sof.chh.mybluehost.me
Open in
urlscan Pro
162.241.244.109
Malicious Activity!
Public Scan
Effective URL: https://sof.chh.mybluehost.me/dhl/locatar/home.php?enc=ba84ec08513f5772beda2a211d0e1037&p=0&dispatch=dbf928d55d35356c81d108d73...
Submission: On February 23 via manual from AU — Scanned from AU
Summary
TLS certificate: Issued by R3 on February 1st 2024. Valid for: 3 months.
This is the only time sof.chh.mybluehost.me was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DHL (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 151.101.2.132 151.101.2.132 | 54113 (FASTLY) (FASTLY) | |
2 2 | 67.227.213.152 67.227.213.152 | 32244 (LIQUIDWEB) (LIQUIDWEB) | |
2 20 | 162.241.244.109 162.241.244.109 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
1 | 104.21.234.144 104.21.234.144 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 135.181.58.223 135.181.58.223 | 24940 (HETZNER-AS) (HETZNER-AS) | |
1 | 149.154.167.220 149.154.167.220 | 62041 (TELEGRAM) (TELEGRAM) | |
22 | 4 |
ASN32244 (LIQUIDWEB, US)
PTR: omega.kilihost.com
mtallotoursandsafaris.com |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: box5133.bluehost.com
sof.chh.mybluehost.me |
ASN24940 (HETZNER-AS, DE)
PTR: white.hostingcolor.com
dispatching-centre.lasamericascargo.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
20 |
mybluehost.me
2 redirects
sof.chh.mybluehost.me |
394 KB |
2 |
lasamericascargo.com
dispatching-centre.lasamericascargo.com |
35 KB |
2 |
mtallotoursandsafaris.com
2 redirects
mtallotoursandsafaris.com |
213 B |
1 |
telegram.org
api.telegram.org — Cisco Umbrella Rank: 42028 |
|
1 |
lr-in.com
cdn.lr-in.com — Cisco Umbrella Rank: 22150 |
164 KB |
1 |
uscreencdn.com
1 redirects
url4810.uscreencdn.com |
236 B |
22 | 6 |
Domain | Requested by | |
---|---|---|
20 | sof.chh.mybluehost.me |
2 redirects
sof.chh.mybluehost.me
|
2 | dispatching-centre.lasamericascargo.com |
sof.chh.mybluehost.me
|
2 | mtallotoursandsafaris.com | 2 redirects |
1 | api.telegram.org |
sof.chh.mybluehost.me
|
1 | cdn.lr-in.com |
sof.chh.mybluehost.me
|
1 | url4810.uscreencdn.com | 1 redirects |
22 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
autodiscover.sof.chh.mybluehost.me R3 |
2024-02-01 - 2024-05-01 |
3 months | crt.sh |
lr-in.com E1 |
2024-01-10 - 2024-04-09 |
3 months | crt.sh |
dispatching-centre.lasamericascargo.com cPanel, Inc. Certification Authority |
2024-02-22 - 2024-05-22 |
3 months | crt.sh |
api.telegram.org Go Daddy Secure Certificate Authority - G2 |
2023-03-26 - 2024-04-26 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://sof.chh.mybluehost.me/dhl/locatar/home.php?enc=ba84ec08513f5772beda2a211d0e1037&p=0&dispatch=dbf928d55d35356c81d108d73010581fe40478c5
Frame ID: B12822DD7A5816123444A2F53C4263B6
Requests: 22 HTTP requests in this frame
Screenshot
Page Title
Verification | DHLPage URL History Show full URLs
-
https://url4810.uscreencdn.com/ls/click?upn=u001.gfb2HT427Bj6Yi7IJEJsCxtsD0BKJnl8TwjpEbExYPo82tvoaX3RLTQ9mz...
HTTP 302
https://mtallotoursandsafaris.com/js HTTP 301
https://mtallotoursandsafaris.com/js/ HTTP 302
https://sof.chh.mybluehost.me/dhl/locatar HTTP 301
https://sof.chh.mybluehost.me/dhl/locatar/ HTTP 302
https://sof.chh.mybluehost.me/dhl/locatar/home.php?enc=ba84ec08513f5772beda2a211d0e1037&p=0&dispatch=dbf92... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Font Awesome (Font Scripts) Expand
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://url4810.uscreencdn.com/ls/click?upn=u001.gfb2HT427Bj6Yi7IJEJsCxtsD0BKJnl8TwjpEbExYPo82tvoaX3RLTQ9mzxHXJENHM7x_0Hc4Gc9mccv9oCY4wh2gy9DpscV6Zon7pkNStHREq9IuqgU-2BSupRs7m7SHDYI0-2Bj5yMQgl79kefSE1KWOjluqHFmYtDN8ac6CrmlxYYMmAnMq-2FiioidehO8MUfBSt4s5AW-2FmI8wNh9DY9I9O-2BftAr7E92yEIXEFYxYboOMbybEFUF8y-2FhCd-2B8zI6GPzAP2nyLzLCS1z3LG9O6wb24lG8HkzrKKykIT8icjbA2sdNlOqOoVaerPcEy-2F2Uot8S8DSm4w79YyqvaN6QaMXwIWQgxYU5EAa4R6lYVZ0-2FNL9NU-2FzyDcimG2Uz7UuhZ3IJQZxIrMReefwoHO3S3I8fwBG3nXP8cQADvyQso5SG6GTD9mo-3D
HTTP 302
https://mtallotoursandsafaris.com/js HTTP 301
https://mtallotoursandsafaris.com/js/ HTTP 302
https://sof.chh.mybluehost.me/dhl/locatar HTTP 301
https://sof.chh.mybluehost.me/dhl/locatar/ HTTP 302
https://sof.chh.mybluehost.me/dhl/locatar/home.php?enc=ba84ec08513f5772beda2a211d0e1037&p=0&dispatch=dbf928d55d35356c81d108d73010581fe40478c5 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
home.php
sof.chh.mybluehost.me/dhl/locatar/ Redirect Chain
|
75 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.css
sof.chh.mybluehost.me/dhl/locatar/assets/ |
405 KB 75 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logger-1.min.js
cdn.lr-in.com/ |
830 KB 164 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
sof.chh.mybluehost.me/dhl/locatar/assets/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
col.png
sof.chh.mybluehost.me/dhl/locatar/assets/ |
682 B 716 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pak.png
sof.chh.mybluehost.me/dhl/locatar/assets/ |
380 B 414 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clan.png
sof.chh.mybluehost.me/dhl/locatar/assets/ |
475 B 509 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
alert.png
sof.chh.mybluehost.me/dhl/locatar/assets/ |
469 B 503 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
foo.png
sof.chh.mybluehost.me/dhl/locatar/assets/ |
17 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.5.1.min.js
sof.chh.mybluehost.me/dhl/locatar/assets/ |
87 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.mask.js
sof.chh.mybluehost.me/dhl/locatar/assets/ |
23 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.main.js
sof.chh.mybluehost.me/dhl/locatar/assets/ |
4 MB 241 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.js
sof.chh.mybluehost.me/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
session-recorder.js
sof.chh.mybluehost.me/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
card.js
dispatching-centre.lasamericascargo.com/js/ |
57 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
intlTelInput.js
dispatching-centre.lasamericascargo.com/js/ |
87 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
roboto-latin-400-normal.woff2
sof.chh.mybluehost.me/fonts/vendor/@fontsource/roboto/files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webfa-solid-900.woff2
sof.chh.mybluehost.me/fonts/vendor/@fortawesome/fontawesome-free/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webfa-solid-900.woff
sof.chh.mybluehost.me/fonts/vendor/@fortawesome/fontawesome-free/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
roboto-all-400-normal.woff
sof.chh.mybluehost.me/fonts/vendor/@fontsource/roboto/files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webfa-solid-900.ttf
sof.chh.mybluehost.me/fonts/vendor/@fortawesome/fontawesome-free/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sendMessage
api.telegram.org/bot6502497827:AAE6BffHnniDO3NEXLF0fwnQkKRQASSd1s8/ |
0 0 |
Script
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DHL (Transportation)17 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| regeneratorRuntime object| __SDKCONFIG__ function| _LRLogger function| $ function| jQuery string| sessionHash number| visitId string| fingerprint function| openNav function| closeNav object| jQuery1111049881904285367984 function| card function| Payment function| Card object| intlTelInputGlobals function| intlTelInput function| getRandomInt1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
sof.chh.mybluehost.me/ | Name: PHPSESSID Value: efed4adeb53971a00af46b362c5758e1 |
8 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.telegram.org
cdn.lr-in.com
dispatching-centre.lasamericascargo.com
mtallotoursandsafaris.com
sof.chh.mybluehost.me
url4810.uscreencdn.com
104.21.234.144
135.181.58.223
149.154.167.220
151.101.2.132
162.241.244.109
67.227.213.152
18c4b9b4c27233b541a47300a4ee98239e1f8dec4bbcd9fabb6bdad12ca82025
2a5535dd99880b60d124fb8dda30134e11c582c5dc79a344ca3d4e73885b9b25
381941fc8b5df86879d6e2fcf3392d281b796c33f430f045405a0e6af0e474b9
3f0c62b5ccdcdbf3b3ae3885f1e6959e2d937eba9b29dea9a6bdb98788041756
691ff3918fb72cddc3abf2b84af0d66e0d2875b18b032ef6864923789c7e4077
81447987634adb1ac0c2ef8269ff1846f73a67baf72f7ae86b682157e865b8ec
a0b9419777f544b665051cae80f11bf8ff9f925072a9f062a3d82c383e6cdfde
a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8
b36e63b78f7ab077c9f74269deec4010ae803b687b27ca13e6aa58712520bb84
b8b7e6c193f0b11bece8c12b305cbf15130bc99b32ae92426eb747a3da3264d6
bc9bfd2bd738b2a9e9b1c3b0aad4a9aea9d6072cff154b2596b2e0823fb2f92c
cae9d5adf2b0220c74a93b644c26d53e27c3a87f9b5d3fe57d06442e808074a2
eb6ca62c1e5d64c52be3ffa63c298dcda2483c04c4b17d1bfe605d134e52f91b
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d