post-ch-b5c6d2.ingress-baronn.ewp.live
Open in
urlscan Pro
63.250.43.10
Malicious Activity!
Public Scan
Effective URL: https://post-ch-b5c6d2.ingress-baronn.ewp.live/MYDHLdjj/
Submission Tags: 7605595
Submission: On July 18 via api from NL — Scanned from NL
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on May 24th 2022. Valid for: a year.
This is the only time post-ch-b5c6d2.ingress-baronn.ewp.live was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DHL (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 119.18.54.95 119.18.54.95 | 394695 (PUBLIC-DO...) (PUBLIC-DOMAIN-REGISTRY) | |
1 3 | 63.250.43.10 63.250.43.10 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
3 | 2600:9000:219... 2600:9000:2190:9200:15:285b:5440:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 2606:4700:303... 2606:4700:3033::6815:3f36 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
7 | 3 |
ASN22612 (NAMECHEAP-NET, US)
PTR: ingress-baronn.easywp.com
post-ch-b5c6d2.ingress-baronn.ewp.live |
ASN16509 (AMAZON-02, US)
assets.pay2.secured-by-ingenico.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
secured-by-ingenico.com
assets.pay2.secured-by-ingenico.com — Cisco Umbrella Rank: 743242 |
33 KB |
3 |
ewp.live
1 redirects
post-ch-b5c6d2.ingress-baronn.ewp.live |
213 KB |
2 |
fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 1112 |
84 KB |
1 |
pravaas.com
1 redirects
pravaas.com |
115 B |
7 | 4 |
Domain | Requested by | |
---|---|---|
3 | assets.pay2.secured-by-ingenico.com |
post-ch-b5c6d2.ingress-baronn.ewp.live
assets.pay2.secured-by-ingenico.com |
3 | post-ch-b5c6d2.ingress-baronn.ewp.live |
1 redirects
post-ch-b5c6d2.ingress-baronn.ewp.live
|
2 | use.fontawesome.com |
post-ch-b5c6d2.ingress-baronn.ewp.live
use.fontawesome.com |
1 | pravaas.com | 1 redirects |
7 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.dhl.ch |
payment.pay2.secured-by-ingenico.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.ingress-baronn.ewp.live Sectigo RSA Domain Validation Secure Server CA |
2022-05-24 - 2023-05-24 |
a year | crt.sh |
assets.secured-by-ingenico.com Amazon |
2021-10-19 - 2022-11-16 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-06-06 - 2023-06-05 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://post-ch-b5c6d2.ingress-baronn.ewp.live/MYDHLdjj/
Frame ID: D7DF8C996E18D27959E83D645F14833E
Requests: 7 HTTP requests in this frame
Screenshot
Page Title
MasterCard - Zusätzliche InformationenPage URL History Show full URLs
-
https://pravaas.com/ch/
HTTP 302
https://post-ch-b5c6d2.ingress-baronn.ewp.live/MYDHLdjj HTTP 301
http://post-ch-b5c6d2.ingress-baronn.ewp.live/MYDHLdjj/ HTTP 307
https://post-ch-b5c6d2.ingress-baronn.ewp.live/MYDHLdjj/ Page URL
Detected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title: Startseite
Search URL Search Domain Scan URL
Title: Nutzungsbedingungen
Search URL Search Domain Scan URL
Title: Datenschutzrichtlinie
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://pravaas.com/ch/
HTTP 302
https://post-ch-b5c6d2.ingress-baronn.ewp.live/MYDHLdjj HTTP 301
http://post-ch-b5c6d2.ingress-baronn.ewp.live/MYDHLdjj/ HTTP 307
https://post-ch-b5c6d2.ingress-baronn.ewp.live/MYDHLdjj/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
post-ch-b5c6d2.ingress-baronn.ewp.live/MYDHLdjj/ Redirect Chain
|
39 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ruxitagentjs_ICA2SVfqrux_10219210719121502.js.download
post-ch-b5c6d2.ingress-baronn.ewp.live/MYDHLdjj/files/ |
206 KB 206 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
html-header.css
assets.pay2.secured-by-ingenico.com/templates/generic/responsive/wro/ |
90 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.css
use.fontawesome.com/releases/v5.5.0/css/ |
50 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DHL_rgb_300x66.png
assets.pay2.secured-by-ingenico.com/assets/6742/1e0d56b535f2690df49197fbde5a60b5d3c7c4e0/ |
7 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icons.woff
assets.pay2.secured-by-ingenico.com/templates/generic/responsive/global/fonts/icons/ |
9 KB 9 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-solid-900.woff2
use.fontawesome.com/releases/v5.5.0/webfonts/ |
72 KB 73 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DHL (Transportation)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=15768000 |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.pay2.secured-by-ingenico.com
post-ch-b5c6d2.ingress-baronn.ewp.live
pravaas.com
use.fontawesome.com
119.18.54.95
2600:9000:2190:9200:15:285b:5440:93a1
2606:4700:3033::6815:3f36
63.250.43.10
3762059e0b188a72b2873a5758701799ab8000390207406500ae68ca25b2e2ff
4e1ee10a401c38e620a515a306d9ee7279e0b65ac2cd21e428bc1cb0cd1fa29e
57e41c14852c136c48b507239b72d17dc9259dbf1f4828b7c7d83b3820b5a364
7798165ee5a3c6809310d8261dcbe7c8d0c12d795b7b09a71af3eb86ec8f33f2
7ac28ced4ffec739ff3ac227e4814d7003012cf2a2178a3e30186fe9d4b8f8d7
97fbe33023fe314b0f76128757e5cb818dee430cd0985e4c418b6bb4b93df78b
9e4cac65c7a5ee0bd0743afefcabdd3e73854e1284ac9ac433813d6231f550f2