![](/screenshots/4eba0e2c-2e4e-48ac-82fd-288bb0bb4534.png)
eservicebits.com
Open in
urlscan Pro
18.239.83.70
Malicious Activity!
Public Scan
Submission: On June 15 via api from US — Scanned from DE
Summary
TLS certificate: Issued by Amazon RSA 2048 M02 on November 7th 2023. Valid for: a year.
This is the only time eservicebits.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DHL (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 18.239.83.70 18.239.83.70 | 16509 (AMAZON-02) (AMAZON-02) | |
11 | 13.32.121.99 13.32.121.99 | 16509 (AMAZON-02) (AMAZON-02) | |
13 | 2 |
ASN16509 (AMAZON-02, US)
PTR: server-18-239-83-70.ams58.r.cloudfront.net
eservicebits.com |
ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-99.fra60.r.cloudfront.net
cloud.phishinsight.trendmicro.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
trendmicro.com
cloud.phishinsight.trendmicro.com |
1 MB |
2 |
eservicebits.com
eservicebits.com |
14 KB |
13 | 2 |
Domain | Requested by | |
---|---|---|
11 | cloud.phishinsight.trendmicro.com |
client
eservicebits.com |
2 | eservicebits.com | |
13 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
eservicebits.com Amazon RSA 2048 M02 |
2023-11-07 - 2024-12-05 |
a year | crt.sh |
*.phishinsight.trendmicro.com Entrust Certification Authority - L1K |
2023-07-18 - 2024-08-17 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://eservicebits.com/landingpages/939c66c5-a2e6-4d48-93bb-6fda5e52ed17/ipwxrbvz0azc3yagopftr-8tv6ehjo9upahezmbvkha
Frame ID: F48D18C1A9E1C14D6C0BA7D95A443C9A
Requests: 13 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
ipwxrbvz0azc3yagopftr-8tv6ehjo9upahezmbvkha
eservicebits.com/landingpages/939c66c5-a2e6-4d48-93bb-6fda5e52ed17/ |
172 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ewf_base.dae7e8ebce001d436791f9f4d23155d71a0df53c12165ed847468180dd045cb3.css
cloud.phishinsight.trendmicro.com/content/lps/assets/system/css/ |
281 KB 282 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ewf_components.0630161e47cb64c83b67a48f1c3892171e39f60aa62a2edeceda8375e546bcdc.css
cloud.phishinsight.trendmicro.com/content/lps/assets/system/css/ |
254 KB 255 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ewf_cosmetic.b58565c38476d68a546119d65a2c1c3f8b4950ec1516e0bb57f3421eca576d65.css
cloud.phishinsight.trendmicro.com/content/lps/assets/system/css/ |
6 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dhl_express_logo_transparent.png
cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
flags.32c.png
cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/ |
103 KB 104 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dhl.woff
cloud.phishinsight.trendmicro.com/content/lps/assets/system/fonts/ |
38 KB 38 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logout_image.png
cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/ |
125 KB 126 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MyDHL_Logo_73x38.png
cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
footer_logo.png
cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dhl_as_background.jpg
cloud.phishinsight.trendmicro.com/content/lps/assets/system/img/ |
282 KB 283 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dhl_icon.woff
cloud.phishinsight.trendmicro.com/content/lps/assets/system/fonts/ |
15 KB 16 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
eservicebits.com/ |
42 B 421 B |
Other
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DHL (Transportation)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
undefined| event object| fence object| sharedStorage0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cloud.phishinsight.trendmicro.com
eservicebits.com
13.32.121.99
18.239.83.70
118751357eaa919071d159c4d1e2f2986d41202f78c8778f22ca65766817c939
32d32a167360f14effcc8e58028d9fda2e8ac0e1624078d6cc4c5a36a41f6386
35b8eca53271516f3d66a3dd8f89e1366edb87adad26015424148de71dfcce46
52aef0018a3fd9fc92f48bd3dd5cb9a69390ad34764ac653a249306d5dc9f694
55fda89a2ee8d9ba03ece045024aaf69e507a481748b6f5368d0823fafbe4b56
5e9217d05e9e23de65b372b847d559a48a8ba6d46ed8e6b9ce0b3e1a83e31720
71cd76e19df0aad70f2e9b57c162a03070836e1056ca8b3353511ee87b2ae08a
98f0d6326d2bbc3910ca8a33a97320be5830b5953d98a11d0aa302e4955c77ee
a44c9da91a133e69002088683bbfebd3cb50a6e56da365e8b409844d487e8586
b58565c38476d68a546119d65a2c1c3f8b4950ec1516e0bb57f3421eca576d65
baed8711f954b7a12fd77083f6bedaa1277f31e99b378ea6cda883474077355e
bec410bdccc6b1342258f0aa17fb3ddf86a362141a485a44a85b4da078804201
f249b63cb2fcb66b47e86f906c98f8fd912e82dd035b4e53d7e72fc1960cfd16