anthoc.org
Open in
urlscan Pro
162.240.43.203
Malicious Activity!
Public Scan
Effective URL: https://anthoc.org/colis-JD00352039780/dv/indx.aspx.php?0ff822128545235e01cab16f1bf2d654
Submission: On May 30 via automatic, source openphish — Scanned from SE
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on May 19th 2023. Valid for: 3 months.
This is the only time anthoc.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DHL (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 77.111.240.111 77.111.240.111 | 51468 (ONECOM) (ONECOM) | |
3 16 | 162.240.43.203 162.240.43.203 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
13 | 2 |
ASN51468 (ONECOM, DK)
PTR: webcluster2.webpod10-cph3.one.com
www.ansprak.se |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: vps-954032.radioeldia.com
anthoc.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
anthoc.org
3 redirects
anthoc.org |
2 MB |
1 |
ansprak.se
1 redirects
www.ansprak.se |
300 B |
13 | 2 |
Domain | Requested by | |
---|---|---|
16 | anthoc.org |
3 redirects
anthoc.org
|
1 | www.ansprak.se | 1 redirects |
13 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
anthoc.org cPanel, Inc. Certification Authority |
2023-05-19 - 2023-08-17 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://anthoc.org/colis-JD00352039780/dv/indx.aspx.php?0ff822128545235e01cab16f1bf2d654
Frame ID: 6393A95D19CFA126F320A45454334A10
Requests: 14 HTTP requests in this frame
Screenshot
Page Title
DHL ExpressPage URL History Show full URLs
-
http://www.ansprak.se/8804684/
HTTP 302
https://anthoc.org/colis-JD00352039780/ HTTP 302
https://anthoc.org/colis-JD00352039780/dv?65d31ed478e70ed7b61b02c66bf0a780 HTTP 301
https://anthoc.org/colis-JD00352039780/dv/?65d31ed478e70ed7b61b02c66bf0a780 HTTP 302
https://anthoc.org/colis-JD00352039780/dv/indx.aspx.php?0ff822128545235e01cab16f1bf2d654 Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Bootstrap (Web Frameworks) Expand
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://www.ansprak.se/8804684/
HTTP 302
https://anthoc.org/colis-JD00352039780/ HTTP 302
https://anthoc.org/colis-JD00352039780/dv?65d31ed478e70ed7b61b02c66bf0a780 HTTP 301
https://anthoc.org/colis-JD00352039780/dv/?65d31ed478e70ed7b61b02c66bf0a780 HTTP 302
https://anthoc.org/colis-JD00352039780/dv/indx.aspx.php?0ff822128545235e01cab16f1bf2d654 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
indx.aspx.php
anthoc.org/colis-JD00352039780/dv/ Redirect Chain
|
16 KB 17 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
anthoc.org/colis-JD00352039780/dv/css/ |
216 KB 216 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.bundle.min.js
anthoc.org/colis-JD00352039780/dv/js/ |
79 KB 79 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
config.js
anthoc.org/colis-JD00352039780/dv/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.26ebbd26.js
anthoc.org/colis-JD00352039780/dv/js/ |
1 MB 1 MB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.990eced2.css
anthoc.org/colis-JD00352039780/dv/css/ |
11 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.df3eb5d0978a7a83f632.png
anthoc.org/colis-JD00352039780/dv/media/ |
26 KB 27 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
card1.7f3aad9b90177796d3ab.jpg
anthoc.org/colis-JD00352039780/dv/media/ |
17 KB 17 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
card2.23e0940ac34476c5cecd.jpg
anthoc.org/colis-JD00352039780/dv/media/ |
23 KB 24 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
card3.d6f68627a371b84a4480.png
anthoc.org/colis-JD00352039780/dv/media/ |
48 KB 48 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
glo-footer-logo.svg
anthoc.org/colis-JD00352039780/dv/media/ |
12 KB 12 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
background.cd051765990837aea485.jpg
anthoc.org/colis-JD00352039780/dv/media/ |
644 KB 644 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
iconfont-da52a17c1b8deb953bfe.da52a17c1b8deb953bfe.woff
anthoc.org/colis-JD00352039780/dv/media/ |
34 KB 34 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DHL (Transportation)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless number| uidEvent object| bootstrap function| Buffer1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
anthoc.org/ | Name: PHPSESSID Value: e0f2c0c1e44ce1b44ac6eba10e449eaa |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
anthoc.org
www.ansprak.se
162.240.43.203
77.111.240.111
3a6c9c9011e90dcb3750c15002d35d044d695d947592ad5a7a675f1e1a548385
4abae720580596a7b88e30e4c9a94f437a481bfde09389ec918868b55abd86d0
4c706c16b7f18e67f7a2b9fd15d8613c8005cd4b74a1f63cc847e07db4e3354c
5162de2ee844a80d76b7d7514c02ab7d5de72a5966113323d80eb56bf6ded038
5a6e6281da8376cc604f1fad177b3b3e9ee57626e8e3a249966328f1fff6288f
7029f306a6ee534682e5f50f289e61ab5b8514e3f1536db903bf23596b99c735
8b8888bc016e1313438b7a9a1ca18aa288f6098122265fc03e985ca40e82a27c
8ebd15900197bea282b13825f7b74fc3c3265fac7999b010479e2a0798c579aa
904b70e4997d2154d462c8514522e03846ba539466c01c3b310a824ea4418caa
d744893fb20082e5da5f9b65833bd0f130e7fca1ac04979fa0c3f904d237ea8c
e74050e6368f236a391c0a953ab4252bd0a06086955bcb5558b325907d293dfb
f0100c8506a5140fb7ba6566e2722207e47a7540d562b97c776fe2580529e8f3
fa59c8c6e9b0eb5a0f5fccdfde1a456d079718765bdda2b545c7167a21d00000