eservicebits.com Open in urlscan Pro
18.239.83.70 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://eservicebits.com/landingpages/939c66c5-a2e6-4d48-93bb-6fda5e52ed17/ipwxrbvz0azc3yagopftr-8tv6ehjo9upahezmbvkha
Submission: On June 15 via api (June 15th 2024, 6:16:37 am UTC) from US — Scanned from DE

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 13 HTTP transactions. The main IP is 18.239.83.70, located in United States and belongs to AMAZON-02, US. The main domain is eservicebits.com.
TLS certificate: Issued by Amazon RSA 2048 M02 on November 7th 2023. Valid for: a year.

This is the only time eservicebits.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DHL (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
2	18.239.83.70 18.239.83.70	16509 (AMAZON-02) (AMAZON-02)
11	13.32.121.99 13.32.121.99	16509 (AMAZON-02) (AMAZON-02)
13	2

2 18.239.83.70 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-239-83-70.ams58.r.cloudfront.net

eservicebits.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 13.32.121.99 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-99.fra60.r.cloudfront.net

cloud.phishinsight.trendmicro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	trendmicro.com cloud.phishinsight.trendmicro.com	1 MB
2	eservicebits.com eservicebits.com	14 KB
13	2

	Domain	Requested by
11	cloud.phishinsight.trendmicro.com	client eservicebits.com
2	eservicebits.com
13	2

This site contains no links.

Subject Issuer	Validity	Valid
eservicebits.com Amazon RSA 2048 M02	`2023-11-07` - `2024-12-05`	a year	crt.sh
*.phishinsight.trendmicro.com Entrust Certification Authority - L1K	`2023-07-18` - `2024-08-17`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://eservicebits.com/landingpages/939c66c5-a2e6-4d48-93bb-6fda5e52ed17/ipwxrbvz0azc3yagopftr-8tv6ehjo9upahezmbvkha
Frame ID: F48D18C1A9E1C14D6C0BA7D95A443C9A
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Global Logistics | DHL

Page Statistics

13
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

1135 kB
Transfer

1287 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request ipwxrbvz0azc3yagopftr-8tv6ehjo9upahezmbvkha Show response
eservicebits.com/landingpages/939c66c5-a2e6-4d48-93bb-6fda5e52ed17/ 172 KB
13 KB 1028ms
827ms Document
text/html 18.239.83.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eservicebits.com/landingpages/939c66c5-a2e6-4d48-93bb-6fda5e52ed17/ipwxrbvz0azc3yagopftr-8tv6ehjo9upahezmbvkha
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.239.83.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-83-70.ams58.r.cloudfront.net
Software: /
Resource Hash: 5e9217d05e9e23de65b372b847d559a48a8ba6d46ed8e6b9ce0b3e1a83e31720

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: br
content-length: 13328
content-type: text/html; charset=utf-8
date: Sat, 15 Jun 2024 06:16:29 GMT
vary: Accept-Encoding
via: 1.1 fa63af50c0e4f34ddecf2b2d0dca224e.cloudfront.net (CloudFront)
x-amz-apigw-id: ZZS1kFkljoEEW6g=
x-amz-cf-id: MJmBYwN6cMiW7yGVDGZvK-evEMO5xT9B5E3ss2TGIflp_lb5XWZdSA==
x-amz-cf-pop: AMS58-P5
x-amzn-remapped-content-length: 13328
x-amzn-requestid: 2c41bebb-10f3-43b6-bb6b-b4aec83d4f3e
x-amzn-trace-id: Root=1-666d31bc-2a6d2f0555a82bf330f5c49f
x-cache: Miss from cloudfront

GET
H2 200 ewf_base.dae7e8ebce001d436791f9f4d23155d71a0df53c12165ed847468180dd045cb3.css
cloud.phishinsight.trendmicro.com/content/lps/assets/system/css/ 281 KB
282 KB 167ms
75ms Stylesheet
text/css 13.32.121.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cloud.phishinsight.trendmicro.com/content/lps/assets/system/css/ewf_base.dae7e8ebce001d436791f9f4d23155d71a0df53c12165ed847468180dd045cb3.css

Requested by

Host: client
URL: about:client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.99 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-99.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

98f0d6326d2bbc3910ca8a33a97320be5830b5953d98a11d0aa302e4955c77ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://eservicebits.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 08:09:46 GMT
x-amz-version-id: 9jGTxNjOvE0rcQj.QHEvYfsTQyxMsvOX
via: 1.1 36cd2d0f34e25c2dc5099656a60bedac.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA60-P1
age: 79605
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 287819
last-modified: Wed, 29 Mar 2023 03:32:39 GMT
server: AmazonS3
etag: "ea34c06e0a9e22bc064bfce50c64da58"
content-type: text/css
accept-ranges: bytes
x-amz-cf-id: -6bbsEj4AWok969DbOQ_q5IRTpIQ0cBdTND8-E4LNFjO4LR28RCJZQ==

GET
H2 200 ewf_components.0630161e47cb64c83b67a48f1c3892171e39f60aa62a2edeceda8375e546bcdc.css
cloud.phishinsight.trendmicro.com/content/lps/assets/system/css/ 254 KB
255 KB 114ms
22ms Stylesheet
text/css 13.32.121.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cloud.phishinsight.trendmicro.com/content/lps/assets/system/css/ewf_components.0630161e47cb64c83b67a48f1c3892171e39f60aa62a2edeceda8375e546bcdc.css

Requested by

Host: client
URL: about:client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.99 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-99.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

118751357eaa919071d159c4d1e2f2986d41202f78c8778f22ca65766817c939

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://eservicebits.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 08:09:46 GMT
x-amz-version-id: k8eov9xjM7Q37IjrGl7h260_ObttVBOJ
via: 1.1 36cd2d0f34e25c2dc5099656a60bedac.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA60-P1
age: 79605
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 260226
last-modified: Wed, 29 Mar 2023 03:32:40 GMT
server: AmazonS3
etag: "295e6f39d1095e97c49abc868870f29f"
content-type: text/css
accept-ranges: bytes
x-amz-cf-id: vo5tCgulObmKvXjzXWbqnEhN-kU3s1kQZ_-IVwSgcIiAxdKzKvmoGA==

GET
H2 200 ewf_cosmetic.b58565c38476d68a546119d65a2c1c3f8b4950ec1516e0bb57f3421eca576d65.css
cloud.phishinsight.trendmicro.com/content/lps/assets/system/css/ 6 KB
7 KB 174ms
82ms Stylesheet
text/css 13.32.121.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cloud.phishinsight.trendmicro.com/content/lps/assets/system/css/ewf_cosmetic.b58565c38476d68a546119d65a2c1c3f8b4950ec1516e0bb57f3421eca576d65.css

Requested by

Host: client
URL: about:client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.99 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-99.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

b58565c38476d68a546119d65a2c1c3f8b4950ec1516e0bb57f3421eca576d65

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://eservicebits.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 08:09:46 GMT
x-amz-version-id: xptfb8TPFeJ7NaF0Ip_XHnHNwedJiywK
via: 1.1 36cd2d0f34e25c2dc5099656a60bedac.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA60-P1
age: 79605
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 6644
last-modified: Wed, 29 Mar 2023 03:32:40 GMT
server: AmazonS3
etag: "5ae3470b1e0b63adb68e47640fa6e010"
content-type: text/css
accept-ranges: bytes
x-amz-cf-id: t4pdJhdtU_hc0x8YR1PPB81kqixMBpBiS5IrJU6SO70QQjiC3Ozu9g==

GET
H2 200 dhl_express_logo_transparent.png
cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/ 2 KB
2 KB 107ms
0ms Image
image/png 13.32.121.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/dhl_express_logo_transparent.png

Requested by

Host: eservicebits.com
URL: https://eservicebits.com/landingpages/939c66c5-a2e6-4d48-93bb-6fda5e52ed17/ipwxrbvz0azc3yagopftr-8tv6ehjo9upahezmbvkha

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.99 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-99.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

35b8eca53271516f3d66a3dd8f89e1366edb87adad26015424148de71dfcce46

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://eservicebits.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 08:09:46 GMT
x-amz-version-id: soNKRu7GYmLy9pAF8lKsGkStthuK10pY
via: 1.1 36cd2d0f34e25c2dc5099656a60bedac.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA60-P1
age: 79605
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 1940
last-modified: Wed, 29 Mar 2023 03:33:00 GMT
server: AmazonS3
etag: "9c26f4919a06da407b599a871e63d6ff"
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: mPEi_zl93cM7buObk12kXhxRfJaryhA7Jrn8Yokh2OBfZLLhPHxZwA==

GET
H2 200 flags.32c.png
cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/ 103 KB
104 KB 142ms
21ms Image
image/png 13.32.121.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/flags.32c.png

Requested by

Host: eservicebits.com
URL: https://eservicebits.com/landingpages/939c66c5-a2e6-4d48-93bb-6fda5e52ed17/ipwxrbvz0azc3yagopftr-8tv6ehjo9upahezmbvkha

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.99 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-99.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

71cd76e19df0aad70f2e9b57c162a03070836e1056ca8b3353511ee87b2ae08a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://eservicebits.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 08:09:48 GMT
x-amz-version-id: qNXlYaTQqwSDxs0QipcYN4ptXq50b6l_
via: 1.1 36cd2d0f34e25c2dc5099656a60bedac.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA60-P1
age: 79603
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 105697
last-modified: Wed, 29 Mar 2023 03:33:09 GMT
server: AmazonS3
etag: "d0c0bf939d36fb4658cc0da00980738e"
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: GoT0Y7OJ8UGQtN9TbQh2LuLQ9JfL8CUnPleIrxCzUnBsg0xa1VoPeg==

GET
H2 200 dhl.woff
cloud.phishinsight.trendmicro.com/content/lps/assets/system/fonts/ 38 KB
38 KB 89ms
8ms Font
font/woff 13.32.121.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cloud.phishinsight.trendmicro.com/content/lps/assets/system/fonts/dhl.woff

Requested by

Host: eservicebits.com
URL: https://eservicebits.com/landingpages/939c66c5-a2e6-4d48-93bb-6fda5e52ed17/ipwxrbvz0azc3yagopftr-8tv6ehjo9upahezmbvkha

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.99 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-99.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

55fda89a2ee8d9ba03ece045024aaf69e507a481748b6f5368d0823fafbe4b56

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://eservicebits.com/
Origin: https://eservicebits.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 08:09:47 GMT
x-amz-version-id: lgjcRiuAjekN4jpuOgnMSuJV9HlhtOi6
via: 1.1 8c08c39035033b8c904aa0e3f734d6c6.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA60-P1
age: 79604
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 38600
last-modified: Wed, 29 Mar 2023 03:32:50 GMT
server: AmazonS3
etag: "d1e9de02fe2aaa71f947557cd78096bb"
access-control-allow-methods: GET, HEAD
content-type: font/woff
access-control-allow-origin: https://eservicebits.com
access-control-allow-credentials: true
accept-ranges: bytes
x-amz-cf-id: kKAeATXtWxzCL3CQMMQLom1Us-x1vDKV7f6YnZk1eMOLk07aySaZmQ==

GET
H2 200 logout_image.png
cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/ 125 KB
126 KB 86ms
0ms Image
image/png 13.32.121.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/logout_image.png

Requested by

Host: eservicebits.com
URL: https://eservicebits.com/landingpages/939c66c5-a2e6-4d48-93bb-6fda5e52ed17/ipwxrbvz0azc3yagopftr-8tv6ehjo9upahezmbvkha

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.99 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-99.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

bec410bdccc6b1342258f0aa17fb3ddf86a362141a485a44a85b4da078804201

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://eservicebits.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 08:09:46 GMT
x-amz-version-id: jRyLLbTmzP28ailsn108xx_sjIv3aSaP
via: 1.1 36cd2d0f34e25c2dc5099656a60bedac.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA60-P1
age: 79605
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 128091
last-modified: Wed, 29 Mar 2023 03:33:23 GMT
server: AmazonS3
etag: "24e4fdd37d5a997b6448be887968fdf4"
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: KGHt4XBiXajElPPc3iKe3vmzckFyXFaM0DmLYEAqg5GKmbJNaboEZg==

GET
H2 200 MyDHL_Logo_73x38.png
cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/ 2 KB
2 KB 105ms
19ms Image
image/png 13.32.121.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/MyDHL_Logo_73x38.png

Requested by

Host: eservicebits.com
URL: https://eservicebits.com/landingpages/939c66c5-a2e6-4d48-93bb-6fda5e52ed17/ipwxrbvz0azc3yagopftr-8tv6ehjo9upahezmbvkha

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.99 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-99.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

52aef0018a3fd9fc92f48bd3dd5cb9a69390ad34764ac653a249306d5dc9f694

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://eservicebits.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 08:09:46 GMT
x-amz-version-id: CAP5EDjmEu1LK.9mikSXa75IqdjucNUn
via: 1.1 36cd2d0f34e25c2dc5099656a60bedac.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA60-P1
age: 79605
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 1965
last-modified: Wed, 29 Mar 2023 03:32:55 GMT
server: AmazonS3
etag: "16ead6ec6ff36f3d4934f97f4bf5550b"
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: 0JzPRTCFZAbDym7aLI6CqVobe1REtbOeHU8WnQPCGJi_MlPOd2o_Xw==

GET
H2 200 footer_logo.png
cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/ 6 KB
7 KB 65ms
0ms Image
image/png 13.32.121.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/footer_logo.png

Requested by

Host: eservicebits.com
URL: https://eservicebits.com/landingpages/939c66c5-a2e6-4d48-93bb-6fda5e52ed17/ipwxrbvz0azc3yagopftr-8tv6ehjo9upahezmbvkha

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.99 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-99.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

baed8711f954b7a12fd77083f6bedaa1277f31e99b378ea6cda883474077355e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://eservicebits.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 08:09:48 GMT
x-amz-version-id: zz8DZFkwIGeMWIAkhoL5wk2UCzPNDNbp
via: 1.1 36cd2d0f34e25c2dc5099656a60bedac.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA60-P1
age: 79603
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 6506
last-modified: Wed, 29 Mar 2023 03:33:13 GMT
server: AmazonS3
etag: "fcb8d373abb6591008d8ae79fc4a2670"
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: 3iRUabyJO1AQjYwDjQ7m5gq4AZ0jgkUtGUUITeTSOwJKrWMaYpRimw==

GET
H2 200 dhl_as_background.jpg
cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/ 282 KB
283 KB 140ms
62ms Image
image/jpeg 13.32.121.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/dhl_as_background.jpg

Requested by

Host: eservicebits.com
URL: https://eservicebits.com/landingpages/939c66c5-a2e6-4d48-93bb-6fda5e52ed17/ipwxrbvz0azc3yagopftr-8tv6ehjo9upahezmbvkha

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.99 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-99.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

32d32a167360f14effcc8e58028d9fda2e8ac0e1624078d6cc4c5a36a41f6386

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://eservicebits.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 08:09:47 GMT
x-amz-version-id: dHKLAEjQ4e7MCmAmXqe0iHtGpJw7wYhM
via: 1.1 36cd2d0f34e25c2dc5099656a60bedac.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA60-P1
age: 79604
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 288866
last-modified: Wed, 29 Mar 2023 03:33:00 GMT
server: AmazonS3
etag: "396a2d516b804a157965e712756007a1"
content-type: image/jpeg
accept-ranges: bytes
x-amz-cf-id: wqnvkNejOr9ekDdhCG0fkvALeAAGNeMuH13qtVrvY9fqTpjNQO9uWg==

GET
H2 200 dhl_icon.woff
cloud.phishinsight.trendmicro.com/content/lps/assets/system/fonts/ 15 KB
16 KB 90ms
20ms Font
font/woff 13.32.121.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cloud.phishinsight.trendmicro.com/content/lps/assets/system/fonts/dhl_icon.woff

Requested by

Host: eservicebits.com
URL: https://eservicebits.com/landingpages/939c66c5-a2e6-4d48-93bb-6fda5e52ed17/ipwxrbvz0azc3yagopftr-8tv6ehjo9upahezmbvkha

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.99 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-99.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

a44c9da91a133e69002088683bbfebd3cb50a6e56da365e8b409844d487e8586

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://eservicebits.com/
Origin: https://eservicebits.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 14 Jun 2024 08:09:47 GMT
x-amz-version-id: nWHAU9yBn5zgGqMqQxKXKsgF7AijQ.4c
via: 1.1 8c08c39035033b8c904aa0e3f734d6c6.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA60-P1
age: 79604
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 15444
last-modified: Wed, 29 Mar 2023 03:32:50 GMT
server: AmazonS3
etag: "7daf226e2f987c7ebae3b3ff6013b887"
access-control-allow-methods: GET, HEAD
content-type: font/woff
access-control-allow-origin: https://eservicebits.com
access-control-allow-credentials: true
accept-ranges: bytes
x-amz-cf-id: qmVohfwgSEH_ZH-lmxFTssoKXd_34-s4wVyX2wyywnN2ZJiy0thTBA==

GET
H2 403 favicon.ico
eservicebits.com/ 42 B
421 B 151ms
150ms Other
application/json 18.239.83.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eservicebits.com/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.239.83.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-83-70.ams58.r.cloudfront.net
Software: /
Resource Hash: f249b63cb2fcb66b47e86f906c98f8fd912e82dd035b4e53d7e72fc1960cfd16

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://eservicebits.com/landingpages/939c66c5-a2e6-4d48-93bb-6fda5e52ed17/ipwxrbvz0azc3yagopftr-8tv6ehjo9upahezmbvkha
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 06:16:30 GMT
x-amzn-errortype: MissingAuthenticationTokenException
via: 1.1 fa63af50c0e4f34ddecf2b2d0dca224e.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P5
x-amzn-trace-id: Root=1-666d31be-299dfb6e2c9804b076b5225e
x-amzn-requestid: a60b8b38-9564-49b4-82f6-c2494202082f
x-cache: Error from cloudfront
content-type: application/json
x-amz-apigw-id: ZZS10He4joEEW0Q=
content-length: 42
x-amz-cf-id: HlVliLSAYaTsFF33ta2pQ-ocJs_sLmwFDWR_S0hOC82Sye9KVQgF_w==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DHL (Transportation)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://eservicebits.com/landingpages/939c66c5-a2e6-4d48-93bb-6fda5e52ed17/ipwxrbvz0azc3yagopftr-8tv6ehjo9upahezmbvkha(Line 5) Message: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-BgPeq7vel58bLtyzXCck+TfouV1cx+BTgY8vFx3f+SQ='), or a nonce ('nonce-...') is required to enable inline execution.
recommendation	verbose	URL: https://eservicebits.com/landingpages/939c66c5-a2e6-4d48-93bb-6fda5e52ed17/ipwxrbvz0azc3yagopftr-8tv6ehjo9upahezmbvkha Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network	error	URL: https://eservicebits.com/favicon.ico Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cloud.phishinsight.trendmicro.com
eservicebits.com
13.32.121.99
18.239.83.70
118751357eaa919071d159c4d1e2f2986d41202f78c8778f22ca65766817c939
32d32a167360f14effcc8e58028d9fda2e8ac0e1624078d6cc4c5a36a41f6386
35b8eca53271516f3d66a3dd8f89e1366edb87adad26015424148de71dfcce46
52aef0018a3fd9fc92f48bd3dd5cb9a69390ad34764ac653a249306d5dc9f694
55fda89a2ee8d9ba03ece045024aaf69e507a481748b6f5368d0823fafbe4b56
5e9217d05e9e23de65b372b847d559a48a8ba6d46ed8e6b9ce0b3e1a83e31720
71cd76e19df0aad70f2e9b57c162a03070836e1056ca8b3353511ee87b2ae08a
98f0d6326d2bbc3910ca8a33a97320be5830b5953d98a11d0aa302e4955c77ee
a44c9da91a133e69002088683bbfebd3cb50a6e56da365e8b409844d487e8586
b58565c38476d68a546119d65a2c1c3f8b4950ec1516e0bb57f3421eca576d65
baed8711f954b7a12fd77083f6bedaa1277f31e99b378ea6cda883474077355e
bec410bdccc6b1342258f0aa17fb3ddf86a362141a485a44a85b4da078804201
f249b63cb2fcb66b47e86f906c98f8fd912e82dd035b4e53d7e72fc1960cfd16

eservicebits.com Open in urlscan Pro 18.239.83.70 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

13 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

1135 kBTransfer

1287 kBSize

0 Cookies

0 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

3 Console Messages

Indicators

eservicebits.com Open in urlscan Pro
18.239.83.70 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

1135 kB
Transfer

1287 kB
Size

0
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!