www.apsdsoverese.it
Open in
urlscan Pro
62.4.6.120
Malicious Activity!
Public Scan
Effective URL: http://www.apsdsoverese.it/DHL-XH/EditedDhIMasked/pageportal1.php?lovegbnhheyasgbnghw=&id=9b85dec073027bb1402e0c76eab671d29...
Submission: On March 10 via automatic, source openphish
Summary
This is the only time www.apsdsoverese.it was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic (Online) DHL (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 12 | 62.4.6.120 62.4.6.120 | 12876 (AS12876) (AS12876) | |
2 | 172.217.16.174 172.217.16.174 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 54.225.152.179 54.225.152.179 | 14618 (AMAZON-AES) (AMAZON-AES - Amazon.com) | |
12 | 3 |
ASN12876 (AS12876, FR)
PTR: hl187.idc5.adatacenter.net
apsdsoverese.it | |
www.apsdsoverese.it |
ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s11-in-f174.1e100.net
www.google-analytics.com |
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-225-152-179.compute-1.amazonaws.com
www.1freehosting.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
apsdsoverese.it
3 redirects
apsdsoverese.it www.apsdsoverese.it |
79 KB |
2 |
google-analytics.com
www.google-analytics.com |
17 KB |
1 |
1freehosting.com
www.1freehosting.com |
443 B |
12 | 3 |
Domain | Requested by | |
---|---|---|
11 | www.apsdsoverese.it |
2 redirects
www.apsdsoverese.it
|
2 | www.google-analytics.com |
www.apsdsoverese.it
|
1 | www.1freehosting.com |
www.apsdsoverese.it
|
1 | apsdsoverese.it | 1 redirects |
12 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://www.apsdsoverese.it/DHL-XH/EditedDhIMasked/pageportal1.php?lovegbnhheyasgbnghw=&id=9b85dec073027bb1402e0c76eab671d29b85dec073027bb1402e0c76eab671d2&session=9b85dec073027bb1402e0c76eab671d29b85dec073027bb1402e0c76eab671d2&session2=9b85dec073027bb1402e0c76eab671d29b85dec073027bb1402e0c76eab671d2&session3=9b85dec073027bb1402e0c76eab671d29b85dec073027bb1402e0c76eab671d2
Frame ID: (6B6B1E10FB4F344E35CCE123AF08CECD)
Requests: 12 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://apsdsoverese.it/DHL-XH/EditedDhIMasked
HTTP 301
http://www.apsdsoverese.it/DHL-XH/EditedDhIMasked HTTP 301
http://www.apsdsoverese.it/DHL-XH/EditedDhIMasked/ HTTP 302
http://www.apsdsoverese.it/DHL-XH/EditedDhIMasked/pageportal1.php?lovegbnhheyasgbnghw=&id=9b85dec073027... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Google Analytics (Analytics) Expand
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
- env /^gaGlobal$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://apsdsoverese.it/DHL-XH/EditedDhIMasked
HTTP 301
http://www.apsdsoverese.it/DHL-XH/EditedDhIMasked HTTP 301
http://www.apsdsoverese.it/DHL-XH/EditedDhIMasked/ HTTP 302
http://www.apsdsoverese.it/DHL-XH/EditedDhIMasked/pageportal1.php?lovegbnhheyasgbnghw=&id=9b85dec073027bb1402e0c76eab671d29b85dec073027bb1402e0c76eab671d2&session=9b85dec073027bb1402e0c76eab671d29b85dec073027bb1402e0c76eab671d2&session2=9b85dec073027bb1402e0c76eab671d29b85dec073027bb1402e0c76eab671d2&session3=9b85dec073027bb1402e0c76eab671d29b85dec073027bb1402e0c76eab671d2 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 8- http://www.google-analytics.com/ga.js HTTP 307
- https://www.google-analytics.com/ga.js
- http://www.google-analytics.com/r/__utm.gif?utmwv=5.7.1&utms=1&utmn=1604073160&utmhn=www.apsdsoverese.it&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Shipment%20Tracking%20portal&utmhid=912351332&utmr=-&utmp=%2FDHL-XH%2FEditedDhIMasked%2Fpageportal1.php%3Flovegbnhheyasgbnghw%3D%26id%3D9b85dec073027bb1402e0c76eab671d29b85dec073027bb1402e0c76eab671d2%26session%3D9b85dec073027bb1402e0c76eab671d29b85dec073027bb1402e0c76eab671d2%26session2%3D9b85dec073027bb1402e0c76eab671d29b85dec073027bb1402e0c76eab671d2%26session3%3D9b85dec073027bb1402e0c76eab671d29b85dec073027bb1402e0c76eab671d2&utmht=1520652387715&utmac=UA-21588661-2&utmcc=__utma%3D253577999.887400566.1520652388.1520652388.1520652388.1%3B%2B__utmz%3D253577999.1520652388.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=63170832&utmredir=1&utmu=qhAAAAAAAAAAAAAAAAAAAAAE~ HTTP 307
- https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.1&utms=1&utmn=1604073160&utmhn=www.apsdsoverese.it&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Shipment%20Tracking%20portal&utmhid=912351332&utmr=-&utmp=%2FDHL-XH%2FEditedDhIMasked%2Fpageportal1.php%3Flovegbnhheyasgbnghw%3D%26id%3D9b85dec073027bb1402e0c76eab671d29b85dec073027bb1402e0c76eab671d2%26session%3D9b85dec073027bb1402e0c76eab671d29b85dec073027bb1402e0c76eab671d2%26session2%3D9b85dec073027bb1402e0c76eab671d29b85dec073027bb1402e0c76eab671d2%26session3%3D9b85dec073027bb1402e0c76eab671d29b85dec073027bb1402e0c76eab671d2&utmht=1520652387715&utmac=UA-21588661-2&utmcc=__utma%3D253577999.887400566.1520652388.1520652388.1520652388.1%3B%2B__utmz%3D253577999.1520652388.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=63170832&utmredir=1&utmu=qhAAAAAAAAAAAAAAAAAAAAAE~
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
pageportal1.php
www.apsdsoverese.it/DHL-XH/EditedDhIMasked/ Redirect Chain
|
5 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
MaskedPassword.js
www.apsdsoverese.it/DHL-XH/EditedDhIMasked/ |
17 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
title.png
www.apsdsoverese.it/DHL-XH/EditedDhIMasked/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dhl_logo.gif
www.apsdsoverese.it/DHL-XH/EditedDhIMasked/ |
443 B 685 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ss.png
www.apsdsoverese.it/DHL-XH/EditedDhIMasked/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ei.png
www.apsdsoverese.it/DHL-XH/EditedDhIMasked/ |
368 B 610 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ep.png
www.apsdsoverese.it/DHL-XH/EditedDhIMasked/ |
615 B 857 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
poweredby.png
www.apsdsoverese.it/DHL-XH/EditedDhIMasked/ |
39 KB 40 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
5_1_dhl_global_locator_all_340_187.gif
www.apsdsoverese.it/DHL-XH/EditedDhIMasked/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
ga.js
www.google-analytics.com/ Redirect Chain
|
45 KB 17 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ga.js
www.1freehosting.com/cdn/ |
0 443 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
__utm.gif
www.google-analytics.com/r/ Redirect Chain
|
35 B 101 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic (Online) DHL (Transportation)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| MaskedPassword function| validateForm object| _gaq object| _gat object| gaGlobal5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.www.apsdsoverese.it/ | Name: __utmb Value: 253577999.1.10.1520652388 |
|
.www.apsdsoverese.it/ | Name: __utmt Value: 1 |
|
.www.apsdsoverese.it/ | Name: __utmz Value: 253577999.1520652388.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none) |
|
.www.apsdsoverese.it/ | Name: __utmc Value: 253577999 |
|
.www.apsdsoverese.it/ | Name: __utma Value: 253577999.887400566.1520652388.1520652388.1520652388.1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
apsdsoverese.it
www.1freehosting.com
www.apsdsoverese.it
www.google-analytics.com
172.217.16.174
54.225.152.179
62.4.6.120
044f1dcf5eadd4c9b2b180439a519bdf24cfa86a4e372f7ad7bce131e7ecbb09
24d70d02583a5f441463bb86240488603c4974a6650aa0cce76aa4b7f5cf1d19
2cfdb08c07395b0be65df154f068ade61c1bfad7e3e3e2d0e40b85319fa95825
2f680b51b19fc3c5befd02bd9d0d4e88c2722a5210157e4ef68933c5ba352109
7c2c58fc24e2d3458b88680cfad4577011697df9a1406808f2f7d8f46060d8a7
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
aa1c0840f774f3412e8482d6cc35ac7a538366d0906ccb54a7bfd95c8b6b4163
c4599d7bba99a0ac613403afac501cdc1a1b6cfdeeea0fc0ee3b0b70d78803b6
c875e1e9cf5d7d7f977aee6ea4ade86933247f866a7e2ef01f9ea914db76bc42
d87ca059e18a471de8b916dfbcdfc3ef7fda94da362b986de701006ef469a43f
da2ed9ae68023ed5513766372c1a0e6657592bc5b99c786b8b55a82aab706617
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855