urlscan.io logo urlscan.io
SecurityTrails logo

pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev Open in urlscan Pro
2606:4700::6812:323  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://trimmer.to/maETy
Effective URL: https://pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev/blob.html
Submission: On May 24 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 5 domains to perform 7 HTTP transactions. The main IP is 2606:4700::6812:323, located in United States and belongs to CLOUDFLARENET, US. The main domain is pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev.
TLS certificate: Issued by E1 on April 5th 2024. Valid for: 3 months.
This is the only time pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DHL (Transportation)

Domain & IP information

IP Address AS Autonomous System
1 1 172.67.199.75 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a04:4e42:200... 54113 (FASTLY)
1 ()
1 104.17.25.14 13335 (CLOUDFLAR...)
1 35.247.106.28 396982 (GOOGLE-CL...)
7 6
1    172.67.199.75 (United States)

ASN13335 (CLOUDFLARENET, US)
trimmer.to
1    2606:4700::6812:323 (United States)

ASN13335 (CLOUDFLARENET, US)
pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev
2    2a04:4e42:200::649 (United States)

ASN54113 (FASTLY, US)
code.jquery.com
1    (None, )

ASN- ()
pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev
1    104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    35.247.106.28 (The Dalles, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 28.106.247.35.bc.googleusercontent.com
146bd32e-46b7-45fa-8cdc-8bcfb6d8c3c9-00-3j2e3yvy26mk2.kirk.replit.dev
Apex Domain
Subdomains		 Transfer
2 jquery.com
code.jquery.com — Cisco Umbrella Rank: 776
30 KB
2 r2.dev
pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev
1 MB
1 replit.dev
146bd32e-46b7-45fa-8cdc-8bcfb6d8c3c9-00-3j2e3yvy26mk2.kirk.replit.dev
563 B
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 237
4 KB
1 trimmer.to
trimmer.to
649 B
7 5
Domain Requested by
2 code.jquery.com pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev
2 pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev
1 146bd32e-46b7-45fa-8cdc-8bcfb6d8c3c9-00-3j2e3yvy26mk2.kirk.replit.dev pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev
1 cdnjs.cloudflare.com pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev
1 trimmer.to 1 redirects
7 5

This site contains no links.

Subject Issuer Validity Valid
*.r2.dev
E1		 2024-04-05 -
2024-07-04		 3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2023-07-11 -
2024-07-14		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-07-03 -
2024-07-02		 a year crt.sh
*.kirk.replit.dev
R3		 2024-03-28 -
2024-06-26		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev/blob.html
Frame ID: 773EBE4600FC7D4DC58312A07F881F55
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login to Customer Portals and Tools | DHL |

Page URL History Show full URLs

  1. https://trimmer.to/maETy HTTP 301
    https://pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev/blob.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

7
Requests

86 %
HTTPS

33 %
IPv6

5
Domains

5
Subdomains

6
IPs

2
Countries

1293 kB
Transfer

2372 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://trimmer.to/maETy HTTP 301
    https://pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev/blob.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request blob.html
pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev/
Redirect Chain
  • https://trimmer.to/maETy
  • https://pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev/blob.html
1 MB
1 MB 		Document
General
Check archive.org
Download Go to
Full URL
https://pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev/blob.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3c02bf93f27a1bc1137730ca2a631d7d7550535847c87059393dd04e76298dd6

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Accept-Ranges
bytes
CF-RAY
888fc81a9a874dc4-FRA
Connection
keep-alive
Content-Length
1197507
Content-Type
text/html
Date
Fri, 24 May 2024 19:44:40 GMT
ETag
"6fd53ea158891b24dc912fa1c03d77aa"
Last-Modified
Thu, 23 May 2024 14:53:55 GMT
Server
cloudflare
Vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
888fc817e8335c68-FRA
content-type
text/html; charset=UTF-8
date
Fri, 24 May 2024 19:44:39 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
https://pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev/blob.html
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EA%2ByGErhsOYOOZCvDw%2FWSr7fBdQ2a09EBBdQt1Qv1OSdICRvluoSn2Nxk9v%2B5MqeI9ga5Um5BSeF1eMJFxlcnT%2BFcA2aWecq3sELeckMFEeQndxW4h16KYYuMTav"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/8.1.28
x-robots-tag
noindex
x-turbo-charged-by
LiteSpeed
jquery-3.6.0.min.js
code.jquery.com/ 		87 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.6.0.min.js
Requested by
Host: pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev
URL: https://pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev/blob.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:44:40 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
2436060
x-cache
HIT, HIT
content-length
30875
x-served-by
cache-lga21931-LGA, cache-fra-etou8220111-FRA
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1716579880.270111,VS0,VE0
etag
W/"28feccc0-15d9d"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
1, 56787
778acdde-0cd0-48e5-b5f3-d940f13e3533
https://pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev/ 		877 KB
0 		Document
General
Check archive.org
Download Go to
Full URL
blob:https://pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev/778acdde-0cd0-48e5-b5f3-d940f13e3533
Requested by
Host: pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev
URL: https://pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev/blob.html
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a84dbc8da372b792848bd1bc2d854c27ff47dc4e8abb0c309b05eb2a64ac781a

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Content-Length
897580
Content-Type
text/html
favicon.ico
pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev/ 		0
0
jquery-3.6.0.min.js
code.jquery.com/ 		87 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.6.0.min.js
Requested by
Host: pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev
URL: blob:https://pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev/778acdde-0cd0-48e5-b5f3-d940f13e3533
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:44:40 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
2436060
x-cache
HIT, HIT
content-length
30875
x-served-by
cache-lga21931-LGA, cache-fra-etou8220111-FRA
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1716579880.270111,VS0,VE0
etag
W/"28feccc0-15d9d"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
1, 56787
jquery.mask.min.js
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/jquery.mask.min.js
Requested by
Host: pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev
URL: blob:https://pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev/778acdde-0cd0-48e5-b5f3-d940f13e3533
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2a0db34dc14ef4b5ce73b230701c7561e5012667a4c9cb274ecab646e1474995
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:44:40 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
257243
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
3074
last-modified
Mon, 04 May 2020 16:11:47 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec3-2087"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1r7XgVJVOBbhtcZUE3madgYYJ1RJc5CbOnkQCXrxSbOSQvDIIxPxqje5AEusE2Em8DLx57dpzdt%2BTGpSMbs6i%2FnAC6l4S2n7a9h2fgQNC5MamupQvp3w2TIv4RbOW%2FdGOpXNGty4"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
888fc81c8a089b80-FRA
expires
Wed, 14 May 2025 19:44:40 GMT
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
362bcaa42090e36611031bec6bdaa0600375ef847092cca195c58d3bae9b4419

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		7 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9749654bdfcce79bc06740ed18ce854c5bc56fd419a8d59fc590777ba942105e

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		12 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5162de2ee844a80d76b7d7514c02ab7d5de72a5966113323d80eb56bf6ded038

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
39b5e1fdc845a00e044f1d5136d4d365e319d79caae542b2abef7e9a7eb7d786

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		88 KB
88 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
76506e128f2b47b7179f5037bd885a1674455ffeb6b5093cdb4c7eefbf436ce8

Request headers

Referer
Origin
https://pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev
Accept-Language
de-DE,de;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
font/woff2
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c734712300e75e6569aa648c9a056edc323db1b942d1cd813c8e2655062b263a

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/webp
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
13de59fe76f12ec2e11ce3ce08c65b0b749acdbe0ccd0f1af4e74abd1afb5c20

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/webp
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b17e54ae153bfdc622f3b2b5238f6b3b392fdf163daa432caef7c91c07498bda

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		12 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d03e686c6a119aa09d7e08dad100fbcf8092bd4ef3a2a4d43b4c2b122b6ae494

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5f7192afa468715d41d6dd2a4d6154025142847175fab6a8f026251517fd9bab

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		9 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7983d92d94ac1327a01aae67c2713fef1f541d59ce98cb3b7535b3a69beeb86f

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/gif
init.php
146bd32e-46b7-45fa-8cdc-8bcfb6d8c3c9-00-3j2e3yvy26mk2.kirk.replit.dev/ 		18 B
563 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://146bd32e-46b7-45fa-8cdc-8bcfb6d8c3c9-00-3j2e3yvy26mk2.kirk.replit.dev/init.php
Requested by
Host: pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev
URL: blob:https://pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev/778acdde-0cd0-48e5-b5f3-d940f13e3533
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
35.247.106.28 The Dalles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
28.106.247.35.bc.googleusercontent.com
Software
/ PHP/8.2.0RC7
Resource Hash
f5545a9ceb3ffc5bad7d6dc5086994fcfdbe6b031217073bfcca83bd5a48f20a

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Fri, 24 May 2024 19:44:41 GMT
Host
146bd32e-46b7-45fa-8cdc-8bcfb6d8c3c9-00-3j2e3yvy26mk2.kirk.replit.dev
X-Powered-By
PHP/8.2.0RC7
Transfer-Encoding
chunked
Access-Control-Allow-Methods
GET
Content-Type
text/html; charset=UTF-8
Access-Control-Allow-Origin
*
Replit-Cluster
kirk
Access-Control-Allow-Headers
Content-Type
X-Robots-Tag
none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex, none, noindex, noarchive, nofollow, nositelinkssearchbox, noimageindex

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev
URL
https://pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev/favicon.ico

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DHL (Transportation)

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| $jscomp string| timer2 number| interval boolean| Panel function| getCurrentDate function| extractDomain undefined| currentStep object| metaTag string| cspHeaderValue object| forms function| isMobileDevice function| formats function| numberValidation function| formatString number| step1State number| step2State number| step3State number| step4State number| step5State

1 Cookies

Domain/Path Name / Value
trimmer.to/ Name: PHPSESSID
Value: 7uhnccdqnqef9rum952tm1j5kb

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

146bd32e-46b7-45fa-8cdc-8bcfb6d8c3c9-00-3j2e3yvy26mk2.kirk.replit.dev
cdnjs.cloudflare.com
code.jquery.com
pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev
trimmer.to
pub-76b597e3a74b4d639ebc9867ed7166d4.r2.dev

104.17.25.14
172.67.199.75
2606:4700::6812:323
2a04:4e42:200::649
35.247.106.28
13de59fe76f12ec2e11ce3ce08c65b0b749acdbe0ccd0f1af4e74abd1afb5c20
2a0db34dc14ef4b5ce73b230701c7561e5012667a4c9cb274ecab646e1474995
362bcaa42090e36611031bec6bdaa0600375ef847092cca195c58d3bae9b4419
39b5e1fdc845a00e044f1d5136d4d365e319d79caae542b2abef7e9a7eb7d786
3c02bf93f27a1bc1137730ca2a631d7d7550535847c87059393dd04e76298dd6
5162de2ee844a80d76b7d7514c02ab7d5de72a5966113323d80eb56bf6ded038
5f7192afa468715d41d6dd2a4d6154025142847175fab6a8f026251517fd9bab
76506e128f2b47b7179f5037bd885a1674455ffeb6b5093cdb4c7eefbf436ce8
7983d92d94ac1327a01aae67c2713fef1f541d59ce98cb3b7535b3a69beeb86f
9749654bdfcce79bc06740ed18ce854c5bc56fd419a8d59fc590777ba942105e
a84dbc8da372b792848bd1bc2d854c27ff47dc4e8abb0c309b05eb2a64ac781a
b17e54ae153bfdc622f3b2b5238f6b3b392fdf163daa432caef7c91c07498bda
c734712300e75e6569aa648c9a056edc323db1b942d1cd813c8e2655062b263a
d03e686c6a119aa09d7e08dad100fbcf8092bd4ef3a2a4d43b4c2b122b6ae494
f5545a9ceb3ffc5bad7d6dc5086994fcfdbe6b031217073bfcca83bd5a48f20a
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e