jerzybialoglowicz.pl Open in urlscan Pro
91.192.164.134 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://jsbstonex.com/fr/
Effective URL:
https://jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/info.php
Submission: On February 12 via api (February 12th 2023, 10:08:07 am UTC) from IE — Scanned from DE

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 12 HTTP transactions. The main IP is 91.192.164.134, located in Rzeszów, Poland and belongs to ZETO-RZESZOW, PL. The main domain is jerzybialoglowicz.pl.
TLS certificate: Issued by R3 on February 1st 2023. Valid for: 3 months.

This is the only time jerzybialoglowicz.pl was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Swiss Post (Transportation) DHL (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1	45.113.122.180 45.113.122.180	394695 (PUBLIC-DO...) (PUBLIC-DOMAIN-REGISTRY)
2 10	91.192.164.134 91.192.164.134	42490 (ZETO-RZESZOW) (ZETO-RZESZOW)
12	3

1 45.113.122.180 (India)

ASN394695 (PUBLIC-DOMAIN-REGISTRY, US)
PTR: bh-in-20.webhostbox.net

jsbstonex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 91.192.164.134 (Rzeszów, Poland) 2 redirects

ASN42490 (ZETO-RZESZOW, PL)
PTR: srv1.zetorzeszow.pl

jerzybialoglowicz.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	jerzybialoglowicz.pl 2 redirects jerzybialoglowicz.pl	180 KB
1	jsbstonex.com jsbstonex.com	316 B
12	2

	Domain	Requested by
10	jerzybialoglowicz.pl	2 redirects jerzybialoglowicz.pl
1	jsbstonex.com
12	2

This site contains no links.

Subject Issuer	Validity	Valid
*.jsbstonex.com R3	`2023-01-20` - `2023-04-20`	3 months	crt.sh
*.jerzybialoglowicz.pl R3	`2023-02-01` - `2023-05-02`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/info.php
Frame ID: 4B30A43779B2CFC826F6A17B3F55485A
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

DHL - Account

Page URL History Show full URLs

https://jsbstonex.com/fr/ Page URL
https://jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/ HTTP 302
https://jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/index.php HTTP 302
https://jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/info.php Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

75 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

180 kB
Transfer

671 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://jsbstonex.com/fr/ Page URL
https://jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/ HTTP 302
https://jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/index.php HTTP 302
https://jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/info.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response jsbstonex.com/fr/	261 B 316 B	1237ms 150ms	Document text/html	45.113.122.180 PUBLIC-DOMAIN-REG...
General Check archive.org Show headers Download Go to Full URL https://jsbstonex.com/fr/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 45.113.122.180 , India, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US), Reverse DNS bh-in-20.webhostbox.net Software Apache / Resource Hash `21d7967d1fbf5d59000b364fc76350927419d4e154822aa3fd3904edf02dad9e` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes content-encoding gzip content-length 201 content-type text/html date Sun, 12 Feb 2023 10:08:03 GMT last-modified Wed, 08 Feb 2023 17:23:57 GMT server Apache vary Accept-Encoding
GET H2	200	Primary Request info.php Show response jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/ Redirect Chain https://jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/ https://jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/index.php https://jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/info.php	25 KB 7 KB	154ms 153ms	Document text/html	91.192.164.134 ZETO-RZESZOW
General Check archive.org Show headers Download Go to Full URL https://jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/info.php Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 91.192.164.134 Rzeszów, Poland, ASN42490 (ZETO-RZESZOW, PL), Reverse DNS srv1.zetorzeszow.pl Software nginx / PHP/7.4.30 Resource Hash `c3d2ae112fa93daffe3c27abeb6bbf40e49c24dd1bccde1326dd55f6e575b13f` Request headers Referer https://jsbstonex.com/fr/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control no-store, no-cache, must-revalidate content-encoding gzip content-length 6919 content-type text/html; charset=UTF-8 date Sun, 12 Feb 2023 10:08:05 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server nginx vary Accept-Encoding,User-Agent x-powered-by PHP/7.4.30 Redirect headers cache-control no-store, no-cache, must-revalidate content-length 0 content-type text/html; charset=UTF-8 date Sun, 12 Feb 2023 10:08:05 GMT expires Thu, 19 Nov 1981 08:52:00 GMT location info.php pragma no-cache server nginx vary User-Agent x-powered-by PHP/7.4.30
GET H2	200	main.css jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/files/css/	529 KB 115 KB	83ms 83ms	Stylesheet text/css	91.192.164.134 ZETO-RZESZOW
General Check archive.org Show headers Download Go to Full URL https://jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/files/css/main.css Requested by Host: jerzybialoglowicz.pl URL: https://jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/info.php Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 91.192.164.134 Rzeszów, Poland, ASN42490 (ZETO-RZESZOW, PL), Reverse DNS srv1.zetorzeszow.pl Software nginx / Resource Hash `d97797426d717621d5059e293ea468c8a463a3e8e7d89a5d90ac38eaa174ed64` Request headers accept-language de-DE,de;q=0.9 Referer https://jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/info.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Sun, 12 Feb 2023 10:08:05 GMT content-encoding gzip last-modified Thu, 09 Feb 2023 23:46:24 GMT server nginx etag W/"63e585d0-844ff" vary Accept-Encoding content-type text/css
GET H2	200	jquery.js Show response jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/files/js/	85 KB 35 KB	157ms 157ms	Script application/javascript	91.192.164.134 ZETO-RZESZOW
General Check archive.org Show headers Download Go to Full URL https://jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/files/js/jquery.js Requested by Host: jerzybialoglowicz.pl URL: https://jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/info.php Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 91.192.164.134 Rzeszów, Poland, ASN42490 (ZETO-RZESZOW, PL), Reverse DNS srv1.zetorzeszow.pl Software nginx / Resource Hash `8603b20b548270423fb03c2138c16f5f863ead4c48eb0999167df869e2eef8a6` Request headers accept-language de-DE,de;q=0.9 Referer https://jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/info.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Sun, 12 Feb 2023 10:08:05 GMT content-encoding gzip last-modified Thu, 09 Feb 2023 23:46:26 GMT server nginx etag W/"63e585d2-15339" vary Accept-Encoding content-type application/javascript
GET H2	200	dhl-logo.svg jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/files/img/	2 KB 874 B	60ms 59ms	Image image/svg+xml	91.192.164.134 ZETO-RZESZOW
General Check archive.org Show headers Download Go to Show image Full URL https://jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/files/img/dhl-logo.svg Requested by Host: jerzybialoglowicz.pl URL: https://jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/info.php Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 91.192.164.134 Rzeszów, Poland, ASN42490 (ZETO-RZESZOW, PL), Reverse DNS srv1.zetorzeszow.pl Software nginx / Resource Hash `362bcaa42090e36611031bec6bdaa0600375ef847092cca195c58d3bae9b4419` Request headers accept-language de-DE,de;q=0.9 Referer https://jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/info.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Sun, 12 Feb 2023 10:08:05 GMT content-encoding gzip last-modified Thu, 09 Feb 2023 23:46:24 GMT server nginx etag W/"63e585d0-643" vary Accept-Encoding content-type image/svg+xml
GET H2	200	glo.svg jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/files/img/	1 KB 769 B	47ms 47ms	Image image/svg+xml	91.192.164.134 ZETO-RZESZOW
General Check archive.org Show headers Download Go to Show image Full URL https://jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/files/img/glo.svg Requested by Host: jerzybialoglowicz.pl URL: https://jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/info.php Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 91.192.164.134 Rzeszów, Poland, ASN42490 (ZETO-RZESZOW, PL), Reverse DNS srv1.zetorzeszow.pl Software nginx / Resource Hash `7b7e4adb65aa53b1bc731f15511c53d5beb73f187d5c5f35f19ebbfaf0decbbd` Request headers accept-language de-DE,de;q=0.9 Referer https://jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/info.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Sun, 12 Feb 2023 10:08:05 GMT content-encoding gzip last-modified Thu, 09 Feb 2023 23:46:24 GMT server nginx etag W/"63e585d0-450" vary Accept-Encoding content-type image/svg+xml
GET H2	200	glo-footer-logo.svg jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/files/img/	12 KB 4 KB	50ms 49ms	Image image/svg+xml	91.192.164.134 ZETO-RZESZOW
General Check archive.org Show headers Download Go to Show image Full URL https://jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/files/img/glo-footer-logo.svg Requested by Host: jerzybialoglowicz.pl URL: https://jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/info.php Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 91.192.164.134 Rzeszów, Poland, ASN42490 (ZETO-RZESZOW, PL), Reverse DNS srv1.zetorzeszow.pl Software nginx / Resource Hash `5162de2ee844a80d76b7d7514c02ab7d5de72a5966113323d80eb56bf6ded038` Request headers accept-language de-DE,de;q=0.9 Referer https://jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/info.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Sun, 12 Feb 2023 10:08:05 GMT content-encoding gzip last-modified Thu, 09 Feb 2023 23:46:24 GMT server nginx etag W/"63e585d0-2ec0" vary Accept-Encoding content-type image/svg+xml
GET		5132a7ca80ea9e18ec8cecc618cf5a0b.woff jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/files/assets/fonts/	0 0

GET		c2d3739d2debffea340a58b7b8ab3c61.woff jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/files/assets/fonts/	0 0

GET		d2c082a9f78e61ea7ccefecaca4da8a3.woff jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/files/assets/fonts/	0 0

GET H2	200	arrow.svg jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/files/img/	311 B 437 B	58ms 57ms	Image image/svg+xml	91.192.164.134 ZETO-RZESZOW
General Check archive.org Show headers Download Go to Show image Full URL https://jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/files/img/arrow.svg Requested by Host: jerzybialoglowicz.pl URL: https://jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/files/css/main.css Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 91.192.164.134 Rzeszów, Poland, ASN42490 (ZETO-RZESZOW, PL), Reverse DNS srv1.zetorzeszow.pl Software nginx / Resource Hash `d8748acb2eead2bb284ccec7029faaa404c1f2bda9cbeae2d777b9033e473a9d` Request headers accept-language de-DE,de;q=0.9 Referer https://jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/files/css/main.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Sun, 12 Feb 2023 10:08:05 GMT content-encoding gzip last-modified Thu, 09 Feb 2023 23:46:24 GMT server nginx x-accel-version 0.01 etag "137-5f44cfd175b17-gzip" vary Accept-Encoding,User-Agent content-type image/svg+xml accept-ranges bytes content-length 226
GET H2	200	lod.gif jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/files/img/	17 KB 17 KB	55ms 55ms	Image image/gif	91.192.164.134 ZETO-RZESZOW
General Check archive.org Show headers Download Go to Show image Full URL https://jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/files/img/lod.gif Requested by Host: jerzybialoglowicz.pl URL: https://jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/info.php Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 91.192.164.134 Rzeszów, Poland, ASN42490 (ZETO-RZESZOW, PL), Reverse DNS srv1.zetorzeszow.pl Software nginx / Resource Hash `ce6a239fde88d8fb01c7a10d6f7b27d1bc23f5462d02f5ebb4927479fa32a302` Request headers accept-language de-DE,de;q=0.9 Referer https://jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/info.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers date Sun, 12 Feb 2023 10:08:05 GMT last-modified Thu, 09 Feb 2023 23:46:24 GMT server nginx accept-ranges bytes etag "63e585d0-44b1" content-length 17585 content-type image/gif

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: jerzybialoglowicz.pl
URL: https://jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/files/assets/fonts/5132a7ca80ea9e18ec8cecc618cf5a0b.woff

Domain: jerzybialoglowicz.pl
URL: https://jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/files/assets/fonts/c2d3739d2debffea340a58b7b8ab3c61.woff

Domain: jerzybialoglowicz.pl
URL: https://jerzybialoglowicz.pl/wp/wp-content/themes/fitnessbase/De/MEGADHL/dhl/files/assets/fonts/d2c082a9f78e61ea7ccefecaca4da8a3.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Swiss Post (Transportation) DHL (Transportation)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			jerzybialoglowicz.pl/	1969-12-31 23:59:59	Name: PHPSESSID Value: r413ap59koqj3aboqf7jpmqg6k

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

jerzybialoglowicz.pl
jsbstonex.com
jerzybialoglowicz.pl
45.113.122.180
91.192.164.134
21d7967d1fbf5d59000b364fc76350927419d4e154822aa3fd3904edf02dad9e
362bcaa42090e36611031bec6bdaa0600375ef847092cca195c58d3bae9b4419
5162de2ee844a80d76b7d7514c02ab7d5de72a5966113323d80eb56bf6ded038
7b7e4adb65aa53b1bc731f15511c53d5beb73f187d5c5f35f19ebbfaf0decbbd
8603b20b548270423fb03c2138c16f5f863ead4c48eb0999167df869e2eef8a6
c3d2ae112fa93daffe3c27abeb6bbf40e49c24dd1bccde1326dd55f6e575b13f
ce6a239fde88d8fb01c7a10d6f7b27d1bc23f5462d02f5ebb4927479fa32a302
d8748acb2eead2bb284ccec7029faaa404c1f2bda9cbeae2d777b9033e473a9d
d97797426d717621d5059e293ea468c8a463a3e8e7d89a5d90ac38eaa174ed64

jerzybialoglowicz.pl Open in urlscan Pro 91.192.164.134 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

12 Requests

75 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

180 kBTransfer

671 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

1 Cookies

Indicators

jerzybialoglowicz.pl Open in urlscan Pro
91.192.164.134 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

75 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

180 kB
Transfer

671 kB
Size

1
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!