de.okxcd.lflinkup.com
Open in
urlscan Pro
43.153.106.5
Malicious Activity!
Public Scan
Submission: On February 26 via manual from IN — Scanned from DE
Summary
TLS certificate: Issued by R3 on February 23rd 2024. Valid for: 3 months.
This is the only time de.okxcd.lflinkup.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DHL (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
21 | 43.153.106.5 43.153.106.5 | 132203 (TENCENT-N...) (TENCENT-NET-AP-CN Tencent Building) | |
21 | 1 |
ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)
de.okxcd.lflinkup.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
21 |
lflinkup.com
de.okxcd.lflinkup.com |
404 KB |
21 | 1 |
Domain | Requested by | |
---|---|---|
21 | de.okxcd.lflinkup.com |
de.okxcd.lflinkup.com
|
21 | 1 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.dhl.de |
www.dhl.com |
www.dpdhl.de |
www.deutschepost.de |
www.facebook.com |
www.instagram.com |
onetrust.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
de.okxcd.lflink.com R3 |
2024-02-23 - 2024-05-23 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://de.okxcd.lflinkup.com/bill
Frame ID: 1041C1AEEE4151FB5795CFC3259B34F3
Requests: 21 HTTP requests in this frame
Screenshot
Page Title
DHL Privatkunden - Paketversand und Paketempfang mit DHLiconmonstr-menu-1loginlogged-inarrow-link-rightsearchplusminusplusminusplusminusplusminusarrow-down-02arrow-up-02plusminusplusminusplusminusplusminusarrow-down-02arrow-up-02plusminusplusminusplusminusarrow-down-02arrow-up-02searchloginlogged-inarrow-link-rightlinkarrowlinkarrowlinkarrowlinkarrowlinkarrowlinkarrowlinkarrowarrow-down-02arrow-up-02searchnewsletterfacebookinstagramBack ButtonSearch IconFilter IconDetected technologies
Vue.js (JavaScript Frameworks) ExpandDetected patterns
- <[^>]+\sdata-v(?:ue)?-
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
97 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Meine Sendungen
Search URL Search Domain Scan URL
Title: Online Frankierung
Search URL Search Domain Scan URL
Title: Adressbuch
Search URL Search Domain Scan URL
Title: Letzte Käufe
Search URL Search Domain Scan URL
Title: Meine Coupon-Codes
Search URL Search Domain Scan URL
Title: Meine Daten & Services
Search URL Search Domain Scan URL
Title: Pakete versenden
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: plus minus
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: plus minus
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: plus minus
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Pakete empfangen
Search URL Search Domain Scan URL
Title: plus minus
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: plus minus
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: plus minus
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: plus minus
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Hilfe und Kontakt
Search URL Search Domain Scan URL
Title: plus minus
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: plus minus
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: plus minus
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: newsletter
Search URL Search Domain Scan URL
Title: facebook
Search URL Search Domain Scan URL
Title: instagram
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
bill
de.okxcd.lflinkup.com/ |
4 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
f6170fbb84dhX.css
de.okxcd.lflinkup.com/assets/ |
898 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
base64.min.js
de.okxcd.lflinkup.com/admin/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
de.okxcd.lflinkup.com/admin/ |
88 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
zero.min.js
de.okxcd.lflinkup.com/admin/ |
25 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
de.index
de.okxcd.lflinkup.com/bill/ |
230 KB 66 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
f6170fbb84dhX.css
de.okxcd.lflinkup.com/assets/ |
898 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2e5d3ef184dhX.css
de.okxcd.lflinkup.com/assets/ |
136 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4cd1ec6884dhX.css
de.okxcd.lflinkup.com/assets/ |
323 B 497 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
e9841a7784dhX.css
de.okxcd.lflinkup.com/assets/ |
389 B 563 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
39.svg
de.okxcd.lflinkup.com/layout/images/ |
904 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
40.svg
de.okxcd.lflinkup.com/layout/images/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
10.jpg
de.okxcd.lflinkup.com/layout/images/ |
141 KB 142 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
57.png
de.okxcd.lflinkup.com/layout/images/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
58.svg
de.okxcd.lflinkup.com/layout/images/ |
9 KB 9 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
11.png
de.okxcd.lflinkup.com/layout/images/ |
13 B 85 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
12.svg
de.okxcd.lflinkup.com/layout/images/ |
13 B 85 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2a2dc31584dhX.woff2
de.okxcd.lflinkup.com/assets/ |
33 KB 33 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4d58794684dhX.woff2
de.okxcd.lflinkup.com/assets/ |
33 KB 33 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
41b4a75c84dhX.woff2
de.okxcd.lflinkup.com/assets/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ccdf776184dhX.woff2
de.okxcd.lflinkup.com/assets/ |
36 KB 36 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DHL (Transportation)19 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| Base64 function| $ function| jQuery object| _0x3281 function| _0x43c6 object| ws undefined| zeroSendMsg undefined| call object| params boolean| lockReconnect number| active string| uuid string| page object| _0x68cec8 object| heartCheck function| createWebSocket function| initEventHandle function| sendWithMsg function| reconnect6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
de.okxcd.lflinkup.com/ | Name: uv Value: e4e5c45e5503a6e6f5578395832b2dd9 |
|
de.okxcd.lflinkup.com/ | Name: wss Value: wss%3A%2F%2Fde.okxcd.lflinkup.com%2Fwss |
|
de.okxcd.lflinkup.com/ | Name: maxClick Value: 1000 |
|
de.okxcd.lflinkup.com/ | Name: change Value: 1 |
|
de.okxcd.lflinkup.com/ | Name: heatBeat Value: 25 |
|
de.okxcd.lflinkup.com/ | Name: errorLink Value: https%3A%2F%2Fgoogle.com |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
de.okxcd.lflinkup.com
43.153.106.5
0b9f33cf2a1ce67f135970ef86b7960ad1a4b8522bef70efec03cddcc805edd5
0bb12b5e8c3acdbb662f4d54213875c4e3f8ea6243135b140d1704477577c594
154a23dbce423c9279d9cb22e19181aa0f4f10b252aaf67aa82026ea46cffe19
2a2dc315ce559a3636bcbfaf666ee1ac382222798eceeef8d464c8d1e4e18de7
2e5d3ef1c2cc44d8f0304b2e794550ca4cd2edf21de23bac7a8e0b86ee69d553
315ad6db5e50d985a16113d7cf9ad0af796ce379fb67b32f40ae1b73d433269c
4cd1ec684ce1c4f864a8e95f9f7695c7f708160192531ff8e55fc5023abf5b64
4d5879466a996b0bc74a71e513a743e240b69199449fa59e51d32d133b99576f
55de7fa1d7d120cab791bbbeadf10fe0f15783b296aceee56dc72c80896e4114
72d03430daa72d33ab2162785decdb48d0c37dd10c4231c421d45ca0ef007a8b
7d04f7431bbfa41a04bcc7e6b98b9de0d919756c4c671c5785c99fff45f16402
a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af
a6b35b6b7cabb9d33c2e1d6afef2d5f546a2fd3912f5f3e96495cd64218b9251
aeed178a287002e32c4a7767dc24b3c732a812cdd42017835055e42db4d2eae1
ccdf7761ca4d7eaa78f7135627c83d85ed7324d9e12a36258f1f21a5842c27b1
e7e004461a5ac7a39884f92d3f0b3e12e6e3cb7910ed0e46c557c2eb3ba4e24b
e9466901add9392194a2599349bcb60422756d829f515919dbebdeea0ea283fb
e9841a77f4566e799dbcc67059041cd351a5cdb626be21b2db57b8c0ad660021