
13	dhl-international-online.com	1 redirects dhl-international-online.com
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	dhl-international-online.com
1	ajax.googleapis.com	dhl-international-online.com
1	berylmartinv7.dev.radixweb.net	1 redirects
15	5

This site contains no links.

Subject Issuer	Validity	Valid
dhl-international-online.com ZeroSSL RSA Domain Secure Site CA	`2021-08-26` - `2021-11-24`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-07-26` - `2021-10-18`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://dhl-international-online.com/payout/Card-BryJkYImMP.php?clt_id=76344&defaults=webhelp?srcid=navigation-now&ion=1&espv=2&ie=UTF-8
Frame ID: 2D847788948EC743A876315A7BCC3299
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

DHL - Confirm the payment

Page URL History Show full URLs

http://berylmartinv7.dev.radixweb.net/blog/ HTTP 302
https://dhl-international-online.com/payout HTTP 301
https://dhl-international-online.com/payout/ Page URL
https://dhl-international-online.com/payout/Card-BryJkYImMP.php?clt_id=76344&defaults=webhelp?srcid=navigation-no... Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

15
Requests

100 %
HTTPS

60 %
IPv6

4
Domains

5
Subdomains

4
IPs

3
Countries

429 kB
Transfer

630 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://berylmartinv7.dev.radixweb.net/blog/ HTTP 302
https://dhl-international-online.com/payout HTTP 301
https://dhl-international-online.com/payout/ Page URL
https://dhl-international-online.com/payout/Card-BryJkYImMP.php?clt_id=76344&defaults=webhelp?srcid=navigation-now&ion=1&espv=2&ie=UTF-8 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://berylmartinv7.dev.radixweb.net/blog/ HTTP 302
https://dhl-international-online.com/payout HTTP 301
https://dhl-international-online.com/payout/

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/ Show response
dhl-international-online.com/payout/
Redirect Chain

http://berylmartinv7.dev.radixweb.net/blog/
https://dhl-international-online.com/payout
https://dhl-international-online.com/payout/

172 B
244 B

808ms
808ms

Document
text/html

192.254.233.175
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://dhl-international-online.com/payout/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.254.233.175 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: lagra.pt
Software: Apache /
Resource Hash: 54984137424f4c593a09a7a2cedd8fd84909e95a1b5f63b26296eaa31dace59a

Request headers

:method: GET
:authority: dhl-international-online.com
:scheme: https
:path: /payout/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 26 Aug 2021 05:27:47 GMT
server: Apache
vary: Accept-Encoding
content-encoding: gzip
content-length: 180
content-type: text/html; charset=UTF-8

Redirect headers

date: Thu, 26 Aug 2021 05:27:47 GMT
server: Apache
location: https://dhl-international-online.com/payout/
content-length: 252
content-type: text/html; charset=iso-8859-1

GET
H2 200 Primary Request Card-BryJkYImMP.php Show response
dhl-international-online.com/payout/ 8 KB
3 KB 659ms
658ms Document
text/html 192.254.233.175
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://dhl-international-online.com/payout/Card-BryJkYImMP.php?clt_id=76344&defaults=webhelp?srcid=navigation-now&ion=1&espv=2&ie=UTF-8
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.254.233.175 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: lagra.pt
Software: Apache /
Resource Hash: e79788c459c41e98f4810ee3d9140992900fddb4c88f307cfcef2a39e3086f7b

Request headers

:method: GET
:authority: dhl-international-online.com
:scheme: https
:path: /payout/Card-BryJkYImMP.php?clt_id=76344&defaults=webhelp?srcid=navigation-now&ion=1&espv=2&ie=UTF-8
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://dhl-international-online.com/payout/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://dhl-international-online.com/payout/

Response headers

date: Thu, 26 Aug 2021 05:27:48 GMT
server: Apache
vary: Accept-Encoding
content-encoding: gzip
content-length: 2925
content-type: text/html; charset=UTF-8

GET
H2 404 css
dhl-international-online.com/payout/files/img/ 0
0 652ms
650ms Stylesheet
text/html 192.254.233.175
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://dhl-international-online.com/payout/files/img/css
Requested by: Host: dhl-international-online.com
URL: https://dhl-international-online.com/payout/Card-BryJkYImMP.php?clt_id=76344&defaults=webhelp?srcid=navigation-now&ion=1&espv=2&ie=UTF-8
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.254.233.175 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: lagra.pt
Software: Apache /
Resource Hash

Request headers

:path: /payout/files/img/css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: dhl-international-online.com
referer: https://dhl-international-online.com/payout/Card-BryJkYImMP.php?clt_id=76344&defaults=webhelp?srcid=navigation-now&ion=1&espv=2&ie=UTF-8
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://dhl-international-online.com/payout/Card-BryJkYImMP.php?clt_id=76344&defaults=webhelp?srcid=navigation-now&ion=1&espv=2&ie=UTF-8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 26 Aug 2021 05:27:49 GMT
content-encoding: gzip
last-modified: Fri, 15 Nov 2019 02:18:16 GMT
server: Apache
vary: Accept-Encoding
content-type: text/html
accept-ranges: bytes
content-length: 462

GET
H2 200 uikit.almost-flat.min.css
dhl-international-online.com/payout/files/css/ 97 KB
24 KB 652ms
651ms Stylesheet
text/css 192.254.233.175
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://dhl-international-online.com/payout/files/css/uikit.almost-flat.min.css
Requested by: Host: dhl-international-online.com
URL: https://dhl-international-online.com/payout/Card-BryJkYImMP.php?clt_id=76344&defaults=webhelp?srcid=navigation-now&ion=1&espv=2&ie=UTF-8
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.254.233.175 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: lagra.pt
Software: Apache /
Resource Hash: 1d5aa5a9beed4fd3557dfde68317c4cc5a7e626ba54019a8ffbbca9f67c49211

Request headers

:path: /payout/files/css/uikit.almost-flat.min.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: dhl-international-online.com
referer: https://dhl-international-online.com/payout/Card-BryJkYImMP.php?clt_id=76344&defaults=webhelp?srcid=navigation-now&ion=1&espv=2&ie=UTF-8
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://dhl-international-online.com/payout/Card-BryJkYImMP.php?clt_id=76344&defaults=webhelp?srcid=navigation-now&ion=1&espv=2&ie=UTF-8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 26 Aug 2021 05:27:49 GMT
content-encoding: gzip
last-modified: Thu, 26 Aug 2021 00:56:07 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/css

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ 95 KB
34 KB 26ms
7ms Script
text/javascript 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js

Requested by

Host: dhl-international-online.com
URL: https://dhl-international-online.com/payout/Card-BryJkYImMP.php?clt_id=76344&defaults=webhelp?srcid=navigation-now&ion=1&espv=2&ie=UTF-8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://dhl-international-online.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 23 Aug 2021 11:02:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 239142
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33951
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 23 Aug 2022 11:02:07 GMT

GET
H2 200 jquery.payform.min.js Show response
dhl-international-online.com/payout/js/ 8 KB
3 KB 188ms
188ms Script
application/javascript 192.254.233.175
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://dhl-international-online.com/payout/js/jquery.payform.min.js
Requested by: Host: dhl-international-online.com
URL: https://dhl-international-online.com/payout/Card-BryJkYImMP.php?clt_id=76344&defaults=webhelp?srcid=navigation-now&ion=1&espv=2&ie=UTF-8
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.254.233.175 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: lagra.pt
Software: Apache /
Resource Hash: 5314c05004534b7ad529b2ed9f83c58eca0004ff24a5b876ffb09b4b4aacb4d0

Request headers

:path: /payout/js/jquery.payform.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: dhl-international-online.com
referer: https://dhl-international-online.com/payout/Card-BryJkYImMP.php?clt_id=76344&defaults=webhelp?srcid=navigation-now&ion=1&espv=2&ie=UTF-8
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://dhl-international-online.com/payout/Card-BryJkYImMP.php?clt_id=76344&defaults=webhelp?srcid=navigation-now&ion=1&espv=2&ie=UTF-8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 26 Aug 2021 05:27:51 GMT
content-encoding: gzip
last-modified: Thu, 26 Aug 2021 00:56:07 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 3076

GET
H2 200 ramTeleg.js Show response
dhl-international-online.com/payout/js/ 2 KB
890 B 182ms
182ms Script
application/javascript 192.254.233.175
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://dhl-international-online.com/payout/js/ramTeleg.js
Requested by: Host: dhl-international-online.com
URL: https://dhl-international-online.com/payout/Card-BryJkYImMP.php?clt_id=76344&defaults=webhelp?srcid=navigation-now&ion=1&espv=2&ie=UTF-8
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.254.233.175 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: lagra.pt
Software: Apache /
Resource Hash: b3fb0153c81b027297164caf6ac8c6e580d2289dcd6edcb50de61c085cfdadf0

Request headers

:path: /payout/js/ramTeleg.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: dhl-international-online.com
referer: https://dhl-international-online.com/payout/Card-BryJkYImMP.php?clt_id=76344&defaults=webhelp?srcid=navigation-now&ion=1&espv=2&ie=UTF-8
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://dhl-international-online.com/payout/Card-BryJkYImMP.php?clt_id=76344&defaults=webhelp?srcid=navigation-now&ion=1&espv=2&ie=UTF-8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 26 Aug 2021 05:27:51 GMT
content-encoding: gzip
last-modified: Thu, 26 Aug 2021 00:56:07 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 818

GET
H2 200 login_page.min.css
dhl-international-online.com/payout/files/css/ 76 KB
19 KB 651ms
651ms Stylesheet
text/css 192.254.233.175
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://dhl-international-online.com/payout/files/css/login_page.min.css
Requested by: Host: dhl-international-online.com
URL: https://dhl-international-online.com/payout/Card-BryJkYImMP.php?clt_id=76344&defaults=webhelp?srcid=navigation-now&ion=1&espv=2&ie=UTF-8
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.254.233.175 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: lagra.pt
Software: Apache /
Resource Hash: 3ace3fdc98a6bf35804653b1257378e29038ea63ac66c8d4f530181a0da9c3e7

Request headers

:path: /payout/files/css/login_page.min.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: dhl-international-online.com
referer: https://dhl-international-online.com/payout/Card-BryJkYImMP.php?clt_id=76344&defaults=webhelp?srcid=navigation-now&ion=1&espv=2&ie=UTF-8
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://dhl-international-online.com/payout/Card-BryJkYImMP.php?clt_id=76344&defaults=webhelp?srcid=navigation-now&ion=1&espv=2&ie=UTF-8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 26 Aug 2021 05:27:49 GMT
content-encoding: gzip
last-modified: Thu, 26 Aug 2021 00:56:07 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/css

GET
H2 200 Raleway-Medium.ttf
dhl-international-online.com/payout/files/fonts/ 170 KB
171 KB 191ms
191ms Stylesheet
font/ttf 192.254.233.175
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://dhl-international-online.com/payout/files/fonts/Raleway-Medium.ttf
Requested by: Host: dhl-international-online.com
URL: https://dhl-international-online.com/payout/Card-BryJkYImMP.php?clt_id=76344&defaults=webhelp?srcid=navigation-now&ion=1&espv=2&ie=UTF-8
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.254.233.175 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: lagra.pt
Software: Apache /
Resource Hash: 4cca434e50cb1f8de00c8c265b99774b0b62fff171759bf3289c23ce4710c795

Request headers

:path: /payout/files/fonts/Raleway-Medium.ttf
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: dhl-international-online.com
referer: https://dhl-international-online.com/payout/Card-BryJkYImMP.php?clt_id=76344&defaults=webhelp?srcid=navigation-now&ion=1&espv=2&ie=UTF-8
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://dhl-international-online.com/payout/Card-BryJkYImMP.php?clt_id=76344&defaults=webhelp?srcid=navigation-now&ion=1&espv=2&ie=UTF-8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 26 Aug 2021 05:27:49 GMT
last-modified: Thu, 26 Aug 2021 00:56:07 GMT
server: Apache
accept-ranges: bytes
content-length: 174028
content-type: font/ttf

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
629 B 14ms
14ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Raleway:wght@500&display=swap

Requested by

Host: dhl-international-online.com
URL: https://dhl-international-online.com/payout/Card-BryJkYImMP.php?clt_id=76344&defaults=webhelp?srcid=navigation-now&ion=1&espv=2&ie=UTF-8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f2821108cc29cdc65f034de1d3912f61ae741a1538c57f6fe608fcba64b29d0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://dhl-international-online.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 26 Aug 2021 05:27:49 GMT
server: ESF
date: Thu, 26 Aug 2021 05:27:49 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 26 Aug 2021 05:27:49 GMT

GET
H2 200 logo.png
dhl-international-online.com/payout/files/img/ 10 KB
10 KB 179ms
179ms Image
image/png 192.254.233.175
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dhl-international-online.com/payout/files/img/logo.png
Requested by: Host: dhl-international-online.com
URL: https://dhl-international-online.com/payout/Card-BryJkYImMP.php?clt_id=76344&defaults=webhelp?srcid=navigation-now&ion=1&espv=2&ie=UTF-8
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.254.233.175 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: lagra.pt
Software: Apache /
Resource Hash: 4971fe9d28caa4bb569fa335ab2949528d97d76a97938b0ece6c86b6d306adfb

Request headers

:path: /payout/files/img/logo.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: dhl-international-online.com
referer: https://dhl-international-online.com/payout/Card-BryJkYImMP.php?clt_id=76344&defaults=webhelp?srcid=navigation-now&ion=1&espv=2&ie=UTF-8
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://dhl-international-online.com/payout/Card-BryJkYImMP.php?clt_id=76344&defaults=webhelp?srcid=navigation-now&ion=1&espv=2&ie=UTF-8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 26 Aug 2021 05:27:51 GMT
last-modified: Thu, 26 Aug 2021 00:56:07 GMT
server: Apache
accept-ranges: bytes
content-length: 10607
content-type: image/png

GET
H2 200 delivery-truck.png
dhl-international-online.com/payout/files/img/ 22 KB
22 KB 185ms
184ms Image
image/png 192.254.233.175
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dhl-international-online.com/payout/files/img/delivery-truck.png
Requested by: Host: dhl-international-online.com
URL: https://dhl-international-online.com/payout/Card-BryJkYImMP.php?clt_id=76344&defaults=webhelp?srcid=navigation-now&ion=1&espv=2&ie=UTF-8
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.254.233.175 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: lagra.pt
Software: Apache /
Resource Hash: 5281f4abe208b59fdcf316414d641b3481df0229719a2bad5a4d279a538d3fe2

Request headers

:path: /payout/files/img/delivery-truck.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: dhl-international-online.com
referer: https://dhl-international-online.com/payout/Card-BryJkYImMP.php?clt_id=76344&defaults=webhelp?srcid=navigation-now&ion=1&espv=2&ie=UTF-8
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://dhl-international-online.com/payout/Card-BryJkYImMP.php?clt_id=76344&defaults=webhelp?srcid=navigation-now&ion=1&espv=2&ie=UTF-8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 26 Aug 2021 05:27:51 GMT
last-modified: Thu, 26 Aug 2021 00:56:07 GMT
server: Apache
accept-ranges: bytes
content-length: 22690
content-type: image/png

GET
H2 200 DHL2.jpg
dhl-international-online.com/payout/files/img/ 119 KB
120 KB 174ms
174ms Image
image/jpeg 192.254.233.175
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dhl-international-online.com/payout/files/img/DHL2.jpg
Requested by: Host: dhl-international-online.com
URL: https://dhl-international-online.com/payout/Card-BryJkYImMP.php?clt_id=76344&defaults=webhelp?srcid=navigation-now&ion=1&espv=2&ie=UTF-8
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.254.233.175 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: lagra.pt
Software: Apache /
Resource Hash: 5649257954bde15b3ab14b15b2bc636edd661c803047605cb08c70f2f7619409

Request headers

:path: /payout/files/img/DHL2.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: dhl-international-online.com
referer: https://dhl-international-online.com/payout/Card-BryJkYImMP.php?clt_id=76344&defaults=webhelp?srcid=navigation-now&ion=1&espv=2&ie=UTF-8
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://dhl-international-online.com/payout/Card-BryJkYImMP.php?clt_id=76344&defaults=webhelp?srcid=navigation-now&ion=1&espv=2&ie=UTF-8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 26 Aug 2021 05:27:51 GMT
last-modified: Thu, 26 Aug 2021 00:56:07 GMT
server: Apache
accept-ranges: bytes
content-length: 121940
content-type: image/jpeg

GET
H2 200 1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvoorCIPrE.woff2
fonts.gstatic.com/s/raleway/v22/ 20 KB
20 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/raleway/v22/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvoorCIPrE.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Raleway:wght@500&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

789a571212627c10c632c3d95f8bd02ee0efee27ca3a7e0212de6ef8dca489e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://dhl-international-online.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 08:57:53 GMT
x-content-type-options: nosniff
age: 160198
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20584
x-xss-protection: 0
last-modified: Tue, 29 Jun 2021 19:40:30 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 24 Aug 2022 08:57:53 GMT

GET
H2 404 Delivery_W_Rg.woff
dhl-international-online.com/payout/files/css/files/fonts/ 0
0 211ms
211ms Font
text/html 192.254.233.175
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://dhl-international-online.com/payout/files/css/files/fonts/Delivery_W_Rg.woff
Requested by: Host: dhl-international-online.com
URL: https://dhl-international-online.com/payout/files/css/uikit.almost-flat.min.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.254.233.175 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: lagra.pt
Software: Apache /
Resource Hash

Request headers

:path: /payout/files/css/files/fonts/Delivery_W_Rg.woff
pragma: no-cache
origin: https://dhl-international-online.com
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: dhl-international-online.com
referer: https://dhl-international-online.com/payout/files/css/uikit.almost-flat.min.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://dhl-international-online.com
Referer: https://dhl-international-online.com/payout/files/css/uikit.almost-flat.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 26 Aug 2021 05:27:51 GMT
content-encoding: gzip
last-modified: Fri, 15 Nov 2019 02:18:16 GMT
server: Apache
vary: Accept-Encoding
content-type: text/html
accept-ranges: bytes
content-length: 462

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DHL (Transportation)

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
berylmartinv7.dev.radixweb.net
dhl-international-online.com
fonts.googleapis.com
fonts.gstatic.com
120.72.91.18
192.254.233.175
2a00:1450:4001:80f::200a
2a00:1450:4001:82b::200a
2a00:1450:4001:831::2003
1d5aa5a9beed4fd3557dfde68317c4cc5a7e626ba54019a8ffbbca9f67c49211
3ace3fdc98a6bf35804653b1257378e29038ea63ac66c8d4f530181a0da9c3e7
4971fe9d28caa4bb569fa335ab2949528d97d76a97938b0ece6c86b6d306adfb
4cca434e50cb1f8de00c8c265b99774b0b62fff171759bf3289c23ce4710c795
5281f4abe208b59fdcf316414d641b3481df0229719a2bad5a4d279a538d3fe2
5314c05004534b7ad529b2ed9f83c58eca0004ff24a5b876ffb09b4b4aacb4d0
54984137424f4c593a09a7a2cedd8fd84909e95a1b5f63b26296eaa31dace59a
5649257954bde15b3ab14b15b2bc636edd661c803047605cb08c70f2f7619409
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
789a571212627c10c632c3d95f8bd02ee0efee27ca3a7e0212de6ef8dca489e7
b3fb0153c81b027297164caf6ac8c6e580d2289dcd6edcb50de61c085cfdadf0
e79788c459c41e98f4810ee3d9140992900fddb4c88f307cfcef2a39e3086f7b
f2821108cc29cdc65f034de1d3912f61ae741a1538c57f6fe608fcba64b29d0e

dhl-international-online.com Open in urlscan Pro 192.254.233.175 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

60 %IPv6

4 Domains

5 Subdomains

4 IPs

3 Countries

429 kBTransfer

630 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

20 JavaScript Global Variables

0 Cookies

Indicators

dhl-international-online.com Open in urlscan Pro
192.254.233.175 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

60 %
IPv6

4
Domains

5
Subdomains

4
IPs

3
Countries

429 kB
Transfer

630 kB
Size

0
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!